Authorization via Groups not working when using API tokens #83
Description
Using the Jenkins API via API_TOKEN leads to 403 even though the user is authorized as admin via CesAdministrators group.
This might be a bug in Jenkins Cas Plugin. Authorization via API_TOKEN cannot be handled by CAS. Jenkins does not have the information about groups, though.
Tested on clean installed CES, Jenkins Dogu version Jenkins 2.263.3.
Reproduce:
JENKINS_URL="https://a.cloudogu.net/jenkins"
JENKINS_USERNAME="admin"
JENKINS_PASSWORD="12345"
API_TOKEN=11ff333b0981866e56f4d53af4cd659b7b
function crumb() {
curl -s --cookie-jar /tmp/cookies \
-u "${JENKINS_USERNAME}:${JENKINS_PASSWORD}" \
"${JENKINS_URL}/crumbIssuer/api/json" | jq -r '.crumb'
}
# -> 403
curl -fail -s -L -o /dev/null --write-out '%{http_code}' -H "Jenkins-Crumb:$(crumb)" --cookie /tmp/cookies \
-u "${JENKINS_USERNAME}:${API_TOKEN}" \
-X POST ${JENKINS_URL}/pluginManager/installNecessaryPlugins \
-d '<jenkins><install plugin="[email protected]"/></jenkins>' -H 'Content-Type: text/xml'
# Same with Password -> 200
curl -fail -s -L -o /dev/null --write-out '%{http_code}' -H "Jenkins-Crumb:$(crumb)" --cookie /tmp/cookies \
-u "${JENKINS_USERNAME}:${JENKINS_PASSWORD}" \
-X POST ${JENKINS_URL}/pluginManager/installNecessaryPlugins \
-d '<jenkins><install plugin="[email protected]"/></jenkins>' -H 'Content-Type: text/xml'
Our use case: cloudogu/gitops-playground@1e5a97d