How to pass crumb info via bitbucket-hook to jenkins?

Question

curl -X POST http://xxx.yyy.zzz:5555/job/job-name/build --user john-devops-jenkins:11df3ed41129c5c7da1518e9c3149896de -H 'Jenkins-Crumb:31827a74a160347a641c87ddbc8e3b6e'

The above curl code with a post request is absolutely working fine in triggering the Jenkins build.

Tried:

• http://xxx.yyy.zzz:5555/bitbucket-hook?token=auth_token&crumb=xyz_crumb
• http://xxx.yyy.zzz:5555/job/job-name/build?token=auth_token&crumb=xyz_crumb

Error: No valid crumb was included in the request

No luck still, How to configure bitbucket hook to container header information of crumb or how to pass it via url without relying on third party plugins?

Answer 1

After a day of effort and brainstorming of how curl requests execute, finally resolved this issue by configuring bitbucket webhook as below:

http://jenkins-username:jenkins-password@jenkins-url:5555/job/job-name/build?crumb=crumb_token.

Hope it helps, many questions are unanswered and all are suggesting to use third party or generic-web-hooks and so on.

The CRUMB_TOKEN is nothing but AUTHENTICATION_TOKEN which we generate through Jenkins configuration

Follow these steps below to get authentication token:

• Log in to Jenkins.
• Click your name.
• Click Configure.
• Click Show API Token.

Do not get confuse with this URL: JENKINS_URL/job/policy-vault/build?token=TOKEN_NAME which is mentioned next to Trigger builds remotely input option

The correct URL which should be configured to build remotely is as below:

http://jenkins-username:jenkins-password@xxx.xxx.xxxx.xxx:5555/job/project-id/build?crumb=AUTHENTICATION_TOKEN

The Webhooks should also be configured from Bitbucket

Settings -> Repository Settings -> Webhooks

Title: PROJECT-XYZ-HOOK

URL: http://jenkins-username:jenkins-password@xxx.xxx.xxxx.xxx:5555/job/project-id/build?crumb=AUTHENTICATION_TOKEN

Answer 2

I am late here, but coming with the second edition of my answer for the folks who were blocked due to Jenkins's latest updates.

Now, with the latest Jenkins latest changes the Bitbucket webhook url looks as below:

http://jenkins-username:token-generated-for-loggedin-user@url:port/job/job-name/build?crumb=Jenkins-Crumb:crumb_long_token

Crumb long token can be generated using the below command:

wget -q --auth-no-challenge --user jenkins-username --password jenkins-password --output-document - 'http://jenkins-url:8081/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)'

The output will be: Jenkins-Crumb:6f2dcf2182efd19511b2ebf7b787e%

To fetch token-generated-for-loggedin-user

You must create it going to:

http://jenkins-url:8081/user/jenkins-username/configure

In API Token, Click Generate. Once the token is Generated, save it somewhere. The same should be passed to the URL that we form later.

You can verify coming back to this URL: http://jenkins-url:8081/user/jenkins-username/configure, you will notice how many times that token was used for correct configuration.

There are a few more changes that you should do along with this.

You must install: Bitbucket, bitbucket-pipeline, strict crumb issuer plugins from Manage Jenkins

Finally, GoTo:

http://jenkins-url:8081/configureSecurity/

And in CSRF Protection

Change Default Crumb Issuer to Strict Crumb Issuer

Strict Crumb Issuer is what we installed above

A lot of effort in the investigation made this change work. Hope this helps and unblocks.

Answer 3

I am using jenkins 2.350, and it worked for me, thanks Mithun. just need to update the following part as it took a while for me to work it out.

Crumb long token can be generated using the below command:

Open the this link in browser; JENKINS_URL:PORT/crumbIssuer/api/xml you will get;

crumb:f5a4de9c398c97d178d2bb4~~~58ee3420a1d5e91ce2a773251a092832ae116c49442007e211bac4d2cd4b07ac968783445cd49411####6cd59d6af3df1d41bf

crumbRequestField: Jenkins-Crumb

Hence your long Crumb would be as:

Jenkins-Crumb: f5a4de9c398c97d178d2bb4~~~58ee3420a1d5e91ce2a773251a092832ae116c49442007e211bac4d2cd4b07ac968783445cd49411####6cd59d6af3df1d41bf

Now add the above Crumb in the following URL at the end.

http://jenkins-username:token-generated-for-loggedin-user@url:port/job/job-name/build?crumb=Jenkins-Crumb:crumb_long_token

Rest just follow as Mithun said, Thanks