search

jenkinsci / gitlab-plugin

A Jenkins plugin for interfacing with GitLab
https://plugins.jenkins.io/gitlab-plugin/
GNU General Public License v2.0
1.44k stars 613 forks source link

Problem after setting up /project authentication #459

Closed fduranti closed 7 years ago

fduranti commented 7 years ago

Issue

Problem with authentication for /project end-point

Context

Logs & Traces

Dec 09, 2016 1:06:56 AM INFO com.dabsquared.gitlabjenkins.webhook.GitLabWebHook getDynamic
WebHook called with url: /project/jenkins
Dec 09, 2016 1:06:56 AM WARNING org.eclipse.jetty.util.log.JavaUtilLog warn
Error while serving http://itromjk18.q8int.com:8080/project/jenkins
java.lang.reflect.InvocationTargetException
    at sun.reflect.GeneratedMethodAccessor829.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:324)
    at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:167)
    at org.kohsuke.stapler.MetaClass$11.dispatch(MetaClass.java:378)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
    at org.kohsuke.stapler.MetaClass$11.dispatch(MetaClass.java:380)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649)
    at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:135)
    at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:206)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
    at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
    at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
    at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:126)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
    at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:49)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
    at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at jenkins.security.BasicHeaderProcessor.success(BasicHeaderProcessor.java:140)
    at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:82)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
    at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
    at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
    at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
    at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
    at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:553)
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
    at org.eclipse.jetty.server.Server.handle(Server.java:499)
    at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
    at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
    at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
    at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.NullPointerException
    at com.dabsquared.gitlabjenkins.trigger.handler.AbstractWebHookTriggerHandler.handle(AbstractWebHookTriggerHandler.java:50)
    at com.dabsquared.gitlabjenkins.trigger.handler.push.PushHookTriggerHandlerImpl.handle(PushHookTriggerHandlerImpl.java:30)
    at com.dabsquared.gitlabjenkins.trigger.handler.push.PushHookTriggerHandlerImpl.handle(PushHookTriggerHandlerImpl.java:23)
    at com.dabsquared.gitlabjenkins.trigger.handler.push.PushHookTriggerHandlerList.handle(PushHookTriggerHandlerList.java:24)
    at com.dabsquared.gitlabjenkins.trigger.handler.push.PushHookTriggerHandlerList.handle(PushHookTriggerHandlerList.java:13)
    at com.dabsquared.gitlabjenkins.GitLabPushTrigger.onPost(GitLabPushTrigger.java:240)
    at com.dabsquared.gitlabjenkins.webhook.build.PushBuildAction$1.performOnPost(PushBuildAction.java:72)
    at com.dabsquared.gitlabjenkins.webhook.build.BuildWebHookAction$TriggerNotifier.run(BuildWebHookAction.java:49)
    at hudson.security.ACL.impersonate(ACL.java:204)
    at com.dabsquared.gitlabjenkins.webhook.build.PushBuildAction.execute(PushBuildAction.java:69)
    at com.dabsquared.gitlabjenkins.webhook.build.BuildWebHookAction.execute(BuildWebHookAction.java:26)
    at com.dabsquared.gitlabjenkins.webhook.GitLabWebHook.getDynamic(GitLabWebHook.java:44)
    ... 71 more

Problem description

I've integrated Jenkins pipeline with the Gitlab-EE Service Jenkins-CI (tried also with WebHook with the same result). I want jenkins to run a build when i do a push or merge. It works (with some issue) if the Authentication for /project end-point is disabled. If I enable the authentication it don't work and has different behaviour. I'm using a local defined user on jenkins with it's jenkins api token for authentication. Putting user and apitoken (tried also with password) on the fields on the Service Jenkins-CI page is not working (jenkins see the user as anonymous). For this I've asked to gitlab support as it seems a problem on how credential are passed. If i use the http://user:api@jenkinsserver syntax It's authenticating correctly and report an error if the user don't have Job/Build permission as expected. Using Matrix-based authorization or "logged-in users can do anything" I get a long error on the test of the service: immagine

I get the same error doing the configuration from project webhooks.

I've also tried with gitlab oauth plugin for authorization and authentication

Anyone know what I'm doing wrong?

omehegan commented 7 years ago

The only way that the /project endpoint authentication will work is if your webhook passes a valid jenkins username and password using HTTP basic auth. This in turn will depend on how you configure Jenkins user authorization. The simplest way is what you were attempting using a Jenkins user's username and API key and including them with your webhook, as in http://username:APIKEY@jenkinsserver.foo.com/...

See https://github.com/jenkinsci/gitlab-plugin/issues/418 for some more insight. Let me know if this helps.