-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
tfs-plugin 5.126.0, Jenkins 2.89.4, Oracle JDK 1.8.0_144-b01/amd64, Windows Server 2008 R2/amd64
After job (which uses TFS plugin) completion we see following errors in jenkins.err.log:
[timestamp omitted] hudson.plugins.tfs.JenkinsEventNotifier getApiJson
WARNING: ERROR: getApiJson: (url=job/ZZPILPXI-SWRelayCount-Tests-Run-LinuxARM/63/) failed due to Http error #403
Fortunately these errors seems to be harmless to us.
Possible cause
We have configured Jenkins Security to "Logged-in users can do anything" mode without "Allow anonymous read access" (so user must be logged-in to access anything in Jenkins).
It seems that the getApiJson is calling Jenkins without needed authentication info in such case.
[JENKINS-49833] getApiJson: (url=...) failed due to Http error #403
Martin Payne
added a comment - I'm experiencing the same issue. This happens when Jenkins tries to post the build status back to TFS, and means it's not possible to possible to have the build status of a commit or PR show in TFS unless anonymous read access is granted.
Martin Payne
added a comment - I'm experiencing the same issue. This happens when Jenkins tries to post the build status back to TFS, and means it's not possible to possible to have the build status of a commit or PR show in TFS unless anonymous read access is granted. I am also getting these errors in the log but I have noticed that pages in Jenkins are not updating themselves with changes (such as job state) when watching Jenkins pages. These errors are logged when the job finishes (I can tell by watching the job console output and tail-ing the jenkins.err.log at the same time).
This causes confusion for those who are watching the jobs to see when they are done in order to use their build artifacts.
Brian M
added a comment - - edited I am also getting these errors in the log but I have noticed that pages in Jenkins are not updating themselves with changes (such as job state) when watching Jenkins pages. These errors are logged when the job finishes (I can tell by watching the job console output and tail-ing the jenkins.err.log at the same time).
This causes confusion for those who are watching the jobs to see when they are done in order to use their build artifacts. 
Keith Sturkie
added a comment - I am having the same issue as well. For the anonymous access, is that on the Jenkins side or the TFS side?
Keith Sturkie
added a comment - I am having the same issue as well. For the anonymous access, is that on the Jenkins side or the TFS side? I agree with hpaluch_pil, this is Jenkins calling Jenkins which gets 403 because we require authenticated users. Job status is updated so not really sure what this request is doing. We first saw this as a deny on our f/w but once we opened that up we see the 403.
Ian Williams
added a comment - redsolo is no longer maintaining plugin; unassigned issues 
Little more detail from Jenkins master's access log:
[ip/date omitted] "GET /job/TfsPluginBugTrigger/2/api/json HTTP/1.1" 403 883 "-" "Jenkins-Self"
(Job name changed but it does not matter.)