All Apps and Add-ons

Why are 'Jenkins user id' and 'Jenkins User API Key' mandatory?

Path Finder

I've tried to set up a trigger with just an 'Jenkins Authentication Token', but it seems to fail then because the script expects mandatory username and API key:

09-14-2018 07:22:00.795 +0000 ERROR sendmodalert - action=jenkins_trigger STDERR -  Traceback (most recent call last):
09-14-2018 07:22:00.795 +0000 ERROR sendmodalert - action=jenkins_trigger STDERR -    File "/opt/splunk/etc/apps/jenkins_trigger/bin/", line 31, in <module>
09-14-2018 07:22:00.795 +0000 ERROR sendmodalert - action=jenkins_trigger STDERR -      jenkins_post_data = proto + '://' + jenkins_user + ':' + api_token + '@' + url_trail + '/buildWithParameters?token=' + jenkins_auth_token + '&' + jenkins_params
09-14-2018 07:22:00.795 +0000 ERROR sendmodalert - action=jenkins_trigger STDERR -  TypeError: coercing to Unicode: need string or buffer, NoneType found
09-14-2018 07:22:00.799 +0000 INFO  sendmodalert - action=jenkins_trigger - Alert action script completed in duration=66 ms with exit code=1
    09-14-2018 07:22:00.799 +0000 WARN  sendmodalert - action=jenkins_trigger - Alert action script returned error code=1
    09-14-2018 07:22:00.799 +0000 ERROR sendmodalert - Error in 'sendalert' command: Alert script returned error code 1.

Why is it that way? If you have a job Authentication Token, you don't a user authentication. That's the whole point of the job auth tokens AFAIK

Tags (1)
0 Karma

New Member

Jenkins Authentication requires user:api_token
The job token is a separate requirement only if you configured a job token on your specific jenkins job.

I gathered this information from this source:
"Daniel Beck added a comment - 2017-09-12 06:26
Token-based build triggering is a legacy option that has been deprecated years ago (just the docs haven't been kept up to date).

It made sense in a time when Jenkins allowed anyone Read access to anything, but only authenticated users were able to trigger builds.

With more complex security realms, that can limit Read access for some users, this scheme no longer works, as access to the entire /job/whatever/ URL space can be prohibited. This is pretty deep inside Jenkins, and there's nothing the authorization plugin can (or should) do.

If you need to trigger builds this way, you need to authenticate with Jenkins with a user that has read access (Build permission not necessary, but really, what do you gain then?), or use the Build Token Root Plugin, which implements its own URL scheme and permission control and is not subject to the usual URL hierarchy permissions scheme in Jenkins."
,This is a requirement of "Trigger Builds Remotely" in Jenkins.
There is no option for api token only without user since they are linked, that I am aware of.
The job authentication token is an additional token needed along with user:apitoken if you configured one on the particular jenkins job.
You always need a user:apitoken.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the ...

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We are happy to announce the 20 lucky questers who are selected to be the first round of Champion's Tribute ...

We’ve Got Education Validation!

Are you feeling it? All the career-boosting benefits of up-skilling with Splunk? It’s not just a feeling, it's ...