-
Bug
-
Resolution: Fixed
-
Blocker
-
Fixing Controller Vulnerabilities in Production
Hello,
Upgrading from jenkins/jenkins:2.303.3-lts-jdk11 to jenkins/jenkins:2.332.2-lts-jdk11 causes the credential assignments to dissappear in Manage Jenkins => Configure System. This is specifically to jenkins helm chart with below initScripts:
initScripts: - | import com.cloudbees.plugins.credentials.CredentialsProviderManager import com.cloudbees.plugins.credentials.CredentialsProviderFilter import com.cloudbees.plugins.credentials.CredentialsTypeFilter def allowedCredentialsProviders = [ 'com.cloudbees.hudson.plugins.folder.properties.FolderCredentialsProvider', 'com.cloudbees.plugins.credentials.SystemCredentialsProvider$ProviderImpl' ] // vault provider class to use in the future: com.datapipe.jenkins.vault.credentials.VaultCredentialsProvider CredentialsProviderFilter providerFilter = new CredentialsProviderFilter.Includes(allowedCredentialsProviders) CredentialsProviderManager.getInstance().setProviderFilter(providerFilter) def allowedCredentialTypes = [ 'com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl$DescriptorImpl', 'com.dabsquared.gitlabjenkins.connection.GitLabApiTokenImpl$DescriptorImpl', 'io.jenkins.plugins.gitlabserverconfig.credentials.PersonalAccessTokenImpl$DescriptorImpl', 'org.jenkinsci.plugins.kubernetes.credentials.FileSystemServiceAccountCredential$DescriptorImpl', 'com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey$DescriptorImpl', 'org.jenkinsci.plugins.plaincredentials.impl.FileCredentialsImpl$DescriptorImpl', 'org.jenkinsci.plugins.plaincredentials.impl.StringCredentialsImpl$DescriptorImpl', 'org.jenkinsci.plugins.docker.commons.credentials.DockerServerCredentials$DescriptorImpl', 'com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl$DescriptorImpl' // 'org.csanchez.jenkins.plugins.kubernetes.OpenShiftTokenCredentialImpl$DescriptorImpl', // 'org.jenkinsci.plugins.kubernetes.credentials.OpenShiftBearerTokenCredentialImpl$DescriptorImpl', // 'com.datapipe.jenkins.vault.credentials.VaultAwsIamCredential$DescriptorImpl', // 'com.datapipe.jenkins.vault.credentials.VaultAppRoleCredential$DescriptorImpl', // 'com.datapipe.jenkins.vault.credentials.common.VaultCertificateCredentialsImpl$DescriptorImpl', // 'com.datapipe.jenkins.vault.credentials.VaultGCPCredential$DescriptorImpl', // 'com.datapipe.jenkins.vault.credentials.VaultGithubTokenCredential$DescriptorImpl', // 'com.datapipe.jenkins.vault.credentials.common.VaultGCRLoginImpl$DescriptorImpl', // 'com.datapipe.jenkins.vault.credentials.VaultKubernetesCredential$DescriptorImpl', // 'com.datapipe.jenkins.vault.credentials.common.VaultSSHUserPrivateKeyImpl$DescriptorImpl', // 'com.datapipe.jenkins.vault.credentials.common.VaultFileCredentialImpl$DescriptorImpl', // 'com.datapipe.jenkins.vault.credentials.common.VaultStringCredentialImpl$DescriptorImpl', // 'com.datapipe.jenkins.vault.credentials.VaultTokenCredential$DescriptorImpl', // 'com.datapipe.jenkins.vault.credentials.VaultTokenFileCredential$DescriptorImpl', // 'com.datapipe.jenkins.vault.credentials.common.VaultUsernamePasswordCredentialImpl$DescriptorImpl', ] CredentialsTypeFilter typeFilter = new CredentialsTypeFilter.Includes(allowedCredentialTypes) CredentialsProviderManager.getInstance().setTypeFilter(typeFilter)
Best Regards,
Anand
