-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
Jenkins version : 2.174
Role-based Authorization Strategy version : 2.10
---
Jenkins: 2.332.3
Folder-based Authorization Strategy: 1.4
Folders: 6.722.v8165b_a_cf25e9
I am using Role Based Strategy to manage user permission.
I have an account under group A. I give this group Admin permission. When I call rest API with user API token Jenkins rejects the request with 403 Forbidden Error. If I add this user directly to the global roles and grant appropriate permission, it works.
It seems API authorization doesn't work with Group. Any idea on this?
- relates to
-
JENKINS-61785 REST API requires Job/Build permission
-
- Open
-
More details:
I added this to JENKINS_OPS in my jenkins.sh (I'm running in k8s via docker):
jenkins_opts_array=('-Dhudson.security.csrf.CrumbFilter.UNPROCESSED_PATHINFO=true')
^ per: https://jenkins.io/doc/upgrade-guide/2.204/#upgrading-to-jenkins-lts-2-204-6
I then generated a new token for my user, and set up my Github repo webhook as follows:
url: https://dev-jenkins.url.gov/job/testjob/build
secret: <user-token> (with admin/owner perms)
application/json
Then click apply and then click the test button from github. 403.
I have also enabled and disabled the Enable proxy compatibility CSRF checkbox in Global Security.
Note my testing is done in a sandbox, but the issue is impacting my production jenkins as well. I'd prefer not to roll back if possible.
There are also these items in the 2.204.6 upgrade doc:
These are not options in the UI in 2.222.1