All Apps and Add-ons

Why are 'Jenkins user id' and 'Jenkins User API Key' mandatory?

kutzi
Path Finder

I've tried to set up a trigger with just an 'Jenkins Authentication Token', but it seems to fail then because the script expects mandatory username and API key:

09-14-2018 07:22:00.795 +0000 ERROR sendmodalert - action=jenkins_trigger STDERR -  Traceback (most recent call last):
09-14-2018 07:22:00.795 +0000 ERROR sendmodalert - action=jenkins_trigger STDERR -    File "/opt/splunk/etc/apps/jenkins_trigger/bin/jenkins_trigger.py", line 31, in <module>
09-14-2018 07:22:00.795 +0000 ERROR sendmodalert - action=jenkins_trigger STDERR -      jenkins_post_data = proto + '://' + jenkins_user + ':' + api_token + '@' + url_trail + '/buildWithParameters?token=' + jenkins_auth_token + '&' + jenkins_params
09-14-2018 07:22:00.795 +0000 ERROR sendmodalert - action=jenkins_trigger STDERR -  TypeError: coercing to Unicode: need string or buffer, NoneType found
09-14-2018 07:22:00.799 +0000 INFO  sendmodalert - action=jenkins_trigger - Alert action script completed in duration=66 ms with exit code=1
    09-14-2018 07:22:00.799 +0000 WARN  sendmodalert - action=jenkins_trigger - Alert action script returned error code=1
    09-14-2018 07:22:00.799 +0000 ERROR sendmodalert - Error in 'sendalert' command: Alert script returned error code 1.

Why is it that way? If you have a job Authentication Token, you don't a user authentication. That's the whole point of the job auth tokens AFAIK

Tags (1)
0 Karma

justicj
New Member

Jenkins Authentication requires user:api_token
The job token is a separate requirement only if you configured a job token on your specific jenkins job.

I gathered this information from this source: https://issues.jenkins-ci.org/browse/JENKINS-17764
"Daniel Beck added a comment - 2017-09-12 06:26
Token-based build triggering is a legacy option that has been deprecated years ago (just the docs haven't been kept up to date).

It made sense in a time when Jenkins allowed anyone Read access to anything, but only authenticated users were able to trigger builds.

With more complex security realms, that can limit Read access for some users, this scheme no longer works, as access to the entire /job/whatever/ URL space can be prohibited. This is pretty deep inside Jenkins, and there's nothing the authorization plugin can (or should) do.

If you need to trigger builds this way, you need to authenticate with Jenkins with a user that has read access (Build permission not necessary, but really, what do you gain then?), or use the Build Token Root Plugin, which implements its own URL scheme and permission control and is not subject to the usual URL hierarchy permissions scheme in Jenkins."
,This is a requirement of "Trigger Builds Remotely" in Jenkins.
There is no option for api token only without user since they are linked, that I am aware of.
The job authentication token is an additional token needed along with user:apitoken if you configured one on the particular jenkins job.
You always need a user:apitoken.

0 Karma
Get Updates on the Splunk Community!

Fueling your curiosity with new Splunk ILT and eLearning courses

At Splunk Education, we’re driven by curiosity—both ours and yours! That’s why we’re committed to delivering ...

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureOn Demand Now Step boldly into the AI revolution with enhanced security ...