Oh It is using the anonymous user for it. isUpstreamBuildVisibleByDownstreamBuildAuth(org.jenkinsci.plugins.workflow.job.WorkflowJob@3e3adefa[<upstream-job>], > org.jenkinsci.plugins.workflow.job.WorkflowJob@7b2c0800[<downstream-job>]): > taskAuth: > org.acegisecurity.providers.UsernamePasswordAuthenticationToken@1f: > Username: SYSTEM; Password: [PROTECTED]; Authenticated: false; Details: > null; Not granted any authorities, downstreamPipelineAuth: > org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@ffffffc4: > Username: *anonymous*; Password: [PROTECTED]; Authenticated: true; > Details: null; Granted Authorities: anonymous, > upstreamPipelineObtainedAsImpersonated:null, result: false >
On Friday, August 2, 2019 at 6:15:48 PM UTC+9, Cyrille Le Clerc wrote: > > Can you please enable FINER > on org.jenkinsci.plugins.pipeline.maven.service.PipelineTriggerService ? I > am interested by the message of > isUpstreamBuildVisibleByDownstreamBuildAuth > > > https://github.com/jenkinsci/pipeline-maven-plugin/blob/pipeline-maven-3.8.0/jenkins-plugin/src/main/java/org/jenkinsci/plugins/pipeline/maven/service/PipelineTriggerService.java#L332 > > public boolean isUpstreamBuildVisibleByDownstreamBuildAuth(@Nonnull >> WorkflowJob upstreamPipeline, @Nonnull Queue.Task downstreamPipeline) { >> Authentication auth = >> Tasks.getAuthenticationOf(downstreamPipeline); >> Authentication downstreamPipelineAuth; >> if (auth.equals(ACL.SYSTEM) && >> !QueueItemAuthenticatorConfiguration.get().getAuthenticators().isEmpty()) { >> downstreamPipelineAuth = Jenkins.ANONYMOUS; // cf. >> BuildTrigger >> } else { >> downstreamPipelineAuth = auth; >> } >> try (ACLContext ignored = ACL.as(downstreamPipelineAuth)) { >> WorkflowJob upstreamPipelineObtainedAsImpersonated = >> getItemByFullName(upstreamPipeline.getFullName(), WorkflowJob.class); >> boolean result = upstreamPipelineObtainedAsImpersonated != >> null; >> LOGGER.log(Level.FINE, >> "isUpstreamBuildVisibleByDownstreamBuildAuth({0}, {1}): taskAuth: {2}, >> downstreamPipelineAuth: {3}, upstreamPipelineObtainedAsImpersonated:{4}, >> result: {5}", >> new Object[]{upstreamPipeline, downstreamPipeline, >> auth, downstreamPipelineAuth, upstreamPipelineObtainedAsImpersonated, >> result}); >> return result; >> } >> } > > > > On Friday, August 2, 2019 at 1:31:49 AM UTC+2, drpm wrote: >> >> Hello, >> >> Thank you for your reply. >> >> Yes I do have Jenkins Authorize Project >> <https://plugins.jenkins.io/authorize-project>plugin. I tried running it >> as a SYSTEM and user with admin privileges and still having the same error. >> >> *As SYSTEM user: * >> >>> >>> upstreamPipeline (<upstream build>, visibleByDownstreamBuildAuth: >>> false), downstreamPipeline (<downstream pipeline>, >>> visibleByUpstreamBuildAuth: true), upstreamBuildAuth: >>> org.acegisecurity.providers.UsernamePasswordAuthenticationToken@1f: >>> Username: SYSTEM; Password: [PROTECTED]; Authenticated: false; Details: >>> null; Not granted any authorities >>> Skip triggering of <downstream pipeline> by <upstream pipeline> >>> #<build>: downstreamVisibleByUpstreamBuildAuth: true, >>> upstreamVisibleByDownstreamBuildAuth: false >> >> >> >> *As USER WITH PRIV:* >> >> upstreamPipeline (<upstream build>, visibleByDownstreamBuildAuth: >>> false), downstreamPipeline (<downstream pipeline>, >>> visibleByUpstreamBuildAuth: true), upstreamBuildAuth: >>> org.acegisecurity.providers.UsernamePasswordAuthenticationToken@72da9556: >>> Username: <user-with-admin-priv>; Password: [PROTECTED]; Authenticated: >>> true; Details: null; Granted Authorities: authenticated >>> Skip triggering of <downstream pipeline> by <upstream pipeline> >>> #<build>: downstreamVisibleByUpstreamBuildAuth: true, >>> upstreamVisibleByDownstreamBuildAuth: false >> >> >> I also use this plugin: Role+Strategy+Plugin >> <https://wiki.jenkins.io/display/JENKINS/Role+Strategy+Plugin> >> >> Do I need to create a special role? >> >> - drpm >> >> On Friday, August 2, 2019 at 6:02:11 AM UTC+9, Cyrille Le Clerc wrote: >>> >>> Hello, >>> >>> Could you be using the Jenkins Authorize Project Plugin >>> <https://plugins.jenkins.io/authorize-project> and impersonate your >>> builds with a user different from SYSTEM? What is the "<user>" displayed in >>> the log message "upstreamPipeline... Username: <user>"? >>> >>> When not using the Jenkins Authorize Project Plugin >>> <https://plugins.jenkins.io/authorize-project>, the user used to run >>> the upstream pipelines is SYSTEM as we can see in the sample below >>> >>> upstreamPipeline (plugins/pipeline-maven-plugin/dependency-graph/my-jar, >>>> visibleByDownstreamBuildAuth: true), downstreamPipeline >>>> (plugins/pipeline-maven-plugin/dependency-graph/my-war-multibranch/master, >>>> visibleByUpstreamBuildAuth: true), *upstreamBuildAuth*: >>>> org.acegisecurity.providers.UsernamePasswordAuthenticationToken@1f: >>>> *Username: >>>> SYSTEM*; Password: [PROTECTED]; Authenticated: false; Details: null; >>>> Not granted any authorities >>> >>> >>> Cyrille >>> >>> >>> On Thursday, August 1, 2019 at 9:26:34 AM UTC+2, drpm wrote: >>>> >>>> I'm having an issue regarding Jenkins Pipeline Maven Plugin >>>> (*https://wiki.jenkins.io/display/JENKINS/Pipeline+Maven+Plugin >>>> <https://wiki.jenkins.io/display/JENKINS/Pipeline+Maven+Plugin>*). It >>>> always skips the downstream jobs even if "*Build whenever a SNAPSHOT >>>> dependency is built*" is checked. >>>> >>>> Here's the FINER logs for Downstream listener( >>>> *org.jenkinsci.plugins.pipeline.maven.listeners.DownstreamPipelineTriggerRunListener* >>>> ): >>>> >>>> *upstreamPipeline (<upstream build>, visibleByDownstreamBuildAuth: >>>> false), downstreamPipeline (<downstream pipeline>, >>>> visibleByUpstreamBuildAuth: true), upstreamBuildAuth: >>>> org.acegisecurity.providers.UsernamePasswordAuthenticationToken@1f: >>>> Username: <user>; Password: [PROTECTED]; * >>>> >>>> *Skip triggering of <downstream pipeline> by <upstream pipeline> >>>> #<build>: downstreamVisibleByUpstreamBuildAuth: true, >>>> upstreamVisibleByDownstreamBuildAuth: false* >>>> >>>> --- >>>> >>>> The value for *visibleByDownstreamBuildAuth* is always false. Any >>>> ideas how to make that value true? >>>> >>>> Also Jenkins has this troubleshooting guide but my settings are already >>>> correct. >>>> *https://wiki.jenkins.io/display/JENKINS/Pipeline+Maven+Plugin#PipelineMavenPlugin-Mydownstreampipelinesdon'tgettriggeredevenifIuse%22BuildwheneveraSNAPSHOTdependencyisbuilt%22 >>>> >>>> <https://wiki.jenkins.io/display/JENKINS/Pipeline+Maven+Plugin#PipelineMavenPlugin-Mydownstreampipelinesdon'tgettriggeredevenifIuse%22BuildwheneveraSNAPSHOTdependencyisbuilt%22>* >>>> >>>> Thank you in advance. >>>> >>> -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/06dd163f-62c8-4176-b328-882afe42f4cf%40googlegroups.com.
