Closed M-Davies closed 4 years ago
@johnoliver Can I get a review please?
Looks good, thanks
After this PR, I'm still seeing 403 Forbiddens when trying to query the Adopt API https://ci.adoptopenjdk.net/job/build-scripts/job/jobs/job/jdk/job/jdk-windows-x64-hotspot/145/console
05:34:20 Only using first definition of library openjdk-jenkins-helper
[Pipeline] echo
05:34:20 Querying Adopt Api for the JDK-Head number (most_recent_feature_version)...
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
05:34:21 Failed in branch false
[Pipeline] // parallel
[Pipeline] echo
05:34:21 Failed test: java.lang.RuntimeException: Server returned HTTP response code: 403 for URL: https://api.adoptopenjdk.net/v3/info/available_releases
This is due to insufficent permissions as documented in https://github.com/AdoptOpenJDK/openjdk-build/pull/1822#issuecomment-638839558. @karianna are there any script approvals waiting?
After this PR, I'm still seeing 403 Forbiddens when trying to query the Adopt API https://ci.adoptopenjdk.net/job/build-scripts/job/jobs/job/jdk/job/jdk-windows-x64-hotspot/145/console
05:34:20 Only using first definition of library openjdk-jenkins-helper [Pipeline] echo 05:34:20 Querying Adopt Api for the JDK-Head number (most_recent_feature_version)... [Pipeline] } [Pipeline] // stage [Pipeline] } 05:34:21 Failed in branch false [Pipeline] // parallel [Pipeline] echo 05:34:21 Failed test: java.lang.RuntimeException: Server returned HTTP response code: 403 for URL: https://api.adoptopenjdk.net/v3/info/available_releases
This is due to insufficent permissions as documented in AdoptOpenJDK/openjdk-build#1822 (comment). @karianna are there any script approvals waiting?
There are none remaining...
Is it saying exactly which Class it's being blocked on?
I have no idea. Its using the code in the PR, specifically its the Groovy URL Class that is being blocked.
Do we have a higher level of security on the pipelines over the utils folder? The jobs in here regularly query the Jenkins API using the same code
The following calls are allowed to go through:
method java.net.HttpURLConnection getErrorStream
method java.net.HttpURLConnection getResponseCode
method java.net.HttpURLConnection setRequestMethod java.lang.String
method java.net.URL openConnection
method java.net.URLConnection connect
method java.net.URLConnection getInputStream
method java.net.URLConnection setRequestProperty java.lang.String java.lang.String
Are there any other methods you're using?
def get = new URL(query).openConnection()
def parser = new JsonSlurper()
return parser.parseText(get.getInputStream().getText())
JsonSlurper()
and getText()
For the record, the 403 code was fixed by adding a user agent to the API request since groovy doesn't send one by default and the Adopt API requires a User Agent to be present. No script approval was nessasary.
Signed-off-by: Morgan Davies morgan.davies@ibm.com