Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-43767

Can't use declarative-linter remotely when using GitHub Authentication

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      When using the GitHub Authentication plugin (which doesn't cache credentials) I'm unable to configure permission in such a way to allow users to run the `declarative-linter`.

      Via ssh ... declarative-linter the error message is ERROR: joecool is missing the N/A/GenericRead permission

      The jenkins-cli jar error is ERROR: Bad Credentials. Search the server log for <long-string> for more details.

      From the logs:

      Apr 21, 2017 7:56:19 AM hudson.cli.CLICommand main
      INFO: CLI login attempt failed: <long-string>
      hudson.security.UserMayOrMayNotExistException: Unexpected authentication type: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@43274a68: Username: joecool; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: authenticated
       at org.jenkinsci.plugins.GithubSecurityRealm.loadUserByUsername(GithubSecurityRealm.java:577)
       at hudson.cli.ClientAuthenticationCache.set(ClientAuthenticationCache.java:94)
       at hudson.cli.LoginCommand.run(LoginCommand.java:37)
       at hudson.cli.CLICommand.main(CLICommand.java:265)
       at hudson.cli.CliManagerImpl.main(CliManagerImpl.java:93)
       at sun.reflect.GeneratedMethodAccessor3429.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
       at java.lang.reflect.Method.invoke(Method.java:498)
       at hudson.remoting.RemoteInvocationHandler$RPCRequest.perform(RemoteInvocationHandler.java:895)
       at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:870)
       at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:829)
       at hudson.remoting.UserRequest.perform(UserRequest.java:153)
       at hudson.remoting.UserRequest.perform(UserRequest.java:50)
       at hudson.remoting.Request$2.run(Request.java:336)
       at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68)
       at hudson.cli.CliManagerImpl$1.call(CliManagerImpl.java:64)
       at hudson.remoting.CallableDecoratorAdapter.call(CallableDecoratorAdapter.java:18)
       at hudson.remoting.CallableDecoratorList$1.call(CallableDecoratorList.java:21)
       at jenkins.util.ContextResettingExecutorService$2.call(ContextResettingExecutorService.java:46)
       at java.util.concurrent.FutureTask.run(FutureTask.java:266)
       at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
       at java.lang.Thread.run(Thread.java:745)

      Both Anonymous and authenticated users have "Overall" "Read" permissions.

      I understand it doesn't cache credentials, so it can't figure out if joecool is in a specific GitHub Org or Org*Team; but I would expect permissions granted to Anonymous or authenticated would work.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sag47 Sam Gleske
                Reporter:
                docwhat Christian Höltje
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: