Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-43767

Can't use declarative-linter remotely when using GitHub Authentication

XMLWordPrintable

      When using the GitHub Authentication plugin (which doesn't cache credentials) I'm unable to configure permission in such a way to allow users to run the `declarative-linter`.

      Via ssh ... declarative-linter the error message is ERROR: joecool is missing the N/A/GenericRead permission

      The jenkins-cli jar error is ERROR: Bad Credentials. Search the server log for <long-string> for more details.

      From the logs:

      Apr 21, 2017 7:56:19 AM hudson.cli.CLICommand main
INFO: CLI login attempt failed: <long-string>
hudson.security.UserMayOrMayNotExistException: Unexpected authentication type: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@43274a68: Username: joecool; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: authenticated
 at org.jenkinsci.plugins.GithubSecurityRealm.loadUserByUsername(GithubSecurityRealm.java:577)
 at hudson.cli.ClientAuthenticationCache.set(ClientAuthenticationCache.java:94)
 at hudson.cli.LoginCommand.run(LoginCommand.java:37)
 at hudson.cli.CLICommand.main(CLICommand.java:265)
 at hudson.cli.CliManagerImpl.main(CliManagerImpl.java:93)
 at sun.reflect.GeneratedMethodAccessor3429.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:498)
 at hudson.remoting.RemoteInvocationHandler$RPCRequest.perform(RemoteInvocationHandler.java:895)
 at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:870)
 at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:829)
 at hudson.remoting.UserRequest.perform(UserRequest.java:153)
 at hudson.remoting.UserRequest.perform(UserRequest.java:50)
 at hudson.remoting.Request$2.run(Request.java:336)
 at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68)
 at hudson.cli.CliManagerImpl$1.call(CliManagerImpl.java:64)
 at hudson.remoting.CallableDecoratorAdapter.call(CallableDecoratorAdapter.java:18)
 at hudson.remoting.CallableDecoratorList$1.call(CallableDecoratorList.java:21)
 at jenkins.util.ContextResettingExecutorService$2.call(ContextResettingExecutorService.java:46)
 at java.util.concurrent.FutureTask.run(FutureTask.java:266)
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
 at java.lang.Thread.run(Thread.java:745)

      Both Anonymous and authenticated users have "Overall" "Read" permissions.

      I understand it doesn't cache credentials, so it can't figure out if joecool is in a specific GitHub Org or Org*Team; but I would expect permissions granted to Anonymous or authenticated would work.

            sag47 Sam Gleske
            docwhat Christian Höltje
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: