Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-68526

Scriptler-plugin Jcasc permissions for role based security stopped working after release 3.5

    XMLWordPrintable

Details

    Description

      Scriptler-plugin Jcasc permissions for role based security stopped working after release 3.5.

      The following jcasc yaml file works for version 3.4

      jenkins:
        authorizationStrategy:
          roleBased:
            roles:
              global:
              - assignments:
                - <some user>
                name: "admin"
                pattern: ".*"
                permissions:
                - "Scriptler/Configure"
                - "Scriptler/RunScripts"
                .....
      
      

       

      After release 3.5 Jenkins throws an internal server error on start up as it cannot map the Scriptler permissions. Going through the commits for the 3.5 release I found that the permisions are moved to a dedicated file - https://github.com/jenkinsci/scriptler-plugin/commit/be98485e8688ead6f1a6928043d82fc71a390e00

      Attachments

        Activity

          filip_daca Filip Daca added a comment -

          Experiencing the same issue with Scriptler 3.5

          Reproduced locally using:

          • jenkins: 2.350, 2.357
          • configuraiton-as-code: 1429.v09b_044a_c93de
          • role-strategy: 488.v0634ce149b_8c

           

          This problem appears during Jenkins startup:

          java.lang.IllegalStateException: Cannot resolve permission for ID: Scriptler/Configure 

          Stack trace:

          Caused by: io.jenkins.plugins.casc.ConfiguratorException: roleDefinition: Failed to construct instance of class org.jenkinsci.plugins.rolestrategy.casc.RoleDefinition.
          jenkins_1  |  Constructor: public org.jenkinsci.plugins.rolestrategy.casc.RoleDefinition(java.lang.String,java.lang.String,java.lang.String,java.util.Collection,java.util.Collection).
          jenkins_1  |  Arguments: [java.lang.String, java.lang.String, null, java.util.ArrayList, java.util.ArrayList].
          jenkins_1  |  Expected Parameters: name java.lang.String, description java.lang.String, pattern java.lang.String, permissions java.util.Collection<java.lang.String>, assignments java.util.Collection<java.lang.String>
          jenkins_1  | 	at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.tryConstructor(DataBoundConfigurator.java:191)
          jenkins_1  | 	at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.instance(DataBoundConfigurator.java:76)
          jenkins_1  | 	at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:266)
          jenkins_1  | 	at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.configure(DataBoundConfigurator.java:82)
          jenkins_1  | 	at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.tryConstructor(DataBoundConfigurator.java:151)
          jenkins_1  | 	at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.instance(DataBoundConfigurator.java:76)
          jenkins_1  | 	at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:266)
          jenkins_1  | 	at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.configure(DataBoundConfigurator.java:82)
          jenkins_1  | 	at org.jenkinsci.plugins.rolestrategy.casc.RoleBasedAuthorizationStrategyConfigurator.instance(RoleBasedAuthorizationStrategyConfigurator.java:58)
          jenkins_1  | 	at org.jenkinsci.plugins.rolestrategy.casc.RoleBasedAuthorizationStrategyConfigurator.instance(RoleBasedAuthorizationStrategyConfigurator.java:34)
          jenkins_1  | 	at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:266)
          jenkins_1  | 	at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$doConfigure$16668e2$1(HeteroDescribableConfigurator.java:277)
          jenkins_1  | 	at io.vavr.CheckedFunction0.lambda$unchecked$52349c75$1(CheckedFunction0.java:247)
          jenkins_1  | 	at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.doConfigure(HeteroDescribableConfigurator.java:277)
          jenkins_1  | 	at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$null$2(HeteroDescribableConfigurator.java:86)
          jenkins_1  | 	at io.vavr.control.Option.map(Option.java:392)
          jenkins_1  | 	at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$configure$3(HeteroDescribableConfigurator.java:86)
          jenkins_1  | 	at io.vavr.Tuple2.apply(Tuple2.java:238)
          jenkins_1  | 	at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.configure(HeteroDescribableConfigurator.java:83)
          jenkins_1  | 	at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.check(HeteroDescribableConfigurator.java:92)
          jenkins_1  | 	at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.check(HeteroDescribableConfigurator.java:55)
          jenkins_1  | 	at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:350)
          jenkins_1  | 	at io.jenkins.plugins.casc.BaseConfigurator.check(BaseConfigurator.java:286)
          jenkins_1  | 	at io.jenkins.plugins.casc.ConfigurationAsCode.lambda$checkWith$8(ConfigurationAsCode.java:776)
          jenkins_1  | 	at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:712)
          jenkins_1  | 	... 19 more
          jenkins_1  | Caused by: java.lang.reflect.InvocationTargetException
          jenkins_1  | 	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
          jenkins_1  | 	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
          jenkins_1  | 	at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
          jenkins_1  | 	at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
          jenkins_1  | 	at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.tryConstructor(DataBoundConfigurator.java:173)
          jenkins_1  | 	... 43 more
          jenkins_1  | Caused by: java.lang.IllegalStateException: Cannot resolve permission for ID: Scriptler/Configure
          jenkins_1  | 	at org.jenkinsci.plugins.rolestrategy.casc.RoleDefinition.getRole(RoleDefinition.java:52)
          jenkins_1  | 	at org.jenkinsci.plugins.rolestrategy.casc.RoleDefinition.<init>(RoleDefinition.java:41)
          jenkins_1  | 	... 48 more 

           

          A workaround to this is to comment out Scriptler permissions in yaml, start Jenkins, and then load the configuration from disk. This could mean that casc plugin is loading permissions before Scriptler plugin is initialized.

