Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-63486

Build Executor Status throws error and main view is empty if user has no read permissions to a pipeline job

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Critical
    • Resolution: Duplicate
    • Labels:
    • Environment:
    • Similar Issues:

      Description

      After our latest upgrade, details of the upgrade below:

      Jenkins: 2.239-1.1 → 2.252-1.1
      Plugin updates:
       AnsiColor (ansicolor) 0.7.0 --> 0.7.2 [https://plugins.jenkins.io/ansicolor]
       Artifactory Plugin (artifactory) 3.6.2 --> 3.8.0 [https://plugins.jenkins.io/artifactory]
       Authentication Tokens API Plugin (authentication-tokens) 1.3 --> 1.4 [https://plugins.jenkins.io/authentication-tokens]
       Bitbucket Plugin (bitbucket) 1.1.11 --> 1.1.20 [https://plugins.jenkins.io/bitbucket]
       Branch API Plugin (branch-api) 2.5.6 --> 2.5.9 [https://plugins.jenkins.io/branch-api]
       user build vars plugin (build-user-vars-plugin) 1.5 --> 1.6 [https://plugins.jenkins.io/build-user-vars-plugin]
       Bitbucket Branch Source Plugin (cloudbees-bitbucket-branch-source) 2.8.0 --> 2.9.2 [https://plugins.jenkins.io/cloudbees-bitbucket-branch-source]
       Folders Plugin (cloudbees-folder) 6.13 --> 6.14 [https://plugins.jenkins.io/cloudbees-folder]
       Copy Artifact Plugin (copyartifact) 1.44 --> 1.45.1 [https://plugins.jenkins.io/copyartifact]
       Credentials Plugin (credentials) 2.3.8 --> 2.3.12 [https://plugins.jenkins.io/credentials]
       Dashboard View (dashboard-view) 2.12 --> 2.13 [https://plugins.jenkins.io/dashboard-view]
       Dependency Graph Viewer Plugin (depgraph-view) 1.0.1 --> 1.0.4 [https://plugins.jenkins.io/depgraph-view]
       Display URL API (display-url-api) 2.3.2 --> 2.3.3 [https://plugins.jenkins.io/display-url-api]
       docker-build-step (docker-build-step) 2.4 --> 2.5 [https://plugins.jenkins.io/docker-build-step]
       Docker Commons Plugin (docker-commons) 1.16 --> 1.17 [https://plugins.jenkins.io/docker-commons]
       Docker Pipeline (docker-workflow) 1.23 --> 1.24 [https://plugins.jenkins.io/docker-workflow]
       Email Extension Plugin (email-ext) 2.69 --> 2.75 [https://plugins.jenkins.io/email-ext]
       EZ Templates (ez-templates) 1.3.2 --> 1.3.3 [https://plugins.jenkins.io/ez-templates]
       Git plugin (git) 4.2.2 --> 4.3.0 [https://plugins.jenkins.io/git]
       Git client plugin (git-client) 3.0.0 --> 3.4.1 [https://plugins.jenkins.io/git-client]
       GitHub plugin (github) 1.30.0 --> 1.31.0 [https://plugins.jenkins.io/github]
       GitHub API Plugin (github-api) 1.112.0 --> 1.115 [https://plugins.jenkins.io/github-api]
       GitHub Branch Source Plugin (github-branch-source) 2.8.0 --> 2.8.3 [https://plugins.jenkins.io/github-branch-source]
       HashiCorp Vault Plugin (hashicorp-vault-plugin) 3.4.1 --> 3.6.0 [https://plugins.jenkins.io/hashicorp-vault-plugin]
       Jackson 2 API Plugin (jackson2-api) 2.11.0 --> 2.11.2 [https://plugins.jenkins.io/jackson2-api]
       JaCoCo plugin (jacoco) 3.0.6 --> 3.0.7 [https://plugins.jenkins.io/jacoco]
       Javadoc Plugin (javadoc) 1.5 --> 1.6 [https://plugins.jenkins.io/javadoc]
       Jira plugin (jira) 3.0.18 --> 3.1.1 [https://plugins.jenkins.io/jira]
       JUnit Plugin (junit) 1.29 --> 1.31 [https://plugins.jenkins.io/junit]
       Maven Integration plugin (maven-plugin) 3.6 --> 3.7 [https://plugins.jenkins.io/maven-plugin]
       NodeJS Plugin (nodejs) 1.3.5 --> 1.3.7 [https://plugins.jenkins.io/nodejs]
       Parameterized Trigger plugin (parameterized-trigger) 2.36 --> 2.37 [https://plugins.jenkins.io/parameterized-trigger]
       Performance Plugin (performance) 3.17 --> 3.18 [https://plugins.jenkins.io/performance]
       Pipeline: Build Step (pipeline-build-step) 2.12 --> 2.13 [https://plugins.jenkins.io/pipeline-build-step]
       Pipeline: Model API (pipeline-model-api) 1.7.0 --> 1.7.1 [https://plugins.jenkins.io/pipeline-model-api]
       Pipeline: Declarative (pipeline-model-definition) 1.7.0 --> 1.7.1 [https://plugins.jenkins.io/pipeline-model-definition]
       Pipeline: Declarative Extension Points API (pipeline-model-extensions) 1.7.0 --> 1.7.1 [https://plugins.jenkins.io/pipeline-model-extensions]
       Pipeline: REST API Plugin (pipeline-rest-api) 2.13 --> 2.14 [https://plugins.jenkins.io/pipeline-rest-api]
       Pipeline: Stage Step (pipeline-stage-step) 2.3 --> 2.5 [https://plugins.jenkins.io/pipeline-stage-step]
       Pipeline: Stage Tags Metadata (pipeline-stage-tags-metadata) 1.7.0 --> 1.7.1 [https://plugins.jenkins.io/pipeline-stage-tags-metadata]
       Pipeline: Stage View Plugin (pipeline-stage-view) 2.13 --> 2.14 [https://plugins.jenkins.io/pipeline-stage-view]
       Pipeline Utility Steps (pipeline-utility-steps) 2.6.0 --> 2.6.1 [https://plugins.jenkins.io/pipeline-utility-steps]
       Script Security Plugin (script-security) 1.73 --> 1.74 [https://plugins.jenkins.io/script-security]
       SSH Agent Plugin (ssh-agent) 1.19 --> 1.20 [https://plugins.jenkins.io/ssh-agent]
       Timestamper (timestamper) 1.11.3 --> 1.11.5 [https://plugins.jenkins.io/timestamper]
       View Job Filters (view-job-filters) 2.2 --> 2.3 [https://plugins.jenkins.io/view-job-filters]
       Violation Comments to Bitbucket Server Plugin (violation-comments-to-stash) 1.117 --> 1.121 [https://plugins.jenkins.io/violation-comments-to-stash]
       Pipeline: Groovy (workflow-cps) 2.80 --> 2.82 [https://plugins.jenkins.io/workflow-cps]
       Pipeline: Shared Groovy Libraries (workflow-cps-global-lib) 2.16 --> 2.17 [https://plugins.jenkins.io/workflow-cps-global-lib]
       Pipeline: Nodes and Processes (workflow-durable-task-step) 2.35 --> 2.36 [https://plugins.jenkins.io/workflow-durable-task-step]
       Pipeline: Multibranch (workflow-multibranch) 2.21 --> 2.22 [https://plugins.jenkins.io/workflow-multibranch]
       Pipeline: Supporting APIs (workflow-support) 3.4 --> 3.5 [https://plugins.jenkins.io/workflow-support]

       

      we have an issue with users that do not have read permissions to some folders/jobs. If any job from those jobs where user do not have permissions are running, the main view has only "log in" link (even if the user is logged in), and the Build Executor Status throws an "Oops! A problem occured while processing the request. Logging ID=xxxxx-yyyyy-zzzzz" error, and the dashboard folder list view, which normally is there, is not visible.

      Here is a screen capture of the issue:

      We use Role-Base Strategy for the authorization, and it has been working fine until now. No changes has been made for the configuration of roles and permissions.

      Additional notes/remarks:

      • if there is a freestyle project running, there is "Unknown Task" show in the busy executor. The listing of nodes and executors are OK after this.
      • If there is a Pipeline job running, there is "Unknown Pipeline node step" in the busy executor, and nothing else. The view ends to the first one of these "Unknown Pipeline node step" executors even if there is more nodes and executors normally in the view.
      • If user/group is granted Job/Read permissions in Global roles definitions, the user sees main view dashboard normally and no error is shown in the Build Executor Status view.
      • attached a stack trace from the jenkins.log "jenkins-error.log" as an attachment for this issue

      EDIT 27.8.2020: Downgrading (just) "Pipeline: Nodes and Processes" plugin to previous version 2.35 fixes this issue

        Attachments

          Issue Links

            Activity

            Hide
            simontunnat Simon Tunnat added a comment - - edited

            We have the same issue here on Jenkins Version 2.249.1 (LTS).

            Downgrading the "Pipeline: Nodes and Processes" plugin to version 2.35 fixed the issue for us as well.

            Show
            simontunnat Simon Tunnat added a comment - - edited We have the same issue here on Jenkins Version 2.249.1 (LTS). Downgrading the "Pipeline: Nodes and Processes" plugin to version 2.35 fixed the issue for us as well.
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            Unassigned myself. It is something for Pipeline maintainers to fix

            Show
            oleg_nenashev Oleg Nenashev added a comment - Unassigned myself. It is something for Pipeline maintainers to fix
            Hide
            zohhak Christian Mohr added a comment -

            I think this was introduced with a fix for https://issues.jenkins-ci.org/browse/JENKINS-60389 (commit: https://github.com/jenkinsci/workflow-durable-task-step-plugin/commit/b3886ac08b5123bbe8d09d9d963d722e6adf3af7 )

            Jenkins.getItemByFullName requires read/discover permissions, that not all users have. So if a build is currently running for a Job that you are not allowed to see, it shows the error.

             

            Show
            zohhak Christian Mohr added a comment - I think this was introduced with a fix for  https://issues.jenkins-ci.org/browse/JENKINS-60389 (commit: https://github.com/jenkinsci/workflow-durable-task-step-plugin/commit/b3886ac08b5123bbe8d09d9d963d722e6adf3af7 ) Jenkins.getItemByFullName requires read/discover permissions, that not all users have. So if a build is currently running for a Job that you are not allowed to see, it shows the error.  
            Hide
            ujhelyiz Zoltán Ujhelyi added a comment -

            I can confirm that downgrading "Pipeline: Nodes and Processes" plugin to version 2.35 fixed the issue for us as well.

             

            Furthermore, I agree with Christian Mohr's assessment that the issue is if a build is running a job the current user is not allowed to see is the condition for this issue to occur.

            Show
            ujhelyiz Zoltán Ujhelyi added a comment - I can confirm that downgrading "Pipeline: Nodes and Processes" plugin to version 2.35 fixed the issue for us as well.   Furthermore, I agree with Christian Mohr's assessment that the issue is if a build is running a job the current user is not allowed to see is the condition for this issue to occur.
            Hide
            zohhak Christian Mohr added a comment -

            I think it has already been fixed with: https://issues.jenkins-ci.org/browse/JENKINS-63868

            Can't verify it, as i am running on LTS version.

            Show
            zohhak Christian Mohr added a comment - I think it has already been fixed with: https://issues.jenkins-ci.org/browse/JENKINS-63868 Can't verify it, as i am running on LTS version.

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              ipi_kiiskinen Ipi Kiiskinen
              Votes:
              3 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: