Build Token Root Plugin

Skip to end of metadata
Go to start of metadata

Lets build and related REST build triggers be accessed even when anonymous users cannot see Jenkins.

Plugin Information

Plugin ID build-token-root Changes In Latest Release
Since Latest Release
Latest Release
Latest Release Date
Required Core
Dependencies
1.1
Feb 10, 2014
1.480.3
Source Code
Issue Tracking
Maintainer(s)
GitHub
Open Issues
Jesse Glick (id: jglick)
Usage Installations 2013-May 32
2013-Jun 74
2013-Jul 146
2013-Aug 195
2013-Sep 249
2013-Oct 316
2013-Nov 381
2013-Dec 385
2014-Jan 467
2014-Feb 542
2014-Mar 601

Usage

The use case is that Jenkins is secured so that anonymous users lack overall read permissions. Say you want to triggers builds of certain jobs from a script. You can pick a sufficiently authenticated user and use that person’s API token to POST to job/NAME/build. But this grants that person’s full permissions to anyone who can see the script, which is hazardous.

The usual workaround for this issue is to define a build authorization token in job configuration, and have the script ping job/NAME/build?token=SECRET. Unfortunately Jenkins checks URIs hierarchically and just getting as far as job/NAME/ requires authentication.

This plugin offers an alternate URI pattern which is not subject to the usual overall or job read permissions. Just ping buildByToken/build?job=NAME&token=SECRET. This URI is accessible to anonymous users regardless of security setup, so you only need the right token.

(The variant sub-URIs buildWithParameters and polling are also supported, as is the usual delay query parameter.)

Examples

Trigger the RevolutionTest job with the token TacoTuesday

buildByToken/build?job=RevolutionTest&token=TacoTuesday

Trigger the RevolutionTest job with the token TacoTuesday and parameter Type supplied with the value Mexican

buildByToken/buildWithParameters?job=RevolutionTest&token=TacoTuesday&Type=Mexican

Changelog

Version 1.1 (2014 Feb 10)

  • Added logging to make it easier to diagnose why a given request was rejected. As a Jenkins admin, create a logger covering org.jenkinsci.plugins.build_token_root at FINE or below.

Version 1.0 (2013 May 14)

  • Initial release.

Labels

Edit
plugin-trigger plugin-trigger Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.