Jenkins CLI:使用匿名权限代替用户定义的权限 [英] Jenkins CLI: using Anonymous permissions instead of the user defined ones

问题描述

我对这个问题很生气，不知道如何解决.

I am getting mad with this problem and I have no idea how to solve it.

我们正在尝试从Windows Central存储库上的钩子触发Jenkins构建.这实际上是在旧的Jenkins服务器(LTS 1.580.1)上工作的.

We are trying to trigger Jenkins builds from hooks on a Windows Central repository. This is actually working on an old Jenkins server (LTS 1.580.1).

我们之前的操作方式是使用存储在文件中的SSH私钥调用Jenkins CLI.

The way we did it before was calling Jenkins CLI with the SSH private key stored on a file.

这是奇怪的事情:

C:\ Users \ Username \ jenkins> java -jar jenkins-cli.jar -shttp://主机名:8080 -i ci.key list-jobs

C:\Users\Username\jenkins>java -jar jenkins-cli.jar -s http://hostname:8080 -i ci.key list-jobs

hudson.security.AccessDeniedException2: jenkins_ci is missing the Overall/Read permission
         at hudson.security.ACL.checkPermission(ACL.java:58)
         at hudson.model.Node.checkPermission(Node.java:417)
         at hudson.cli.CLICommand.main(CLICommand.java:236)
         at hudson.cli.CliManagerImpl.main(CliManagerImpl.java:92)
         at sun.reflect.GeneratedMethodAccessor345.invoke(Unknown Source)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
         at java.lang.reflect.Method.invoke(Method.java:483)
         at hudson.remoting.RemoteInvocationHandler$RPCRequest.perform(RemoteInvocationHandler.java:320)
         at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:295)
         at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:254)
         at hudson.remoting.UserRequest.perform(UserRequest.java:121)
         at hudson.remoting.UserRequest.perform(UserRequest.java:49)
         at hudson.remoting.Request$2.run(Request.java:324)
         at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68)
         at hudson.cli.CliManagerImpl$1.call(CliManagerImpl.java:63)
         at hudson.remoting.CallableDecoratorAdapter.call(CallableDecoratorAdapter.java:18)
         at hudson.remoting.CallableDecoratorList$1.call(CallableDecoratorList.java:21)
         at jenkins.util.ContextResettingExecutorService$2.call(ContextResettingExecutorService.java:46)
         at java.util.concurrent.FutureTask.run(FutureTask.java:266)
         at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
         at java.lang.Thread.run(Thread.java:745)

jenkins_ci用户是一个Active Directory服务帐户，大多数情况下都可以使用.在Jenkins安全矩阵中，我具有与此服务帐户相同的权限.

The jenkins_ci user is an Active Directory Service Account which mostly worked with everything. In the Jenkins security matrix I have the same permissions that this service account.

当我使用ssh键并运行完全相同的命令时，它就像一个超级按钮一样工作.

When I use my ssh key and run exactly the same command, it worked like a charm.

如果我运行who-I-am，则说"jenkins_ci"，但是如果我更改了匿名权限，则jenkins_ci开始起作用. 似乎它没有读取定义的用户权限，而是使用了匿名用户权限.

If I run who-I-am it said "jenkins_ci" BUT if I change Anonymous permissions then jenkins_ci started to work. It seems that it is not reading the defined user permissions and it is using the Anonymous ones instead.

任何想法如何使其起作用?这是我应该报告给詹金斯(Jenkins)的错误还是我遗漏了任何东西?

Any ideas how to make it work? Is this one a bug that I should report to Jenkins or am I missing anything?

谢谢！

推荐答案

好吧，经过数小时的研究，我有了一个快乐的主意"，并且奏效了.

Ok, after hours and hours working on it, I had a "happy idea" and it worked.

我们的Jenkins正在使用LDAP针对Active Directory进行身份验证.

Our Jenkins is authenticating against Active Directory using LDAP.

以某种方式，Jenkins创建的用户(及其用户文件夹)为: "jenkins_ci" (小写)，而我们的Active Directory帐户为"JENKINS_CI" (大写).

Somehow, the user created by Jenkins (and it's user folder) was: "jenkins_ci" (lowercase) and our Active Directory account is "JENKINS_CI" (upper case).

Jenkins的安全性似乎是区分大小写.

It seems that Jenkins security is case-sensitive somehow.

我停止了Jenkins，删除了主机上的用户文件夹，然后启动了Jenkins. 现在，新文件夹名为JENKINS_CI，并且CLI可以运行了.

I stopped Jenkins, removed the user folder on host and just started Jenkins. The new folder is now called JENKINS_CI and now CLI is working.

这篇关于Jenkins CLI:使用匿名权限代替用户定义的权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！