           

          Similar issue could be: https://issues.jenkins.io/browse/JENKINS-66271 

          filip_daca Filip Daca added a comment - Experiencing the same issue with Scriptler 3.5 Reproduced locally using: jenkins: 2.350, 2.357 configuraiton-as-code: 1429.v09b_044a_c93de role-strategy: 488.v0634ce149b_8c   This problem appears during Jenkins startup: java.lang.IllegalStateException: Cannot resolve permission for ID: Scriptler/Configure Stack trace: Caused by: io.jenkins.plugins.casc.ConfiguratorException: roleDefinition: Failed to construct instance of class org.jenkinsci.plugins.rolestrategy.casc.RoleDefinition. jenkins_1  |  Constructor: public org.jenkinsci.plugins.rolestrategy.casc.RoleDefinition(java.lang. String ,java.lang. String ,java.lang. String ,java.util.Collection,java.util.Collection). jenkins_1  |  Arguments: [java.lang. String , java.lang. String , null , java.util.ArrayList, java.util.ArrayList]. jenkins_1  |  Expected Parameters: name java.lang. String , description java.lang. String , pattern java.lang. String , permissions java.util.Collection<java.lang. String >, assignments java.util.Collection<java.lang. String > jenkins_1  | at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.tryConstructor(DataBoundConfigurator.java:191) jenkins_1  | at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.instance(DataBoundConfigurator.java:76) jenkins_1  | at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:266) jenkins_1  | at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.configure(DataBoundConfigurator.java:82) jenkins_1  | at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.tryConstructor(DataBoundConfigurator.java:151) jenkins_1  | at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.instance(DataBoundConfigurator.java:76) jenkins_1  | at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:266) jenkins_1  | at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.configure(DataBoundConfigurator.java:82) jenkins_1  | at org.jenkinsci.plugins.rolestrategy.casc.RoleBasedAuthorizationStrategyConfigurator.instance(RoleBasedAuthorizationStrategyConfigurator.java:58) jenkins_1  | at org.jenkinsci.plugins.rolestrategy.casc.RoleBasedAuthorizationStrategyConfigurator.instance(RoleBasedAuthorizationStrategyConfigurator.java:34) jenkins_1  | at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:266) jenkins_1  | at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$doConfigure$16668e2$1(HeteroDescribableConfigurator.java:277) jenkins_1  | at io.vavr.CheckedFunction0.lambda$unchecked$52349c75$1(CheckedFunction0.java:247) jenkins_1  | at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.doConfigure(HeteroDescribableConfigurator.java:277) jenkins_1  | at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$ null $2(HeteroDescribableConfigurator.java:86) jenkins_1  | at io.vavr.control.Option.map(Option.java:392) jenkins_1  | at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$configure$3(HeteroDescribableConfigurator.java:86) jenkins_1  | at io.vavr.Tuple2.apply(Tuple2.java:238) jenkins_1  | at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.configure(HeteroDescribableConfigurator.java:83) jenkins_1  | at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.check(HeteroDescribableConfigurator.java:92) jenkins_1  | at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.check(HeteroDescribableConfigurator.java:55) jenkins_1  | at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:350) jenkins_1  | at io.jenkins.plugins.casc.BaseConfigurator.check(BaseConfigurator.java:286) jenkins_1  | at io.jenkins.plugins.casc.ConfigurationAsCode.lambda$checkWith$8(ConfigurationAsCode.java:776) jenkins_1  | at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:712) jenkins_1  | ... 19 more jenkins_1  | Caused by: java.lang.reflect.InvocationTargetException jenkins_1  | at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) jenkins_1  | at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) jenkins_1  | at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) jenkins_1  | at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490) jenkins_1  | at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.tryConstructor(DataBoundConfigurator.java:173) jenkins_1  | ... 43 more jenkins_1  | Caused by: java.lang.IllegalStateException: Cannot resolve permission for ID: Scriptler/Configure jenkins_1  | at org.jenkinsci.plugins.rolestrategy.casc.RoleDefinition.getRole(RoleDefinition.java:52) jenkins_1  | at org.jenkinsci.plugins.rolestrategy.casc.RoleDefinition.<init>(RoleDefinition.java:41) jenkins_1  | ... 48 more   A workaround to this is to comment out Scriptler permissions in yaml, start Jenkins, and then load the configuration from disk. This could mean that casc plugin is loading permissions before Scriptler plugin is initialized.   Similar issue could be: https://issues.jenkins.io/browse/JENKINS-66271  
          astha9213 Astha Sharma added a comment -

          +1

          astha9213 Astha Sharma added a comment - +1
          daxgames Dax Games added a comment -

          +1

          daxgames Dax Games added a comment - +1

          People

            Unassigned Unassigned
            ppetkov Preslav Petkov
            Votes:
            3 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated: