All Apps and Add-ons

Why are 'Jenkins user id' and 'Jenkins User API Key' mandatory?

kutzi
Path Finder

I've tried to set up a trigger with just an 'Jenkins Authentication Token', but it seems to fail then because the script expects mandatory username and API key:

09-14-2018 07:22:00.795 +0000 ERROR sendmodalert - action=jenkins_trigger STDERR -  Traceback (most recent call last):
09-14-2018 07:22:00.795 +0000 ERROR sendmodalert - action=jenkins_trigger STDERR -    File "/opt/splunk/etc/apps/jenkins_trigger/bin/jenkins_trigger.py", line 31, in <module>
09-14-2018 07:22:00.795 +0000 ERROR sendmodalert - action=jenkins_trigger STDERR -      jenkins_post_data = proto + '://' + jenkins_user + ':' + api_token + '@' + url_trail + '/buildWithParameters?token=' + jenkins_auth_token + '&' + jenkins_params
09-14-2018 07:22:00.795 +0000 ERROR sendmodalert - action=jenkins_trigger STDERR -  TypeError: coercing to Unicode: need string or buffer, NoneType found
09-14-2018 07:22:00.799 +0000 INFO  sendmodalert - action=jenkins_trigger - Alert action script completed in duration=66 ms with exit code=1
    09-14-2018 07:22:00.799 +0000 WARN  sendmodalert - action=jenkins_trigger - Alert action script returned error code=1
    09-14-2018 07:22:00.799 +0000 ERROR sendmodalert - Error in 'sendalert' command: Alert script returned error code 1.

Why is it that way? If you have a job Authentication Token, you don't a user authentication. That's the whole point of the job auth tokens AFAIK

Tags (1)
0 Karma

justicj
New Member

Jenkins Authentication requires user:api_token
The job token is a separate requirement only if you configured a job token on your specific jenkins job.

I gathered this information from this source: https://issues.jenkins-ci.org/browse/JENKINS-17764
"Daniel Beck added a comment - 2017-09-12 06:26
Token-based build triggering is a legacy option that has been deprecated years ago (just the docs haven't been kept up to date).

It made sense in a time when Jenkins allowed anyone Read access to anything, but only authenticated users were able to trigger builds.

With more complex security realms, that can limit Read access for some users, this scheme no longer works, as access to the entire /job/whatever/ URL space can be prohibited. This is pretty deep inside Jenkins, and there's nothing the authorization plugin can (or should) do.

If you need to trigger builds this way, you need to authenticate with Jenkins with a user that has read access (Build permission not necessary, but really, what do you gain then?), or use the Build Token Root Plugin, which implements its own URL scheme and permission control and is not subject to the usual URL hierarchy permissions scheme in Jenkins."
,This is a requirement of "Trigger Builds Remotely" in Jenkins.
There is no option for api token only without user since they are linked, that I am aware of.
The job authentication token is an additional token needed along with user:apitoken if you configured one on the particular jenkins job.
You always need a user:apitoken.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...