For control reasons, I have my repository in Stash locked down so that no 'real' user has write access. Developers can review and approve pull requests, but not merge. I am using the Workzone Stash plugin to perform automatic merges once sufficient approvals of a pull request are received. The automatic merge is configured to use a special 'non-interactive' account that does have write access to the repository.
When the pull request is approved and merged, it looks like the Stash Jenkins Webhook is failing due to a permissions error. It looks like it is using the effective permission of the user logged in when the automatic merge occurs.
Below are partial snippets of the 2 errors I found in the Stash log file that lead me down this path. These are the only log entries that would indicate why my jenkins jobs are not getting triggered.
If this is the case, is there a way to have Stash run this EventListener as a different user?
---snip---
2013-10-16 11:48:36,428 ERROR [AtlassianEvent::pool-3-thread-2] ---[identifying information removed]--- "POST /rest/api/latest/projects/CFMGT/repos/cfmgt/pull-requests/2/approve HTTP/1.1" c.a.e.i.AsynchronousAbleEventDispatcher There was an exception thrown trying to dispatch event 'com.atlassian.stash.repository.sync.RefsSynchronizedEvent[source=com.atlassian.stash.internal.repository.sync.DefaultRefSyncService@302b25c0]' from the invoker 'SingleParameterMethodListenerInvoker{method=public void com.nerdwin15.stash.webhook.RepositoryChangeListener.onRefsChangedEvent(com.atlassian.stash.event.RepositoryRefsChangedEvent), listener=com.nerdwin15.stash.webhook.RepositoryChangeListener@5e123c18}'.
java.lang.RuntimeException: You are not permitted to access this resource
at com.atlassian.event.internal.SingleParameterMethodListenerInvoker.invoke(SingleParameterMethodListenerInvoker.java:54) ~[atlassian-event-2.3.0.jar:na]
at com.atlassian.event.internal.AsynchronousAbleEventDispatcher$2.run(AsynchronousAbleEventDispatcher.java:66) ~[atlassian-event-2.3.0.jar:na]
at com.atlassian.sal.core.executor.ThreadLocalDelegateRunnable.run(ThreadLocalDelegateRunnable.java:38) ~[sal-core-2.10.3.jar:na]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) ~[na:1.7.0_25]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) ~[na:1.7.0_25]
at java.lang.Thread.run(Thread.java:724) ~[na:1.7.0_25]
Caused by: com.atlassian.stash.exception.AuthorisationException: You are not permitted to access this resource
at com.atlassian.stash.internal.aop.ExceptionRewriteAdvice.afterThrowing(ExceptionRewriteAdvice.java:36) ~[stash-platform-2.6.2.jar:na]
at sun.reflect.GeneratedMethodAccessor1802.invoke(Unknown Source) ~[na:na]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_25]
at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_25]
at org.springframework.aop.framework.adapter.ThrowsAdviceInterceptor.invokeHandlerMethod(ThrowsAdviceInterceptor.java:144) ~[spring-aop-3.2.3.RELEASE.jar:3.2.3.RELEASE]
---end snip---
---snip---
2013-10-16 11:48:36,640 ERROR [AtlassianEvent::pool-3-thread-2] ---[identifying information removed]--- "POST /rest/api/latest/projects/CFMGT/repos/cfmgt/pull-requests/2/approve HTTP/1.1" c.a.e.i.AsynchronousAbleEventDispatcher There was an exception thrown trying to dispatch event 'com.atlassian.stash.repository.sync.RefsSynchronizedEvent[source=com.atlassian.stash.internal.repository.sync.DefaultRefSyncService@302b25c0]' from the invoker 'SingleParameterMethodListenerInvoker{method=public void com.wittified.TaskRepositoryEvent.postReceive(com.atlassian.stash.event.RepositoryRefsChangedEvent), listener=com.wittified.TaskRepositoryEvent@8efa324}'.
java.lang.RuntimeException: An error occurred while executing an external process: [e02b6a2]: Unexpected output; expected a 'commit' object
at com.atlassian.event.internal.SingleParameterMethodListenerInvoker.invoke(SingleParameterMethodListenerInvoker.java:54) ~[atlassian-event-2.3.0.jar:na]
at com.atlassian.event.internal.AsynchronousAbleEventDispatcher$2.run(AsynchronousAbleEventDispatcher.java:66) ~[atlassian-event-2.3.0.jar:na]
at com.atlassian.sal.core.executor.ThreadLocalDelegateRunnable.run(ThreadLocalDelegateRunnable.java:38) ~[sal-core-2.10.3.jar:na]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) ~[na:1.7.0_25]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) ~[na:1.7.0_25]
at java.lang.Thread.run(Thread.java:724) ~[na:1.7.0_25]
Caused by: com.atlassian.stash.exception.ServerException: An error occurred while executing an external process: [e02b6a2]: Unexpected output; expected a 'commit' object
at com.atlassian.stash.internal.scm.git.GitCommandExitHandler.evaluateThrowable(GitCommandExitHandler.java:120) ~[na:na]
at com.atlassian.stash.internal.scm.git.GitCommandExitHandler.onCancel(GitCommandExitHandler.java:46) ~[na:na]
at com.atlassian.stash.scm.BaseCommand.callExitHandler(BaseCommand.java:138) ~[stash-spi-2.6.2.jar:na]
at com.atlassian.stash.scm.BaseCommand$CommandFuture.internalGet(BaseCommand.java:257) ~[stash-spi-2.6.2.jar:na]
at com.atlassian.stash.scm.BaseCommand$CommandFuture.get(BaseCommand.java:224) ~[stash-spi-2.6.2.jar:na]
For control reasons, I have my repository in Stash locked down so that no 'real' user has write access. Developers can review and approve pull requests, but not merge. I am using the Workzone Stash plugin to perform automatic merges once sufficient approvals of a pull request are received. The automatic merge is configured to use a special 'non-interactive' account that does have write access to the repository.
When the pull request is approved and merged, it looks like the Stash Jenkins Webhook is failing due to a permissions error. It looks like it is using the effective permission of the user logged in when the automatic merge occurs.
Below are partial snippets of the 2 errors I found in the Stash log file that lead me down this path. These are the only log entries that would indicate why my jenkins jobs are not getting triggered.
If this is the case, is there a way to have Stash run this EventListener as a different user?
---snip---
2013-10-16 11:48:36,428 ERROR [AtlassianEvent::pool-3-thread-2] ---[identifying information removed]--- "POST /rest/api/latest/projects/CFMGT/repos/cfmgt/pull-requests/2/approve HTTP/1.1" c.a.e.i.AsynchronousAbleEventDispatcher There was an exception thrown trying to dispatch event 'com.atlassian.stash.repository.sync.RefsSynchronizedEvent[source=com.atlassian.stash.internal.repository.sync.DefaultRefSyncService@302b25c0]' from the invoker 'SingleParameterMethodListenerInvoker{method=public void com.nerdwin15.stash.webhook.RepositoryChangeListener.onRefsChangedEvent(com.atlassian.stash.event.RepositoryRefsChangedEvent), listener=com.nerdwin15.stash.webhook.RepositoryChangeListener@5e123c18}'. java.lang.RuntimeException: You are not permitted to access this resource at com.atlassian.event.internal.SingleParameterMethodListenerInvoker.invoke(SingleParameterMethodListenerInvoker.java:54) ~[atlassian-event-2.3.0.jar:na] at com.atlassian.event.internal.AsynchronousAbleEventDispatcher$2.run(AsynchronousAbleEventDispatcher.java:66) ~[atlassian-event-2.3.0.jar:na] at com.atlassian.sal.core.executor.ThreadLocalDelegateRunnable.run(ThreadLocalDelegateRunnable.java:38) ~[sal-core-2.10.3.jar:na] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) ~[na:1.7.0_25] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) ~[na:1.7.0_25] at java.lang.Thread.run(Thread.java:724) ~[na:1.7.0_25] Caused by: com.atlassian.stash.exception.AuthorisationException: You are not permitted to access this resource at com.atlassian.stash.internal.aop.ExceptionRewriteAdvice.afterThrowing(ExceptionRewriteAdvice.java:36) ~[stash-platform-2.6.2.jar:na] at sun.reflect.GeneratedMethodAccessor1802.invoke(Unknown Source) ~[na:na] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_25] at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_25] at org.springframework.aop.framework.adapter.ThrowsAdviceInterceptor.invokeHandlerMethod(ThrowsAdviceInterceptor.java:144) ~[spring-aop-3.2.3.RELEASE.jar:3.2.3.RELEASE]
---end snip---
---snip---
2013-10-16 11:48:36,640 ERROR [AtlassianEvent::pool-3-thread-2] ---[identifying information removed]--- "POST /rest/api/latest/projects/CFMGT/repos/cfmgt/pull-requests/2/approve HTTP/1.1" c.a.e.i.AsynchronousAbleEventDispatcher There was an exception thrown trying to dispatch event 'com.atlassian.stash.repository.sync.RefsSynchronizedEvent[source=com.atlassian.stash.internal.repository.sync.DefaultRefSyncService@302b25c0]' from the invoker 'SingleParameterMethodListenerInvoker{method=public void com.wittified.TaskRepositoryEvent.postReceive(com.atlassian.stash.event.RepositoryRefsChangedEvent), listener=com.wittified.TaskRepositoryEvent@8efa324}'. java.lang.RuntimeException: An error occurred while executing an external process: [e02b6a2]: Unexpected output; expected a 'commit' object at com.atlassian.event.internal.SingleParameterMethodListenerInvoker.invoke(SingleParameterMethodListenerInvoker.java:54) ~[atlassian-event-2.3.0.jar:na] at com.atlassian.event.internal.AsynchronousAbleEventDispatcher$2.run(AsynchronousAbleEventDispatcher.java:66) ~[atlassian-event-2.3.0.jar:na] at com.atlassian.sal.core.executor.ThreadLocalDelegateRunnable.run(ThreadLocalDelegateRunnable.java:38) ~[sal-core-2.10.3.jar:na] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) ~[na:1.7.0_25] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) ~[na:1.7.0_25] at java.lang.Thread.run(Thread.java:724) ~[na:1.7.0_25] Caused by: com.atlassian.stash.exception.ServerException: An error occurred while executing an external process: [e02b6a2]: Unexpected output; expected a 'commit' object at com.atlassian.stash.internal.scm.git.GitCommandExitHandler.evaluateThrowable(GitCommandExitHandler.java:120) ~[na:na] at com.atlassian.stash.internal.scm.git.GitCommandExitHandler.onCancel(GitCommandExitHandler.java:46) ~[na:na] at com.atlassian.stash.scm.BaseCommand.callExitHandler(BaseCommand.java:138) ~[stash-spi-2.6.2.jar:na] at com.atlassian.stash.scm.BaseCommand$CommandFuture.internalGet(BaseCommand.java:257) ~[stash-spi-2.6.2.jar:na] at com.atlassian.stash.scm.BaseCommand$CommandFuture.get(BaseCommand.java:224) ~[stash-spi-2.6.2.jar:na]
---end snip---
Thanks, Doug Hanks