-
Bug
-
Resolution: Fixed
-
Major
-
Jenkins 1.599
github-oauth plugin 0.20
I'm using the github-oauth plugin for authentication and the Github Commiter Authorization Strategy and I'm unable to use the jenkins-cli with it. Running this command:
java -jar jenkins-cli.jar -s http://localhost:8080 who-am-i --username <username> --password <jenkins-api-token>
results in an error:
"--username" is not a valid option
java -jar jenkins-cli.jar who-am-i
Reports your credential and permissions.
I've also tried ssh key auth with the -i flag but get a similar error about -i being an invalid option.
Is there another way to use jenkins-cli with github auth?
- is related to
-
-
- Resolved
-
[JENKINS-27045] Cannot use jenkins-cli with github oauth plugin
Joshua Hoblitt
added a comment - I have a similar issue with --username but -i is working for me with 1.606.
Joshua Hoblitt
added a comment - I have a similar issue with --username but -i is working for me with 1.606. 
Sam Gleske
added a comment - Jenkins CLI no longer uses --username and --password options. It now only using SSH key authentication. Additionally, github oauth plugin 0.21 now supports using personal access tokens instead of a password for interacting with the Jenkins API. I'm going to close this as resolved.
Sam Gleske
added a comment - Jenkins CLI no longer uses --username and --password options. It now only using SSH key authentication. Additionally, github oauth plugin 0.21 now supports using personal access tokens instead of a password for interacting with the Jenkins API. I'm going to close this as resolved. Sam Gleske
added a comment - See wiki documentation on using the personal access token. https://wiki.jenkins-ci.org/display/JENKINS/Github+OAuth+Plugin
Sam Gleske
added a comment - See wiki documentation on using the personal access token. https://wiki.jenkins-ci.org/display/JENKINS/Github+OAuth+Plugin 
Jens Elkner
added a comment - Unfortunately this droves me crazy:
java -jar ~/tmp/jenkins-cli.jar -noKeyAuth help login ERROR: You must authenticate to access this Jenkins. Use --username/--password/--password-file parameters or login command.
And than
java -jar ~/tmp/jenkins-cli.jar -noKeyAuth login --username foobar ERROR: "--username" is not a valid option java -jar jenkins-cli.jar login Saves the current credential to allow future commands to run without explicit credential information. java -jar ~/tmp/jenkins-cli.jar -noKeyAuth login foobar ERROR: No argument is allowed: foobar java -jar jenkins-cli.jar login Saves the current credential to allow future commands to run without explicit credential information.
So it is awefully misleading and one gets stuck because there is no way to find out, how to get it work.
Jens Elkner
added a comment - Unfortunately this droves me crazy:
java -jar ~/tmp/jenkins-cli.jar -noKeyAuth help login
ERROR: You must authenticate to access this Jenkins.
Use --username/--password/--password-file parameters or login command.
And than
java -jar ~/tmp/jenkins-cli.jar -noKeyAuth login --username foobar
ERROR: "--username" is not a valid option
java -jar jenkins-cli.jar login
Saves the current credential to allow future commands to run without explicit credential information.
java -jar ~/tmp/jenkins-cli.jar -noKeyAuth login foobar
ERROR: No argument is allowed: foobar
java -jar jenkins-cli.jar login
Saves the current credential to allow future commands to run without explicit credential information.
So it is awefully misleading and one gets stuck because there is no way to find out, how to get it work. Jens Elkner
added a comment - BTW: Not sure what 'Jenkins CLI no longer uses --username and --password options' means in this context. At least 2.7 incl. cli works as expected, when oauth gets
{not|un}installed.
Jens Elkner
added a comment - BTW: Not sure what 'Jenkins CLI no longer uses --username and --password options' means in this context. At least 2.7 incl. cli works as expected, when oauth gets
{not|un}
installed. Sam Gleske
added a comment - See my earlier comment.
Jenkins CLI no longer uses --username and --password options. It now only using SSH key authentication. Additionally, github oauth plugin 0.21 now supports using personal access tokens instead of a password for interacting with the Jenkins API.
Sam Gleske
added a comment - See my earlier comment.
