Jenkins Pipeline Maven Plugin - Always skipping downstream job
42 views
Skip to first unread message
drpm
Aug 1, 2019, 3:26:34 AM8/1/19
to Jenkins Users
I'm having an issue regarding Jenkins Pipeline Maven Plugin (https://wiki.jenkins.io/display/JENKINS/Pipeline+Maven+Plugin). It always skips the downstream jobs even if "Build whenever a SNAPSHOT dependency is built" is checked.
Here's the FINER logs for Downstream listener(org.jenkinsci.plugins.pipeline.maven.listeners.DownstreamPipelineTriggerRunListener):
upstreamPipeline (<upstream build>, visibleByDownstreamBuildAuth: false), downstreamPipeline (<downstream pipeline>, visibleByUpstreamBuildAuth: true), upstreamBuildAuth: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@1f: Username: <user>; Password: [PROTECTED];
Skip triggering of <downstream pipeline> by <upstream pipeline> #<build>: downstreamVisibleByUpstreamBuildAuth: true, upstreamVisibleByDownstreamBuildAuth: false
---
The value for visibleByDownstreamBuildAuth is always false. Any ideas how to make that value true?
Also Jenkins has this troubleshooting guide but my settings are already correct.
https://wiki.jenkins.io/display/JENKINS/Pipeline+Maven+Plugin#PipelineMavenPlugin-Mydownstreampipelinesdon'tgettriggeredevenifIuse%22BuildwheneveraSNAPSHOTdependencyisbuilt%22
Thank you in advance.
Here's the FINER logs for Downstream listener(org.jenkinsci.plugins.pipeline.maven.listeners.DownstreamPipelineTriggerRunListener):
upstreamPipeline (<upstream build>, visibleByDownstreamBuildAuth: false), downstreamPipeline (<downstream pipeline>, visibleByUpstreamBuildAuth: true), upstreamBuildAuth: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@1f: Username: <user>; Password: [PROTECTED];
Skip triggering of <downstream pipeline> by <upstream pipeline> #<build>: downstreamVisibleByUpstreamBuildAuth: true, upstreamVisibleByDownstreamBuildAuth: false
---
The value for visibleByDownstreamBuildAuth is always false. Any ideas how to make that value true?
Also Jenkins has this troubleshooting guide but my settings are already correct.
https://wiki.jenkins.io/display/JENKINS/Pipeline+Maven+Plugin#PipelineMavenPlugin-Mydownstreampipelinesdon'tgettriggeredevenifIuse%22BuildwheneveraSNAPSHOTdependencyisbuilt%22
Thank you in advance.
Cyrille Le Clerc
Aug 1, 2019, 5:02:11 PM8/1/19
to Jenkins Users
Hello,
Could you be using the Jenkins Authorize Project Plugin and impersonate your builds with a user different from SYSTEM? What is the "<user>" displayed in the log message "upstreamPipeline... Username: <user>"?
When not using the Jenkins Authorize Project Plugin, the user used to run the upstream pipelines is SYSTEM as we can see in the sample below
upstreamPipeline (plugins/pipeline-maven-plugin/dependency-graph/my-jar, visibleByDownstreamBuildAuth: true), downstreamPipeline (plugins/pipeline-maven-plugin/dependency-graph/my-war-multibranch/master, visibleByUpstreamBuildAuth: true), upstreamBuildAuth: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@1f: Username: SYSTEM; Password: [PROTECTED]; Authenticated: false; Details: null; Not granted any authorities
Cyrille
drpm
Aug 1, 2019, 7:31:49 PM8/1/19
to Jenkins Users
Hello,
Thank you for your reply.
Yes I do have Jenkins Authorize Project plugin. I tried running it as a SYSTEM and user with admin privileges and still having the same error.
As SYSTEM user:
upstreamPipeline (<upstream build>, visibleByDownstreamBuildAuth: false), downstreamPipeline (<downstream pipeline>, visibleByUpstreamBuildAuth: true), upstreamBuildAuth: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@1f: Username: SYSTEM; Password: [PROTECTED]; Authenticated: false; Details: null; Not granted any authorities
Skip triggering of <downstream pipeline> by <upstream pipeline> #<build>: downstreamVisibleByUpstreamBuildAuth: true, upstreamVisibleByDownstreamBuildAuth: false
As USER WITH PRIV:
upstreamPipeline (<upstream build>, visibleByDownstreamBuildAuth: false), downstreamPipeline (<downstream pipeline>, visibleByUpstreamBuildAuth: true), upstreamBuildAuth: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@72da9556: Username: <user-with-admin-priv>; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: authenticated
Skip triggering of <downstream pipeline> by <upstream pipeline> #<build>: downstreamVisibleByUpstreamBuildAuth: true, upstreamVisibleByDownstreamBuildAuth: false
Cyrille Le Clerc
Aug 2, 2019, 5:15:48 AM8/2/19
to Jenkins Users
Can you please enable FINER on org.jenkinsci.plugins.pipeline.maven.service.PipelineTriggerService ? I am interested by the message of isUpstreamBuildVisibleByDownstreamBuildAuth
public boolean isUpstreamBuildVisibleByDownstreamBuildAuth(@Nonnull WorkflowJob upstreamPipeline, @Nonnull Queue.Task downstreamPipeline) {
Authentication auth = Tasks.getAuthenticationOf(downstreamPipeline);
Authentication downstreamPipelineAuth;
if (auth.equals(ACL.SYSTEM) && !QueueItemAuthenticatorConfiguration.get().getAuthenticators().isEmpty()) {
downstreamPipelineAuth = Jenkins.ANONYMOUS; // cf. BuildTrigger
} else {
downstreamPipelineAuth = auth;
}
try (ACLContext ignored = ACL.as(downstreamPipelineAuth)) {
WorkflowJob upstreamPipelineObtainedAsImpersonated = getItemByFullName(upstreamPipeline.getFullName(), WorkflowJob.class);
boolean result = upstreamPipelineObtainedAsImpersonated != null;
LOGGER.log(Level.FINE, "isUpstreamBuildVisibleByDownstreamBuildAuth({0}, {1}): taskAuth: {2}, downstreamPipelineAuth: {3}, upstreamPipelineObtainedAsImpersonated:{4}, result: {5}",
new Object[]{upstreamPipeline, downstreamPipeline, auth, downstreamPipelineAuth, upstreamPipelineObtainedAsImpersonated, result});
return result;
}
}
drpm
Aug 2, 2019, 5:32:57 AM8/2/19
to Jenkins Users
Oh It is using the anonymous user for it.
isUpstreamBuildVisibleByDownstreamBuildAuth(org.jenkinsci.plugins.workflow.job.WorkflowJob@3e3adefa[<upstream-job>], org.jenkinsci.plugins.workflow.job.WorkflowJob@7b2c0800[<downstream-job>]): taskAuth: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@1f: Username: SYSTEM; Password: [PROTECTED]; Authenticated: false; Details: null; Not granted any authorities, downstreamPipelineAuth: org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@ffffffc4: Username: anonymous; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: anonymous, upstreamPipelineObtainedAsImpersonated:null, result: false
Cyrille Le Clerc
Aug 2, 2019, 5:49:46 AM8/2/19
to Jenkins Users
Thanks,
Could you by any chance create a bug on https://issues.jenkins-ci.org with the label pipeline-maven-plugin detailing the problem so that it will be easier to manage and easier to share knowledge with other users?
Do you understand why the downstream pipeline is seen as unauthenticated? Could there be a configuration glitch on your setup?
Cyrille
Daniel Beck
Aug 2, 2019, 6:04:04 AM8/2/19
to jenkins...@googlegroups.com
> On 2. Aug 2019, at 11:49, Cyrille Le Clerc <clec...@cloudbees.com> wrote:
>
> Do you understand why the downstream pipeline is seen as unauthenticated? Could there be a configuration glitch on your setup?
>
Pipeline Maven Plugin seems to have copied code from ReverseBuildTrigger in core (see your code snippet, 'cf. BuildTrigger') that wasn't adapted to JENKINS-22949 in https://jenkins.io/changelog/#v2.62
See https://github.com/jenkinsci/jenkins/commit/915543dca5399d3ba052219ddfe9c3c061e70726 for the change -- there's no need to set the auth to ANONYMOUS anymore if it's SYSTEM otherwise.
Cyrille Le Clerc
Aug 2, 2019, 6:12:01 AM8/2/19
to Jenkins Users
Thank you very much Daniel, I'll have a look
Cyrille Le Clerc
Aug 2, 2019, 10:04:26 AM8/2/19
to Jenkins Users
@drpm can you test https://github.com/jenkinsci/pipeline-maven-plugin/pull/224 ?
@daniel could you kindly review the code of https://github.com/jenkinsci/pipeline-maven-plugin/pull/224 it is a simple change ?
Cyrille Le Clerc
Aug 4, 2019, 2:10:49 PM8/4/19
to Jenkins Users
@drpm can you please verify that version 3.8.1 fixes your problem of downstream pipelines not being triggered when using the Authorize Project Plugin
drpm
Aug 4, 2019, 10:31:05 PM8/4/19
to Jenkins Users
Hello,
Sorry for late response. I tested the new release and it worked :) It's now using the SYSTEM user instead of anonymous.
upstreamPipeline (<upstream>, visibleByDownstreamBuildAuth: true), downstreamPipeline (<downstream>, visibleByUpstreamBuildAuth: true), upstreamBuildAuth: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@1f: Username: SYSTEM; Password: [PROTECTED]; Authenticated: false; Details: null; Not granted any authorities
isUpstreamBuildVisibleByDownstreamBuildAuth(upstreamPipeline: <upstream>, downstreamPipeline: <>): downstreamPipelineAuth: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@1f: Username: SYSTEM; Password: [PROTECTED]; Authenticated: false; Details: null; Not granted any authorities, upstreamPipelineObtainedAsImpersonated:org.jenkinsci.plugins.workflow.job.WorkflowJob@151406db[upstream job], result: true
Thank you!
Cyrille Le Clerc
Aug 5, 2019, 1:00:03 PM8/5/19
to Jenkins Users
You're welcome
Reply all
Reply to author
Forward
0 new messages