GitLab hook fails when Jenkins Anonymous user does not have Job/Build permission

Issue

  • When testing a hook from GitLab, the following error appears:
<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
    <title>Error 403 anonymous is missing the Job/Build permission</title>
  </head>
  <body>
   <!-- ... -->
  </body>
</html>

Environment

Resolution

The GitLab plugin offers an option Enable authentication for ‘/project’ end-point" to turn the authentication of the /project
endpoint used by the webhook on and off. The message indicates that the option is turned on.

Two configuration options are possible, you should review them with your security team:

  1. Keep the /project endpoint authenticated.
    In this case it means that you need to configure the hook GitLab side with an authenticated user having the Job/Build permission.
    Please refer to GitLab documentation to properly configure authentication with the webhook.

  2. Switch authentication of the endpoint off by unticking the Enable authentication for ‘/project’ end-point" option in Jenkins global configuration.
    This option allows anybody knowing the url of the hook to trigger a job.
    You should review with your security team that it is acceptable in your environment.

References

Have more questions?

0 Comments

Please sign in to leave a comment.