Gitlab-plugin: Web hook fails when Jenkins Anonymous user does not have job/build permission

Created on 6 Jul 2016  路  8Comments  路  Source: jenkinsci/gitlab-plugin

Issue

Context

  • Gitlab plugin version: 1.2.5
  • Gitlab version: Community Edition 8.5.4
  • Jenkins version: 1.654

    Logs & Traces

When testing the web hook on gitlab side, I get this exception :
Hook execution failed: java.lang.Exception: anonymous is missing the Job/Build permission at org.kohsuke.stapler.HttpResponses.error(HttpResponses.java:83) at (...)

Problem description

Indeed, if on the Jenkins side, I allow the job/build permission for Anonymous, everything works fine. But I certainly don't want to allow anybody to launch builds. Is that a gitlab-plugin issue ? Or am I missing something on the Jenkins side ?

Thanks for all your work

Most helpful comment

You can set Secret Token as well and I think this method is better than two other options since no credential exposed or no too open policy.

Create Jenkins Secret Token

jenkins_token

Use the Secret Token at Gitlab

gitlab_token

All 8 comments

You can either add a special user in Jenkins for this and configure the Webhook in GitLab accordingly or you can uncheck the checkbox "Enable authentication for '/project' end-point" in the GitLab section of the global Jenkins configuration. But this should be unchecked by default.

Unchecking the box works indeed ... thanks !
I am curious on how to 'configure the webhook in Gitlab accordingly' though, right now the documentation only refers to :
http://JENKINS_URL/project/PROJECT_NAME
Is there a way to configure that link with other options ?
Thanks again

If you are using GitLab EE you can use the Jenkins CI service where you can enter a username and password. For webhooks you can add the username and password directly to the URL like this:
https://username:password@JENKINS_URL/project/PROJECT_NAME
Not that nice as the password is visible for everybody how as access to the webhook page but it should work.

You can set Secret Token as well and I think this method is better than two other options since no credential exposed or no too open policy.

Create Jenkins Secret Token

jenkins_token

Use the Secret Token at Gitlab

gitlab_token

You can set Secret Token as well and I think this method is better than two other options since no credential exposed or no too open policy.

Create Jenkins Secret Token

jenkins_token

Use the Secret Token at Gitlab

gitlab_token

This should be the accepted answer to this issue.

I have to put the gitlab url and secret token from Jenkins server. like below 馃憤
http://yourpublicip:8080/project/test
secret token from Jenkins:- e5a68a6f4a2a76a243380c75af21a206
Uncheck the SSL as I dont have ssl on Jenkins.
Screen Shot 2020-08-18 at 3 00 44 PM
Screen Shot 2020-08-18 at 3 00 13 PM
Click on the Advance section to Generate secret token
Screen Shot 2020-08-18 at 3 02 34 PM

Its working Thanks

Sorry to bump this, but do you get proper feedback on the pipeline status from jenkins in the MR page when using secret token-based auth? My MR still says Checking pipeline status. indefinitely. Thanks!

@marc0s I have the same issue, did you find a fix? I can create a GitLab comment just fine.
My pipeline is very simple:

pipeline {
    agent any

    stages {
       stage('gitlab') {
          steps {
             echo 'Notify GitLab'
             updateGitlabCommitStatus name: 'build', state: 'pending'
             updateGitlabCommitStatus name: 'build', state: 'success'
             addGitLabMRComment comment: "#${env.BUILD_ID} ${JOB_BASE_NAME} triggered"
          }
       }
    }
 }
Was this page helpful?
0 / 5 - 0 ratings