Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Feb 23 06:05

    dependabot[bot] on maven

    (compare)

  • Feb 23 06:05
    dependabot[bot] closed #14
  • Feb 23 06:05
    dependabot[bot] commented #14
  • Feb 23 06:05
    dependabot[bot] labeled #17
  • Feb 23 06:05
    dependabot[bot] opened #17
  • Feb 23 06:05

    dependabot[bot] on maven

    Bump jetty-security from 9.4.15… (compare)

  • Feb 15 07:05

    dependabot[bot] on maven

    (compare)

  • Feb 15 07:05
    dependabot[bot] closed #11
  • Feb 15 07:05
    dependabot[bot] commented #11
  • Feb 15 07:05
    dependabot[bot] labeled #16
  • Feb 15 07:05
    dependabot[bot] opened #16
  • Feb 15 07:05

    dependabot[bot] on maven

    Bump junit from 4.13.1 to 4.13.… (compare)

  • Jan 25 07:15

    dependabot[bot] on maven

    (compare)

  • Jan 25 07:15
    dependabot[bot] closed #13
  • Jan 25 07:15
    dependabot[bot] commented #13
  • Jan 25 07:15
    dependabot[bot] labeled #15
  • Jan 25 07:15
    dependabot[bot] opened #15
  • Jan 25 07:15

    dependabot[bot] on maven

    Bump assertj-core from 3.14.0 t… (compare)

  • Jan 15 13:44
    codecov-io commented #13
  • Jan 15 13:44
    codecov-io commented #13
Noel Georgi
@frezbo
image.png
Fabrice Pipart
@fabricepipart
Oh !
Noel Georgi
@frezbo
if this artifactory option is enabled it will return 404
instead of 401
disabling that will retuun 401
Fabrice Pipart
@fabricepipart
I looked at all options in my local 6.6.5
Where is this one?
Noel Georgi
@frezbo
General security config
image.png
Fabrice Pipart
@fabricepipart
It is there
Let me try. I did not get a 404 IIRC !
Noel Georgi
@frezbo
~ (aws:none)(kc:none)$ curl -I http://localhost:8082/artifactory/frezbo-local/jenkins-library-groovy-0.9.3.zip
HTTP/1.1 404 Not Found
Server: Artifactory/6.9.1
X-Artifactory-Id: 1c1bf8d9d4a2d73d:-7edbcbad:16df3433f31:-8000
Content-Type: application/json;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 22 Oct 2019 11:48:19 GMT

~ (aws:none)(kc:none)$ curl -I http://localhost:8082/artifactory/frezbo-local/jenkins-library-groovy-0.9.3.zip
HTTP/1.1 401 Unauthorized
Server: Artifactory/6.9.1
X-Artifactory-Id: 1c1bf8d9d4a2d73d:-7edbcbad:16df3433f31:-8000
WWW-Authenticate: Basic realm="Artifactory Realm"
Content-Type: application/json;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 22 Oct 2019 11:48:27 GMT

~ (aws:none)(kc:none)$
curl response with the setting enabled and then disabled
Fabrice Pipart
@fabricepipart
WOW
Noel Georgi
@frezbo
now I know why my changes worked :wink:
Fabrice Pipart
@fabricepipart
Indeed same here
Noel Georgi
@frezbo
how do you think it should be handled
Fabrice Pipart
@fabricepipart
image.png
Could you summarize why it explains the fix you had to do?
Noel Georgi
@frezbo
Artifactory has setting called Hide Existence of Unauthorized Resources which would return a 404 for an object that already exists instead of a 401 when enabled
My change was such that when credentials are available the Authorization header is always set, instead of relying on the response from artifactory
I have added the same comment on the PR
Fabrice Pipart
@fabricepipart
So when the plugin tries to download without the credentials, it fails to understand what is going on
Let me try to reproduce
Fabrice Pipart
@fabricepipart
Good, thats now reproduced
I ll now try to reproduce as JUnit (without using my local Artifactory)
Fabrice Pipart
@fabricepipart
Reproduced! (I thought it would be more difficult)
Now we need to find how to fix it ;)

    /**
     * In the Admin section 'General Security Configuration', Artifactory has an option
     * 'Hide Existence of Unauthorized Resources' which throws a 404 instead of a 401 when a resource is not authorized
     */
    @Test
    public void retrievesForArtifactoryWithHideUnauthorized() throws Exception {
        wireMock.stubFor(
                WireMock.any(WireMock.anyUrl())
                        .atPriority(1)
                        .andMatching(r -> MatchResult.of(!r.getMethod().equals(RequestMethod.HEAD) && !r.containsHeader(HttpHeaders.AUTHORIZATION)))
                        .willReturn(WireMock.notFound()));
        Assert.assertFalse(target.child("version.txt").exists());
        retriever.retrieve("http-lib-retriever-tests", "1.2.3", target, run, listener);
        Assert.assertTrue(target.child("version.txt").exists());
        Assert.assertTrue(target.child("src").exists());
        Assert.assertTrue(target.child("vars").exists());
        Assert.assertTrue(target.child("resources").exists());
    }
Noel Georgi
@frezbo
great, thanks for taking time to look into this
Fabrice Pipart
@fabricepipart
In the meantime, are you blocked by this? I mean how urgent is it to code the fix? It is not really straightfoward to do and I am lacking time. Could it wait for next week?
Noel Georgi
@frezbo
yeh I can wait, once this is fixed I could switch to using artifactory instead of git, and this will solve a lot of our provisioning issues (some crazy deps :wink: )
Fabrice Pipart
@fabricepipart
I coded the fix ;)
I am preparing the PR
Fabrice Pipart
@fabricepipart
Noel Georgi
@frezbo

I coded the fix ;)
I am preparing the PR

Wow that was fast, thanks for the very quick response and putting in a fix

Fabrice Pipart
@fabricepipart
Hi!
Version 1.2.3 should be the solution :)
I ll try to release a 1.3 with a configurable option
Martin d'Anjou
@martinda
@/all Hi. Are you interested in participating in Google Summer of Code for this project?
Fabrice Pipart
@fabricepipart
Hi @martinda ! Can you tell me a bit more regarding this event? When and where is it? What is the purpose?
Martin d'Anjou
@martinda

Hi @fabricepipart . Google Summer of Code is an annual program organized by Google. The Jenkins Org participates since 2016 and intents to participate again in 2020.

Essentially, open source organizations have projects, and can enlist students to work with them for 4 months to complete or advance these projects. The org has to provide a mentor (6 to 8 hours per week), and the student works on the project full time (about 40 hours per week). If the work goes well according to the mentors, Google pays the students a stipend. Because Jenkins already applies as an organization, you could propose a project with the workflow-cps-global-lib-http-plugin, and a student might apply and do the work between May and August 2020. It all happens on-line.

I have been a mentor since 2016, and I am now an org admin with Jenkins. So feel free to ask any question you might have to me!

Martin d'Anjou
@martinda
I found this: https://github.com/jenkinsci/pipeline-global-lib-nexus-plugin
A bit unfortunate that two plugins similar in nature have such different name prefixes: workflow-cps-global-lib vs. pipeline-global-lix
Fabrice Pipart
@fabricepipart
I rather agree with you... Unfortunately I was not aware of this plugin (yet). Ours was started before though. And obviously this one knew about ours since... the readme looks like a copy paste
No problem with that we all start copy pasting something. It's just sad that we did not try to merge the two. I would have been glad to find a way to accommodate both within the same plugin
Fabrice Pipart
@fabricepipart
I just dropped him a mail :)
Regarding you proposal concerning Google Summer of Code, this sounds very appealing. But I need to check if I would have the time to handle that mentoring part. Plus the backlog of this plugin is rather poor while I plan to start another one that would probably be a better candidate
Martin d'Anjou
@martinda
You make me think that maybe the two plugins could merge. What is your other idea if you don't mind sharing it?
Martin d'Anjou
@martinda
I mean to say that the GSoC project could be to merge the two plugins.
Fabrice Pipart
@fabricepipart
The second plugin is to introduce a dependency mechanism between pipeline libraries. I ll come back to you after the holiday season. Thanks a lot for your help!
Martin d'Anjou
@martinda
Fabrice Pipart
@fabricepipart
Hi! Yes I would recommend to go to this one. It is more up to date, I should keep the other fork in sync though... But to have continuous deployment, cloudbees requires that you use their repositories. Neverthless we are fully admin of it, it does not change much