Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-14999

Copy Artifact plugin: Unable to find project for artifact copy when using a build parameter

      Error message:

      ...
      project_name=daily
      _=/bin/env
      Unable to find project for artifact copy: daily
      This may be due to incorrect project name or permission settings; see help for project name in job configuration.
      Build step 'Copy artifacts from another project' marked build as failure
      ...
      

      When I set the project name by hand, there is no error. When I use a build parameter, and set its value to the same value as the hand typed value, it fails. The above message show what variable I use: $project_name

      Please see the screenshots for the configuration details.

          [JENKINS-14999] Copy Artifact plugin: Unable to find project for artifact copy when using a build parameter

          Martin d'Anjou added a comment - - edited

          After reading more closely the help, I decided to upload another image, this time showing global project permissions. There is no per-project permissions.

          Martin d'Anjou added a comment - - edited After reading more closely the help, I decided to upload another image, this time showing global project permissions. There is no per-project permissions.

          Alan Harder added a comment -

          I think your screenshot shows exactly the situation described in the help.. your project is not accessible to the group for all authenticated users (I think it's called "authenticated", if I remember correctly).

          Alan Harder added a comment - I think your screenshot shows exactly the situation described in the help.. your project is not accessible to the group for all authenticated users (I think it's called "authenticated", if I remember correctly).

          Do you mean that the group (the second row on the matrix authorization strategy screenshot) needs to be granted the same permissions as the user who has the most permissions?

          Martin d'Anjou added a comment - Do you mean that the group (the second row on the matrix authorization strategy screenshot) needs to be granted the same permissions as the user who has the most permissions?

          Alan Harder added a comment -

          No, I mean add a new row for the group called "authenticated" that grants job read permission.

          Alan Harder added a comment - No, I mean add a new row for the group called "authenticated" that grants job read permission.

          Thank you. It works now.

          My only comment is that the documentation could be clearer. It says "...the source project must be accessible to all authenticated users;..." May I suggest instead something like "you must have a group called 'authenticated' and grant the Job Read permission to this group". What confounded me is that I did have the Job Read permission granted for all the users and the group defined in the screenshot, so to me, I was not missing anything. Maybe the error message could say something along these lines as well. Thank you for the help.

          Martin d'Anjou added a comment - Thank you. It works now. My only comment is that the documentation could be clearer. It says "...the source project must be accessible to all authenticated users;..." May I suggest instead something like "you must have a group called 'authenticated' and grant the Job Read permission to this group". What confounded me is that I did have the Job Read permission granted for all the users and the group defined in the screenshot, so to me, I was not missing anything. Maybe the error message could say something along these lines as well. Thank you for the help.

          Mark Wigzell added a comment -

          Hi I wish to reopen this bug since it is actually a bug for a different reason, namely that the use has access to the selected job if he doesn't use dynamic project name, but hard codes it instead. The fact that one must enable read access for specifying a project via a dynamic variabe vs. specifying it in a hardcoded fashion indicates there is a bug in copy artifacts which should forbid the access unless the authenticated group is added with read permissions for jobs. (This is a very badly documented feature, and has caused me no end of trouble)

          Mark Wigzell added a comment - Hi I wish to reopen this bug since it is actually a bug for a different reason, namely that the use has access to the selected job if he doesn't use dynamic project name, but hard codes it instead. The fact that one must enable read access for specifying a project via a dynamic variabe vs. specifying it in a hardcoded fashion indicates there is a bug in copy artifacts which should forbid the access unless the authenticated group is added with read permissions for jobs. (This is a very badly documented feature, and has caused me no end of trouble)

          Jesse Glick added a comment -

          I think that really relies on JENKINS-16956.

          Jesse Glick added a comment - I think that really relies on JENKINS-16956 .

          ikedam added a comment - - edited

          I see what happens in Jenkins:

          • Why it happens only when using a build parameter for the project name ?
            • This is for the access check in building is performed only when using a build parameter.
            • If not using a build parameter, the access check is considered performed when saving the configuration.
          • Why the access check fails?
            • Access check is performed twice:
              1. By Jenkins (Jenkins#getItem()). The authentication token is SYSTEM. (Jenkins.getAuthentication())
              2. By Copy Artifact plugin. The authentication token is an anonymous authennciated user.
                • I think this is expcected to work when configured with "Logged-in users can do anything".
            • The latter check fails in this case.

          I have following two ideas:

          • Do access check with an authentication token of a user who triggered the build.
            • This works for projects whose builds are tirggered manually.
            • This does not work for projects with scheduled builds, or SCM polling builds.
          • Add an option to ignore access permissions.
            • This should be designed to work only when the copiee project is configured to allow it.

          ikedam added a comment - - edited I see what happens in Jenkins: Why it happens only when using a build parameter for the project name ? This is for the access check in building is performed only when using a build parameter. If not using a build parameter, the access check is considered performed when saving the configuration. Why the access check fails? Access check is performed twice: By Jenkins ( Jenkins#getItem() ). The authentication token is SYSTEM. ( Jenkins.getAuthentication() ) By Copy Artifact plugin. The authentication token is an anonymous authennciated user. I think this is expcected to work when configured with "Logged-in users can do anything". The latter check fails in this case. I have following two ideas: Do access check with an authentication token of a user who triggered the build. This works for projects whose builds are tirggered manually. This does not work for projects with scheduled builds, or SCM polling builds. Add an option to ignore access permissions. This should be designed to work only when the copiee project is configured to allow it.

          ikedam added a comment -

          I sent a pull request for the former change: https://github.com/jenkinsci/copyartifact-plugin/pull/24

          For the latter idea, I will work in JENKINS-20398.

          ikedam added a comment - I sent a pull request for the former change: https://github.com/jenkinsci/copyartifact-plugin/pull/24 For the latter idea, I will work in JENKINS-20398 .

          Code changed in jenkins
          User: ikedam
          Path:
          src/main/java/hudson/plugins/copyartifact/CopyArtifact.java
          http://jenkins-ci.org/commit/copyartifact-plugin/6f920cde153c03383271b0a1435528f21c723a88
          Log:
          [FIXED JENKINS-14999] Check permission to the project to copy from by the user triggered that build.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: src/main/java/hudson/plugins/copyartifact/CopyArtifact.java http://jenkins-ci.org/commit/copyartifact-plugin/6f920cde153c03383271b0a1435528f21c723a88 Log: [FIXED JENKINS-14999] Check permission to the project to copy from by the user triggered that build.

          Code changed in jenkins
          User: ikedam
          Path:
          src/test/java/hudson/plugins/copyartifact/CopyArtifactTest.java
          src/test/resources/hudson/plugins/copyartifact/CopyArtifactTest/testPerProjectPermissionTriggeredByUser/config.xml
          src/test/resources/hudson/plugins/copyartifact/CopyArtifactTest/testPerProjectPermissionTriggeredByUser/users/admin/config.xml
          src/test/resources/hudson/plugins/copyartifact/CopyArtifactTest/testPerProjectPermissionTriggeredByUser/users/test1/config.xml
          src/test/resources/hudson/plugins/copyartifact/CopyArtifactTest/testPerProjectPermissionTriggeredByUser/users/test2/config.xml
          http://jenkins-ci.org/commit/copyartifact-plugin/46540cc88dee2ecc56ede5c389b48e4f89d1c539
          Log:
          JENKINS-14999 Add a test for per-project per-user permissions.

