timja / jenkins-gh-issues-poc-06-18

0 stars 0 forks source link

[JENKINS-41865] buildWithParameters does not work when project has not been built before parameters configured #3857

Open timja opened 7 years ago

timja commented 7 years ago

Build is a github project on the latest everything.

Jenkins v 2.45
AWS Linux (centos fork)

Attempting to build github branches with slashes in them returns a 403

marc is missing the Job/Build permission

Authorization is set so that

Any logged in user can do anything

This problem does not exist on branches without slashes in them.


Originally reported by myoung34, imported from: buildWithParameters does not work when project has not been built before parameters configured
  • status: Open
  • priority: Major
  • resolution: Unresolved
  • imported: 2022/01/10
timja commented 7 years ago

integer:

What job type do you use?

timja commented 7 years ago

myoung34:

integer uploaded config.xml for the job

timja commented 7 years ago

integer:

I see, you are using evil job type. Reassigning to authors.

timja commented 7 years ago

stephenconnolly:

How are you attempting to build them?

timja commented 7 years ago

myoung34:

Via UI by add `/buildWithParameters` to verify, but with http://github.com/openstack/python-jenkins is how I first noticed it.
I use a slackbot to run our CI job to pass params. It's been fine from Jenkins 1.x to 2.45 calling 'master' with params, but I noticed when I started building branches (was just building github PR's before) that it was blowing up on items with a `/` in it.
PR's are just

PR-####

so that was fine.

bugfix_foo

is fine, but

bugfix/foo

blow up in: python library, curl, and browser (seen in SS)

By blow up I mean the browser, curl, and the python library all return a 403 unauthorized. switching to any branch/PR with no slash builds perfectly

timja commented 7 years ago

stephenconnolly:

So what happens when you double encode the slash? Eg bugfix%252Ffoo

(You need to double encode it to bypass browser decoding as a "help"

timja commented 7 years ago

myoung34:

That was my attempt after doing a normal URL encode, did not help. That's actually included in the SS

timja commented 7 years ago

stephenconnolly:

So it works for me!

What servlet container are you using?

timja commented 7 years ago

myoung34:

stephenc how do i check?

It's jenkins 2.45 built via https://github.com/saltstack-formulas/jenkins-formula

I installed from scratch on this demo.

The only other thing is I'm using Jenkinsfile to define my parameters. Which means the first time it runs, it does not know about the parameters, after build #1 it knows.
If you look at the gif i attached, towards the end, any branches with a

/

dont have the option to 'build with parameters' because I can't initially build it.

Also: using this setup, no jobs allow me to build them. Slash or not, there is no "build" button for the job, so "Buidl with parameters" only shows up on parameterized builds. Is it an issue with state? It does not know about my parameters until it builds it, but i cannot build it because it doesn't have parameters?

timja commented 7 years ago

stephenconnolly:

So after chatting on IRC, this seems to be a confluence of different things:

1. It is somewhat confusing in the UI differentiating between a branch that has never been built and a dead branch. (Hint: currently the dead branches cannot be built but can be deleted... live branches cannot be deleted but can be built)
2. BuildWithParameters URL is not available until the Jenkinsfile has been loaded for the branch and the parameter definition applied

timja commented 7 years ago

stephenconnolly:

https://issues.jenkins-ci.org/browse/JENKINS-41927 created to help disambiguate orphaned items

timja commented 7 years ago

jglick:

I think this should let you go ahead and submit parameters. Ditto here. ParametersAction already refuses to set environment variables for undeclared parameters, so there should no risk in that. Similarly, this should be more lenient. Of course for undeclared parameters we do not know the type, so we could just create StringParameterValue in all cases.