-
Bug
-
Resolution: Duplicate
-
Minor
-
None
-
Jenkins ver. 2.190.3
azure-vm-agents-1.3.0
https://github.com/hmcts/cnp-jenkins-docker/blob/master/plugins.txt
https://github.com/hmcts/cnp-jenkins-docker/blob/master/Dockerfile
https://github.com/hmcts/cnp-flux-config/blob/master/k8s/admin/jenkins/patches/mgmt-sandbox/cluster-00/jenkins.yaml#L101-L180
https://github.com/hmcts/cnp-flux-config/blob/master/k8s/admin/jenkins/jenkins.yaml#L344-L348Jenkins ver. 2.190.3 azure-vm-agents-1.3.0 https://github.com/hmcts/cnp-jenkins-docker/blob/master/plugins.txt https://github.com/hmcts/cnp-jenkins-docker/blob/master/Dockerfile https://github.com/hmcts/cnp-flux-config/blob/master/k8s/admin/jenkins/patches/mgmt-sandbox/cluster-00/jenkins.yaml#L101-L180 https://github.com/hmcts/cnp-flux-config/blob/master/k8s/admin/jenkins/jenkins.yaml#L344-L348
Hi
I'm trying to use a "User assigned managed identity" for all authentication with Jenkins.
This plugin appears to support it, I even borrowed code from it for the azure-keyvault-plugin: https://github.com/jenkinsci/azure-keyvault-plugin/pull/27
But when I try use my image gallery (in a different subscription if that matters but it has contributor on that subscription), I get a not found error:
"The target gallery image does not exist"
I added debug code to the "AzureVMManagementServiceDelegate"
It's failing with this exception:
2019-12-01 22:56:18.358+0000 [id=130] INFO c.m.a.v.AzureVMManagementServiceDelegate#verifyVirtualMachineImage: Exception when looking up gallery rx.exceptions.OnErrorThrowable$OnNextValue: OnError while emitting onNext value: null at rx.exceptions.OnErrorThrowable.addValueAsLastCause(OnErrorThrowable.java:118) at rx.internal.operators.OnSubscribeMap$MapSubscriber.onNext(OnSubscribeMap.java:73) Caused: java.lang.NullPointerException at com.microsoft.azure.management.compute.implementation.GalleryImageVersionImpl.<init>(GalleryImageVersionImpl.java:50) at com.microsoft.azure.management.compute.implementation.GalleryImageVersionsImpl.wrapModel(GalleryImageVersionsImpl.java:42) at com.microsoft.azure.management.compute.implementation.GalleryImageVersionsImpl.access$000(GalleryImageVersionsImpl.java:24) at com.microsoft.azure.management.compute.implementation.GalleryImageVersionsImpl$4.call(GalleryImageVersionsImpl.java:84) at com.microsoft.azure.management.compute.implementation.GalleryImageVersionsImpl$4.call(GalleryImageVersionsImpl.java:81) at rx.internal.operators.OnSubscribeMap$MapSubscriber.onNext(OnSubscribeMap.java:69) at rx.internal.operators.OnSubscribeMap$MapSubscriber.onNext(OnSubscribeMap.java:77) at rx.internal.operators.OperatorMerge$MergeSubscriber.emitScalar(OperatorMerge.java:511) at rx.internal.operators.OperatorMerge$MergeSubscriber.tryEmit(OperatorMerge.java:466) at rx.internal.operators.OperatorMerge$MergeSubscriber.onNext(OperatorMerge.java:244) at rx.internal.operators.OperatorMerge$MergeSubscriber.onNext(OperatorMerge.java:148) at rx.internal.operators.OnSubscribeMap$MapSubscriber.onNext(OnSubscribeMap.java:77) at retrofit2.adapter.rxjava.CallArbiter.deliverResponse(CallArbiter.java:120) at retrofit2.adapter.rxjava.CallArbiter.emitResponse(CallArbiter.java:102) at retrofit2.adapter.rxjava.CallExecuteOnSubscribe.call(CallExecuteOnSubscribe.java:46) at retrofit2.adapter.rxjava.CallExecuteOnSubscribe.call(CallExecuteOnSubscribe.java:24) at rx.Observable.unsafeSubscribe(Observable.java:10327) at rx.internal.operators.OnSubscribeMap.call(OnSubscribeMap.java:48) at rx.internal.operators.OnSubscribeMap.call(OnSubscribeMap.java:33) at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48) at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30) at rx.Observable.unsafeSubscribe(Observable.java:10327) at rx.internal.operators.OnSubscribeMap.call(OnSubscribeMap.java:48) at rx.internal.operators.OnSubscribeMap.call(OnSubscribeMap.java:33) at rx.Observable.unsafeSubscribe(Observable.java:10327) at rx.internal.operators.OnSubscribeMap.call(OnSubscribeMap.java:48) at rx.internal.operators.OnSubscribeMap.call(OnSubscribeMap.java:33) at rx.Observable.unsafeSubscribe(Observable.java:10327) at rx.internal.operators.DeferredScalarSubscriber.subscribeTo(DeferredScalarSubscriber.java:153) at rx.internal.operators.OnSubscribeTakeLastOne.call(OnSubscribeTakeLastOne.java:32) at rx.internal.operators.OnSubscribeTakeLastOne.call(OnSubscribeTakeLastOne.java:22) at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48) at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30) at rx.Observable.subscribe(Observable.java:10423) at rx.Observable.subscribe(Observable.java:10390) at rx.observables.BlockingObservable.blockForSingle(BlockingObservable.java:443) at rx.observables.BlockingObservable.last(BlockingObservable.java:226) at com.microsoft.azure.management.compute.implementation.GalleryImageVersionsImpl.getByGalleryImage(GalleryImageVersionsImpl.java:91) at com.microsoft.azure.vmagent.AzureVMManagementServiceDelegate.verifyVirtualMachineImage(AzureVMManagementServiceDelegate.java:2294) at com.microsoft.azure.vmagent.AzureVMManagementServiceDelegate$4.call(AzureVMManagementServiceDelegate.java:2101) at com.microsoft.azure.vmagent.AzureVMManagementServiceDelegate$4.call(AzureVMManagementServiceDelegate.java:2097) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)
In the vm agents plugin it is this line that triggers the exception:
https://github.com/jenkinsci/azure-vm-agents-plugin/blob/8bb8638abbf257824afdf13a9d7b5d3d15bf7347/src/main/java/com/microsoft/azure/vmagent/AzureVMManagementServiceDelegate.java#L2293
I've manually ran the API calls that the java sdk is using and it works fine:
az login --identity TOKEN=$(az account get-access-token -o tsv --query accessToken) curl -H "Authorization: Bearer ${TOKEN}" "https://management.azure.com/subscriptions/<subscription-id>/resourceGroups/<rg>/providers/Microsoft.Compute/galleries/cnpimagegallery/images/jenkins-agent/versions/1.2.1?api-version=2018-06-01"