Trigger parameterized build with curl and crumb

Question

I've seen similar posts to this on SO, but not quite exactly what I am trying to do (or at least no full examples of a command to run).

I am trying to remotely trigger a parameterized build on Jenkins using curl. I have 'Prevent Cross Site Request Forgery' enabled so I also need to pass a valid crumb.

The script I have is below:

#!/bin/bash

json="{\"parameter\": [{ \"P1\": \"param1\", \"P2\": \"param2\", \"P3\": \"param3\" }]}"
crumb=`curl "http://SERVER/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,%22:%22,//crumb)"`

curl -v -H $crumb -X POST http://SERVER/job/JOB_NAME/buildWithParameters -d token=runme --data-urlencode json="$json"

I've also tried modifying the URL I'm passing to curl to either:

USERNAME:APITOKEN@SERVER

and

USERNAME:PASSWORD@SERVER

Output from curl is:

* About to connect() to SERVER port 8080 (#0)
*   Trying SERVER... connected
* Connected to SERVER (SERVER) port 8080 (#0)
* Server auth using Basic with user 'USERNAME'
> POST /job/JOB_NAME/buildWithParameters HTTP/1.1
> Authorization: Basic bjAwNjY5MjI6YWxLaW5kaTg=
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.13.1.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2
> Host: SERVER:8080
> Accept: */*
> .crumb:776eb589e8b930d9f06cfc2df885314c
> Content-Length: 168
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 403 No valid crumb was included in the request
< Content-Type: text/html;charset=ISO-8859-1
< Cache-Control: must-revalidate,no-cache,no-store
< Content-Length: 1469
< Server: Jetty(8.y.z-SNAPSHOT)
<

So it looks like I'm not passing the crumb properly, but I'm not sure what the correct format of the command should be.

Answer 1

What worked for me:

SERVER=http://localhost:8080
CRUMB=$(curl --user $USER:$APITOKEN \
    $SERVER/crumbIssuer/api/xml?xpath=concat\(//crumbRequestField,%22:%22,//crumb\))

curl --user $USER:$APITOKEN -H "$CRUMB" -d "script=$GROOVYSCRIPT" $SERVER/script

Answer 2

The correct format is as follows:

curl -H ".crumb:xxxxxxxxxxxxxxxxxxxxxx"

Answer 3

This worked for me:

obtain crumb $ wget -q --auth-no-challenge --user yourUserName --password yourPassword--output-document - 'http://myJenkins:8080/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)'

Now Run Jenkins Job $ curl -I -X POST http://yourUserName:yourPassword@myJenkins:8080/job/JOBName/build -H "Jenkins-Crumb:44e7038af70da95a47403c3bed5q10f8"

HTTP/1.1 201 Created Date: Fri, 28 July 2017 09:15:45 GMT X-Content-Type-Options: nosniff Location: http://myJenkins:8080/queue/item/17/ Content-Length: 0

Answer 4

This worked for me, I tried to used solutions already mentioned in this page but they had to be adapted a bit due to (a) referer and (b) cookie. Jenkins version 2.204

sh script:"""

COOKIE_PATH=/tmp/cookie_jenkins_crumb.txt

CRUMB=\$(curl -s -c \$COOKIE_PATH -H '${jenkins_referer}' 'https://useridhere:${jenkins_live_token}@jenkins.example.com/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,\":\",//crumb)' )
# https://support.cloudbees.com/hc/en-us/articles/219257077-CSRF-Protection-Explained
# https://wiki.jenkins.io/display/JENKINS/Remote+access+API#RemoteaccessAPI-CSRFProtection
# but a bit adjusted as it is not exactly usable as it is in the documentation page.
# We discovered that the CRUMB should be identical because it
# is paired with a cookie. Thus save the cookie, it is important.

sed -i 's/ORGANIZATION/${PROJECT_NAME}/g' ${jenkins_credentials_json_template_file_path} 
# a json file with labels for quick replacements.

# cat ${jenkins_credentials_json_template_file_path}

# https://support.cloudbees.com/hc/en-us/articles/360030526992-How-to-manage-Credentials-via-the-REST-API
curl -s -b \$COOKIE_PATH -u useridhere:${jenkins_live_token} -H '${jenkins_referer}' -H \"\${CRUMB}\" -X POST --data-urlencode json@${jenkins_credentials_json_template_file_path} 'https://jenkins.example.com/credentials/store/system/domain/_/createCredentials'
"""