configuration-as-code-plugin
configuration-as-code-plugin copied to clipboard
Published
20 hours ago •
jenkinsci
jenkinsci
Security Realm for LDAP and Role-Based Strategy is not set
Jenkins and plugins versions report
Environment
Jenkins: 2.332.1
OS: Linux - 5.10.0-10-amd64
---
ace-editor:1.1
ant:1.13
antisamy-markup-formatter:2.7
apache-httpcomponents-client-4-api:4.5.13-1.0
authentication-tokens:1.4
authorize-project:1.4.0
bootstrap4-api:4.6.0-3
bootstrap5-api:5.1.3-6
bouncycastle-api:2.25
branch-api:2.7.0
build-timeout:1.20
caffeine-api:2.9.2-29.v717aac953ff3
checks-api:1.7.2
cloudbees-folder:6.714.v79e858ef76a_2
command-launcher:1.6
configuration-as-code:1414.v878271fc496f
credentials:1074.v60e6c29b_b_44b_
credentials-binding:1.27.1
display-url-api:2.3.6
docker-commons:1.19
docker-workflow:1.28
durable-task:495.v29cd95ec10f2
echarts-api:5.3.0-2
email-ext:2.87
external-monitor-job:191.v363d0d1efdf8
font-awesome-api:6.0.0-1
git:4.10.3
git-client:3.11.0
git-server:1.10
gitea:1.4.1
github:1.34.3
github-api:1.301-378.v9807bd746da5
github-branch-source:1583.v18d333ef7379
gradle:1.38
handlebars:3.0.8
handy-uri-templates-2-api:2.1.8-1.0
jackson2-api:2.13.2-260.v43d711474c77
javadoc:217.v905b_86277a_2a_
javax-activation-api:1.2.0-2
javax-mail-api:1.6.2-5
jaxb:2.3.0.1
jdk-tool:1.5
jjwt-api:0.11.2-9.c8b45b8bb173
jnr-posix-api:3.1.7-3
jquery-detached:1.2.1
jquery3-api:3.6.0-2
jsch:0.1.55.2
junit:1.56
kubernetes:3568.vde94f6b_41b_c8
kubernetes-client-api:5.12.1-187.v577c3e368fb_6
kubernetes-credentials:0.9.0
ldap:2.8
lockable-resources:2.14
mailer:408.vd726a_1130320
mapdb-api:1.0.9.0
matrix-auth:3.1
matrix-project:758.v7a_ea_491852f3
metrics:4.1.6.1
momentjs:1.1.1
okhttp-api:4.9.3-105.vb96869f8ac3a
pam-auth:1.7
pipeline-build-step:2.16
pipeline-github-lib:36.v4c01db_ca_ed16
pipeline-graph-analysis:188.v3a01e7973f2c
pipeline-input-step:446.vf27b_0b_83500e
pipeline-milestone-step:100.v60a_03cd446e1
pipeline-model-api:2.2064.v5eef7d0982b_e
pipeline-model-definition:2.2064.v5eef7d0982b_e
pipeline-model-extensions:2.2064.v5eef7d0982b_e
pipeline-rest-api:2.23
pipeline-stage-step:291.vf0a8a7aeeb50
pipeline-stage-tags-metadata:2.2064.v5eef7d0982b_e
pipeline-stage-view:2.23
plain-credentials:1.8
plugin-util-api:2.15.0
popper-api:1.16.1-2
popper2-api:2.11.4-1
resource-disposer:0.17
role-strategy:3.2.0
scm-api:595.vd5a_df5eb_0e39
script-security:1145.vb_cf6cf6ed960
snakeyaml-api:1.29.1
ssh-credentials:1.19
ssh-slaves:1.806.v2253cedd3295
sshd:3.1.0
structs:308.v852b473a2b8c
subversion:2.15.3
swarm:3.22
timestamper:1.17
token-macro:285.vff7645a_56ff0
trilead-api:1.0.13
variant:1.4
windows-slaves:1.8
workflow-aggregator:2.7
workflow-api:1143.v2d42f1e9dea_5
workflow-basic-steps:941.vdfe1b_a_132c64
workflow-cps:2682.va_473dcddc941
workflow-cps-global-lib:564.ve62a_4eb_b_e039
workflow-durable-task-step:1128.v8c259d125340
workflow-job:1174.vdcb_d054cf74a_
workflow-multibranch:711.vdfef37cda_816
workflow-scm-step:2.13
workflow-step-api:622.vb_8e7c15b_c95a_
workflow-support:815.vd60466279fc8
ws-cleanup:0.40
What Operating System are you using (both controller, and any agents involved in the problem)?
Jenkins
Reproduction steps
- Create configuration
- Deploy Jenkins
Expected Results
Expecting LDAP is configured and Roles are setup.
Actual Results
No LDAP and no Roles.
Anything else?
Kubernetes cloud and credentials are configured correctly. No error that I could find.
Logs:
022-03-27 09:13:08.620+0000 [id=35] INFO jenkins.InitReactorRunner$1#onAttained: System config loaded
2022-03-27 09:13:09.145+0000 [id=35] WARNING i.j.p.casc.BaseConfigurator#createAttribute: Can't handle class org.csanchez.jenkins.plugins.kubernetes.PodTemplate#listener: type is abstract but not Describable.
2022-03-27 09:13:09.183+0000 [id=35] WARNING i.j.p.casc.BaseConfigurator#createAttribute: Can't handle class jenkins.security.plugins.ldap.FromUserRecordLDAPGroupMembershipStrategy#authoritiesPopulator: type is abstract but not Describable.
2022-03-27 09:13:10.278+0000 [id=35] WARNING i.j.p.casc.BaseConfigurator#createAttribute: Can't handle class org.csanchez.jenkins.plugins.kubernetes.PodTemplate#listener: type is abstract but not Describable.
2022-03-27 09:13:10.328+0000 [id=35] WARNING i.j.p.casc.BaseConfigurator#createAttribute: Can't handle class jenkins.security.plugins.ldap.FromUserRecordLDAPGroupMembershipStrategy#authoritiesPopulator: type is abstract but not Describable.
2022-03-27 09:13:10.367+0000 [id=35] INFO o.s.s.l.DefaultSpringSecurityContextSource#<init>: URL 'ldap://openldap.kube-ldap.svc.cluster.local:1389/dc=muellerpublic,dc=de', root DN is 'dc=muellerpublic,dc=de'
2022-03-27 09:13:10.593+0000 [id=35] INFO j.s.s2m.AdminWhitelistRule#setMasterKillSwitch: Setting AdminWhitelistRule no longer has any effect. See https://www.jenkins.io/redirect/AdminWhitelistRule to learn more.
The config: (I only added the relevant parts)
jenkins:
agentProtocols:
- "JNLP4-connect"
- "Ping"
authorizationStrategy:
roleBased:
roles:
global:
- assignments:
- "nohpophee6zohvai"
- "Administrators"
name: "admin"
pattern: ".*"
permissions:
- "Job/Move"
- "Job/Build"
- "Lockable Resources/View"
- "Credentials/Delete"
- "Credentials/ManageDomains"
- "Lockable Resources/Unlock"
- "View/Create"
- "Agent/Configure"
- "Job/Read"
- "Credentials/Update"
- "Agent/Create"
- "Job/Delete"
- "Agent/Build"
- "View/Configure"
- "Metrics/HealthCheck"
- "Lockable Resources/Reserve"
- "Agent/Provision"
- "Metrics/ThreadDump"
- "SCM/Tag"
- "Job/Create"
- "Job/Discover"
- "Credentials/View"
- "Agent/Connect"
- "Agent/Delete"
- "Run/Replay"
- "Agent/Disconnect"
- "Run/Delete"
- "Job/Cancel"
- "Overall/Read"
- "Run/Update"
- "Credentials/Create"
- "Overall/Administer"
- "View/Delete"
- "Job/Configure"
- "Lockable Resources/Steal"
- "Metrics/View"
- "Job/Workspace"
- "View/Read"
- assignments:
- "JenkinsTrusted"
name: "trusted"
pattern: ".*"
permissions:
- "Job/Move"
- "Job/Build"
- "Lockable Resources/View"
- "Credentials/Delete"
- "Credentials/ManageDomains"
- "Lockable Resources/Unlock"
- "View/Create"
- "Agent/Configure"
- "Job/Read"
- "Credentials/Update"
- "Agent/Create"
- "Job/Delete"
- "Agent/Build"
- "View/Configure"
- "Metrics/HealthCheck"
- "Lockable Resources/Reserve"
- "Agent/Provision"
- "Metrics/ThreadDump"
- "SCM/Tag"
- "Job/Create"
- "Job/Discover"
- "Credentials/View"
- "Agent/Connect"
- "Agent/Delete"
- "Run/Replay"
- "Agent/Disconnect"
- "Run/Delete"
- "Job/Cancel"
- "Overall/Read"
- "Run/Update"
- "Credentials/Create"
- "View/Delete"
- "Job/Configure"
- "Lockable Resources/Steal"
- "Metrics/View"
- "Job/Workspace"
- "View/Read"
- assignments:
- "anonymous"
name: "visitor"
pattern: ".*"
permissions:
- "Overall/Read"
- "Job/Read"
clouds:
- kubernetes:
containerCap: 10
containerCapStr: "10"
jenkinsTunnel: "jenkins-agent:50000"
securityRealm:
ldap:
configurations:
- displayNameAttributeName: "uid"
groupMembershipStrategy:
fromUserRecord:
attributeName: "memberOf"
groupSearchBase: "ou=People"
groupSearchFilter: "(&(objectClass=jenkinsUser)(memberOf=cn=Jenkins,ou=group,dc=muellerpublic,dc=de)(|(uid={0})(cn={0})))"
inhibitInferRootDN: false
managerDN: "cn=admin,dc=muellerpublic,dc=de"
managerPasswordSecret: "xxx"
rootDN: "dc=muellerpublic,dc=de"
server: "openldap.kube-ldap.svc.cluster.local:1389"
userSearch: "(&(objectClass=inetOrgPerson)(memberOf=cn=Jenkins,ou=Group,dc=muellerpublic,dc=de)(|(uid={0})(cn={0})))"
userSearchBase: "ou=People"
disableMailAddressResolver: false
disableRolePrefixing: true
groupIdStrategy: "caseInsensitive"
userIdStrategy: "caseInsensitive"
Yes. I configured Jenkins manually and then I exported the config. Now I just changed the pod template and loaded the whole configuration into Jenkins.
Specifically I just updated the jenkins.clouds.'kubernetes'.templates.containers.image
Worth posting in gitter if you haven't already https://gitter.im/jenkinsci/configuration-as-code-plugin
No I haven't.
Here is the full config: https://gist.github.com/devent/895973134052bb45365f88200d66ba24
I think the issue is somewhere else. I just re-applied the configuration and now everything is correct setup. I pressed the button "Reload existing configuration"
But why wasn't the LDAP and Roles loaded on deployment? Everything else was.