Add an API Query function to library

adoptium / jenkins-helper

Jenkins Node helper API and helper jobs

Apache License 2.0

7 stars 26 forks source link

Add an API Query function to library #31

Closed M-Davies closed 4 years ago

M-Davies commented 4 years ago

Signed-off-by: Morgan Davies morgan.davies@ibm.com

M-Davies commented 4 years ago

@johnoliver Can I get a review please?

johnoliver commented 4 years ago

Looks good, thanks

M-Davies commented 4 years ago

After this PR, I'm still seeing 403 Forbiddens when trying to query the Adopt API https://ci.adoptopenjdk.net/job/build-scripts/job/jobs/job/jdk/job/jdk-windows-x64-hotspot/145/console

05:34:20  Only using first definition of library openjdk-jenkins-helper
[Pipeline] echo
05:34:20  Querying Adopt Api for the JDK-Head number (most_recent_feature_version)...
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
05:34:21  Failed in branch false
[Pipeline] // parallel
[Pipeline] echo
05:34:21  Failed test: java.lang.RuntimeException: Server returned HTTP response code: 403 for URL: https://api.adoptopenjdk.net/v3/info/available_releases

This is due to insufficent permissions as documented in https://github.com/AdoptOpenJDK/openjdk-build/pull/1822#issuecomment-638839558. @karianna are there any script approvals waiting?

karianna commented 4 years ago

After this PR, I'm still seeing 403 Forbiddens when trying to query the Adopt API https://ci.adoptopenjdk.net/job/build-scripts/job/jobs/job/jdk/job/jdk-windows-x64-hotspot/145/console
05:34:20  Only using first definition of library openjdk-jenkins-helper
[Pipeline] echo
05:34:20  Querying Adopt Api for the JDK-Head number (most_recent_feature_version)...
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
05:34:21  Failed in branch false
[Pipeline] // parallel
[Pipeline] echo
05:34:21  Failed test: java.lang.RuntimeException: Server returned HTTP response code: 403 for URL: https://api.adoptopenjdk.net/v3/info/available_releases
This is due to insufficent permissions as documented in AdoptOpenJDK/openjdk-build#1822 (comment). @karianna are there any script approvals waiting?

There are none remaining...

karianna commented 4 years ago

Is it saying exactly which Class it's being blocked on?

M-Davies commented 4 years ago

I have no idea. Its using the code in the PR, specifically its the Groovy URL Class that is being blocked.

Do we have a higher level of security on the pipelines over the utils folder? The jobs in here regularly query the Jenkins API using the same code

karianna commented 4 years ago

The following calls are allowed to go through:

method java.net.HttpURLConnection getErrorStream
method java.net.HttpURLConnection getResponseCode
method java.net.HttpURLConnection setRequestMethod java.lang.String
method java.net.URL openConnection
method java.net.URLConnection connect
method java.net.URLConnection getInputStream
method java.net.URLConnection setRequestProperty java.lang.String java.lang.String

Are there any other methods you're using?

M-Davies commented 4 years ago

def get = new URL(query).openConnection()
def parser = new JsonSlurper()
return parser.parseText(get.getInputStream().getText())

JsonSlurper() and getText()

M-Davies commented 4 years ago

For the record, the 403 code was fixed by adding a user agent to the API request since groovy doesn't send one by default and the Adopt API requires a User Agent to be present. No script approval was nessasary.