AmadeusITGroup/workflow-cps-global-lib-http-plugin

Please contact us for any question regarding the corrrpondin github repository

Noel Georgi

@frezbo

Fabrice Pipart

@fabricepipart

Oh !

Noel Georgi

@frezbo

if this artifactory option is enabled it will return 404

instead of 401

disabling that will retuun 401

Fabrice Pipart

@fabricepipart

I looked at all options in my local 6.6.5

Where is this one?

Noel Georgi

@frezbo

General security config

Fabrice Pipart

@fabricepipart

It is there

Let me try. I did not get a 404 IIRC !

Noel Georgi

@frezbo

~ (aws:none)(kc:none)$ curl -I http://localhost:8082/artifactory/frezbo-local/jenkins-library-groovy-0.9.3.zip
HTTP/1.1 404 Not Found
Server: Artifactory/6.9.1
X-Artifactory-Id: 1c1bf8d9d4a2d73d:-7edbcbad:16df3433f31:-8000
Content-Type: application/json;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 22 Oct 2019 11:48:19 GMT

~ (aws:none)(kc:none)$ curl -I http://localhost:8082/artifactory/frezbo-local/jenkins-library-groovy-0.9.3.zip
HTTP/1.1 401 Unauthorized
Server: Artifactory/6.9.1
X-Artifactory-Id: 1c1bf8d9d4a2d73d:-7edbcbad:16df3433f31:-8000
WWW-Authenticate: Basic realm="Artifactory Realm"
Content-Type: application/json;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 22 Oct 2019 11:48:27 GMT

~ (aws:none)(kc:none)$

curl response with the setting enabled and then disabled

Fabrice Pipart

@fabricepipart

WOW

Noel Georgi

@frezbo

now I know why my changes worked :wink:

Fabrice Pipart

@fabricepipart

Indeed same here

Noel Georgi

@frezbo

how do you think it should be handled

Fabrice Pipart

@fabricepipart

Could you summarize why it explains the fix you had to do?

Noel Georgi

@frezbo

Artifactory has setting called Hide Existence of Unauthorized Resources which would return a 404 for an object that already exists instead of a 401 when enabled

My change was such that when credentials are available the Authorization header is always set, instead of relying on the response from artifactory

I have added the same comment on the PR

Fabrice Pipart

@fabricepipart

So when the plugin tries to download without the credentials, it fails to understand what is going on

Let me try to reproduce

Fabrice Pipart

@fabricepipart

Good, thats now reproduced

I ll now try to reproduce as JUnit (without using my local Artifactory)

Fabrice Pipart

@fabricepipart

Reproduced! (I thought it would be more difficult)

Now we need to find how to fix it ;)


    /**
     * In the Admin section 'General Security Configuration', Artifactory has an option
     * 'Hide Existence of Unauthorized Resources' which throws a 404 instead of a 401 when a resource is not authorized
     */
    @Test
    public void retrievesForArtifactoryWithHideUnauthorized() throws Exception {
        wireMock.stubFor(
                WireMock.any(WireMock.anyUrl())
                        .atPriority(1)
                        .andMatching(r -> MatchResult.of(!r.getMethod().equals(RequestMethod.HEAD) && !r.containsHeader(HttpHeaders.AUTHORIZATION)))
                        .willReturn(WireMock.notFound()));
        Assert.assertFalse(target.child("version.txt").exists());
        retriever.retrieve("http-lib-retriever-tests", "1.2.3", target, run, listener);
        Assert.assertTrue(target.child("version.txt").exists());
        Assert.assertTrue(target.child("src").exists());
        Assert.assertTrue(target.child("vars").exists());
        Assert.assertTrue(target.child("resources").exists());
    }

Noel Georgi

@frezbo

great, thanks for taking time to look into this

Fabrice Pipart

@fabricepipart

In the meantime, are you blocked by this? I mean how urgent is it to code the fix? It is not really straightfoward to do and I am lacking time. Could it wait for next week?

Noel Georgi

@frezbo

yeh I can wait, once this is fixed I could switch to using artifactory instead of git, and this will solve a lot of our provisioning issues (some crazy deps :wink: )

Fabrice Pipart

@fabricepipart

I coded the fix ;)
I am preparing the PR

Fabrice Pipart

@fabricepipart

jenkinsci/workflow-cps-global-lib-http-plugin#6

Noel Georgi

@frezbo

I coded the fix ;)
I am preparing the PR

Wow that was fast, thanks for the very quick response and putting in a fix

Fabrice Pipart

@fabricepipart

Hi!

Version 1.2.3 should be the solution :)

I ll try to release a 1.3 with a configurable option

Martin d'Anjou

@martinda

@/all Hi. Are you interested in participating in Google Summer of Code for this project?

Fabrice Pipart

@fabricepipart

Hi @martinda ! Can you tell me a bit more regarding this event? When and where is it? What is the purpose?

Martin d'Anjou

@martinda

Hi @fabricepipart . Google Summer of Code is an annual program organized by Google. The Jenkins Org participates since 2016 and intents to participate again in 2020.

Essentially, open source organizations have projects, and can enlist students to work with them for 4 months to complete or advance these projects. The org has to provide a mentor (6 to 8 hours per week), and the student works on the project full time (about 40 hours per week). If the work goes well according to the mentors, Google pays the students a stipend. Because Jenkins already applies as an organization, you could propose a project with the workflow-cps-global-lib-http-plugin, and a student might apply and do the work between May and August 2020. It all happens on-line.

I have been a mentor since 2016, and I am now an org admin with Jenkins. So feel free to ask any question you might have to me!

Martin d'Anjou

@martinda

I found this: https://github.com/jenkinsci/pipeline-global-lib-nexus-plugin
A bit unfortunate that two plugins similar in nature have such different name prefixes: workflow-cps-global-lib vs. pipeline-global-lix

Fabrice Pipart

@fabricepipart

I rather agree with you... Unfortunately I was not aware of this plugin (yet). Ours was started before though. And obviously this one knew about ours since... the readme looks like a copy paste

No problem with that we all start copy pasting something. It's just sad that we did not try to merge the two. I would have been glad to find a way to accommodate both within the same plugin

Fabrice Pipart

@fabricepipart

I just dropped him a mail :)

Regarding you proposal concerning Google Summer of Code, this sounds very appealing. But I need to check if I would have the time to handle that mentoring part. Plus the backlog of this plugin is rather poor while I plan to start another one that would probably be a better candidate

Martin d'Anjou

@martinda

You make me think that maybe the two plugins could merge. What is your other idea if you don't mind sharing it?

Martin d'Anjou

@martinda

I mean to say that the GSoC project could be to merge the two plugins.

Fabrice Pipart

@fabricepipart

The second plugin is to introduce a dependency mechanism between pipeline libraries. I ll come back to you after the holiday season. Thanks a lot for your help!

Martin d'Anjou

@martinda

Looks like this has migrated to https://github.com/jenkinsci/workflow-cps-global-lib-http-plugin

Fabrice Pipart

@fabricepipart

Hi! Yes I would recommend to go to this one. It is more up to date, I should keep the other fork in sync though... But to have continuous deployment, cloudbees requires that you use their repositories. Neverthless we are fully admin of it, it does not change much

Where communities thrive

People

Repo info

Activity