Jenkins CLI no longer uses --username and --password options. It now only using SSH key authentication. Additionally, github oauth plugin 0.21 now supports using personal access tokens instead of a password for interacting with the Jenkins API. Jens Elkner
added a comment - Ehmmm, nope. Per default it works w/o any problems:
# java -jar ~/tmp/jenkins-cli.jar -noKeyAuth login --username root Password: # java -jar ~/tmp/jenkins-cli.jar -noKeyAuth help logout java -jar jenkins-cli.jar logout Deletes the credential stored with the login command. # java -jar ~/tmp/jenkins-cli.jar -noKeyAuth logout # java -jar ~/tmp/jenkins-cli.jar -noKeyAuth help logout ERROR: You must authenticate to access this Jenkins. Use --username/--password/--password-file parameters or login command.
Just to make sure, here the complete list of installed plugins:
ls -1 plugins/*.jpi plugins/ace-editor.jpi plugins/analysis-core.jpi plugins/ant.jpi plugins/antisamy-markup-formatter.jpi plugins/branch-api.jpi plugins/build-name-setter.jpi plugins/build-pipeline-plugin.jpi plugins/build-timeout.jpi plugins/checkstyle.jpi plugins/cloudbees-folder.jpi plugins/conditional-buildstep.jpi plugins/credentials-binding.jpi plugins/credentials.jpi plugins/dashboard-view.jpi plugins/durable-task.jpi plugins/email-ext.jpi plugins/emailext-template.jpi plugins/embeddable-build-status.jpi plugins/envinject.jpi plugins/external-monitor-job.jpi plugins/git-client.jpi plugins/git-parameter.jpi plugins/git-server.jpi plugins/git.jpi plugins/github-api.jpi plugins/github-branch-source.jpi plugins/github-organization-folder.jpi plugins/github.jpi plugins/gradle.jpi plugins/handlebars.jpi plugins/htmlpublisher.jpi plugins/icon-shim.jpi plugins/javadoc.jpi plugins/jenkins-multijob-plugin.jpi plugins/jquery-detached.jpi plugins/jquery.jpi plugins/junit.jpi plugins/ldap.jpi plugins/mailer.jpi plugins/matrix-auth.jpi plugins/matrix-project.jpi plugins/maven-plugin.jpi plugins/momentjs.jpi plugins/pam-auth.jpi plugins/parameterized-trigger.jpi plugins/pipeline-build-step.jpi plugins/pipeline-input-step.jpi plugins/pipeline-rest-api.jpi plugins/pipeline-stage-step.jpi plugins/pipeline-stage-view.jpi plugins/plain-credentials.jpi plugins/publish-over-ssh.jpi plugins/rebuild.jpi plugins/role-strategy.jpi plugins/run-condition.jpi plugins/scm-api.jpi plugins/script-security.jpi plugins/ssh-credentials.jpi plugins/structs.jpi plugins/throttle-concurrents.jpi plugins/timestamper.jpi plugins/token-macro.jpi plugins/windows-slaves.jpi plugins/workflow-aggregator.jpi plugins/workflow-api.jpi plugins/workflow-basic-steps.jpi plugins/workflow-cps-global-lib.jpi plugins/workflow-cps.jpi plugins/workflow-durable-task-step.jpi plugins/workflow-job.jpi plugins/workflow-multibranch.jpi plugins/workflow-scm-step.jpi plugins/workflow-step-api.jpi plugins/workflow-support.jpi plugins/ws-cleanup.jpi
If you need more information/configuration, please let me know.
Jens Elkner
added a comment - Ehmmm, nope. Per default it works w/o any problems:
# java -jar ~/tmp/jenkins-cli.jar -noKeyAuth login --username root
Password:
# java -jar ~/tmp/jenkins-cli.jar -noKeyAuth help logout
java -jar jenkins-cli.jar logout
Deletes the credential stored with the login command.
# java -jar ~/tmp/jenkins-cli.jar -noKeyAuth logout
# java -jar ~/tmp/jenkins-cli.jar -noKeyAuth help logout
ERROR: You must authenticate to access this Jenkins.
Use --username/--password/--password-file parameters or login command.
Just to make sure, here the complete list of installed plugins:
ls -1 plugins/*.jpi
plugins/ace-editor.jpi
plugins/analysis-core.jpi
plugins/ant.jpi
plugins/antisamy-markup-formatter.jpi
plugins/branch-api.jpi
plugins/build-name-setter.jpi
plugins/build-pipeline-plugin.jpi
plugins/build-timeout.jpi
plugins/checkstyle.jpi
plugins/cloudbees-folder.jpi
plugins/conditional-buildstep.jpi
plugins/credentials-binding.jpi
plugins/credentials.jpi
plugins/dashboard-view.jpi
plugins/durable-task.jpi
plugins/email-ext.jpi
plugins/emailext-template.jpi
plugins/embeddable-build-status.jpi
plugins/envinject.jpi
plugins/external-monitor-job.jpi
plugins/git-client.jpi
plugins/git-parameter.jpi
plugins/git-server.jpi
plugins/git.jpi
plugins/github-api.jpi
plugins/github-branch-source.jpi
plugins/github-organization-folder.jpi
plugins/github.jpi
plugins/gradle.jpi
plugins/handlebars.jpi
plugins/htmlpublisher.jpi
plugins/icon-shim.jpi
plugins/javadoc.jpi
plugins/jenkins-multijob-plugin.jpi
plugins/jquery-detached.jpi
plugins/jquery.jpi
plugins/junit.jpi
plugins/ldap.jpi
plugins/mailer.jpi
plugins/matrix-auth.jpi
plugins/matrix-project.jpi
plugins/maven-plugin.jpi
plugins/momentjs.jpi
plugins/pam-auth.jpi
plugins/parameterized-trigger.jpi
plugins/pipeline-build-step.jpi
plugins/pipeline-input-step.jpi
plugins/pipeline-rest-api.jpi
plugins/pipeline-stage-step.jpi
plugins/pipeline-stage-view.jpi
plugins/plain-credentials.jpi
plugins/publish-over-ssh.jpi
plugins/rebuild.jpi
plugins/role-strategy.jpi
plugins/run-condition.jpi
plugins/scm-api.jpi
plugins/script-security.jpi
plugins/ssh-credentials.jpi
plugins/structs.jpi
plugins/throttle-concurrents.jpi
plugins/timestamper.jpi
plugins/token-macro.jpi
plugins/windows-slaves.jpi
plugins/workflow-aggregator.jpi
plugins/workflow-api.jpi
plugins/workflow-basic-steps.jpi
plugins/workflow-cps-global-lib.jpi
plugins/workflow-cps.jpi
plugins/workflow-durable-task-step.jpi
plugins/workflow-job.jpi
plugins/workflow-multibranch.jpi
plugins/workflow-scm-step.jpi
plugins/workflow-step-api.jpi
plugins/workflow-support.jpi
plugins/ws-cleanup.jpi
If you need more information/configuration, please let me know. Thanks for your diligence. Contributions are welcome for a fix. I don't do much development. As a maintainer, I just peer review, merge pull requests, and perform releases.
Sam Gleske
added a comment - - edited Thanks for your diligence. Contributions are welcome for a fix. I don't do much development. As a maintainer, I just peer review, merge pull requests, and perform releases. Sam Gleske
added a comment - What version of Jenkins and plugins?
From the script console,
def j = Jenkins.instance println "Jenkins ${j.version}\n\nPlugins:" j.pluginManager.plugins.each { println " ${it.shortName}/${it.version}" } null
Sam Gleske
added a comment - What version of Jenkins and plugins?
From the script console,
def j = Jenkins.instance
println "Jenkins ${j.version}\n\nPlugins:"
j.pluginManager.plugins.each {
println " ${it.shortName}/${it.version}"
}
null
Jens Elkner
added a comment - Result Jenkins 2.7 Plugins: cloudbees-folder/5.11 junit/1.13 script-security/1.19 matrix-project/1.7 antisamy-markup-formatter/1.3 pam-auth/1.2 windows-slaves/1.1 mailer/1.17 ldap/1.12 token-macro/1.12.1 icon-shim/2.0.3 matrix-auth/1.4 external-monitor-job/1.4 build-timeout/1.16 credentials/2.0.7 structs/1.1 workflow-step-api/2.1 plain-credentials/1.2 credentials-binding/1.7 timestamper/1.8.2 ws-cleanup/0.29 ant/1.3 gradle/1.24 jquery-detached/1.2.1 durable-task/1.10 workflow-api/2.0 workflow-support/2.0 workflow-job/2.2 pipeline-rest-api/1.4 handlebars/1.1.1 momentjs/1.1.1 pipeline-stage-view/1.4 pipeline-build-step/2.1 ace-editor/1.1 workflow-scm-step/2.0 scm-api/1.2 workflow-cps/2.4 ssh-credentials/1.12 git-client/1.19.6 git-server/1.6 workflow-cps-global-lib/2.0 branch-api/1.9 workflow-multibranch/2.5 workflow-durable-task-step/2.0 pipeline-input-step/2.0 pipeline-stage-step/2.1 workflow-basic-steps/2.0 workflow-aggregator/2.1 javadoc/1.3 github-api/1.75 git/2.4.4 github/1.19.1 github-branch-source/1.7 github-organization-folder/1.3 email-ext/2.42 maven-plugin/2.13 dashboard-view/2.9.9 build-name-setter/1.6.5 embeddable-build-status/1.9 rebuild/1.25 throttle-concurrents/1.9.0 analysis-core/1.77 checkstyle/3.46 htmlpublisher/1.11 parameterized-trigger/2.30 jquery/1.11.2-0 build-pipeline-plugin/1.5.3.1 run-condition/1.0 conditional-buildstep/1.3.3 envinject/1.92.1 jenkins-multijob-plugin/1.21 git-parameter/0.5.1 role-strategy/2.2.0 emailext-template/0.4 publish-over-ssh/1.14
Jens Elkner
added a comment -
Result
Jenkins 2.7
Plugins:
cloudbees-folder/5.11
junit/1.13
script-security/1.19
matrix-project/1.7
antisamy-markup-formatter/1.3
pam-auth/1.2
windows-slaves/1.1
mailer/1.17
ldap/1.12
token-macro/1.12.1
icon-shim/2.0.3
matrix-auth/1.4
external-monitor-job/1.4
build-timeout/1.16
credentials/2.0.7
structs/1.1
workflow-step-api/2.1
plain-credentials/1.2
credentials-binding/1.7
timestamper/1.8.2
ws-cleanup/0.29
ant/1.3
gradle/1.24
jquery-detached/1.2.1
durable-task/1.10
workflow-api/2.0
workflow-support/2.0
workflow-job/2.2
pipeline-rest-api/1.4
handlebars/1.1.1
momentjs/1.1.1
pipeline-stage-view/1.4
pipeline-build-step/2.1
ace-editor/1.1
workflow-scm-step/2.0
scm-api/1.2
workflow-cps/2.4
ssh-credentials/1.12
git-client/1.19.6
git-server/1.6
workflow-cps-global-lib/2.0
branch-api/1.9
workflow-multibranch/2.5
workflow-durable-task-step/2.0
pipeline-input-step/2.0
pipeline-stage-step/2.1
workflow-basic-steps/2.0
workflow-aggregator/2.1
javadoc/1.3
github-api/1.75
git/2.4.4
github/1.19.1
github-branch-source/1.7
github-organization-folder/1.3
email-ext/2.42
maven-plugin/2.13
dashboard-view/2.9.9
build-name-setter/1.6.5
embeddable-build-status/1.9
rebuild/1.25
throttle-concurrents/1.9.0
analysis-core/1.77
checkstyle/3.46
htmlpublisher/1.11
parameterized-trigger/2.30
jquery/1.11.2-0
build-pipeline-plugin/1.5.3.1
run-condition/1.0
conditional-buildstep/1.3.3
envinject/1.92.1
jenkins-multijob-plugin/1.21
git-parameter/0.5.1
role-strategy/2.2.0
emailext-template/0.4
publish-over-ssh/1.14
Code changed in jenkins
User: Sam Gleske
Path:
src/main/java/org/jenkinsci/plugins/GithubSecurityRealm.java
http://jenkins-ci.org/commit/github-oauth-plugin/86e2f7315eb7f53f3a8b467b035a39d27f49c424
Log:
JENKINS-27045 Jenkins CLI -username/-password
options.
Here's an example:
java -jar jenkins-cli.jar -s http://localhost:8080 -noKeyAuth who-am-i \
--username samrocketman --password-file ./personal-access-token
Unfortunately, Jenkins core prevents Jenkins CLI LoginCommand from
working correctly because it only stores the Username and mishandles
creating the authentication token. This is a [bug in core][1].
Code changed in jenkins
User: Sam Gleske
Path:
src/main/java/org/jenkinsci/plugins/GithubSecurityRealm.java
http://jenkins-ci.org/commit/github-oauth-plugin/b751298fe57873592d6ded8eda0eb6098c4bccd4
Log:
JENKINS-27045 Jenkins CLI -username/-password
options.
Here's an example:
java -jar jenkins-cli.jar -s http://localhost:8080 -noKeyAuth who-am-i \
--username samrocketman --password-file ./personal-access-token
Unfortunately, Jenkins core prevents Jenkins CLI LoginCommand from
working correctly because it only stores the Username and mishandles
creating the authentication token. This is a [bug in core][1].
Sam Gleske
added a comment - After much research, it's not currently possible to use the Jenkins API Token because it can't authenticate with GitHub in order to get authorities (like organizations a user belongs). However, it is possible to use a GitHub Personal Access Token instead of a Jenkins API Token. That means the command looks like:
java -jar jenkins-cli.jar -s http://localhost:8080 who-am-i --username <github-username> --password <github-api-token>
Sam Gleske
added a comment - After much research, it's not currently possible to use the Jenkins API Token because it can't authenticate with GitHub in order to get authorities (like organizations a user belongs). However, it is possible to use a GitHub Personal Access Token instead of a Jenkins API Token. That means the command looks like:
java -jar jenkins-cli.jar -s http://localhost:8080 who-am-i --username <github-username> --password <github-api-token>
https://github.com/jenkinsci/github-oauth-plugin/pull/77 Code changed in jenkins
User: Sam Gleske
Path:
src/main/java/org/jenkinsci/plugins/GithubSecurityRealm.java
http://jenkins-ci.org/commit/github-oauth-plugin/d9f6ee0771dab210b9c88865e6c74cc5de58679e
Log:
JENKINS-27045 Jenkins CLI -username/-password
options.
Here's an example:
java -jar jenkins-cli.jar -s http://localhost:8080 -noKeyAuth who-am-i \
--username samrocketman --password-file ./personal-access-token
Unfortunately, Jenkins core prevents Jenkins CLI LoginCommand from
working correctly because it only stores the Username and mishandles
creating the authentication token. This is a [bug in core][1].
Code changed in jenkins
User: Sam Gleske
Path:
.mvn/jvm.config
src/main/java/org/jenkinsci/plugins/GithubSecurityRealm.java
src/test/java/org/jenkinsci/plugins/GithubSecurityRealmTest.java
http://jenkins-ci.org/commit/github-oauth-plugin/3f64c19adf34802b989717e7c73068959d2c1f74
Log:
JENKINS-27045 Jenkins CLI -username/-password
options.
Here's an example:
java -jar jenkins-cli.jar -s http://localhost:8080 -noKeyAuth who-am-i \
--username samrocketman --password-file ./personal-access-token
Unfortunately, Jenkins core prevents Jenkins CLI LoginCommand from
working correctly because it only stores the Username and mishandles
creating the authentication token. This is a [bug in core][1].
Code changed in jenkins
User: Sam Gleske
Path:
src/main/java/org/jenkinsci/plugins/GithubSecurityRealm.java
http://jenkins-ci.org/commit/github-oauth-plugin/d5eb51c87f5d9fd71e0ae9093495328a751a081d
Log:
JENKINS-27045 Jenkins CLI -username/-password
options.
Here's an example:
java -jar jenkins-cli.jar -s http://localhost:8080 -noKeyAuth who-am-i \
--username samrocketman --password-file ./personal-access-token
Unfortunately, Jenkins core prevents Jenkins CLI LoginCommand from
working correctly because it only stores the Username and mishandles
creating the authentication token. This is a [bug in core][1].
Code changed in jenkins
User: Sam Gleske
Path:
.mvn/jvm.config
LICENSE.txt
src/main/java/org/jenkinsci/plugins/GithubSecurityRealm.java
src/test/java/org/jenkinsci/plugins/GithubSecurityRealmTest.java
http://jenkins-ci.org/commit/github-oauth-plugin/3eeba9ca2e24d00a2f6677a44c41c9527df0b9b1
Log:
Merge pull request #77 from jenkinsci/jenkins-cli-token
JENKINS-27045 Jenkins CLI -username/-password options
Compare: https://github.com/jenkinsci/github-oauth-plugin/compare/120f8ec9a7a5...3eeba9ca2e24
Joshua Hoblitt
added a comment - What version of the core is needed to test this? Sam Gleske
added a comment - Sam Gleske
added a comment - jhoblitt https://github.com/jenkinsci/github-oauth-plugin/blob/github-oauth-0.25/pom.xml#L16-L17 Sam Gleske
added a comment - Resolved by https://github.com/jenkinsci/github-oauth-plugin/pull/77 FTR this is no longer working since 2.165 and https://github.com/jenkinsci/jenkins/pull/3838 (removing of remoting for CLI)
You ought to be able to use -auth with an API token.
https://github.com/jenkinsci/github-oauth-plugin/pull/119 deletes the obsolete CliAuthenticator implementation.
This seems to be the case when using the google-login-plugin as well, not just limited to the github plugin.