Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-68526

Scriptler-plugin Jcasc permissions for role based security stopped working after release 3.5

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • scriptler-plugin
    • None

      Scriptler-plugin Jcasc permissions for role based security stopped working after release 3.5.

      The following jcasc yaml file works for version 3.4

      jenkins:
        authorizationStrategy:
          roleBased:
            roles:
              global:
              - assignments:
                - <some user>
                name: "admin"
                pattern: ".*"
                permissions:
                - "Scriptler/Configure"
                - "Scriptler/RunScripts"
                .....
      
      

       

      After release 3.5 Jenkins throws an internal server error on start up as it cannot map the Scriptler permissions. Going through the commits for the 3.5 release I found that the permisions are moved to a dedicated file - https://github.com/jenkinsci/scriptler-plugin/commit/be98485e8688ead6f1a6928043d82fc71a390e00

          [JENKINS-68526] Scriptler-plugin Jcasc permissions for role based security stopped working after release 3.5

          Filip Daca added a comment -

          Experiencing the same issue with Scriptler 3.5

          Reproduced locally using:

          • jenkins: 2.350, 2.357
          • configuraiton-as-code: 1429.v09b_044a_c93de
          • role-strategy: 488.v0634ce149b_8c

           

          This problem appears during Jenkins startup:

          java.lang.IllegalStateException: Cannot resolve permission for ID: Scriptler/Configure 

          Stack trace:

          Caused by: io.jenkins.plugins.casc.ConfiguratorException: roleDefinition: Failed to construct instance of class org.jenkinsci.plugins.rolestrategy.casc.RoleDefinition.
          jenkins_1  |  Constructor: public org.jenkinsci.plugins.rolestrategy.casc.RoleDefinition(java.lang.String,java.lang.String,java.lang.String,java.util.Collection,java.util.Collection).
          jenkins_1  |  Arguments: [java.lang.String, java.lang.String, null, java.util.ArrayList, java.util.ArrayList].
          jenkins_1  |  Expected Parameters: name java.lang.String, description java.lang.String, pattern java.lang.String, permissions java.util.Collection<java.lang.String>, assignments java.util.Collection<java.lang.String>
          jenkins_1  | 	at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.tryConstructor(DataBoundConfigurator.java:191)
          jenkins_1  | 	at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.instance(DataBoundConfigurator.java:76)
          jenkins_1  | 	at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:266)
          jenkins_1  | 	at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.configure(DataBoundConfigurator.java:82)
          jenkins_1  | 	at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.tryConstructor(DataBoundConfigurator.java:151)
          jenkins_1  | 	at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.instance(DataBoundConfigurator.java:76)
          jenkins_1  | 	at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:266)
          jenkins_1  | 	at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.configure(DataBoundConfigurator.java:82)
          jenkins_1  | 	at org.jenkinsci.plugins.rolestrategy.casc.RoleBasedAuthorizationStrategyConfigurator.instance(RoleBasedAuthorizationStrategyConfigurator.java:58)
          jenkins_1  | 	at org.jenkinsci.plugins.rolestrategy.casc.RoleBasedAuthorizationStrategyConfigurator.instance(RoleBasedAuthorizationStrategyConfigurator.java:34)
          jenkins_1  | 	at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:266)
          jenkins_1  | 	at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$doConfigure$16668e2$1(HeteroDescribableConfigurator.java:277)
          jenkins_1  | 	at io.vavr.CheckedFunction0.lambda$unchecked$52349c75$1(CheckedFunction0.java:247)
          jenkins_1  | 	at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.doConfigure(HeteroDescribableConfigurator.java:277)
          jenkins_1  | 	at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$null$2(HeteroDescribableConfigurator.java:86)
          jenkins_1  | 	at io.vavr.control.Option.map(Option.java:392)
          jenkins_1  | 	at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$configure$3(HeteroDescribableConfigurator.java:86)
          jenkins_1  | 	at io.vavr.Tuple2.apply(Tuple2.java:238)
          jenkins_1  | 	at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.configure(HeteroDescribableConfigurator.java:83)
          jenkins_1  | 	at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.check(HeteroDescribableConfigurator.java:92)
          jenkins_1  | 	at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.check(HeteroDescribableConfigurator.java:55)
          jenkins_1  | 	at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:350)
          jenkins_1  | 	at io.jenkins.plugins.casc.BaseConfigurator.check(BaseConfigurator.java:286)
          jenkins_1  | 	at io.jenkins.plugins.casc.ConfigurationAsCode.lambda$checkWith$8(ConfigurationAsCode.java:776)
          jenkins_1  | 	at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:712)
          jenkins_1  | 	... 19 more
          jenkins_1  | Caused by: java.lang.reflect.InvocationTargetException
          jenkins_1  | 	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
          jenkins_1  | 	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
          jenkins_1  | 	at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
          jenkins_1  | 	at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
          jenkins_1  | 	at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.tryConstructor(DataBoundConfigurator.java:173)
          jenkins_1  | 	... 43 more
          jenkins_1  | Caused by: java.lang.IllegalStateException: Cannot resolve permission for ID: Scriptler/Configure
          jenkins_1  | 	at org.jenkinsci.plugins.rolestrategy.casc.RoleDefinition.getRole(RoleDefinition.java:52)
          jenkins_1  | 	at org.jenkinsci.plugins.rolestrategy.casc.RoleDefinition.<init>(RoleDefinition.java:41)
          jenkins_1  | 	... 48 more 

           

          A workaround to this is to comment out Scriptler permissions in yaml, start Jenkins, and then load the configuration from disk. This could mean that casc plugin is loading permissions before Scriptler plugin is initialized.

           

          Similar issue could be: https://issues.jenkins.io/browse/JENKINS-66271 

          Filip Daca added a comment - Experiencing the same issue with Scriptler 3.5 Reproduced locally using: jenkins: 2.350, 2.357 configuraiton-as-code: 1429.v09b_044a_c93de role-strategy: 488.v0634ce149b_8c   This problem appears during Jenkins startup: java.lang.IllegalStateException: Cannot resolve permission for ID: Scriptler/Configure Stack trace: Caused by: io.jenkins.plugins.casc.ConfiguratorException: roleDefinition: Failed to construct instance of class org.jenkinsci.plugins.rolestrategy.casc.RoleDefinition. jenkins_1  |  Constructor: public org.jenkinsci.plugins.rolestrategy.casc.RoleDefinition(java.lang. String ,java.lang. String ,java.lang. String ,java.util.Collection,java.util.Collection). jenkins_1  |  Arguments: [java.lang. String , java.lang. String , null , java.util.ArrayList, java.util.ArrayList]. jenkins_1  |  Expected Parameters: name java.lang. String , description java.lang. String , pattern java.lang. String , permissions java.util.Collection<java.lang. String >, assignments java.util.Collection<java.lang. String > jenkins_1  | at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.tryConstructor(DataBoundConfigurator.java:191) jenkins_1  | at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.instance(DataBoundConfigurator.java:76) jenkins_1  | at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:266) jenkins_1  | at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.configure(DataBoundConfigurator.java:82) jenkins_1  | at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.tryConstructor(DataBoundConfigurator.java:151) jenkins_1  | at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.instance(DataBoundConfigurator.java:76) jenkins_1  | at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:266) jenkins_1  | at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.configure(DataBoundConfigurator.java:82) jenkins_1  | at org.jenkinsci.plugins.rolestrategy.casc.RoleBasedAuthorizationStrategyConfigurator.instance(RoleBasedAuthorizationStrategyConfigurator.java:58) jenkins_1  | at org.jenkinsci.plugins.rolestrategy.casc.RoleBasedAuthorizationStrategyConfigurator.instance(RoleBasedAuthorizationStrategyConfigurator.java:34) jenkins_1  | at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:266) jenkins_1  | at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$doConfigure$16668e2$1(HeteroDescribableConfigurator.java:277) jenkins_1  | at io.vavr.CheckedFunction0.lambda$unchecked$52349c75$1(CheckedFunction0.java:247) jenkins_1  | at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.doConfigure(HeteroDescribableConfigurator.java:277) jenkins_1  | at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$ null $2(HeteroDescribableConfigurator.java:86) jenkins_1  | at io.vavr.control.Option.map(Option.java:392) jenkins_1  | at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$configure$3(HeteroDescribableConfigurator.java:86) jenkins_1  | at io.vavr.Tuple2.apply(Tuple2.java:238) jenkins_1  | at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.configure(HeteroDescribableConfigurator.java:83) jenkins_1  | at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.check(HeteroDescribableConfigurator.java:92) jenkins_1  | at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.check(HeteroDescribableConfigurator.java:55) jenkins_1  | at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:350) jenkins_1  | at io.jenkins.plugins.casc.BaseConfigurator.check(BaseConfigurator.java:286) jenkins_1  | at io.jenkins.plugins.casc.ConfigurationAsCode.lambda$checkWith$8(ConfigurationAsCode.java:776) jenkins_1  | at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:712) jenkins_1  | ... 19 more jenkins_1  | Caused by: java.lang.reflect.InvocationTargetException jenkins_1  | at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) jenkins_1  | at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) jenkins_1  | at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) jenkins_1  | at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490) jenkins_1  | at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.tryConstructor(DataBoundConfigurator.java:173) jenkins_1  | ... 43 more jenkins_1  | Caused by: java.lang.IllegalStateException: Cannot resolve permission for ID: Scriptler/Configure jenkins_1  | at org.jenkinsci.plugins.rolestrategy.casc.RoleDefinition.getRole(RoleDefinition.java:52) jenkins_1  | at org.jenkinsci.plugins.rolestrategy.casc.RoleDefinition.<init>(RoleDefinition.java:41) jenkins_1  | ... 48 more   A workaround to this is to comment out Scriptler permissions in yaml, start Jenkins, and then load the configuration from disk. This could mean that casc plugin is loading permissions before Scriptler plugin is initialized.   Similar issue could be: https://issues.jenkins.io/browse/JENKINS-66271  

          Astha Sharma added a comment -

          +1

          Astha Sharma added a comment - +1

          +1

          Dax Games added a comment -

          +1

          Dax Games added a comment - +1

          Dax Games added a comment - - edited

          When will this get fixed? +1

          Dax Games added a comment - - edited When will this get fixed? +1

            Unassigned Unassigned
            ppetkov Preslav Petkov
            Votes:
            3 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated: