Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-31574

GitHub branch source plugin does not document what should be used for creds

    Details

    • Similar Issues:

      Description

      Started by user Andrew Bayer
      Consulting GitHub Organization
      Connecting to GitHub using abayer/****** (abayer-github)
      FATAL: Failed to recompute children of Folder Computation
      java.io.IOException: Server returned HTTP response code: 401 for URL: https://api.github.com/orgs/abayer
      	at sun.reflect.GeneratedConstructorAccessor126.newInstance(Unknown Source)
      	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
      	at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
      	at sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1889)
      	at sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1884)
      	at java.security.AccessController.doPrivileged(Native Method)
      	at sun.net.www.protocol.http.HttpURLConnection.getChainedException(HttpURLConnection.java:1883)
      	at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1456)
      	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440)
      	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
      	at org.kohsuke.github.Requester.parse(Requester.java:458)
      	at org.kohsuke.github.Requester._to(Requester.java:227)
      	at org.kohsuke.github.Requester.to(Requester.java:194)
      	at org.kohsuke.github.GitHub.getOrganization(GitHub.java:310)
      	at org.jenkinsci.plugins.github_branch_source.GitHubSCMNavigator.visitSources(GitHubSCMNavigator.java:130)
      	at jenkins.branch.OrganizationFolder.computeChildren(OrganizationFolder.java:124)
      	at com.cloudbees.hudson.plugins.folder.computed.ComputedFolder.updateChildren(ComputedFolder.java:151)
      	at com.cloudbees.hudson.plugins.folder.computed.FolderComputation.run(FolderComputation.java:106)
      	at hudson.model.ResourceController.execute(ResourceController.java:98)
      	at hudson.model.Executor.run(Executor.java:408)
      Caused by: java.io.IOException: Server returned HTTP response code: 401 for URL: https://api.github.com/orgs/abayer
      	at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1839)
      	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440)
      	at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
      	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
      	at org.kohsuke.github.Requester.parse(Requester.java:454)
      	... 9 more
      Finished: FAILURE
      

      Credentials are valid username/password, put my user in for the owner, default repository scan, etc.

      When I change to use an access token for the password, it works, but I can't find anywhere where it says to use a username/access token rather than a username/password.

        Attachments

          Issue Links

            Activity

            Show
            abayer Andrew Bayer added a comment - Looks to be barfing at https://github.com/jenkinsci/github-branch-source-plugin/blob/master/src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMNavigator.java#L130 , fwiw.
            Hide
            jglick Jesse Glick added a comment - - edited

            We did not get here so it seems like the username of the credentials does not match the GitHub user name. You are supposed to have a username/password credentials item with username set to the GitHub account name, and password set to an access token.

            If that is the only problem, this should be downgraded and marked with the diagnostics label to give the user some hint what might be wrong. (Only a hint, since we cannot know whether they meant to type in a user name or an organization name. We might however be able to determine that their credentials do not correspond to an actual user; that could be a form validation warning in the configuration screen.)

            Show
            jglick Jesse Glick added a comment - - edited We did not get here so it seems like the username of the credentials does not match the GitHub user name. You are supposed to have a username/password credentials item with username set to the GitHub account name, and password set to an access token. If that is the only problem, this should be downgraded and marked with the diagnostics label to give the user some hint what might be wrong. (Only a hint, since we cannot know whether they meant to type in a user name or an organization name. We might however be able to determine that their credentials do not correspond to an actual user; that could be a form validation warning in the configuration screen.)
            Hide
            abayer Andrew Bayer added a comment -

            Aaaaah, password is an access token, not a password - that's not documented anywhere I could find. Lemme try.

            Show
            abayer Andrew Bayer added a comment - Aaaaah, password is an access token, not a password - that's not documented anywhere I could find. Lemme try.
            Hide
            abayer Andrew Bayer added a comment -

            Yup, that did it - rewording JIRA.

            Show
            abayer Andrew Bayer added a comment - Yup, that did it - rewording JIRA.
            Hide
            jglick Jesse Glick added a comment -

            In the configuration screen we should try to connect to the GH API using the supplied credentials. If that fails, display a form validation error. If it succeeds, check that the username matches an account; if not, display a warning (this is not necessarily fatal since the repoOwner might have been a valid organization, in which case GH is probably not going to care what the username was).

            Show
            jglick Jesse Glick added a comment - In the configuration screen we should try to connect to the GH API using the supplied credentials. If that fails, display a form validation error. If it succeeds, check that the username matches an account; if not, display a warning (this is not necessarily fatal since the repoOwner might have been a valid organization, in which case GH is probably not going to care what the username was).
            Hide
            amuniz Antonio Muñiz added a comment - - edited

            So, what's this code for?

            I thought it was to process exactly that case: using a username as repo owner with unrelated credentials (other user).

            Show
            amuniz Antonio Muñiz added a comment - - edited So, what's this code for? I thought it was to process exactly that case: using a username as repo owner with unrelated credentials (other user).
            Hide
            abayer Andrew Bayer added a comment -

            Also makes sense to have the help for the credentials say what form the credentials should be in - right now it just says "Credentials used to scan branches and check out sources", which doesn't exactly make it clear that this shouldn't be GitHub username and password but instead GitHub username and access token.

            Show
            abayer Andrew Bayer added a comment - Also makes sense to have the help for the credentials say what form the credentials should be in - right now it just says "Credentials used to scan branches and check out sources", which doesn't exactly make it clear that this shouldn't be GitHub username and password but instead GitHub username and access token.
            Hide
            recena Manuel Recena Soto added a comment -

            Andrew Bayer I'll jump here as soon as possible.

            Show
            recena Manuel Recena Soto added a comment - Andrew Bayer I'll jump here as soon as possible.
            Hide
            jglick Jesse Glick added a comment -

            Antonio Muñiz true, that use case should work too.

            Show
            jglick Jesse Glick added a comment - Antonio Muñiz true, that use case should work too.
            Hide
            recena Manuel Recena Soto added a comment -

            Jesse Glick, Antonio Muñiz, I know why this happened. I have to improve the form validation (specially, credentials).

            Show
            recena Manuel Recena Soto added a comment - Jesse Glick , Antonio Muñiz , I know why this happened. I have to improve the form validation (specially, credentials).
            Hide
            recena Manuel Recena Soto added a comment -

            As part of this PR (associated to this issue) it has implemented:

            1. Improve error handling.
            2. Anonymous (none) is a option valid for Scan Credentials.
            3. A new Implementation of RateLimitHandler. Used in anonymous connections.

            Include these improvements in the changelog

            Show
            recena Manuel Recena Soto added a comment - As part of this PR (associated to this issue) it has implemented: Improve error handling. Anonymous (none) is a option valid for Scan Credentials. A new Implementation of RateLimitHandler . Used in anonymous connections. Include these improvements in the changelog
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Manuel Recena
            Path:
            src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMNavigator.java
            http://jenkins-ci.org/commit/github-branch-source-plugin/0006bcfaeb7565c1b87362467214d598201bc11d
            Log:
            JENKINS-31574 Improved validation for Scan Credentials

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Manuel Recena Path: src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMNavigator.java http://jenkins-ci.org/commit/github-branch-source-plugin/0006bcfaeb7565c1b87362467214d598201bc11d Log: JENKINS-31574 Improved validation for Scan Credentials
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Manuel Recena
            Path:
            src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMNavigator.java
            http://jenkins-ci.org/commit/github-branch-source-plugin/425820b6032758ca75b9bf29842036a390aa5328
            Log:
            JENKINS-31574 Scan credentials are verified before to start the scanning process

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Manuel Recena Path: src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMNavigator.java http://jenkins-ci.org/commit/github-branch-source-plugin/425820b6032758ca75b9bf29842036a390aa5328 Log: JENKINS-31574 Scan credentials are verified before to start the scanning process
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Manuel Recena
            Path:
            src/main/java/org/jenkinsci/plugins/github_branch_source/AbstractGitHubSCMSource.java
            src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMNavigator.java
            http://jenkins-ci.org/commit/github-branch-source-plugin/ffd52fcb8e704b12dcd6137b0e13040e0fded6f5
            Log:
            JENKINS-31574 Anonymous access is allowed for scan credentials

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Manuel Recena Path: src/main/java/org/jenkinsci/plugins/github_branch_source/AbstractGitHubSCMSource.java src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMNavigator.java http://jenkins-ci.org/commit/github-branch-source-plugin/ffd52fcb8e704b12dcd6137b0e13040e0fded6f5 Log: JENKINS-31574 Anonymous access is allowed for scan credentials
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Manuel Recena
            Path:
            pom.xml
            src/main/java/org/jenkinsci/plugins/github_branch_source/Endpoint.java
            http://jenkins-ci.org/commit/github-branch-source-plugin/bd7c1601547625c3a664229552fe0aba5ed593ac
            Log:
            Merge branch 'master' into JENKINS-31574

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Manuel Recena Path: pom.xml src/main/java/org/jenkinsci/plugins/github_branch_source/Endpoint.java http://jenkins-ci.org/commit/github-branch-source-plugin/bd7c1601547625c3a664229552fe0aba5ed593ac Log: Merge branch 'master' into JENKINS-31574
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Manuel Recena
            Path:
            src/main/java/org/jenkinsci/plugins/github_branch_source/AbstractGitHubSCMSource.java
            src/main/java/org/jenkinsci/plugins/github_branch_source/Connector.java
            src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMNavigator.java
            src/main/java/org/jenkinsci/plugins/github_branch_source/RateLimitExceededException.java
            http://jenkins-ci.org/commit/github-branch-source-plugin/c391fecd90b17055a39be5225e69e48fcdc01624
            Log:
            JENKINS-31574 A customized RateLimitHandler has been added

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Manuel Recena Path: src/main/java/org/jenkinsci/plugins/github_branch_source/AbstractGitHubSCMSource.java src/main/java/org/jenkinsci/plugins/github_branch_source/Connector.java src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMNavigator.java src/main/java/org/jenkinsci/plugins/github_branch_source/RateLimitExceededException.java http://jenkins-ci.org/commit/github-branch-source-plugin/c391fecd90b17055a39be5225e69e48fcdc01624 Log: JENKINS-31574 A customized RateLimitHandler has been added
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Manuel Recena
            Path:
            src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMNavigator.java
            http://jenkins-ci.org/commit/github-branch-source-plugin/b8bdb54e1e7eeaa01941f49703009eb99a3041fe
            Log:
            JENKINS-31574 Removed catch RateLimitExceededException in an authorized scope

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Manuel Recena Path: src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMNavigator.java http://jenkins-ci.org/commit/github-branch-source-plugin/b8bdb54e1e7eeaa01941f49703009eb99a3041fe Log: JENKINS-31574 Removed catch RateLimitExceededException in an authorized scope
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Manuel Recena
            Path:
            src/main/java/org/jenkinsci/plugins/github_branch_source/Connector.java
            http://jenkins-ci.org/commit/github-branch-source-plugin/d9acd2d1320378a674031c6258e54e3c8b9963b8
            Log:
            JENKINS-31574 @jglick's comment was addressed

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Manuel Recena Path: src/main/java/org/jenkinsci/plugins/github_branch_source/Connector.java http://jenkins-ci.org/commit/github-branch-source-plugin/d9acd2d1320378a674031c6258e54e3c8b9963b8 Log: JENKINS-31574 @jglick's comment was addressed
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Manuel Recena
            Path:
            src/main/java/org/jenkinsci/plugins/github_branch_source/AbstractGitHubSCMSource.java
            src/main/java/org/jenkinsci/plugins/github_branch_source/Connector.java
            src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMNavigator.java
            src/main/java/org/jenkinsci/plugins/github_branch_source/RateLimitExceededException.java
            http://jenkins-ci.org/commit/github-branch-source-plugin/0750599a057f19df0d59a8e0fd8996809aaff847
            Log:
            Merge pull request #11 from recena/JENKINS-31574

            JENKINS-31574 Improved validation for Scan Credentials

            Compare: https://github.com/jenkinsci/github-branch-source-plugin/compare/384e7a983e15...0750599a057f

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Manuel Recena Path: src/main/java/org/jenkinsci/plugins/github_branch_source/AbstractGitHubSCMSource.java src/main/java/org/jenkinsci/plugins/github_branch_source/Connector.java src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMNavigator.java src/main/java/org/jenkinsci/plugins/github_branch_source/RateLimitExceededException.java http://jenkins-ci.org/commit/github-branch-source-plugin/0750599a057f19df0d59a8e0fd8996809aaff847 Log: Merge pull request #11 from recena/ JENKINS-31574 JENKINS-31574 Improved validation for Scan Credentials Compare: https://github.com/jenkinsci/github-branch-source-plugin/compare/384e7a983e15...0750599a057f
            Show
            recena Manuel Recena Soto added a comment - https://github.com/jenkinsci/github-branch-source-plugin/releases/tag/github-branch-source-1.1
            Hide
            danielbeck Daniel Beck added a comment -

            Anonymous (none) is a option valid for Scan Credentials.

            I'm not sure this is a good idea, because the GitHub API is severely restricted for anon access as to make this almost useless. It failed for me (github.com/daniel-beck) after just 30 branches in seven repos.

            Show
            danielbeck Daniel Beck added a comment - Anonymous (none) is a option valid for Scan Credentials. I'm not sure this is a good idea, because the GitHub API is severely restricted for anon access as to make this almost useless. It failed for me (github.com/daniel-beck) after just 30 branches in seven repos.
            Hide
            amuniz Antonio Muñiz added a comment -

            It failed for me (github.com/daniel-beck) after just 30 branches in seven repos.

            Well, it would be valid when you configure only one repository to be monitored for branches. Not much requests are required for that. But yes, it's quite limited.

            Show
            amuniz Antonio Muñiz added a comment - It failed for me (github.com/daniel-beck) after just 30 branches in seven repos. Well, it would be valid when you configure only one repository to be monitored for branches. Not much requests are required for that. But yes, it's quite limited.
            Hide
            recena Manuel Recena Soto added a comment -

            Daniel Beck, in general, my PoV is always closer of allow than forbid or deny. Said that,

            1. The UI shows to users: Credentials are recommended
            2. The behavior when the rate-limit is reached, IMO is well managed. You can see a detailed console output here.
            3. It can be helpful for small GitHub Organizations or GitHub User Accounts.
            4. it can be very helpful when you work with Github Enterprise Servers where the number of API requests is not limited.
            Show
            recena Manuel Recena Soto added a comment - Daniel Beck , in general, my PoV is always closer of allow than forbid or deny . Said that, The UI shows to users: Credentials are recommended The behavior when the rate-limit is reached, IMO is well managed. You can see a detailed console output here . It can be helpful for small GitHub Organizations or GitHub User Accounts. it can be very helpful when you work with Github Enterprise Servers where the number of API requests is not limited.

              People

              • Assignee:
                recena Manuel Recena Soto
                Reporter:
                abayer Andrew Bayer
              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: