Hi,
Using the generic webhook trigger plugin myself, while still relying on
OpenShift authentication logging into Jenkins, I don't remember having
anything like this.
Although I can't explain why your plugin would refuse this, unless maybe
something's wrong in Jenkins permissions matrix?
As far as I've seen, generic triggers from a BuildConfig wouldn't allow for
multi-branch jobs - or if they do, I'm still looking for a way to retrieve
the triggering branch as a variable somewhere (note: that ruddra sample
shows the buildconfig has a "ref: master", which would suggest it is not
multi-branch capable).
So far, Jenkins plugins was my next best solution, although not ideal.
Anyway, you might be able to create a role - or clusterrole - and
corresponding binding, with something like this (not tested)
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: bitbucket-jenkins-hook
rules:
- nonResourceURLs: [ "/bitbucket-scmsource-hook/*" ]
verbs: [ "get", "post" ]
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: bitbucket-jenkins-hook
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: bitbucket-jenkins-hook
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:unauthenticated
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:authenticated
(see: https://kubernetes.io/docs/reference/access-authn-authz/rbac/)
On Fri, Feb 8, 2019 at 7:14 AM Graham Dumpleton <[email protected]> wrote:
> I believe you should be using the web book URL from the pipeline build
> config.
>
> You can get them from the web console page for the pipeline.
>
> See:
>
> *
> https://ruddra.com/posts/openshift-python-gunicorn-nginx-jenkins-pipelines-part-three/
>
> Graham
>
> On 8 Feb 2019, at 5:03 pm, Sean Dawson <[email protected]>
> wrote:
>
> Hi,
>
> I have Jenkins running in an OpenShift cluster and I have a multi
> branch job set up, with the source git repository residing in
> Bitbucket server.
>
> I wan't to set up a web hook from Bitbucket Server to Jenkins to
> trigger builds as soon as there are changes to the repo. In a vanilla
> Jenkins installation you are able to simply post the updates to
> "${JENKINS_URL}/bitbucket-scmsource-hook/notify" as mentioned in this
> article:
>
>
> https://support.cloudbees.com/hc/en-us/articles/115000053051-How-to-Trigger-Multibranch-Jobs-from-Bitbucket-Server-#configurationinbitbucketserver
>
> However, our Jenkins instance is the OpenShift version and uses
> OpenShift to authenticate. When I try to post to this URL I get the
> following error:
>
> {
> "kind": "Status",
> "apiVersion": "v1",
> "metadata": {
>
> },
> "status": "Failure",
> "message": "forbidden: User \"system:anonymous\" cannot post path
> \"/bitbucket-scmsource-hook/notify\": no RBAC policy matched",
> "reason": "Forbidden",
> "details": {
>
> },
> "code": 403
> }
>
> Does anyone know of a way to allow the "system:anonymous" user to post
> to that path?
>
> Thanks
>
> Sean
>
> _______________________________________________
> users mailing list
> [email protected]
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
>
> _______________________________________________
> users mailing list
> [email protected]
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
--
Samuel Martín Moro
{EPITECH.} 2011
"Nobody wants to say how this works.
Maybe nobody knows ..."
Xorg.conf(5)
_______________________________________________
users mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
