What are the Slack Archives?
It’s a history of our time together in the Slack Community! There’s a ton of knowledge in here, so feel free to search through the archives for a possible answer to your question.
Because this space is not active, you won’t be able to create a new post or comment here. If you have a question or want to start a discussion about something, head over to our categories and pick one to post in! You can always refer back to a post from Slack Archives if needed; just copy the link to use it as a reference..
after latest security update from jenkins we get: ```Store: EN | Environment: demo Scheduler Name: j
after latest security update from jenkins we get:
Store: EN | Environment: demo Scheduler Name: jenkins Scheduler Status: ERROR Client error: `POST <http://123.123.123.123:8080/job/EN__check-product-validity/disable>` resulted in a `403 Forbidden` response: <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/> <title>Error 403 No valid crumb was in (truncated...)
how is this configured in Spryker?
https://github.com/spryker-shop/suite/blob/master/config/Shared/config_default-development.php#L96 doesn't seem to have anything special enabled for this
Comments
-
Do you have latest https://github.com/spryker/scheduler-jenkins/releases/tag/1.0.1 ?
0 -
yes
0 -
downgrading to 1.0.0 didn't realy change it so my guess is there's some other incompatibility
0 -
do you have CSRF protection on Jenkins side? If yes, you would need to enable it on Spryker side as well with
\Spryker\Shared\SchedulerJenkins\SchedulerJenkinsConfig::SCHEDULER_JENKINS_CSRF_ENABLED0 -
it is
0 -
and it was enabled for some time now
0 -
Maybe you are calling the command from a user who does not have permission …
0 -
I have this issue when I call the command as my user instead of the webserver user … I dont know if you have a similar setup
0 -
try to check if you have correct output for
<jenkinsHost>/crumbIssuer/api/json- we parse this JSON and send crumb based on it.Also you can try to debug which headers and which data we send in
\Spryker\Zed\SchedulerJenkins\Business\Api\Executor\RequestExecutor::execute— maybe you’ll get more insides from it0 -
• I do everything as webserver user
• api response works fine (is a valid jso and seems to have the correct fields)0 -
I'll check requestexecutor shortly
0 -
ok, for the time being I have changed
protected function extendRequestWithCsrfToken(RequestInterface $request, ConfigurationProviderInterface $configurationProvider): RequestInterface { if ($configurationProvider->isJenkinsCsrfProtectionEnabled()) { $crumbIssuer = $this->getCrumbIssuer($configurationProvider); if(!empty($crumbIssuer['crumb'])){ $request = $request->withHeader($crumbIssuer['crumbRequestField'], $crumbIssuer['crumb']); } }because when trying to run
scheduler:resumefor example this gets NULL in crumb issuer which is giving TypeError which I have to additionally change toprotected function getCrumbIssuer(ConfigurationProviderInterface $configurationProvider): ?array
0 -
but checked and MOST of the requests go through with correct
crumb0 -
So as I'm not a developer, could you tell me if this an issue that needs to be fixed in Spryker? If yes, please create a support ticket. 🙂
0 -
looks like it, but I don't clearly get why this happens, once I know I'll ping you about it, this pretty much broke all our environments at this point
0 -
or is LTS not supported as in https://github.com/spryker/docker-sdk#supported-services ?
0 -
because when trying to run
scheduler:resumefor example this gets NULL in crumb issuer which is giving TypeErrorthis is not expected for sure. Crumb issuer should always return array of crumbs, and this array is taken from
<jenkinsHost>/crumbIssuer/api/json. maybe they changed something here in newer versions of Jenkins?0 -
which version of jenkins you're running?
0 -
@valerii.trots which stable jenkins version was spryker tested against?
0 -
I don't know the answer to this question.
I can say that in docker/sdk env we have older version for sure.0 -
in that case I'm filing a ticket
0 -
Please do so! Thanks! 🙂
0 -
done
0 -
In the event you find this helpful: When I was debugging this behaviour in the past I would use tcpdump or wireshark to check the request/response cycle between spryker and jenkins.
If jenkins is returning false data it might be because the server is rate limiting API requests for example.
0 -
I have also checked that, but its failing on the first request. thank you anyway, always worth to get an additional idea in
0 -
Categories
- All Categories
- 42 Getting Started & Guidelines
- 7 Getting Started in the Community
- 8 Additional Resources
- 7 Community Ideas and Feedback
- 76 Spryker News
- 929 Developer Corner
- 787 Spryker Development
- 89 Spryker Dev Environment
- 362 Spryker Releases
- 3 Oryx frontend framework
- 35 Propel ORM
- 68 Community Projects
- 3 Community Ideation Board
- 30 Hackathon
- 3 PHP Bridge
- 6 Gacela Project
- 26 Job Opportunities
- 3.2K 📜 Slack Archives
- 116 Academy
- 5 Business Users
- 370 Docker
- 551 Slack General
- 2K Help
- 75 Knowledge Sharing
- 6 Random Stuff
- 4 Code Testing
- 32 Product & Business Questions
- 70 Spryker Safari Questions
- 50 Random