Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-43279

PROVISION permission not persisted across server restart

      JENKINS-37616 added a new "Provision" permission.

      When I use the new permission, the data is lost Any usage of the permission to anything is lost when jenkins is restarted and it shows up as "Unreadable Data":

      Type Name Error
      hudson.model.Hudson   IllegalArgumentException: Failed to parse 'hudson.model.Computer.Provision:datallah' — no such permission

          [JENKINS-43279] PROVISION permission not persisted across server restart

          Based on my testing the permissions are only registered after particular class is loaded (which makes sense as it is in the static initializer). It is a bit surprising that the permission is not listed at all until particular code is executed. I have been playing with a dummy instance and the Cloud class needed to be loaded explicitly for the permission to appear in matrix-auth. I can imagine that here user got loaded before the Cloud class got loaded causing the problem.

          Oliver Gondža added a comment - Based on my testing the permissions are only registered after particular class is loaded (which makes sense as it is in the static initializer). It is a bit surprising that the permission is not listed at all until particular code is executed. I have been playing with a dummy instance and the Cloud class needed to be loaded explicitly for the permission to appear in matrix-auth. I can imagine that here user got loaded before the Cloud class got loaded causing the problem.

          The cause seems to be the permission is not scoped to the permission group (Computer) representing the enclosing class (cloud) of the filed that defines the permission. There are 3 plugins that check for that permission explicitly:

          I presume there is user configuration referring to this permission as hudson.model.Computer.Provision so we have to be careful renaming it.

          Oliver Gondža added a comment - The cause seems to be the permission is not scoped to the permission group ( Computer ) representing the enclosing class ( cloud ) of the filed that defines the permission. There are 3 plugins that check for that permission explicitly: https://github.com/jenkinsci/jclouds-plugin/blob/master/jclouds-plugin/src/main/java/jenkins/plugins/jclouds/compute/JCloudsProvisionCommand.java#L81 https://github.com/jenkinsci/openstack-cloud-plugin/blob/master/src/main/java/jenkins/plugins/openstack/compute/JCloudsCloud.java#L389 https://github.com/jenkinsci/distfork-plugin/blob/abdcb11ee08d9f841fd994a37887cbf5e8ad0817/src/main/java/hudson/plugins/distfork/DistForkCommand.java#L275 I presume there is user configuration referring to this permission as hudson.model.Computer.Provision so we have to be careful renaming it.

          Fix proposed.

          Oliver Gondža added a comment - Fix proposed.

          Oliver Gondža added a comment - Resolved by https://github.com/jenkinsci/jenkins/commit/d35dfcb24fb2272076f863780fdc3de93d0ec04b I incorrectly annotated.

          Code changed in jenkins
          User: Oliver Gondža
          Path:
          core/src/main/java/hudson/model/Computer.java
          core/src/test/java/hudson/slaves/CloudTest.java
          test/src/test/java/hudson/slaves/CloudTest.java
          http://jenkins-ci.org/commit/jenkins/6f44ff7dee22e277cdfb94494c1b23e0c676ebbf
          Log:
          [FIXED JENKINS-43279] Make sure Cloud.PROVISION is properly initialized

          (cherry picked from commit d35dfcb24fb2272076f863780fdc3de93d0ec04b)

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oliver Gondža Path: core/src/main/java/hudson/model/Computer.java core/src/test/java/hudson/slaves/CloudTest.java test/src/test/java/hudson/slaves/CloudTest.java http://jenkins-ci.org/commit/jenkins/6f44ff7dee22e277cdfb94494c1b23e0c676ebbf Log: [FIXED JENKINS-43279] Make sure Cloud.PROVISION is properly initialized (cherry picked from commit d35dfcb24fb2272076f863780fdc3de93d0ec04b)

          Code changed in jenkins
          User: Daniel Beck
          Path:
          content/_data/changelogs/lts.yml
          content/_data/changelogs/weekly.yml
          http://jenkins-ci.org/commit/jenkins.io/b6d6a5ba67aa8b95d8b72b48b669316920d265f3
          Log:
          Add changelog for 2.46.3

          Also fix issue ID in weekly based on Oliver's JENKINS-43279 comment

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: content/_data/changelogs/lts.yml content/_data/changelogs/weekly.yml http://jenkins-ci.org/commit/jenkins.io/b6d6a5ba67aa8b95d8b72b48b669316920d265f3 Log: Add changelog for 2.46.3 Also fix issue ID in weekly based on Oliver's JENKINS-43279 comment

            olivergondza Oliver Gondža
            datallah Daniel Atallah
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: