-
Bug
-
Resolution: Unresolved
-
Major
-
Jenkins 2.19.4 + pipeline 2.4 + Gerrit trigger 2.23.0
Repro steps:
- Create a pipeline job with dynamic trigger being configured. The trigger configuration file is stored locally, so its URL is something like
"file:///var/lib/jenkins/jobs/some-jenkins-job/lastSuccessful/archive/trigger_config.txt" - Push a gerrit code review which is supposed to trigger the pipeline job as its project and branch is specified in the dynamic configuration text file.
Expected outcome:
The pipeline job is triggered to start.
Actual outcome:
The pipeline job is NOT triggered to start.
Workaround:
If the anonymous users is granted the "Overall Read" and "Job Read" rights as shown in the attached picture, the pipeline job is triggered to start as expected.
If you need any other information or logs, please let me know.
[JENKINS-40708] Gerrit trigger needs the read access rights for anonymous users to retrieve the dynamic trigger configuration.
Alon Bar-Lev
added a comment - The anonymous users should be restricted in some cases so no permissions will be granted. The plugin should act under a specific user or even admin and not anonymous. Please fix, I had to add a permission to anonymous and expose my jobs.
Thanks!
Alon Bar-Lev
added a comment - The anonymous users should be restricted in some cases so no permissions will be granted. The plugin should act under a specific user or even admin and not anonymous. Please fix, I had to add a permission to anonymous and expose my jobs.
Thanks!
Correct the workaround:
We only need to grant the anonymous users the "Job Read" rights and don't need to grant them the "Overall Read" rights.