You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It appears the aforementioned line no longer works when interacting w/ Jenkins v2.192 as it throws the following error:
plugin_arr = ['slack', 'htmlpublisher']
jenkins_obj = JenkinsApi::Client.new(
server_ip: jenkins_ip,
server_port: port,
username: username,
password: password,
follow_redirects: true,
ssl: ssl_bool,
proxy_protocol: proxy_protocol,
proxy_ip: proxy_ip,
proxy_port: proxy_port
)
jenkins_obj.plugin.install(plugin_arr)
I, [2019-08-29T20:58:15.629510 #11064] INFO -- : Crumbs turned on. Fetching from the server.
E, [2019-08-29T20:58:15.746594 #11064] ERROR -- : JenkinsApi::Exceptions::Forbidden: Access denied. Please ensure that Jenkins is set up to allow access to this operation.
I, [2019-08-29T20:58:15.808972 #11064] INFO -- : Crumb expired. Refetching from the server.
I, [2019-08-29T20:58:15.873932 #11064] INFO -- : Retrying: 1 out of 3 times...
E, [2019-08-29T20:58:15.943977 #11064] ERROR -- : JenkinsApi::Exceptions::Forbidden: Access denied. Please ensure that Jenkins is set up to allow access to this operation.
I, [2019-08-29T20:58:16.012773 #11064] INFO -- : Crumb expired. Refetching from the server.
I, [2019-08-29T20:58:16.084756 #11064] INFO -- : Retrying: 2 out of 3 times...
E, [2019-08-29T20:58:16.153777 #11064] ERROR -- : JenkinsApi::Exceptions::Forbidden: Access denied. Please ensure that Jenkins is set up to allow access to this operation.
I, [2019-08-29T20:58:16.220758 #11064] INFO -- : Crumb expired. Refetching from the server.
I, [2019-08-29T20:58:16.280291 #11064] INFO -- : Retrying: 3 out of 3 times...
E, [2019-08-29T20:58:16.280534 #11064] ERROR -- : JenkinsApi::Exceptions::ForbiddenWithCrumb: Access denied. Please ensure that Jenkins is set up to allow access to this operation. A crumb was used in attempt to access operation. Access denied. Please ensure that Jenkins is set up to allow access to this operation.
JenkinsApi::Exceptions::ForbiddenWithCrumb: Access denied. Please ensure that Jenkins is set up to allow access to this operation. A crumb was used in attempt to access operation. Access denied. Please ensure that Jenkins is set up to allow access to this operation.
from /usr/local/rvm/gems/ruby-2.6.3@csi/gems/jenkins_api_client-1.5.3/lib/jenkins_api_client/client.rb:420:in `rescue in api_post_request'
Caused by JenkinsApi::Exceptions::Forbidden: Access denied. Please ensure that Jenkins is set up to allow access to this operation.
from /usr/local/rvm/gems/ruby-2.6.3@csi/gems/jenkins_api_client-1.5.3/lib/jenkins_api_client/client.rb:784:in `handle_exception'
Ran into the same issue with an app of mine. I agree that it appears this is caused by Jenkins SECURITY-1491. I was able to work around this by installing the Strict Crumb Issuer plugin, activating it, and disabling the "Check the session ID" option in the Advanced section of that plugin.
Be forewarned that this workaround effectively disables the security improvement in SECURITY-1491. It appears that jenkins_api_client will need to be updated to support a web session ID to fix this issue correctly.
Greetings!
jenkins_api_client/lib/jenkins_api_client/plugin_manager.rb
Line 346 in 72f49f2
It appears the aforementioned line no longer works when interacting w/ Jenkins v2.192 as it throws the following error:
I've tested this doesn't occur when running against Jenkins 2.190...upgrade to 2.192 and the error described above occurs. It looks like it's due to some security fixes:
https://jenkins.io/changelog/
https://jenkins.io/security/advisory/2019-08-28/ >>
SECURITY-1491 / CVE-2019-10384
It looks like for whatever reason jenkins_obj.crumbs_enabled is nil when instantiating the JenkinsApi::Client class.
The text was updated successfully, but these errors were encountered: