gitlab-branch-source-plugin
gitlab-branch-source-plugin copied to clipboard
Published
20 hours ago •
jenkinsci
jenkinsci
Gitlab group scan access denied
Version report
Jenkins and plugins versions report:
Jenkins: 2.277.2
OS: Linux - 3.10.0-1160.24.1.el7.x86_64
---
jdk-tool:1.5
script-security:1.77
command-launcher:1.6
structs:1.23
jacoco:3.2.0
workflow-step-api:2.23
scm-api:2.6.4
workflow-api:2.44
bouncycastle-api:2.20
junit:1.50
matrix-project:1.18
dashboard-view:2.17
workflow-scm-step:2.12
credentials:2.5
apache-httpcomponents-client-4-api:4.5.13-1.0
ssh-credentials:1.18.1
jsch:0.1.55.2
git-client:3.7.2
display-url-api:2.3.5
mailer:1.34
git:4.7.2
jira-ext:0.9
jenkins-jira-issue-updater:1.18
jira-trigger:1.0.1
javadoc:1.6
antisamy-markup-formatter:2.1
sonar:2.13.1
workflow-support:3.8
workflow-job:2.41
gitlab-plugin:1.5.20
jackson2-api:2.12.3
cloudbees-folder:6.15
branch-api:2.6.4
jira:3.3
jquery:1.12.4-1
git-parameter:0.9.13
ant:1.11
chucknorris:1.4
gradle:1.36
ace-editor:1.1
jquery-detached:1.2.1
workflow-cps:2.92
token-macro:2.15
config-file-provider:3.8.0
ivy:2.1
artifactory:3.11.4
pipeline-stage-tags-metadata:1.8.5
locale:1.4
ldap:2.7
plain-credentials:1.7
lockable-resources:2.11
pipeline-model-extensions:1.8.5
pipeline-milestone-step:1.3.2
pipeline-input-step:2.12
pipeline-stage-step:2.5
pipeline-graph-analysis:1.11
pipeline-rest-api:2.19
handlebars:3.0.8
momentjs:1.1.1
pipeline-stage-view:2.19
pipeline-build-step:2.13
credentials-binding:1.25
pipeline-model-api:1.8.5
workflow-durable-task-step:2.39
git-server:1.9
workflow-cps-global-lib:2.19
workflow-multibranch:2.24
authentication-tokens:1.4
docker-commons:1.17
durable-task:1.37
workflow-basic-steps:2.23
docker-workflow:1.26
pipeline-model-definition:1.8.5
workflow-aggregator:2.6
publish-over:0.22
active-directory:2.24
publish-over-cifs:0.16
slack:2.48
pam-auth:1.6
windows-slaves:1.8
external-monitor-job:1.7
matrix-auth:2.6.7
greenballs:1.15.1
blueocean-rest:1.24.7
pubsub-light:1.16
github-api:1.123
github-branch-source:2.10.2
blueocean-jwt:1.24.7
blueocean-rest-impl:1.24.7
blueocean-core-js:1.24.7
github:1.33.1
blueocean-commons:1.24.7
blueocean-pipeline-scm-api:1.24.7
variant:1.4
favorite:2.3.3
blueocean-pipeline-api-impl:1.24.7
blueocean-github-pipeline:1.24.7
blueocean-git-pipeline:1.24.7
blueocean-config:1.24.7
mercurial:2.15
handy-uri-templates-2-api:2.1.8-1.0
cloudbees-bitbucket-branch-source:2.9.9
blueocean-bitbucket-pipeline:1.24.7
blueocean-dashboard:1.24.7
blueocean-personalization:1.24.7
blueocean-jira:1.24.7
blueocean-display-url:2.4.1
sse-gateway:1.24
blueocean-events:1.24.7
blueocean-autofavorite:1.2.4
blueocean:1.24.7
jenkins-design-language:1.24.7
blueocean-pipeline-editor:1.24.7
role-strategy:3.1.1
pipeline-npm:0.9.2
h2-api:1.4.199
pipeline-maven:3.10.0
analysis-model-api:10.2.5
warnings-ng:9.2.0
code-coverage-api:1.3.2
cobertura:1.16
enhanced-old-build-discarder:1.4
blueocean-web:1.24.7
blueocean-i18n:1.24.7
extended-read-permission:3.2
forensics-api:1.1.0
maven-plugin:3.12
htmlpublisher:1.25
Office-365-Connector:4.15.0
extensible-choice-parameter:1.7.0
embeddable-build-status:2.0.3
next-build-number:1.6
cloudbees-disk-usage-simple:0.10
plugin-util-api:2.3.0
font-awesome-api:5.15.3-3
popper-api:1.16.1-2
jquery3-api:3.6.0-1
bootstrap4-api:4.6.0-3
echarts-api:5.1.2-2
data-tables-api:1.10.25-1
publish-over-ssh:1.22
nodejs:1.4.0
metrics:4.0.2.8
prometheus:2.0.10
snakeyaml-api:1.29.1
folder-auth:1.3
okhttp-api:3.14.9
trilead-api:1.0.13
jjwt-api:0.11.2-9.c8b45b8bb173
copyartifact:1.46.1
run-condition:1.5
copy-project-link:1.5
python:1.3
envinject-api:1.7
gitlab-api:1.0.6
gitlab-branch-source:1.5.7
ruby-runtime:0.12
gitlab-hook:1.4.2
authorize-project:1.4.0
checks-api:1.7.0
caffeine-api:2.9.1-23.v51c4e2c879c8
adoptopenjdk:1.4
mapdb-api:1.0.9.0
popper2-api:2.5.4-2
bootstrap5-api:5.0.1-2
subversion:2.14.4
basic-branch-build-strategies:1.3.2
- What Operating System are you using (both controller, and any agents involved in the problem)?
Jenkins:
Hardware : VMware Virtual Machine (SN=42347bba748457ca-d6636e286da09)
Processor : 4 x Intel Xeon E5-2650v4 2,20GHz (1C,30MB Cache,64 Bit,MC:IBRS)
Additional : 4 cores, HT=off, 16 GB Memory (DDR)
System : Linux Kernel 3.10.0-1160.24.1.el7.x86_64 on x86_64 (64 Bit)
Distrib : Red Hat Enterprise Linux Server release 7.9 (Maipo)
Gitlab:
Hardware : VMware Virtual Machine (SN=42344548e0a2234f-a5510b677d724)
Processor : 4 x Intel Xeon E5-2650v4 2,20GHz (1C,30MB Cache,64 Bit,MC:IBRS)
Additional : 4 cores, HT=off, 16 GB Memory (DDR)
System : Linux Kernel 3.10.0-1160.24.1.el7.x86_64 on x86_64 (64 Bit)
Distrib : Red Hat Enterprise Linux Server release 7.9 (Maipo)
Reproduction steps
- Create a Gitlab group with many projects
- Scan this gitlab group
Results
Expected result:
All projects which contain a Jenkinsfile to show up in the Gitlab group in Jenkins.
Actual result:
After a number of projects errors start showing up:
Checking project xxx/yyy/zzz
Cannot set web hook: Forbidden
Proposing xxx/yyy/zzz
ERROR: Failed to create or update a subproject xxx/yyy/zzz
org.gitlab4j.api.GitLabApiException: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>ERROR: The requested URL could not be retrieved</title>
<style type="text/css"><!--BODY{background-color:#ffffff;font-family:verdana,sans-serif}PRE{font-family:sans-serif}--></style>
</head><body>
<h1>ERROR</h1>
<h2>The requested URL could not be retrieved</h2>
<hr>
<p>The following error was encountered while trying to retrieve the URL: <a href="gitlab.xxx.com:443">gitlab.xxx.com:443</a></p>
<blockquote>
<p><b>Access Denied.</b></p>
</blockquote>
<p>Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.</p>
<hr>
URL: CONNECT gitlab.xxx.com:443 <br>
User: - xx.xxx.xxx.xx <br>
Error: [not available] <br>
<hr>
<div id="footer">Generated Mon, 28 Jun 2021 07:27:29 GMT by xxx (squid/2.6.STABLE21)</div>
</body></html>
at org.gitlab4j.api.AbstractApi.validate(AbstractApi.java:633)
at org.gitlab4j.api.AbstractApi.get(AbstractApi.java:213)
at org.gitlab4j.api.ProjectApi.getProject(ProjectApi.java:673)
at io.jenkins.plugins.gitlabbranchsource.GitLabSCMSource.getGitlabProject(GitLabSCMSource.java:204)
Caused: java.lang.IllegalStateException: Failed to retrieve project vds/admin/building/releases/adams-car/2020/plugins/digital-road-sim-user
at io.jenkins.plugins.gitlabbranchsource.GitLabSCMSource.getGitlabProject(GitLabSCMSource.java:209)
at io.jenkins.plugins.gitlabbranchsource.GitLabSCMSource.retrieve(GitLabSCMSource.java:308)
at jenkins.scm.api.SCMSource._retrieve(SCMSource.java:373)
at jenkins.scm.api.SCMSource.fetch(SCMSource.java:327)
at jenkins.branch.MultiBranchProjectFactory$BySCMSourceCriteria.recognizes(MultiBranchProjectFactory.java:261)
at jenkins.branch.OrganizationFolder$SCMSourceObserverImpl$1.recognizes(OrganizationFolder.java:1466)
at jenkins.branch.OrganizationFolder$SCMSourceObserverImpl$1.complete(OrganizationFolder.java:1481)
at jenkins.scm.api.trait.SCMNavigatorRequest.process(SCMNavigatorRequest.java:254)
at jenkins.scm.api.trait.SCMNavigatorRequest.process(SCMNavigatorRequest.java:204)
at io.jenkins.plugins.gitlabbranchsource.GitLabSCMNavigator.visitSources(GitLabSCMNavigator.java:282)
at jenkins.branch.OrganizationFolder.computeChildren(OrganizationFolder.java:542)
at com.cloudbees.hudson.plugins.folder.computed.ComputedFolder.updateChildren(ComputedFolder.java:278)
at com.cloudbees.hudson.plugins.folder.computed.FolderComputation.run(FolderComputation.java:165)
at jenkins.branch.OrganizationFolder$OrganizationScan.run(OrganizationFolder.java:1031)
at hudson.model.ResourceController.execute(ResourceController.java:97)
at hudson.model.Executor.run(Executor.java:429)
This is not always at the same project, indexed projects function well, sometimes all the projects are indexed, other times not. I tried looking in the Gitlab access logs at this point in time but this shows not major errors. To be complete I added a part of the gitlab_access.log:
193.187.198.121 - - [28/Jun/2021:09:27:29 +0200] "GET /api/v4/projects/<redacted_1>/repository/files/Jenkinsfile?ref=f1ef40899c46170a693c2d17b0466a0b3d7c5ea6 HTTP/1.1" 200 798 "" "Jersey/2.30.1 (Apache HttpClient 4.5.9)" 1.94
193.187.198.121 - - [28/Jun/2021:09:27:29 +0200] "GET /api/v4/projects/<redacted_2> HTTP/1.1" 200 1334 "" "Jersey/2.30.1 (Apache HttpClient 4.5.9)" 2.87
193.187.198.121 - - [28/Jun/2021:09:27:29 +0200] "GET /api/v4/projects/962/repository/branches?per_page=96&page=1 HTTP/1.1" 200 886 "" "Jersey/2.30.1 (Apache HttpClient 4.5.9)" 4.25
193.187.198.121 - - [28/Jun/2021:09:27:29 +0200] "GET /api/v4/projects/<redacted_1>/repository/files/Jenkinsfile?ref=55da6dc8910b5e581bdf0a7bbbee3e5a5b8e0d4e HTTP/1.1" 200 798 "" "Jersey/2.30.1 (Apache HttpClient 4.5.9)" 1.94
193.187.198.121 - - [28/Jun/2021:09:27:29 +0200] "GET /api/v4/projects/962/merge_requests?state=opened&per_page=96&page=1 HTTP/1.1" 200 2 "" "Jersey/2.30.1 (Apache HttpClient 4.5.9)" -
193.187.198.121 - - [28/Jun/2021:09:27:29 +0200] "GET /api/v4/projects/<redacted_2>/members/all?per_page=96&page=1 HTTP/1.1" 200 1054 "" "Jersey/2.30.1 (Apache HttpClient 4.5.9)" 4.38
193.187.198.121 - - [28/Jun/2021:09:27:29 +0200] "GET /api/v4/projects/<redacted_1>/repository/files/Jenkinsfile?ref=b7eba3b9c7b3ea1cff69d83ead15dd7bb0ba00e1 HTTP/1.1" 200 798 "" "Jersey/2.30.1 (Apache HttpClient 4.5.9)" 1.94
193.187.198.121 - - [28/Jun/2021:09:27:29 +0200] "GET /api/v4/projects/960/repository/branches?per_page=96&page=1 HTTP/1.1" 200 406 "" "Jersey/2.30.1 (Apache HttpClient 4.5.9)" 2.30
193.187.198.121 - - [28/Jun/2021:09:27:29 +0200] "GET /api/v4/projects/962/repository/tags?per_page=96&page=1 HTTP/1.1" 200 2602 "" "Jersey/2.30.1 (Apache HttpClient 4.5.9)" 4.48
193.187.198.121 - - [28/Jun/2021:09:27:29 +0200] "GET /api/v4/projects/<redacted_1>/repository/files/Jenkinsfile?ref=3f25a09dfcd429fa96a9b9e51081a2869f9b0448 HTTP/1.1" 404 32 "" "Jersey/2.30.1 (Apache HttpClient 4.5.9)" -
193.187.198.121 - - [28/Jun/2021:09:27:29 +0200] "GET /api/v4/projects/960/merge_requests?state=opened&per_page=96&page=1 HTTP/1.1" 200 2 "" "Jersey/2.30.1 (Apache HttpClient 4.5.9)" -
193.187.198.121 - - [28/Jun/2021:09:27:29 +0200] "GET /api/v4/projects/<redacted_3>/repository/files/Jenkinsfile?ref=e4f030cb7717d293c73aeab0e22af9cdcadddbae HTTP/1.1" 200 797 "" "Jersey/2.30.1 (Apache HttpClient 4.5.9)" 1.94
193.187.198.121 - - [28/Jun/2021:09:27:29 +0200] "GET /api/v4/projects/<redacted_1>/repository/tree?id=<redacted_4>&path=Jenkinsfile&ref=3f25a09dfcd429fa96a9b9e51081a2869f9b0448&recursive=false&per_page=96&page=1 HTTP/1.1" 200 2 "" "Jersey/2.30.1 (Apache HttpClient 4.5.9)" -
193.187.198.121 - - [28/Jun/2021:09:27:29 +0200] "GET /api/v4/projects/960/repository/tags?per_page=96&page=1 HTTP/1.1" 200 493 "" "Jersey/2.30.1 (Apache HttpClient 4.5.9)" 3.27
193.187.198.121 - - [28/Jun/2021:09:27:29 +0200] "GET /api/v4/projects/<redacted_1>/repository/files/Jenkinsfile?ref=1d043eaf70bb93584e89428108950d1bdba5af7a HTTP/1.1" 404 32 "" "Jersey/2.30.1 (Apache HttpClient 4.5.9)" -
193.187.198.121 - - [28/Jun/2021:09:27:29 +0200] "GET /api/v4/projects/<redacted_3>/repository/files/Jenkinsfile?ref=f1ef40899c46170a693c2d17b0466a0b3d7c5ea6 HTTP/1.1" 200 798 "" "Jersey/2.30.1 (Apache HttpClient 4.5.9)" 1.94
193.187.198.121 - - [28/Jun/2021:09:27:29 +0200] "GET /api/v4/projects/<redacted_2>/repository/files/Jenkinsfile?ref=55995442c35c63d17de950ea453c0af443e58772 HTTP/1.1" 200 581 "" "Jersey/2.30.1 (Apache HttpClient 4.5.9)" 1.89
193.187.198.121 - - [28/Jun/2021:09:27:29 +0200] "GET /api/v4/projects/<redacted_1>/repository/tree?id=<redacted_4>&path=Jenkinsfile&ref=1d043eaf70bb93584e89428108950d1bdba5af7a&recursive=false&per_page=96&page=1 HTTP/1.1" 200 2 "" "Jersey/2.30.1 (Apache HttpClient 4.5.9)" -
193.187.198.121 - - [28/Jun/2021:09:27:29 +0200] "GET /api/v4/projects/<redacted_3>/repository/files/Jenkinsfile?ref=5f0fcab4821f41f3c12a72f2300469dbf503428b HTTP/1.1" 404 32 "" "Jersey/2.30.1 (Apache HttpClient 4.5.9)" -
193.187.198.121 - - [28/Jun/2021:09:27:29 +0200] "GET /api/v4/projects/<redacted_2>/hooks?per_page=96&page=1 HTTP/1.1" 200 306 "" "Jersey/2.30.1 (Apache HttpClient 4.5.9)" 1.82
193.187.198.121 - - [28/Jun/2021:09:27:29 +0200] "GET /api/v4/projects/<redacted_1>/repository/files/Jenkinsfile?ref=8b9c1fb7aa5dc9ee0ec00838b8e62d504ffb71ec HTTP/1.1" 404 32 "" "Jersey/2.30.1 (Apache HttpClient 4.5.9)" -
193.187.198.121 - - [28/Jun/2021:09:27:29 +0200] "GET /api/v4/hooks?per_page=96&page=1 HTTP/1.1" 403 27 "" "Jersey/2.30.1 (Apache HttpClient 4.5.9)" -
193.187.198.121 - - [28/Jun/2021:09:27:29 +0200] "GET /api/v4/projects/<redacted_3>/repository/tree?id=<redacted_4>&path=Jenkinsfile&ref=5f0fcab4821f41f3c12a72f2300469dbf503428b&recursive=false&per_page=96&page=1 HTTP/1.1" 200 2 "" "Jersey/2.30.1 (Apache HttpClient 4.5.9)" -
