Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-43279

PROVISION permission not persisted across server restart

      JENKINS-37616 added a new "Provision" permission.

      When I use the new permission, the data is lost Any usage of the permission to anything is lost when jenkins is restarted and it shows up as "Unreadable Data":

      Type Name Error
      hudson.model.Hudson   IllegalArgumentException: Failed to parse 'hudson.model.Computer.Provision:datallah' — no such permission

          [JENKINS-43279] PROVISION permission not persisted across server restart

          Daniel Atallah created issue -
          Daniel Atallah made changes -
          Link New: This issue relates to JENKINS-37616 [ JENKINS-37616 ]

          Based on my testing the permissions are only registered after particular class is loaded (which makes sense as it is in the static initializer). It is a bit surprising that the permission is not listed at all until particular code is executed. I have been playing with a dummy instance and the Cloud class needed to be loaded explicitly for the permission to appear in matrix-auth. I can imagine that here user got loaded before the Cloud class got loaded causing the problem.

          Oliver Gondža added a comment - Based on my testing the permissions are only registered after particular class is loaded (which makes sense as it is in the static initializer). It is a bit surprising that the permission is not listed at all until particular code is executed. I have been playing with a dummy instance and the Cloud class needed to be loaded explicitly for the permission to appear in matrix-auth. I can imagine that here user got loaded before the Cloud class got loaded causing the problem.

          The cause seems to be the permission is not scoped to the permission group (Computer) representing the enclosing class (cloud) of the filed that defines the permission. There are 3 plugins that check for that permission explicitly:

          I presume there is user configuration referring to this permission as hudson.model.Computer.Provision so we have to be careful renaming it.

          Oliver Gondža added a comment - The cause seems to be the permission is not scoped to the permission group ( Computer ) representing the enclosing class ( cloud ) of the filed that defines the permission. There are 3 plugins that check for that permission explicitly: https://github.com/jenkinsci/jclouds-plugin/blob/master/jclouds-plugin/src/main/java/jenkins/plugins/jclouds/compute/JCloudsProvisionCommand.java#L81 https://github.com/jenkinsci/openstack-cloud-plugin/blob/master/src/main/java/jenkins/plugins/openstack/compute/JCloudsCloud.java#L389 https://github.com/jenkinsci/distfork-plugin/blob/abdcb11ee08d9f841fd994a37887cbf5e8ad0817/src/main/java/hudson/plugins/distfork/DistForkCommand.java#L275 I presume there is user configuration referring to this permission as hudson.model.Computer.Provision so we have to be careful renaming it.
          Oliver Gondža made changes -
          Remote Link New: This issue links to "PR#2835 (Web Link)" [ 15910 ]
          Oliver Gondža made changes -
          Assignee New: Oliver Gondža [ olivergondza ]
          Oliver Gondža made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]

          Fix proposed.

          Oliver Gondža added a comment - Fix proposed.

          Oliver Gondža added a comment - Resolved by https://github.com/jenkinsci/jenkins/commit/d35dfcb24fb2272076f863780fdc3de93d0ec04b I incorrectly annotated.
          Oliver Gondža made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: In Progress [ 3 ] New: Resolved [ 5 ]

            olivergondza Oliver Gondža
            datallah Daniel Atallah
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: