random 403 error on builds under a bitbucket team scanner
cyrilleTixierLefebreDalloz opened this issue · 4 comments
Jenkins and plugins versions report
Jenkins: 2.332.3
OS: Linux - 3.10.0-1160.53.1.el7.x86_64
Office-365-Connector:4.17.0
ace-editor:1.1
active-directory:2.25.1
adoptopenjdk:1.4
ant:475.vf34069fef73c
antisamy-markup-formatter:2.7
apache-httpcomponents-client-4-api:4.5.13-1.0
artifact-manager-s3:633.v4813787e78a_9
artifact-promotion:0.5.2
authentication-tokens:1.4
aws-credentials:191.vcb_f183ce58b_9
aws-global-configuration:1.7
aws-java-sdk:1.12.215-339.vdc07efc5320c
aws-java-sdk-cloudformation:1.12.215-339.vdc07efc5320c
aws-java-sdk-codebuild:1.12.215-339.vdc07efc5320c
aws-java-sdk-ec2:1.12.215-339.vdc07efc5320c
aws-java-sdk-ecr:1.12.215-339.vdc07efc5320c
aws-java-sdk-ecs:1.12.215-339.vdc07efc5320c
aws-java-sdk-elasticbeanstalk:1.12.215-339.vdc07efc5320c
aws-java-sdk-iam:1.12.215-339.vdc07efc5320c
aws-java-sdk-logs:1.12.215-339.vdc07efc5320c
aws-java-sdk-minimal:1.12.215-339.vdc07efc5320c
aws-java-sdk-ssm:1.12.215-339.vdc07efc5320c
basic-branch-build-strategies:1.3.2
bitbucket:223.vd12f2bca5430
bootstrap4-api:4.6.0-5
bootstrap5-api:5.1.3-7
bouncycastle-api:2.26
branch-api:2.1046.v0ca_37783ecc5
build-timeout:1.20
caffeine-api:2.9.3-65.v6a_47d0f4d1fe
checks-api:1.7.4
cloudbees-bitbucket-branch-source:773.v4b_9b_005b_562b_
cloudbees-folder:6.722.v8165b_a_cf25e9
codedeploy:1.23
command-launcher:81.v9c2cb_cb_db_392
conditional-buildstep:1.4.2
config-file-provider:3.10.0
credentials:1087.1089.v2f1b_9a_b_040e4
credentials-binding:523.vd859a_4b_122e6
display-url-api:2.3.6
docker-build-publish:1.3.3
docker-commons:1.19
docker-java-api:3.1.5.2
docker-plugin:1.2.9
docker-workflow:1.28
durable-task:496.va67c6f9eefa7
echarts-api:5.3.2-2
email-ext:2.88
envinject:2.866.v5c0403e3d4df
envinject-api:1.199.v3ce31253ed13
extended-read-permission:3.2
external-monitor-job:191.v363d0d1efdf8
file-operations:1.11
folder-auth:1.4
font-awesome-api:6.1.1-1
git:4.11.3
git-client:3.11.0
git-server:1.11
github:1.34.3
github-api:1.303-400.v35c2d8258028
github-branch-source:1628.vb_2f51293cb_78
gradle:1.38
greenballs:1.15.1
h2-api:1.4.199
handlebars:3.0.8
handy-uri-templates-2-api:2.1.8-22.v77d5b_75e6953
jackson2-api:2.13.3-285.vc03c0256d517
jacoco:3.3.2
javadoc:217.v905b_86277a_2a_
javax-activation-api:1.2.0-3
javax-mail-api:1.6.2-6
jaxb:2.3.6-1
jdk-tool:1.5
jjwt-api:0.11.2-71.v2722b_b_06a_2a_f
jnr-posix-api:3.1.7-3
jquery:1.12.4-1
jquery-detached:1.2.1
jquery3-api:3.6.0-4
jsch:0.1.55.2
junit:1.63
ldap:2.10
lockable-resources:2.15
mailer:414.vcc4c33714601
mapdb-api:1.0.9.0
matrix-auth:3.1.2
matrix-project:771.v574584b_39e60
maven-plugin:3.18
mercurial:2.16.2
momentjs:1.1.1
msbuild:1.30
nexus-artifact-uploader:2.13
nodejs:1.5.1
nuget:1.1
okhttp-api:4.9.3-105.vb96869f8ac3a
openJDK-native-plugin:1.5
packer:1.5
pam-auth:1.8
parameterized-trigger:2.44
pipeline-aws:1.43
pipeline-build-step:2.18
pipeline-github-lib:36.v4c01db_ca_ed16
pipeline-graph-analysis:195.v5812d95a_a_2f9
pipeline-groovy-lib:589.vb_a_b_4a_a_8c443c
pipeline-input-step:448.v37cea_9a_10a_70
pipeline-maven:3.10.0
pipeline-milestone-step:101.vd572fef9d926
pipeline-model-api:2.2081.v3919681ffc1e
pipeline-model-definition:2.2081.v3919681ffc1e
pipeline-model-extensions:2.2081.v3919681ffc1e
pipeline-rest-api:2.24
pipeline-stage-step:293.v200037eefcd5
pipeline-stage-tags-metadata:2.2081.v3919681ffc1e
pipeline-stage-view:2.24
pipeline-utility-steps:2.12.1
plain-credentials:1.8
plugin-usage-plugin:2.2
plugin-util-api:2.17.0
popper-api:1.16.1-3
popper2-api:2.11.5-2
publish-over:0.22
resource-disposer:0.19
role-strategy:484.v8a_a_e4b_d785fd
run-condition:1.5
sbt:1.5
scm-api:608.vfa_f971c5a_a_e9
script-security:1172.v35f6a_0b_8207e
shiningpanda:0.24
slack:608.v19e3b_44b_b_9ff
snakeyaml-api:1.30.1
sonar:2.14
ssh-agent:295.v9ca_a_1c7cc3a_a_
ssh-credentials:277.v95c2fec1c047
ssh-slaves:1.814.vc82988f54b_10
ssh-steps:2.0.39.v831c5e6468b_c
sshd:3.237.v883d165a_c1d3
started-by-envvar:1.0
structs:318.va_f3ccb_729b_71
subversion:2.15.5
terraform:1.0.10
timestamper:1.17
token-macro:293.v283932a_0a_b_49
trilead-api:1.57.v6e90e07157e1
variant:1.4
windows-slaves:1.8.1
workflow-aggregator:578.vf9a_f99755f4a_
workflow-api:1153.vb_912c0e47fb_a_
workflow-basic-steps:948.v2c72a_091b_b_68
workflow-cps:2692.v76b_089ccd026
workflow-cps-global-lib:588.v576c103a_ff86
workflow-durable-task-step:1139.v252a_e12e8463
workflow-job:1182.v60a_e6279b_579
workflow-multibranch:712.vc169a_1387405
workflow-scm-step:400.v6b_89a_1317c9a_
workflow-step-api:625.vd896b_f445a_f8
workflow-support:820.vd1a_6cc65ef33
ws-cleanup:0.42
What Operating System are you using (both controller, and any agents involved in the problem)?
Linux
Reproduction steps
- create a Team job to scan for jenkinsfile
- the scanner works and return projet/branches
- tasks are launched manually
Expected Results
step "Declarative: Checkout SCM" is green
Actual Results
"Declarative: Checkout SCM" is sometimes green, sometimes red.
Anything else?
i have contacted bitbucket in order to get information about the problem.
they says :
What I've noticed is that when there's a 200 (successful) event, I can see your user_uuid in our logs + that you've authenticated with an app password.
When I look at the 403 events, I can't see any user_uuid passed neither the type of authentication.
there is no difference in action (and code) between successfull and failure event.
I think it could be related to #632 the similarity is that the requests seem to randomly not send any credentials. I too can see the credentials missing in the Bitbucket logs for when the failures occur.
Since i remove the cache for credential in git, it seems to have no issues.
But i think the plugin should overwrite this cache to avoid problems.
The request that is failing for me isn't a git request it is a request to the Bitbucket API using Basic credentials set on this plugin.