Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-65007

Resource not accessible by integration error authenticating with GitHub app with the wrong owner

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • github-branch-source-plugin
    • None
    • GitHub Enterprise 2.22.6
      github-branch-source-plugin 2.10.2 and 8093b3d

      GitHub app authentication working in one organization, when app is installed to a second organization and a job added to Jenkins the repository scanning for that job throws errors

      Error while processing pull request 1
java.io.FileNotFoundException: https://git.example.com/api/v3/repos/SECOND_ORG/EXAMPLE_REPO/collaborators/csanchez/permission
	at org.kohsuke.github.extras.okhttp3.ObsoleteUrlFactory$OkHttpURLConnection.getInputStream(ObsoleteUrlFactory.java:490)
	at org.kohsuke.github.extras.okhttp3.ObsoleteUrlFactory$DelegatingHttpsURLConnection.getInputStream(ObsoleteUrlFactory.java:1204)
	at org.kohsuke.github.GitHubHttpUrlConnectionClient$HttpURLConnectionResponseInfo.bodyStream(GitHubHttpUrlConnectionClient.java:196)
	at org.kohsuke.github.GitHubResponse$ResponseInfo.getBodyAsString(GitHubResponse.java:314)
	at org.kohsuke.github.GitHubResponse.parseBody(GitHubResponse.java:92)
	at org.kohsuke.github.Requester.lambda$fetch$1(Requester.java:76)
	at org.kohsuke.github.GitHubClient.createResponse(GitHubClient.java:455)
	at org.kohsuke.github.GitHubClient.sendRequest(GitHubClient.java:406)
Caused: org.kohsuke.github.GHFileNotFoundException: https://git.example.com/api/v3/repos/SECOND_ORG/EXAMPLE_REPO/collaborators/csanchez/permission {"message":"Resource not accessible by integration","documentation_url":"https://docs.github.com/enterprise/2.22/rest/reference/repos#get-repository-permissions-for-a-user"}
	at org.kohsuke.github.GitHubClient.interpretApiError(GitHubClient.java:486)
	at org.kohsuke.github.GitHubClient.sendRequest(GitHubClient.java:414)
	at org.kohsuke.github.GitHubClient.sendRequest(GitHubClient.java:358)
	at org.kohsuke.github.Requester.fetch(Requester.java:76)
	at org.kohsuke.github.GHRepository.getPermission(GHRepository.java:948)
	at org.jenkinsci.plugins.github_branch_source.GitHubSCMSource$1.fetch(GitHubSCMSource.java:987)
	at org.jenkinsci.plugins.github_branch_source.GitHubSCMSourceRequest.getPermissions(GitHubSCMSourceRequest.java:476)
	at org.jenkinsci.plugins.github_branch_source.ForkPullRequestDiscoveryTrait$TrustPermission.checkTrusted(ForkPullRequestDiscoveryTrait.java:356)
	at org.jenkinsci.plugins.github_branch_source.ForkPullRequestDiscoveryTrait$TrustPermission.checkTrusted(ForkPullRequestDiscoveryTrait.java:339)
	at jenkins.scm.api.trait.SCMHeadAuthority.isTrusted(SCMHeadAuthority.java:101)
	at jenkins.scm.api.trait.SCMSourceRequest.isTrusted(SCMSourceRequest.java:213)
	at org.jenkinsci.plugins.github_branch_source.GitHubSCMSource$4.create(GitHubSCMSource.java:1202)
	at org.jenkinsci.plugins.github_branch_source.GitHubSCMSource$4.create(GitHubSCMSource.java:1196)
	at jenkins.scm.api.trait.SCMSourceRequest.process(SCMSourceRequest.java:339)
	at org.jenkinsci.plugins.github_branch_source.GitHubSCMSource.retrievePullRequest(GitHubSCMSource.java:1192)
	at org.jenkinsci.plugins.github_branch_source.GitHubSCMSource.retrieve(GitHubSCMSource.java:1040)
	at jenkins.scm.api.SCMSource._retrieve(SCMSource.java:373)
	at jenkins.scm.api.SCMSource.fetch(SCMSource.java:283)
	at jenkins.branch.MultiBranchProject.computeChildren(MultiBranchProject.java:641)
	at com.cloudbees.hudson.plugins.folder.computed.ComputedFolder.updateChildren(ComputedFolder.java:278)
	at com.cloudbees.hudson.plugins.folder.computed.FolderComputation.run(FolderComputation.java:165)
	at jenkins.branch.MultiBranchProject$BranchIndexing.run(MultiBranchProject.java:1032)
	at hudson.model.ResourceController.execute(ResourceController.java:97)
	at hudson.model.Executor.run(Executor.java:429)

      What happens is that Jenkins is either using the token cached for a credential that has no owner set, or the owner is set to a different organization.

      In the latter case it is picking the wrong appInstallation here
      https://github.com/jenkinsci/github-branch-source-plugin/blob/b4206a9/src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubAppCredentials.java#L210-L218

            Unassigned Unassigned
            csanchez Carlos Sanchez
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: