Help fixing 403 response when creating webhook
42 views
Skip to first unread message
Scott Cline
Jun 19, 2025, 7:17:00 PM6/19/25
to Repo and Gerrit Discussion
Hello. I'm hoping someone here can help solve a permissions issue I'm having.
Synopsis: I get a 403 response when trying to create a webhook using the REST endpoint /config/server/webhooks~projects/{project-name}/remotes/{remote-name}.
Setup: I have an instance of Gerrit running locally inside a container. I've created a test project. I have a test user, but I have the same issue if I use the test user or the admin user that comes baked into docker-gerrit.
What works: I'm able to get the list of plugins using the a/plugins/ REST endpoint, and verified that webhooks is in the list. I'm able to call the /config/server/webhooks~project/testProject/remotes endpoint, but of course I get an empty list back. All the other REST endpoints I've tried (creating a project, listing branches and commits, even adding auto-merge access section) I've gotten to work.
What I can't get to work: I'm trying to add a webhook to my test project and it's returning a 403 and the message "not allowed to update webhooks". I get this if I use the test user or the admin user baked into docker-gerrit. I confirmed that the admin user is part of the Administrators group. Here is the curl request I'm sending (based off instructions found here):
curl -v -L -u "${GERRIT_ADMIN}" -X PUT 'http://localhost:8080/a/config/server/webhooks~projects/testProject/remotes/hook_test' -H "Content-Type: application/json; charset=UTF-8" \
-d '{
"url": "http://localhost:80/gerrit-events/hook_test",
"maxTries": "3",
"sslVerify": "false",
"connection_timeout": 10000,
"socketTimeout": 3000,
"retryInterval": 2000,
"events": ["patchset-created", "ref-updated"]
}'
curl -v -L -u "${GERRIT_ADMIN}" -X PUT 'http://localhost:8080/a/config/server/webhooks~projects/testProject/remotes/hook_test' -H "Content-Type: application/json; charset=UTF-8" \
-d '{
"url": "http://localhost:80/gerrit-events/hook_test",
"maxTries": "3",
"sslVerify": "false",
"connection_timeout": 10000,
"socketTimeout": 3000,
"retryInterval": 2000,
"events": ["patchset-created", "ref-updated"]
}'
Do I need to make a call to create the remote-name before trying to create the webhook? Or is there a general privilege that I need to enable for making plugin config changes?
I've looked through the settings on my local instance and searched but so far I haven't found a way to allow access. I hoping someone here will have the answer or can direct me where/what to try next.
Many thank you's in advance,
- Scott
Reply all
Reply to author
Forward
0 new messages