Oh It is using the anonymous user for it. isUpstreamBuildVisibleByDownstreamBuildAuth(org.jenkinsci.plugins.workflow.job.WorkflowJob@3e3adefa[<upstream-job>], > org.jenkinsci.plugins.workflow.job.WorkflowJob@7b2c0800[<downstream-job>]): > taskAuth: > org.acegisecurity.providers.UsernamePasswordAuthenticationToken@1f: > Username: SYSTEM; Password: [PROTECTED]; Authenticated: false; Details: > null; Not granted any authorities, downstreamPipelineAuth: > org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@ffffffc4: > Username: *anonymous*; Password: [PROTECTED]; Authenticated: true; > Details: null; Granted Authorities: anonymous, > upstreamPipelineObtainedAsImpersonated:null, result: false >
On Friday, August 2, 2019 at 6:15:48 PM UTC+9, Cyrille Le Clerc wrote: > > Can you please enable FINER > on org.jenkinsci.plugins.pipeline.maven.service.PipelineTriggerService ? I > am interested by the message of > isUpstreamBuildVisibleByDownstreamBuildAuth > > > https://github.com/jenkinsci/pipeline-maven-plugin/blob/pipeline-maven-3.8.0/jenkins-plugin/src/main/java/org/jenkinsci/plugins/pipeline/maven/service/PipelineTriggerService.java#L332 > > public boolean isUpstreamBuildVisibleByDownstreamBuildAuth(@Nonnull >> WorkflowJob upstreamPipeline, @Nonnull Queue.Task downstreamPipeline) { >> Authentication auth = >> Tasks.getAuthenticationOf(downstreamPipeline); >> Authentication downstreamPipelineAuth; >> if (auth.equals(ACL.SYSTEM) && >> !QueueItemAuthenticatorConfiguration.get().getAuthenticators().isEmpty()) { >> downstreamPipelineAuth = Jenkins.ANONYMOUS; // cf. >> BuildTrigger >> } else { >> downstreamPipelineAuth = auth; >> } >> try (ACLContext ignored = ACL.as(downstreamPipelineAuth)) { >> WorkflowJob upstreamPipelineObtainedAsImpersonated = >> getItemByFullName(upstreamPipeline.getFullName(), WorkflowJob.class); >> boolean result = upstreamPipelineObtainedAsImpersonated != >> null; >> LOGGER.log(Level.FINE, >> "isUpstreamBuildVisibleByDownstreamBuildAuth({0}, {1}): taskAuth: {2}, >> downstreamPipelineAuth: {3}, upstreamPipelineObtainedAsImpersonated:{4}, >> result: {5}", >> new Object[]{upstreamPipeline, downstreamPipeline, >> auth, downstreamPipelineAuth, upstreamPipelineObtainedAsImpersonated, >> result}); >> return result; >> } >> } > > > > On Friday, August 2, 2019 at 1:31:49 AM UTC+2, drpm wrote: >> >> Hello, >> >> Thank you for your reply. >> >> Yes I do have Jenkins Authorize Project >> <https://plugins.jenkins.io/authorize-project>plugin. I tried running it >> as a SYSTEM and user with admin privileges and still having the same error. >> >> *As SYSTEM user: * >> >>> >>> upstreamPipeline (<upstream build>, visibleByDownstreamBuildAuth: >>> false), downstreamPipeline (<downstream pipeline>, >>> visibleByUpstreamBuildAuth: true), upstreamBuildAuth: >>> org.acegisecurity.providers.UsernamePasswordAuthenticationToken@1f: >>> Username: SYSTEM; Password: [PROTECTED]; Authenticated: false; Details: >>> null; Not granted any authorities >>> Skip triggering of <downstream pipeline> by <upstream pipeline> >>> #<build>: downstreamVisibleByUpstreamBuildAuth: true, >>> upstreamVisibleByDownstreamBuildAuth: false >> >> >> >> *As USER WITH PRIV:* >> >> upstreamPipeline (<upstream build>, visibleByDownstreamBuildAuth: >>> false), downstreamPipeline (<downstream pipeline>, >>> visibleByUpstreamBuildAuth: true), upstreamBuildAuth: >>> org.acegisecurity.providers.UsernamePasswordAuthenticationToken@72da9556: >>> Username: <user-with-admin-priv>; Password: [PROTECTED]; Authenticated: >>> true; Details: null; Granted Authorities: authenticated >>> Skip triggering of <downstream pipeline> by <upstream pipeline> >>> #<build>: downstreamVisibleByUpstreamBuildAuth: true, >>> upstreamVisibleByDownstreamBuildAuth: false >> >> >> I also use this plugin: Role+Strategy+Plugin >> <https://wiki.jenkins.io/display/JENKINS/Role+Strategy+Plugin> >> >> Do I need to create a special role? >> >> - drpm >> >> On Friday, August 2, 2019 at 6:02:11 AM UTC+9, Cyrille Le Clerc wrote: >>> >>> Hello, >>> >>> Could you be using the Jenkins Authorize Project Plugin >>> <https://plugins.jenkins.io/authorize-project> and impersonate your >>> builds with a user different from SYSTEM? What is the "<user>" displayed in >>> the log message "upstreamPipeline... Username: <user>"? >>> >>> When not using the Jenkins Authorize Project Plugin >>> <https://plugins.jenkins.io/authorize-project>, the user used to run >>> the upstream pipelines is SYSTEM as we can see in the sample below >>> >>> upstreamPipeline (plugins/pipeline-maven-plugin/dependency-graph/my-jar, >>>> visibleByDownstreamBuildAuth: true), downstreamPipeline >>>> (plugins/pipeline-maven-plugin/dependency-graph/my-war-multibranch/master, >>>> visibleByUpstreamBuildAuth: true), *upstreamBuildAuth*: >>>> org.acegisecurity.providers.UsernamePasswordAuthenticationToken@1f: >>>> *Username: >>>> SYSTEM*; Password: [PROTECTED]; Authenticated: false; Details: null; >>>> Not granted any authorities >>> >>> >>> Cyrille >>> >>> >>> On Thursday, August 1, 2019 at 9:26:34 AM UTC+2, drpm wrote: >>>> >>>> I'm having an issue regarding Jenkins Pipeline Maven Plugin >>>> (*https://wiki.jenkins.io/display/JENKINS/Pipeline+Maven+Plugin >>>> <https://wiki.jenkins.io/display/JENKINS/Pipeline+Maven+Plugin>*). It >>>> always skips the downstream jobs even if "*Build whenever a SNAPSHOT >>>> dependency is built*" is checked. >>>> >>>> Here's the FINER logs for Downstream listener( >>>> *org.jenkinsci.plugins.pipeline.maven.listeners.DownstreamPipelineTriggerRunListener* >>>> ): >>>> >>>> *upstreamPipeline (<upstream build>, visibleByDownstreamBuildAuth: >>>> false), downstreamPipeline (<downstream pipeline>, >>>> visibleByUpstreamBuildAuth: true), upstreamBuildAuth: >>>> org.acegisecurity.providers.UsernamePasswordAuthenticationToken@1f: >>>> Username: <user>; Password: [PROTECTED]; * >>>> >>>> *Skip triggering of <downstream pipeline> by <upstream pipeline> >>>> #<build>: downstreamVisibleByUpstreamBuildAuth: true, >>>> upstreamVisibleByDownstreamBuildAuth: false* >>>> >>>> --- >>>> >>>> The value for *visibleByDownstreamBuildAuth* is always false. Any >>>> ideas how to make that value true? >>>> >>>> Also Jenkins has this troubleshooting guide but my settings are already >>>> correct. >>>> *https://wiki.jenkins.io/display/JENKINS/Pipeline+Maven+Plugin#PipelineMavenPlugin-Mydownstreampipelinesdon'tgettriggeredevenifIuse%22BuildwheneveraSNAPSHOTdependencyisbuilt%22 >>>> >>>> <https://wiki.jenkins.io/display/JENKINS/Pipeline+Maven+Plugin#PipelineMavenPlugin-Mydownstreampipelinesdon'tgettriggeredevenifIuse%22BuildwheneveraSNAPSHOTdependencyisbuilt%22>* >>>> >>>> Thank you in advance. >>>> >>> -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/06dd163f-62c8-4176-b328-882afe42f4cf%40googlegroups.com.
