[JIRA] [core] (JENKINS-12543) CliAuthenticator (username/password) called too late to parse arguments (like job names)
Title: Message Title Jay Atwork edited a comment on JENKINS-12543 Re: CliAuthenticator (username/password) called too late to parse arguments (like job names) This issue has broken CLI operation for me. I am using Windows and can not use anonymous read access on Jobs nor curl due to organizational restrictions in our prod environment and we need to be able to run builds via the CLI. I am on Jenkins 1.646, perhaps would updating to a newer version of Jenkins resolve this issue? I doubt it as this issue is still open. Is there a way to get the name of the jobs that the build method needs, since it is not what is provided from list-jobs? Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [core] (JENKINS-12543) CliAuthenticator (username/password) called too late to parse arguments (like job names)
Title: Message Title Jay Atwork commented on JENKINS-12543 Re: CliAuthenticator (username/password) called too late to parse arguments (like job names) This issue has broken CLI operation for me. I am using Windows and can not use curl due to organizational restrictions in our prod environment and we need to be able to run builds via the CLI. I am on Jenkins 1.646, perhaps would updating to a newer version of Jenkins resolve this issue? I doubt it as this issue is still open. Is there a way to get the name of the jobs that the build method needs, since it is not what is provided from list-jobs? Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [core] (JENKINS-12543) CliAuthenticator (username/password) called too late to parse arguments (like job names)
Title: Message Title
Owen Wood edited a comment on JENKINS-12543
Re: CliAuthenticator (username/password) called too late to parse arguments (like job names)
A work around, using the REST API and cURL, that doesn't require SSH Key Authentication:Example build:{code}curl -X POST http://developer:developer@localhost:8080/job/test/build{code}Obviously, replace:* {{developer:developer}} with your username:password* {{localhost:8080}} with your Jenkins URL* {{test}} with your job nameExample build with String parameter:{code}curl -X POST http://developer:developer@localhost:8080/job/test/build --data-urlencode json='{"parameter": [{"name":"paramA", "value":"123"}]}'{code}Obviously, replace:* {{developer:developer}} with your username:password* {{localhost:8080}} with your Jenkins URL* {{test}} with your job name* {{paramA}} with your parameter name* {{123}} with your parameter value
Add Comment
This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265)
--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[JIRA] [core] (JENKINS-12543) CliAuthenticator (username/password) called too late to parse arguments (like job names)
Title: Message Title Daniel Beck commented on JENKINS-12543 Re: CliAuthenticator (username/password) called too late to parse arguments (like job names) Owen Wood FWIW that is not the supported way to trigger a build with parameters. That one's documented on /job/foo/api. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [core] (JENKINS-12543) CliAuthenticator (username/password) called too late to parse arguments (like job names)
Title: Message Title
Owen Wood commented on JENKINS-12543
Re: CliAuthenticator (username/password) called too late to parse arguments (like job names)
A work around, using the REST API and cURL, that doesn't require SSH Key Authentication:
Example build:
curl -X POST http://developer:developer@localhost:8080/job/test/build
Obviously, replace:
developer:developer with your username:password
localhost:8080 with your Jenkins URL
test with your job name
Example build with String parameter:
curl -X POST http://developer:developer@localhost:8080/job/test/build --data-urlencode json='{"parameter": [{"name":"paramA", "value":"123"}]}'
Obviously, replace:
developer:developer with your username:password
localhost:8080 with your Jenkins URL
test with your job name
paramA with your parameter name
123 with your parameter value
Add Comment
[JIRA] [core] (JENKINS-12543) CliAuthenticator (username/password) called too late to parse arguments (like job names)
Title: Message Title Andrew Bayer commented on JENKINS-12543 Re: CliAuthenticator (username/password) called too late to parse arguments (like job names) Jesse Glick - I'd lean towards the second approach, pulling the credentials from the argument list and authenticating using those if necessary. That said, I'm confused. Aren't we already populating the authenticator at https://github.com/jenkinsci/jenkins/blob/master/core/src/main/java/hudson/cli/CLICommand.java#L228? Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [core] (JENKINS-12543) CliAuthenticator (username/password) called too late to parse arguments (like job names)
Title: Message Title Amit Ron commented on JENKINS-12543 Re: CliAuthenticator (username/password) called too late to parse arguments (like job names) I'm getting this failure on get-job windows environment + ldap + Jenkins v1.600 Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [core] (JENKINS-12543) CliAuthenticator (username/password) called too late to parse arguments (like job names)
Title: Message Title Daniel Beck updated an issue Jenkins / JENKINS-12543 CliAuthenticator (username/password) called too late to parse arguments (like job names) Given the presence of an easy workaround in using SSH key authentication, adjusting issue priority accordingly. Change By: Daniel Beck Priority: Critical Minor Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [core] (JENKINS-12543) CliAuthenticator (username/password) called too late to parse arguments (like job names)
Jesse Glick commented on JENKINS-12543 CliAuthenticator (username/password) called too late to parse arguments (like job names) Probably not, though setting up SSH keys is a bit awkward on Windows. Anyway username/password is a supported option, and this is clearly a bug. This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [core] (JENKINS-12543) CliAuthenticator (username/password) called too late to parse arguments (like job names)
Daniel Beck commented on JENKINS-12543 CliAuthenticator (username/password) called too late to parse arguments (like job names) Having all jobs that need to be run from Jenkins-cli.jar to have read access for anonymous, is not a good thing Is anything preventing anyone from just using SSH key authentication instead of username/password? (Real restrictions, not "My IT department won't allow it") https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+CLI#JenkinsCLI-1.419andlater This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [core] (JENKINS-12543) CliAuthenticator (username/password) called too late to parse arguments (like job names)
Christophe LACOMBE commented on JENKINS-12543 CliAuthenticator (username/password) called too late to parse arguments (like job names) Hope we will have soon a fix for this old bug Having all jobs that need to be run from Jenkins-cli.jar to have read access for anonymous, is not a good thing This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [core] (JENKINS-12543) CliAuthenticator (username/password) called too late to parse arguments (like job names)
Jesse Glick updated JENKINS-12543 CliAuthenticator (username/password) called too late to parse arguments (like job names) JENKINS-14745 fixed a bug whereby no authentication was available, ever, while parsing CLI arguments such as job names. That fix worked for SSH authentication (i …), which sets a transport authentication, but did not help with a CLIAuthenticator like --username … --password …. Meaning that unless the anonymous user can see your jobs (or computers, etc.), the command cannot be run. This is because CLICommand.main first sets the transport authentication, if any; then parses arguments, including both authenticator arguments like --username and specific command arguments; then asks the authenticator for its authentication, if any (also uses stored authentication from login here); then checks Overall/Read; and finally runs the command. But the parsing of regular command arguments (for e.g. get-job) often needs to be done while authenticated. The situation with CLIRegisterer, used by commands defined implicitly with @CLIMethod (like disable-job), is different, because the MethodBinder list is called after using the authenticator. So SSH authentication worked fine without any special help from JENKINS-14745. Unfortunately this code creates an authenticator but never configures it! So it always falls back to using transport authentication—and thus suffers from identical symptoms as regular CLI commands, though for a completely different reason. Change By: Jesse Glick (19/Mar/14 6:22 PM) Summary: CLIpermissions CliAuthenticator(username/password)calledtoolatetoparsearguments(likejobnames) Labels: clisecurity Priority: Major Critical Component/s: core Component/s: cli This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [core] (JENKINS-12543) CliAuthenticator (username/password) called too late to parse arguments (like job names)
SCM/JIRA link daemon commented on JENKINS-12543 CliAuthenticator (username/password) called too late to parse arguments (like job names) Code changed in jenkins User: Jesse Glick Path: core/src/main/java/hudson/cli/handlers/GenericItemOptionHandler.java core/src/main/java/jenkins/model/Jenkins.java http://jenkins-ci.org/commit/jenkins/b261ab212270179fd286588534e9771dfb15f5fe Log: Clearer diagnosis for JENKINS-12543 and similar issues. This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [core] (JENKINS-12543) CliAuthenticator (username/password) called too late to parse arguments (like job names)
Jesse Glick commented on JENKINS-12543 CliAuthenticator (username/password) called too late to parse arguments (like job names) How would this be fixed? The second problem with CLIRegisterer seems easy enough: just use a ClassParser on the CliAuthenticator to configure it; an oversight, apparently. (Need to have tests which actually pass -username and -password to CLI commands rather than assuming transport authentication!) But the first problem, with CLICommand.main, seems tricky due to the design of CliAuthenticator, specifically the fact that there is no syntactic delineation in argv between the authenticator’s options and the command’s options and arguments. We want to half-parse the command to configure the authenticator; authenticate; then finish parsing the command with that authentication set. I thought of calling getCmdLineParser() twice, once just to configure the CliAuthenticator, then again with a fresh instance to really configure the command. But then GenericItemOptionHandler (for example) is going to throw a CmdLineException during the first parse, which will be thrown up and out of parseArgument. If -username and -password are both at the front of the command (rather than after the job names), then I guess these will already be set and we could just swallow the exception, but this seems fragile, and the behavior would be confusing since these arguments would work in some cases (where anonymous can see jobs) but not others (no anonymous read access). Or we could specially extract -username and related arguments and configure the authenticator with a special argument line. This will work only for a AbstractPasswordBasedSecurityRealm however; would break if someone introduced a security realm with another kind of authenticator. I am not sure if that would ever happen; the one plausible extension would be support API tokens rather than passwords, but this cannot be done as a CliTransportAuthenticator (since it would be command-line args, not transport) and cannot be done as a CliAuthenticator either (since it cuts across all security realms). Or we could somehow try to automatically determine which portions of the argument line belong to the authenticator, but this would be delving deeper into args4j than I dare at the moment. This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
