-
Improvement
-
Resolution: Done
-
Minor
-
Jenkins core 1.625.2, plugin version 1.0
Started by user Andrew Bayer Consulting GitHub Organization Connecting to GitHub using abayer/****** (abayer-github) FATAL: Failed to recompute children of Folder Computation java.io.IOException: Server returned HTTP response code: 401 for URL: https://api.github.com/orgs/abayer at sun.reflect.GeneratedConstructorAccessor126.newInstance(Unknown Source) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:422) at sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1889) at sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1884) at java.security.AccessController.doPrivileged(Native Method) at sun.net.www.protocol.http.HttpURLConnection.getChainedException(HttpURLConnection.java:1883) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1456) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254) at org.kohsuke.github.Requester.parse(Requester.java:458) at org.kohsuke.github.Requester._to(Requester.java:227) at org.kohsuke.github.Requester.to(Requester.java:194) at org.kohsuke.github.GitHub.getOrganization(GitHub.java:310) at org.jenkinsci.plugins.github_branch_source.GitHubSCMNavigator.visitSources(GitHubSCMNavigator.java:130) at jenkins.branch.OrganizationFolder.computeChildren(OrganizationFolder.java:124) at com.cloudbees.hudson.plugins.folder.computed.ComputedFolder.updateChildren(ComputedFolder.java:151) at com.cloudbees.hudson.plugins.folder.computed.FolderComputation.run(FolderComputation.java:106) at hudson.model.ResourceController.execute(ResourceController.java:98) at hudson.model.Executor.run(Executor.java:408) Caused by: java.io.IOException: Server returned HTTP response code: 401 for URL: https://api.github.com/orgs/abayer at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1839) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440) at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338) at org.kohsuke.github.Requester.parse(Requester.java:454) ... 9 more Finished: FAILURE
Credentials are valid username/password, put my user in for the owner, default repository scan, etc.
When I change to use an access token for the password, it works, but I can't find anywhere where it says to use a username/access token rather than a username/password.
- depends on
-
JENKINS-33490 RateLimitExceededException not handled well inside iterators
-
- Closed
-
- links to
[JENKINS-31574] GitHub branch source plugin does not document what should be used for creds
We did not get here so it seems like the username of the credentials does not match the GitHub user name. You are supposed to have a username/password credentials item with username set to the GitHub account name, and password set to an access token.
If that is the only problem, this should be downgraded and marked with the diagnostics label to give the user some hint what might be wrong. (Only a hint, since we cannot know whether they meant to type in a user name or an organization name. We might however be able to determine that their credentials do not correspond to an actual user; that could be a form validation warning in the configuration screen.)
Aaaaah, password is an access token, not a password - that's not documented anywhere I could find. Lemme try.
In the configuration screen we should try to connect to the GH API using the supplied credentials. If that fails, display a form validation error. If it succeeds, check that the username matches an account; if not, display a warning (this is not necessarily fatal since the repoOwner might have been a valid organization, in which case GH is probably not going to care what the username was).
So, what's this code for?
I thought it was to process exactly that case: using a username as repo owner with unrelated credentials (other user).
Also makes sense to have the help for the credentials say what form the credentials should be in - right now it just says "Credentials used to scan branches and check out sources", which doesn't exactly make it clear that this shouldn't be GitHub username and password but instead GitHub username and access token.
jglick, amuniz, I know why this happened. I have to improve the form validation (specially, credentials).
As part of this PR (associated to this issue) it has implemented:
- Improve error handling.
- Anonymous (none) is a option valid for Scan Credentials.
- A new Implementation of RateLimitHandler. Used in anonymous connections.
Include these improvements in the changelog
Code changed in jenkins
User: Manuel Recena
Path:
src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMNavigator.java
http://jenkins-ci.org/commit/github-branch-source-plugin/0006bcfaeb7565c1b87362467214d598201bc11d
Log:
JENKINS-31574 Improved validation for Scan Credentials
Code changed in jenkins
User: Manuel Recena
Path:
src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMNavigator.java
http://jenkins-ci.org/commit/github-branch-source-plugin/425820b6032758ca75b9bf29842036a390aa5328
Log:
JENKINS-31574 Scan credentials are verified before to start the scanning process
Code changed in jenkins
User: Manuel Recena
Path:
src/main/java/org/jenkinsci/plugins/github_branch_source/AbstractGitHubSCMSource.java
src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMNavigator.java
http://jenkins-ci.org/commit/github-branch-source-plugin/ffd52fcb8e704b12dcd6137b0e13040e0fded6f5
Log:
JENKINS-31574 Anonymous access is allowed for scan credentials
Code changed in jenkins
User: Manuel Recena
Path:
pom.xml
src/main/java/org/jenkinsci/plugins/github_branch_source/Endpoint.java
http://jenkins-ci.org/commit/github-branch-source-plugin/bd7c1601547625c3a664229552fe0aba5ed593ac
Log:
Merge branch 'master' into JENKINS-31574
Code changed in jenkins
User: Manuel Recena
Path:
src/main/java/org/jenkinsci/plugins/github_branch_source/AbstractGitHubSCMSource.java
src/main/java/org/jenkinsci/plugins/github_branch_source/Connector.java
src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMNavigator.java
src/main/java/org/jenkinsci/plugins/github_branch_source/RateLimitExceededException.java
http://jenkins-ci.org/commit/github-branch-source-plugin/c391fecd90b17055a39be5225e69e48fcdc01624
Log:
JENKINS-31574 A customized RateLimitHandler has been added
Code changed in jenkins
User: Manuel Recena
Path:
src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMNavigator.java
http://jenkins-ci.org/commit/github-branch-source-plugin/b8bdb54e1e7eeaa01941f49703009eb99a3041fe
Log:
JENKINS-31574 Removed catch RateLimitExceededException in an authorized scope
Code changed in jenkins
User: Manuel Recena
Path:
src/main/java/org/jenkinsci/plugins/github_branch_source/Connector.java
http://jenkins-ci.org/commit/github-branch-source-plugin/d9acd2d1320378a674031c6258e54e3c8b9963b8
Log:
JENKINS-31574 @jglick's comment was addressed
Code changed in jenkins
User: Manuel Recena
Path:
src/main/java/org/jenkinsci/plugins/github_branch_source/AbstractGitHubSCMSource.java
src/main/java/org/jenkinsci/plugins/github_branch_source/Connector.java
src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMNavigator.java
src/main/java/org/jenkinsci/plugins/github_branch_source/RateLimitExceededException.java
http://jenkins-ci.org/commit/github-branch-source-plugin/0750599a057f19df0d59a8e0fd8996809aaff847
Log:
Merge pull request #11 from recena/JENKINS-31574
JENKINS-31574 Improved validation for Scan Credentials
Compare: https://github.com/jenkinsci/github-branch-source-plugin/compare/384e7a983e15...0750599a057f
Anonymous (none) is a option valid for Scan Credentials.
I'm not sure this is a good idea, because the GitHub API is severely restricted for anon access as to make this almost useless. It failed for me (github.com/daniel-beck) after just 30 branches in seven repos.
It failed for me (github.com/daniel-beck) after just 30 branches in seven repos.
Well, it would be valid when you configure only one repository to be monitored for branches. Not much requests are required for that. But yes, it's quite limited.
danielbeck, in general, my PoV is always closer of allow than forbid or deny. Said that,
- The UI shows to users: Credentials are recommended
- The behavior when the rate-limit is reached, IMO is well managed. You can see a detailed console output here.
- It can be helpful for small GitHub Organizations or GitHub User Accounts.
- it can be very helpful when you work with Github Enterprise Servers where the number of API requests is not limited.
Looks to be barfing at https://github.com/jenkinsci/github-branch-source-plugin/blob/master/src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMNavigator.java#L130, fwiw.