Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-56004

Overall/Administrator required to view s3 artifacts?

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Critical
    • Resolution: Fixed
    • Labels:
      None
    • Environment:
      CloudBees Core 2.150.2.3 w/ CAP enabled
      artifact-manager-s3 plugin v1.1
    • Similar Issues:
    • Released As:
      1.2

      Description

      Users without Overall/Administrator are not able to view artifacts in the UI or download them. In the Jenkins log, I'm seeing the following traceback (full details in attachment):

      "February 6th 2019, 17:01:48.696","Feb 06, 2019 5:01:48 PM hudson.model.Run getArtifactsUpTo"
      "February 6th 2019, 17:01:48.696","WARNING: null"
      "February 6th 2019, 17:01:48.697","	at io.jenkins.plugins.artifact_manager_jclouds.JCloudsVirtualFile.run(JCloudsVirtualFile.java:328)"
      "February 6th 2019, 17:01:48.697","java.io.IOException: hudson.security.AccessDeniedException2: mat007 is missing the Overall/Administer permission"
      "February 6th 2019, 17:01:48.698","	at hudson.model.Run.getArtifactsUpTo(Run.java:1104)"
      "February 6th 2019, 17:01:48.698","	at io.jenkins.blueocean.service.embedded.rest.AbstractRunImpl.getArtifactsZipFile(AbstractRunImpl.java:278)"
      "February 6th 2019, 17:01:48.698","	at hudson.model.Run.getHasArtifacts(Run.java:1121)"
      "February 6th 2019, 17:01:48.699","	at io.jenkins.blueocean.commons.stapler.export.ExportInterceptor$1.getValue(ExportInterceptor.java:46)"
      "February 6th 2019, 17:01:48.699","	at io.jenkins.blueocean.commons.stapler.export.MethodProperty.getValue(MethodProperty.java:72)"
      ... snip ...

       

       

        Attachments

          Activity

          Hide
          jglick Jesse Glick added a comment -

          The critical part of the stack is what was snipped out: the fact CredentialsAwsGlobalConfiguration.getCredentials is checking ADMINISTER.

          Show
          jglick Jesse Glick added a comment - The critical part of the stack is what was snipped out: the fact CredentialsAwsGlobalConfiguration.getCredentials is checking ADMINISTER .
          Hide
          psftw Peter Salvatore added a comment -

          FWIW, I also just noticed that the traceback log output is not guaranteed to be in-order either (for a given timestamp)...

          Show
          psftw Peter Salvatore added a comment - FWIW, I also just noticed that the traceback log output is not guaranteed to be in-order either (for a given timestamp)...
          Hide
          jglick Jesse Glick added a comment -

          Peter Salvatore not sure what that means. Maybe something related to the logging system used in CloudBees Core. If so, please report it through vendor channels, so this issue can be focused on the inappropriate AccessDeniedException2.

          Show
          jglick Jesse Glick added a comment - Peter Salvatore not sure what that means. Maybe something related to the logging system used in CloudBees Core. If so, please report it through vendor channels, so this issue can be focused on the inappropriate AccessDeniedException2 .
          Hide
          psftw Peter Salvatore added a comment -

          Jesse Glick The log record ordering issue is an artifact of our logging system, nothing to do with Jenkins. The effect is that some records in the attached artifacts.log may not be in exactly the same order as what Jenkins emitted.

          Show
          psftw Peter Salvatore added a comment - Jesse Glick The log record ordering issue is an artifact of our logging system, nothing to do with Jenkins. The effect is that some records in the attached artifacts.log may not be in exactly the same order as what Jenkins emitted.
          Hide
          jglick Jesse Glick added a comment -

          Peter Salvatore understood. Does not matter in this case as I can reproduce what appears to be an identical issue in a functional test anyway.

          Show
          jglick Jesse Glick added a comment - Peter Salvatore understood. Does not matter in this case as I can reproduce what appears to be an identical issue in a functional test anyway.
          Hide
          psftw Peter Salvatore added a comment -

          Just upgraded to aws-global-configuration:1.2 and can confirm the fix in my environment.  Thank you!

          Show
          psftw Peter Salvatore added a comment - Just upgraded to aws-global-configuration:1.2 and can confirm the fix in my environment.  Thank you!

            People

            • Assignee:
              jglick Jesse Glick
              Reporter:
              psftw Peter Salvatore
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: