[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OpenShift Jenkins OAuth2 Authentication using Spring Boot





On Sun, Feb 11, 2018 at 5:43 PM, Tien Hung Nguyen <tienhng nguyen gmail com> wrote:
Thank you for the information.

I have disabled now the OAuth2 feature of OpenShift and tried to authenticate by the default username and password of jenkins to test the connection between the Jenkins Server and another Java REST Service.
However, when I try to do a REST Call on my Java Code by using the OpenShift Jenkins Service IP (server: http://172.30.51.151:80), I'm getting the the following error (2018-02-11 22:30:00,798 ERROR c.c.d.collector.DefaultHudsonClient - client exception loading jobs org.springframework.web.client.HttpClientErrorException: 403 Forbidden):

Can you supply the curl command or whatever you used to make the REST call?  Given the 403, either the credentials
are not being properly supplied, or our default user in the non-oauth case does not have as much permissions as we thought
it did (depending on which URI you are accessing).
 

2018-02-11 22:30:00,274 INFO  c.c.d.collector.CollectorTask - http://172.30.51.151:80 2018-02-11 22:30:00,274 INFO  c.c.d.collector.CollectorTask - -----------------------------------
2018-02-11 22:30:00,798 ERROR c.c.d.collector.DefaultHudsonClient - client exception loading jobsorg.springframework.web.client.HttpClientErrorException: 403 Forbidden at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:91) ~[spring-web-4.2.5.RELEASE.jar!/:4.2.5.RELEASE] at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:641) ~[spring-web-4.2.5.RELEASE.jar!/:4.2.5.RELEASE] at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:597) ~[spring-web-4.2.5.RELEASE.jar!/:4.2.5.RELEASE] at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:572) ~[spring-web-4.2.5.RELEASE.jar!/:4.2.5.RELEASE] at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:493) ~[spring-web-4.2.5.RELEASE.jar!/:4.2.5.RELEASE] at com.capitalone.dashboard.collector.DefaultHudsonClient.makeRestCall(DefaultHudsonClient.java:655) [jenkins-build-collector-2.0.5-SNAPSHOT.jar!/:2.0.5-SNAPSHOT] at com.capitalone.dashboard.collector.DefaultHudsonClient.getJobsCount(DefaultHudsonClient.java:192) [jenkins-build-collector-2.0.5-SNAPSHOT.jar!/:2.0.5-SNAPSHOT] at com.capitalone.dashboard.collector.DefaultHudsonClient.getInstanceJobs(DefaultHudsonClient.java:110) [jenkins-build-collector-2.0.5-SNAPSHOT.jar!/:2.0.5-SNAPSHOT] at com.capitalone.dashboard.collector.HudsonCollectorTask.collect(HudsonCollectorTask.java:99) [jenkins-build-collector-2.0.5-SNAPSHOT.jar!/:2.0.5-SNAPSHOT] at com.capitalone.dashboard.collector.HudsonCollectorTask.collect(HudsonCollectorTask.java:37) [jenkins-build-collector-2.0.5-SNAPSHOT.jar!/:2.0.5-SNAPSHOT] at com.capitalone.dashboard.collector.CollectorTask.run(CollectorTask.java:63) [core-2.0.5-SNAPSHOT.jar!/:2.0.5-SNAPSHOT] at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54) [spring-context-4.2.5.RELEASE.jar!/:4.2.5.RELEASE] at org.springframework.scheduling.concurrent.ReschedulingRunnable.run(ReschedulingRunnable.java:81) [spring-context-4.2.5.RELEASE.jar!/:4.2.5.RELEASE] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [na:1.8.0_151] at java.util.concurrent.FutureTask.run(FutureTask.java:266) [na:1.8.0_151] at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [na:1.8.0_151] at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [na:1.8.0_151] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_151] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_151] at java.lang.Thread.run(Thread.java:748) [na:1.8.0_151]2018-02-11 22:30:00,805 INFO  c.c.d.collector.CollectorTask - Error getting jobs for: http://172.30.51.151:80  0s
2018-02-11 22:31:49,069 INFO  org.mongodb.driver.connection - Closed connection [connectionId{localValue:6, serverValue:31667}] to hygieia-mongodb:27017 because it is past its maximum allowed idle time.2018-02-11 22:35:00,001 INFO  c.c.d.collector.CollectorTask - Running Collector: Hudson
2018-02-11 22:35:00,024 INFO  org.mongodb.driver.connection - Opened connection [connectionId{localValue:7, serverValue:31729}] to hygieia-mongodb:270172018-02-11 22:35:00,039 INFO  c.c.d.collector.CollectorTask - -----------------------------------
2018-02-11 22:35:00,040 INFO  c.c.d.collector.CollectorTask - http://172.30.51.151:80 2018-02-11 22:35:00,040 INFO  c.c.d.collector.CollectorTask - -----------------------------------
2018-02-11 22:35:00,051 ERROR c.c.d.collector.DefaultHudsonClient - client exception loading jobsorg.springframework.web.client.HttpClientErrorException: 403 Forbidden at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:91) ~[spring-web-4.2.5.RELEASE.jar!/:4.2.5.RELEASE] at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:641) ~[spring-web-4.2.5.RELEASE.jar!/:4.2.5.RELEASE] at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:597) ~[spring-web-4.2.5.RELEASE.jar!/:4.2.5.RELEASE] at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:572) ~[spring-web-4.2.5.RELEASE.jar!/:4.2.5.RELEASE] at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:493) ~[spring-web-4.2.5.RELEASE.jar!/:4.2.5.RELEASE] at com.capitalone.dashboard.collector.DefaultHudsonClient.makeRestCall(DefaultHudsonClient.java:655) [jenkins-build-collector-2.0.5-SNAPSHOT.jar!/:2.0.5-SNAPSHOT] at com.capitalone.dashboard.collector.DefaultHudsonClient.getJobsCount(DefaultHudsonClient.java:192) [jenkins-build-collector-2.0.5-SNAPSHOT.jar!/:2.0.5-SNAPSHOT] at com.capitalone.dashboard.collector.DefaultHudsonClient.getInstanceJobs(DefaultHudsonClient.java:110) [jenkins-build-collector-2.0.5-SNAPSHOT.jar!/:2.0.5-SNAPSHOT] at com.capitalone.dashboard.collector.HudsonCollectorTask.collect(HudsonCollectorTask.java:99) [jenkins-build-collector-2.0.5-SNAPSHOT.jar!/:2.0.5-SNAPSHOT] at com.capitalone.dashboard.collector.HudsonCollectorTask.collect(HudsonCollectorTask.java:37) [jenkins-build-collector-2.0.5-SNAPSHOT.jar!/:2.0.5-SNAPSHOT] at com.capitalone.dashboard.collector.CollectorTask.run(CollectorTask.java:63) [core-2.0.5-SNAPSHOT.jar!/:2.0.5-SNAPSHOT] at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54) [spring-context-4.2.5.RELEASE.jar!/:4.2.5.RELEASE] at org.springframework.scheduling.concurrent.ReschedulingRunnable.run(ReschedulingRunnable.java:81) [spring-context-4.2.5.RELEASE.jar!/:4.2.5.RELEASE] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [na:1.8.0_151] at java.util.concurrent.FutureTask.run(FutureTask.java:266) [na:1.8.0_151] at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [na:1.8.0_151] at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [na:1.8.0_151] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_151] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_151] at java.lang.Thread.run(Thread.java:748) [na:1.8.0_151]
2018-02-11 22:35:00,051 INFO  c.c.d.collector.CollectorTask - Error getting jobs for: http://172.30.51.151:80  0s
2018-02-11 22:36:49,069 INFO  org.mongodb.driver.connection - Closed connection [connectionId{localValue:7, serverValue:31729}] to hygieia-mongodb:27017 because it is past its maximum allowed idle time.


It seems that the HTTP Call to the Jenkins Pod is forbidden for my Rest Service. Please, could you tell me how to fix that?


2018-02-11 0:47 GMT+01:00 Ben Parees <bparees redhat com>:


On Sat, Feb 10, 2018 at 6:14 AM, Tien Hung Nguyen <tienhng nguyen gmail com> wrote:
I have found the token in the file of your mentioned path (/var/run/secrets/kubernetes.io/serviceaccount). But what is the best way to import that token into my properties file (which is created during the container build process via shell scripting) or retrieve the token in my Java Code?

My idea was to retrieve the token from that file to execute a rest call in my java code to retrieve the jenkins information from another OpenShift pod for my dashboard.

That is what I would expect someone to do, yes.
 


2018-02-09 23:22 GMT+01:00 Ben Parees <bparees redhat com>:


On Fri, Feb 9, 2018 at 5:16 PM, Tien Hung Nguyen <tienhng nguyen gmail com> wrote:
Thank you for your response.

Do you know what I have ti import in order to execute OpenShift oc commands in Java Spring Boot in order to retrieve the token from OpenShift? Since I don't know much about Go, I just understand a part of the code.

the token for your pod's service account should already be mounted in your pod assuming you're running on openshift:



2018-02-09 20:04 GMT+01:00 Ben Parees <bparees redhat com>:


On Fri, Feb 9, 2018 at 1:45 PM, Tien Hung Nguyen <tienhng nguyen gmail com> wrote:
Hello everyone,

I'm having a Spring Boot Rest Microservice and I'm trying to pull some information with a Rest call from my Jenkins Server, which is running in an OpenShift pod (based on the default openshift/jenkins image), to display the information from Jenkins in a unified dashboard.

However, I'm getting some problems with the authentication because OAuth2 is enabled on the Jenkins Pod. What is the correct way to authenticate my Spring Boot Rest Microservice with the Jenkins pod which redirects me at the moment to the OpenShift page because of OAuth2?

Currently, I have the required information and credentials in a properties file stored that I use for rest call, like username, password, server, domain etc., but actually that's mot working to authenticate with the jenkins pod.

Could you give me some sample code snippet that shows how to do that in a proper way?

 
you need to provide your openshift token to jenkins w/ the request, we have a utility library here that we use for interacting w/ jenkins during our automated testing, perhaps you can adapt it:



Regards
Tien

_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users




--
Ben Parees | OpenShift





--
Ben Parees | OpenShift





--
Ben Parees | OpenShift




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]