我正在尝试使用 crumb 通过curl 请求远程触发作业。然而,詹金斯显然提供了无效的面包屑。我正在使用默认 Crumb 发行者并选中启用代理兼容性
curl -X POST "http://JENKINS_URL:8080/job/jobName/build?token=mytoken" -H "$(curl 'http://JENKINS_URL:8080/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)' -u username:password)" -v
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 78 100 78 0 0 522 0 --:--:-- --:--:-- --:--:-- 523
* Trying IP_ADDRESS:8080...
* Connected to JENKINS_URL (IP_ADDRESS) port 8080
> POST /job/jobName/build?token=mytoken HTTP/1.1
> Host: JENKINS_URL:8080
> User-Agent: curl/8.4.0
> Accept: */*
> Jenkins-Crumb:somevalue
>
< HTTP/1.1 403 Forbidden
< Date: Tue, 02 Apr 2024 22:38:55 GMT
< X-Content-Type-Options: nosniff
< Set-Cookie: JSESSIONID.21830c58=node0ubjfz199obyb11bwpnea8qo5a112.node0; Path=/; HttpOnly
< Cache-Control: must-revalidate,no-cache,no-store
< Content-Type: text/html;charset=iso-8859-1
< Content-Length: 576
< Server: Jetty(10.0.18)
<
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/>
<title>Error 403 No valid crumb was included in the request</title>
</head>
<body><h2>HTTP ERROR 403 No valid crumb was included in the request</h2>
<table>
<tr><th>URI:</th><td>/job/myJob/build</td></tr>
<tr><th>STATUS:</th><td>403</td></tr>
<tr><th>MESSAGE:</th><td>No valid crumb was included in the request</td></tr>
<tr><th>SERVLET:</th><td>Stapler</td></tr>
</table>
<hr/><a href="https://eclipse.org/jetty">Powered by Jetty:// 10.0.18</a><hr/>
</body>
</html>
Jenkins 认为 crumb 无效的原因是因为“外部”curl 命令与“内部”curl 命令具有不同的 Web 会话 ID。 Jenkins 使用 用户名、Web 会话 ID 和 IP 地址 来验证 crumb。
有两种解决方法:
curl \
--cookie cookie.txt \
-X POST \
"http://JENKINS_URL:8080/job/jobName/build?token=mytoken" \
-H "$(curl \
--cookie-jar cookie.txt
'http://JENKINS_URL:8080/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)' \
-u username:password)" \
-u username:password \
-v
请注意,您需要在两个命令中传递用户名(和密码),因为它是碎屑验证的一部分。
curl \
-X POST \
"http://JENKINS_URL:8080/job/jobName/build?token=mytoken" \
-u username:apiToken \
-v
该令牌与您在工作级别设置的令牌不同。