          Compare: https://github.com/jenkinsci/copyartifact-plugin/compare/f468296f905b...46540cc88dee

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: src/test/java/hudson/plugins/copyartifact/CopyArtifactTest.java src/test/resources/hudson/plugins/copyartifact/CopyArtifactTest/testPerProjectPermissionTriggeredByUser/config.xml src/test/resources/hudson/plugins/copyartifact/CopyArtifactTest/testPerProjectPermissionTriggeredByUser/users/admin/config.xml src/test/resources/hudson/plugins/copyartifact/CopyArtifactTest/testPerProjectPermissionTriggeredByUser/users/test1/config.xml src/test/resources/hudson/plugins/copyartifact/CopyArtifactTest/testPerProjectPermissionTriggeredByUser/users/test2/config.xml http://jenkins-ci.org/commit/copyartifact-plugin/46540cc88dee2ecc56ede5c389b48e4f89d1c539 Log: JENKINS-14999 Add a test for per-project per-user permissions. Compare: https://github.com/jenkinsci/copyartifact-plugin/compare/f468296f905b...46540cc88dee

          ikedam added a comment -

          As described in https://github.com/jenkinsci/copyartifact-plugin/pull/24 , we should resolve this issue using QueueItemAuthenticater.
          Above commits are merged by some accidents, and should be reverted.

          ikedam added a comment - As described in https://github.com/jenkinsci/copyartifact-plugin/pull/24 , we should resolve this issue using QueueItemAuthenticater . Above commits are merged by some accidents, and should be reverted.

          Code changed in jenkins
          User: ikedam
          Path:
          src/main/java/hudson/plugins/copyartifact/CopyArtifact.java
          src/test/java/hudson/plugins/copyartifact/CopyArtifactTest.java
          src/test/resources/hudson/plugins/copyartifact/CopyArtifactTest/testPerProjectPermissionTriggeredByUser/config.xml
          src/test/resources/hudson/plugins/copyartifact/CopyArtifactTest/testPerProjectPermissionTriggeredByUser/users/admin/config.xml
          src/test/resources/hudson/plugins/copyartifact/CopyArtifactTest/testPerProjectPermissionTriggeredByUser/users/test1/config.xml
          src/test/resources/hudson/plugins/copyartifact/CopyArtifactTest/testPerProjectPermissionTriggeredByUser/users/test2/config.xml
          http://jenkins-ci.org/commit/copyartifact-plugin/ce20ba90919582a0c6cc3b262f7d6cbbb7b36f5e
          Log:
          JENKINS-14999 Reverted unintended merging of #24. I'll handle this problem using QueueItemAuthenticator instead. Reverted 6f920cde153c03383271b0a1435528f21c723a88 and 46540cc88dee2ecc56ede5c389b48e4f89d1c539 .

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: src/main/java/hudson/plugins/copyartifact/CopyArtifact.java src/test/java/hudson/plugins/copyartifact/CopyArtifactTest.java src/test/resources/hudson/plugins/copyartifact/CopyArtifactTest/testPerProjectPermissionTriggeredByUser/config.xml src/test/resources/hudson/plugins/copyartifact/CopyArtifactTest/testPerProjectPermissionTriggeredByUser/users/admin/config.xml src/test/resources/hudson/plugins/copyartifact/CopyArtifactTest/testPerProjectPermissionTriggeredByUser/users/test1/config.xml src/test/resources/hudson/plugins/copyartifact/CopyArtifactTest/testPerProjectPermissionTriggeredByUser/users/test2/config.xml http://jenkins-ci.org/commit/copyartifact-plugin/ce20ba90919582a0c6cc3b262f7d6cbbb7b36f5e Log: JENKINS-14999 Reverted unintended merging of #24. I'll handle this problem using QueueItemAuthenticator instead. Reverted 6f920cde153c03383271b0a1435528f21c723a88 and 46540cc88dee2ecc56ede5c389b48e4f89d1c539 .

          ikedam added a comment -

          ikedam added a comment - Sent a pull request https://github.com/jenkinsci/copyartifact-plugin/pull/26 .

          Code changed in jenkins
          User: ikedam
          Path:
          src/main/java/hudson/plugins/copyartifact/CopyArtifact.java
          http://jenkins-ci.org/commit/copyartifact-plugin/84594eccc100d1ac6e77703aa7b53b963fccf97a
          Log:
          [FIXED JENKINS-14999] The authorization of builds are considered (when used with QueueItemAuthenticator). QueueItemAuthenticator is available from Jenkins 1.520.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: src/main/java/hudson/plugins/copyartifact/CopyArtifact.java http://jenkins-ci.org/commit/copyartifact-plugin/84594eccc100d1ac6e77703aa7b53b963fccf97a Log: [FIXED JENKINS-14999] The authorization of builds are considered (when used with QueueItemAuthenticator). QueueItemAuthenticator is available from Jenkins 1.520.

          Code changed in jenkins
          User: ikedam
          Path:
          src/test/java/hudson/plugins/copyartifact/CopyArtifactTest.java
          src/test/resources/hudson/plugins/copyartifact/CopyArtifactTest/testQueueItemAuthenticator/config.xml
          src/test/resources/hudson/plugins/copyartifact/CopyArtifactTest/testQueueItemAuthenticator/users/admin/config.xml
          src/test/resources/hudson/plugins/copyartifact/CopyArtifactTest/testQueueItemAuthenticator/users/test1/config.xml
          src/test/resources/hudson/plugins/copyartifact/CopyArtifactTest/testQueueItemAuthenticator/users/test2/config.xml
          http://jenkins-ci.org/commit/copyartifact-plugin/c0cde9aa27bc9f74c41d549ca28f737f3f648819
          Log:
          JENKINS-14999 Added tests for supports of QueueItemAuthenticator. As it works only with Jenkins >= 1.521, it is commented out for now.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: src/test/java/hudson/plugins/copyartifact/CopyArtifactTest.java src/test/resources/hudson/plugins/copyartifact/CopyArtifactTest/testQueueItemAuthenticator/config.xml src/test/resources/hudson/plugins/copyartifact/CopyArtifactTest/testQueueItemAuthenticator/users/admin/config.xml src/test/resources/hudson/plugins/copyartifact/CopyArtifactTest/testQueueItemAuthenticator/users/test1/config.xml src/test/resources/hudson/plugins/copyartifact/CopyArtifactTest/testQueueItemAuthenticator/users/test2/config.xml http://jenkins-ci.org/commit/copyartifact-plugin/c0cde9aa27bc9f74c41d549ca28f737f3f648819 Log: JENKINS-14999 Added tests for supports of QueueItemAuthenticator. As it works only with Jenkins >= 1.521, it is commented out for now.

          Code changed in jenkins
          User: ikedam
          Path:
          src/main/java/hudson/plugins/copyartifact/CopyArtifact.java
          src/test/java/hudson/plugins/copyartifact/CopyArtifactTest.java
          src/test/resources/hudson/plugins/copyartifact/CopyArtifactTest/testQueueItemAuthenticator/config.xml
          src/test/resources/hudson/plugins/copyartifact/CopyArtifactTest/testQueueItemAuthenticator/users/admin/config.xml
          src/test/resources/hudson/plugins/copyartifact/CopyArtifactTest/testQueueItemAuthenticator/users/test1/config.xml
          src/test/resources/hudson/plugins/copyartifact/CopyArtifactTest/testQueueItemAuthenticator/users/test2/config.xml
          http://jenkins-ci.org/commit/copyartifact-plugin/0be74e3ba5ce6ac1e3d92e7c5bfaebce2e54a4b9
          Log:
          Merge pull request #26 from ikedam/feature/JENKINS-14999_SupportQueueItemAuthenticator

          JENKINS-14999 Support for QueueItemAuthenticator

          Compare: https://github.com/jenkinsci/copyartifact-plugin/compare/78fb29a1087c...0be74e3ba5ce

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: src/main/java/hudson/plugins/copyartifact/CopyArtifact.java src/test/java/hudson/plugins/copyartifact/CopyArtifactTest.java src/test/resources/hudson/plugins/copyartifact/CopyArtifactTest/testQueueItemAuthenticator/config.xml src/test/resources/hudson/plugins/copyartifact/CopyArtifactTest/testQueueItemAuthenticator/users/admin/config.xml src/test/resources/hudson/plugins/copyartifact/CopyArtifactTest/testQueueItemAuthenticator/users/test1/config.xml src/test/resources/hudson/plugins/copyartifact/CopyArtifactTest/testQueueItemAuthenticator/users/test2/config.xml http://jenkins-ci.org/commit/copyartifact-plugin/0be74e3ba5ce6ac1e3d92e7c5bfaebce2e54a4b9 Log: Merge pull request #26 from ikedam/feature/ JENKINS-14999 _SupportQueueItemAuthenticator JENKINS-14999 Support for QueueItemAuthenticator Compare: https://github.com/jenkinsci/copyartifact-plugin/compare/78fb29a1087c...0be74e3ba5ce

          ikedam added a comment -

          Fixed in Copyartifact 1.29

          ikedam added a comment - Fixed in Copyartifact 1.29

          Code changed in jenkins
          User: ikedam
          Path:
          src/test/java/hudson/plugins/copyartifact/CopyArtifactTest.java
          http://jenkins-ci.org/commit/copyartifact-plugin/6eab69d0972fdd508da88a39b7a90e9a2042cb65
          Log:
          JENKINS-14999 Enabled tests for QueueItemAuthenticator as copyartifact now targets for Jenkins 1.580.1 > 1.521.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: src/test/java/hudson/plugins/copyartifact/CopyArtifactTest.java http://jenkins-ci.org/commit/copyartifact-plugin/6eab69d0972fdd508da88a39b7a90e9a2042cb65 Log: JENKINS-14999 Enabled tests for QueueItemAuthenticator as copyartifact now targets for Jenkins 1.580.1 > 1.521.

          Code changed in jenkins
          User: ikedam
          Path:
          src/test/java/hudson/plugins/copyartifact/CopyArtifactTest.java
          http://jenkins-ci.org/commit/copyartifact-plugin/ec41cbdd914d33d606734b8f36460efc25913af4
          Log:
          Merge pull request #60 from ikedam/feature/JENKINS-14999_EnableTestsForQueueItemAuthentication

          JENKINS-14999 Enabled tests for QueueItemAuthenticator

          Compare: https://github.com/jenkinsci/copyartifact-plugin/compare/47e05f2703db...ec41cbdd914d

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: src/test/java/hudson/plugins/copyartifact/CopyArtifactTest.java http://jenkins-ci.org/commit/copyartifact-plugin/ec41cbdd914d33d606734b8f36460efc25913af4 Log: Merge pull request #60 from ikedam/feature/ JENKINS-14999 _EnableTestsForQueueItemAuthentication JENKINS-14999 Enabled tests for QueueItemAuthenticator Compare: https://github.com/jenkinsci/copyartifact-plugin/compare/47e05f2703db...ec41cbdd914d

          Or Shachar added a comment -

          Hi,

          The issue reoccurs with Jenkins core 1.596.2 and copy-artifacts version 1.35.
          Tested it with any of the parameters and I still get same issue.

          Or Shachar added a comment - Hi, The issue reoccurs with Jenkins core 1.596.2 and copy-artifacts version 1.35. Tested it with any of the parameters and I still get same issue.

          Or Shachar added a comment -

          It seems like now you need to give special permissions at the source job to allow specific jobs to copy artifacts.

          Or Shachar added a comment - It seems like now you need to give special permissions at the source job to allow specific jobs to copy artifacts.

          Shane Gannon added a comment -

          In Jenkins ver. 1.609.3 with Copy Artifact Plugin 1.36.1 I hit this issue. As a workaround if I set Permission to Copy Artifact - Projects to allow copy artifacts to * the problem is resolved.

          But this is still a bug. It should not behave differently depending on whether the job name is hard coded or comes from a parameter.

          Shane Gannon added a comment - In Jenkins ver. 1.609.3 with Copy Artifact Plugin 1.36.1 I hit this issue. As a workaround if I set Permission to Copy Artifact - Projects to allow copy artifacts to * the problem is resolved. But this is still a bug. It should not behave differently depending on whether the job name is hard coded or comes from a parameter.

          Rick Liu added a comment -

          I have this same issue.

          Jenkins ver. 1.642.1
          Copy Artifact Plugin ver 1.37
          CloudBees Folders Plugin ver 5.1

          On the upstream trigger job,
          I have explicitly set "Permission to Copy Artifact - Projects to allow copy artifacts"
          for the full downstream job name including Folder-Plugin's foldername "FOLDNER_NAME/DOWNSTREAM_PROJECT_NAME".

          But this still causes the error on the downstream job:
          ERROR: Unable to find project for artifact copy: FOLDER_NAME/DOWNSTREAM_PROJECT_NAME
          This may be due to incorrect project name or permission settings; see help for project name in job configuration.

          If on the upstream trigger job,
          I have explicitly set "Permission to Copy Artifact - Projects to allow copy artifacts"
          for the full downstream job name to wildcard '*',
          then the problem solved.

          Rick Liu added a comment - I have this same issue. Jenkins ver. 1.642.1 Copy Artifact Plugin ver 1.37 CloudBees Folders Plugin ver 5.1 On the upstream trigger job, I have explicitly set "Permission to Copy Artifact - Projects to allow copy artifacts" for the full downstream job name including Folder-Plugin's foldername "FOLDNER_NAME/DOWNSTREAM_PROJECT_NAME". But this still causes the error on the downstream job: ERROR: Unable to find project for artifact copy: FOLDER_NAME/DOWNSTREAM_PROJECT_NAME This may be due to incorrect project name or permission settings; see help for project name in job configuration. If on the upstream trigger job, I have explicitly set "Permission to Copy Artifact - Projects to allow copy artifacts" for the full downstream job name to wildcard '*', then the problem solved.

          Rick Liu added a comment -

          After some further combination of trials,
          I found out that "Permission to Copy Artifact - Projects to allow copy artifacts" must set to a project name without FOLDER_NAME.

          This resolves the problem too.
          However,
          there's a misleading warning "Unable to find project:"
          when set the upstream job "Permission to Copy Artifact - Projects to allow copy artifacts"
          to a DOWNSTREAM_PROJECT_NAME only without FOLDER_NAME.

          I'll create a separate JIRA ticket for that.

          Rick Liu added a comment - After some further combination of trials, I found out that "Permission to Copy Artifact - Projects to allow copy artifacts" must set to a project name without FOLDER_NAME. This resolves the problem too. However, there's a misleading warning "Unable to find project:" when set the upstream job "Permission to Copy Artifact - Projects to allow copy artifacts" to a DOWNSTREAM_PROJECT_NAME only without FOLDER_NAME. I'll create a separate JIRA ticket for that.

          Rick Liu added a comment -

          created JENKINS-33257 for the misleading warning

          Rick Liu added a comment - created JENKINS-33257 for the misleading warning

          I'm still getting this in 1.3.7 / Jenkins ver. 1.651.1

          Jakub Bochenski added a comment - I'm still getting this in 1.3.7 / Jenkins ver. 1.651.1

          Lanre Ade added a comment -

          19 May 2016 - still having same issue. Rick's suggestion didn't work for me.

          Lanre Ade added a comment - 19 May 2016 - still having same issue. Rick's suggestion didn't work for me.

            ikedam ikedam
            deepchip Martin d'Anjou
            Votes:
            2 Vote for this issue
            Watchers:
            12 Start watching this issue

              Created:
              Updated:
              Resolved: