jenkinsci
Plugin role-strategy : conflict when setting jenkins.projectNamingStrategy
Jenkins and plugins versions report
Environment
Jenkins: 2.375.1
OS: Linux - 5.4.0-135-generic
---
ace-editor:1.1
apache-httpcomponents-client-4-api:4.5.13-138.v4e7d9a_7b_a_e61
authentication-tokens:1.4
blueocean:1.26.0
blueocean-bitbucket-pipeline:1.26.0
blueocean-commons:1.26.0
blueocean-config:1.26.0
blueocean-core-js:1.26.0
blueocean-dashboard:1.26.0
blueocean-display-url:2.4.1
blueocean-events:1.26.0
blueocean-git-pipeline:1.26.0
blueocean-github-pipeline:1.26.0
blueocean-i18n:1.26.0
blueocean-jwt:1.26.0
blueocean-personalization:1.26.0
blueocean-pipeline-api-impl:1.26.0
blueocean-pipeline-editor:1.26.0
blueocean-pipeline-scm-api:1.26.0
blueocean-rest:1.26.0
blueocean-rest-impl:1.26.0
blueocean-web:1.26.0
bootstrap5-api:5.2.1-3
bouncycastle-api:2.26
branch-api:2.1051.v9985666b_f6cc
caffeine-api:2.9.3-65.v6a_47d0f4d1fe
checks-api:1.8.1
cloudbees-bitbucket-branch-source:791.vb_eea_a_476405b
cloudbees-folder:6.800.v71307ca_b_986b
command-launcher:1.2
commons-lang3-api:3.12.0-36.vd97de6465d5b_
commons-text-api:1.10.0-27.vb_fa_3896786a_7
configuration-as-code:1569.vb_72405b_80249
credentials:1214.v1de940103927
credentials-binding:523.vd859a_4b_122e6
display-url-api:2.3.7
durable-task:503.v57154d18d478
echarts-api:5.4.0-1
favorite:2.4.1
font-awesome-api:6.2.1-1
git:4.13.0
git-client:3.13.1
github:1.36.0
github-api:1.303-400.v35c2d8258028
github-branch-source:1696.v3a_7603564d04
handy-uri-templates-2-api:2.1.8-22.v77d5b_75e6953
htmlpublisher:1.31
instance-identity:142.v04572ca_5b_265
ionicons-api:31.v4757b_6987003
jackson2-api:2.14.1-313.v504cdd45c18b
jakarta-activation-api:2.0.1-2
jakarta-mail-api:2.0.1-2
javax-activation-api:1.2.0-5
javax-mail-api:1.6.2-5
jaxb:2.3.7-1
jdk-tool:1.0
jenkins-design-language:1.26.0
jjwt-api:0.11.5-77.v646c772fddb_0
jquery3-api:3.6.1-2
jsch:0.1.55.61.va_e9ee26616e7
junit:1166.va_436e268e972
kubernetes:3734.v562b_b_a_627ea_c
kubernetes-client-api:5.12.2-193.v26a_6078f65a_9
kubernetes-credentials:0.9.0
locale:226.v008e1b_58cb_b_0
mailer:438.v02c7f0a_12fa_4
mapdb-api:1.0.9-28.vf251ce40855d
matrix-project:785.v06b_7f47b_c631
metrics:4.2.13-420.vea_2f17932dd6
oic-auth:2.3
okhttp-api:4.9.3-108.v0feda04578cf
pipeline-build-step:2.18
pipeline-graph-analysis:195.v5812d95a_a_2f9
pipeline-groovy-lib:629.vb_5627b_ee2104
pipeline-input-step:466.v6d0a_5df34f81
pipeline-milestone-step:101.vd572fef9d926
pipeline-model-api:2.2118.v31fd5b_9944b_5
pipeline-model-definition:2.2118.v31fd5b_9944b_5
pipeline-model-extensions:2.2118.v31fd5b_9944b_5
pipeline-stage-step:296.v5f6908f017a_5
pipeline-stage-tags-metadata:2.2118.v31fd5b_9944b_5
plain-credentials:139.ved2b_9cf7587b
plugin-util-api:2.20.0
popper2-api:2.11.6-2
pubsub-light:1.17
role-strategy:569.v7476f8e4fe29
scm-api:631.v9143df5b_e4a_a
script-security:1228.vd93135a_2fb_25
snakeyaml-api:1.33-90.v80dcb_3814d35
sse-gateway:1.26
ssh-credentials:305.v8f4381501156
sshd:3.236.ved5e1b_cb_50b_2
structs:324.va_f5d6774f3a_d
subversion:2.16.0
token-macro:321.vd7cc1f2a_52c8
trilead-api:2.84.v72119de229b_7
variant:59.vf075fe829ccb
workflow-aggregator:590.v6a_d052e5a_a_b_5
workflow-api:1200.v8005c684b_a_c6
workflow-basic-steps:994.vd57e3ca_46d24
workflow-cps:3583.v4f58de0d78d5
workflow-durable-task-step:1217.v38306d8fa_b_5c
workflow-job:1254.v3f64639b_11dd
workflow-multibranch:716.vc692a_e52371b_
workflow-scm-step:400.v6b_89a_1317c9a_
workflow-step-api:639.v6eca_cd8c04a_a_
workflow-support:839.v35e2736cfd5c
What Operating System are you using (both controller, and any agents involved in the problem)?
After installing role-strategy plugin, Jenkins add a warning :
The Restrict project naming configuration is not set to the Role-based Strategy. This can lead to problems as it allows users to create items, for which they have not the sufficient permissions to discover, read or configure.
I would like to set this settings with JCasC. If I export the configuration :
jenkins:
projectNamingStrategy:
roleBased:
forceExistingJobs: false
Then if a create a fresh installation with this configuration, Jenkins controller could not merge the default configuration with this one :
- default configuration file /var/jenkins_home/casc_configs/jcasc-default-config.yaml :
jenkins:
authorizationStrategy:
roleBased:
roles:
global:
- assignments:
- "guillaume_lecroc"
name: "admin"
pattern: ".*"
permissions:
- "Overall/Administer"
projectNamingStrategy: "standard"
...
- my configuration file /var/jenkins_home/casc_configs/jenkins-casc-config.yaml :
jenkins:
projectNamingStrategy:
roleBased:
forceExistingJobs: false
- error :
2022-12-26 15:22:28.810+0000 [id=12] WARNING h.i.i.InstallUncaughtExceptionHandler#handleException: Caught unhandled exception with ID b5a161b3-b4c0-4e4d-9b9d-db7a8629f7bb
io.jenkins.plugins.casc.ConfiguratorException: Found incompatible configuration elements YamlSource: /var/jenkins_home/casc_configs/jenkins-casc-config.yaml in /var/jenkins_home/casc_configs/jenkins-casc-config.yaml, line 3, column 5:
roleBased:
^
at io.jenkins.plugins.casc.yaml.OverrideMergeStrategy.merge(OverrideMergeStrategy.java:24)
at io.jenkins.plugins.casc.yaml.OverrideMergeStrategy.merge(OverrideMergeStrategy.java:49)
at io.jenkins.plugins.casc.yaml.OverrideMergeStrategy.merge(OverrideMergeStrategy.java:49)
at io.jenkins.plugins.casc.yaml.YamlUtils.merge(YamlUtils.java:47)
Caused: io.jenkins.plugins.casc.ConfiguratorException: Failed to read YamlSource: /var/jenkins_home/casc_configs/jenkins-casc-config.yaml
at io.jenkins.plugins.casc.yaml.YamlUtils.merge(YamlUtils.java:51)
at io.jenkins.plugins.casc.yaml.YamlUtils.loadFrom(YamlUtils.java:102)
at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:637)
at io.jenkins.plugins.casc.ConfigurationAsCode.configure(ConfigurationAsCode.java:306)
at io.jenkins.plugins.casc.TokenReloadAction.doIndex(TokenReloadAction.java:59)
at java.base/java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:710)
at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:397)
at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:409)
at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:78)
at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26)
at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:207)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:140)
at org.kohsuke.stapler.IndexDispatcher.dispatch(IndexDispatcher.java:28)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:762)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:894)
at org.kohsuke.stapler.MetaClass$9.dispatch(MetaClass.java:475)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:762)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:894)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:690)
at org.kohsuke.stapler.Stapler.service(Stapler.java:240)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764)
at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1665)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:157)
at jenkins.security.ResourceDomainFilter.doFilter(ResourceDomainFilter.java:81)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:129)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at hudson.plugins.locale.LocaleFilter.doFilter(LocaleFilter.java:42)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:248)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:60)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:160)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at io.jenkins.plugins.casc.TokenReloadCrumbExclusion.process(TokenReloadCrumbExclusion.java:20)
at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:128)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:94)
at jenkins.security.AcegiSecurityExceptionFilter.doFilter(AcegiSecurityExceptionFilter.java:52)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:54)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:122)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:116)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:109)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:141)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:97)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:223)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:97)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:112)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:82)
at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:63)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:111)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:172)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:53)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:86)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at jenkins.security.SuspiciousRequestFilter.doFilter(SuspiciousRequestFilter.java:38)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:527)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:549)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1571)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1383)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1544)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1305)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
at org.eclipse.jetty.server.Server.handle(Server.java:563)
at org.eclipse.jetty.server.HttpChannel.lambda$handle$0(HttpChannel.java:505)
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:762)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:497)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:282)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.lambda$new$0(AdaptiveExecutionStrategy.java:139)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:933)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1077)
at java.base/java.lang.Thread.run(Thread.java:829)
I tried to set CASC_MERGE_STRATEGY to override too, same problem.
I tried to set the configuration under unclassified :
unclassified:
projectNamingStrategy:
roleBased:
forceExistingJobs: false
I got an other error :
2022-12-26 15:33:20.590+0000 [id=18] WARNING h.i.i.InstallUncaughtExceptionHandler#handleException: Caught unhandled exception with ID 22594e39-4a7a-4cd2-ab25-40d094659f25
io.jenkins.plugins.casc.ConfiguratorException: Invalid configuration elements for type class jenkins.model.GlobalProjectNamingStrategyConfiguration : roleBased.
Available attributes :
at io.jenkins.plugins.casc.BaseConfigurator.handleUnknown(BaseConfigurator.java:375)
at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:364)
at io.jenkins.plugins.casc.BaseConfigurator.check(BaseConfigurator.java:286)
at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:350)
at io.jenkins.plugins.casc.BaseConfigurator.check(BaseConfigurator.java:286)
at io.jenkins.plugins.casc.ConfigurationAsCode.lambda$checkWith$8(ConfigurationAsCode.java:776)
at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:712)
Caused: io.jenkins.plugins.casc.ConfiguratorException: unclassified: error configuring 'unclassified' with class io.jenkins.plugins.casc.impl.configurators.GlobalConfigurationCategoryConfigurator configurator
at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:718)
at io.jenkins.plugins.casc.ConfigurationAsCode.checkWith(ConfigurationAsCode.java:776)
at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:761)
at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:637)
at io.jenkins.plugins.casc.ConfigurationAsCode.configure(ConfigurationAsCode.java:306)
at io.jenkins.plugins.casc.TokenReloadAction.doIndex(TokenReloadAction.java:59)
at java.base/java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:710)
at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:397)
at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:409)
at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:78)
at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26)
at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:207)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:140)
at org.kohsuke.stapler.IndexDispatcher.dispatch(IndexDispatcher.java:28)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:762)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:894)
at org.kohsuke.stapler.MetaClass$9.dispatch(MetaClass.java:475)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:762)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:894)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:690)
at org.kohsuke.stapler.Stapler.service(Stapler.java:240)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764)
at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1665)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:157)
at jenkins.security.ResourceDomainFilter.doFilter(ResourceDomainFilter.java:81)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at hudson.plugins.locale.LocaleFilter.doFilter(LocaleFilter.java:42)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:129)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:248)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:60)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:160)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at io.jenkins.plugins.casc.TokenReloadCrumbExclusion.process(TokenReloadCrumbExclusion.java:20)
at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:128)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:94)
at jenkins.security.AcegiSecurityExceptionFilter.doFilter(AcegiSecurityExceptionFilter.java:52)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:54)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:122)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:116)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:109)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:141)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:97)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:223)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:97)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:112)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:82)
at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:63)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:111)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:172)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:53)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:86)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at jenkins.security.SuspiciousRequestFilter.doFilter(SuspiciousRequestFilter.java:38)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:527)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:549)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1571)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1383)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1544)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1305)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
at org.eclipse.jetty.server.Server.handle(Server.java:563)
at org.eclipse.jetty.server.HttpChannel.lambda$handle$0(HttpChannel.java:505)
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:762)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:497)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:282)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.lambda$new$0(AdaptiveExecutionStrategy.java:139)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:933)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1077)
at java.base/java.lang.Thread.run(Thread.java:829)
Reproduction steps
Install Jenkins with helm chart values :
controller:
additionalPlugins:
# Authorization
- role-strategy:569.v7476f8e4fe29
containerEnv:
- name: CASC_MERGE_STRATEGY
value: "override"
JCasC:
defaultConfig: true
authorizationStrategy: |-
roleBased:
roles:
global:
- assignments:
- "guillaume_lecroc"
name: "admin"
pattern: ".*"
permissions:
- "Overall/Administer"
configScripts:
jenkins-casc-config: |-
jenkins:
projectNamingStrategy:
roleBased:
forceExistingJobs: false
This create two configuration file :
- /var/jenkins_home/casc_configs/jcasc-default-config.yaml :
jenkins:
authorizationStrategy:
roleBased:
roles:
global:
- assignments:
- "guillaume_lecroc"
name: "admin"
pattern: ".*"
permissions:
- "Overall/Administer"
securityRealm:
# I omit IOC configuration
disableRememberMe: false
mode: NORMAL
numExecutors: 0
labelString: ""
projectNamingStrategy: "standard"
markupFormatter:
plainText
clouds:
- kubernetes:
containerCapStr: "10"
defaultsProviderTemplate: ""
connectTimeout: "5"
readTimeout: "15"
jenkinsUrl: "http://jenkinsci.jenkinsci.svc.cluster.local:8080"
jenkinsTunnel: "jenkinsci-agent.jenkinsci.svc.cluster.local:50000"
maxRequestsPerHostStr: "32"
name: "kubernetes"
namespace: "jenkinsci"
serverUrl: "https://kubernetes.default"
podLabels:
- key: "jenkins/jenkinsci-jenkins-agent"
value: "true"
templates:
- name: "default"
namespace: "jenkinsci"
id: ec9481133f16b4bfc8be7ba738f0c6d698e96e979bb73abd5c6089ad5ee48fde
containers:
- name: "jnlp"
alwaysPullImage: false
args: "^${computer.jnlpmac} ^${computer.name}"
command:
envVars:
- envVar:
key: "JENKINS_URL"
value: "http://jenkinsci.jenkinsci.svc.cluster.local:8080/"
image: "jenkins/inbound-agent:4.11.2-4"
privileged: "false"
resourceLimitCpu: 512m
resourceLimitMemory: 512Mi
resourceRequestCpu: 512m
resourceRequestMemory: 512Mi
runAsUser:
runAsGroup:
ttyEnabled: false
workingDir: /home/jenkins/agent
idleMinutes: 0
instanceCap: 2147483647
label: "jenkinsci-jenkins-agent "
nodeUsageMode: "NORMAL"
podRetention: Never
showRawYaml: true
serviceAccount: "default"
slaveConnectTimeoutStr: "100"
yamlMergeStrategy: override
crumbIssuer:
standard:
excludeClientIPFromCrumb: true
security:
apiToken:
creationOfLegacyTokenEnabled: false
tokenGenerationOnCreationEnabled: false
usageStatisticsEnabled: true
unclassified:
location:
adminAddress:
url: myUrl
- /var/jenkins_home/casc_configs/jenkins-casc-config.yaml :
jenkins:
projectNamingStrategy:
roleBased:
forceExistingJobs: false
Expected Results
No merge error
Actual Results
Merge error
Anything else?
Workaround is to disable default configuration and provide only one file with correct merge
Hi @pushker001 is this the issue you planned to work on in preparation for GSoC 2023?
Yes
On Wed, 1 Feb 2023, 9:03 pm Kris Stern, @.***> wrote:
Hi @pushker001 https://github.com/pushker001 is this the issue you planned to work on in preparation for GSoC 2023?
— Reply to this email directly, view it on GitHub https://github.com/jenkinsci/configuration-as-code-plugin/issues/2185#issuecomment-1412259190, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMDMG4UFRJU6BYN7VLMU4O3WVJ64TANCNFSM6AAAAAATJXW7A4 . You are receiving this because you were mentioned.Message ID: @.***>
@pushker001 I think the best way to approach the problem would be to try and reproduce the error as described above. Then we incrementally make changes to patch the bug until the error is gone. So you can start right away. Once you have reproduced the error please ping me here.
@krisstern How I can do these reproduction steps in my gitpod can you guide me regarding this I am stuck here
Let me set up my GitPod over the weekend too so I could check on your work more closely.
However, you should start by Installing Jenkins with the following helm chart values:
controller:
additionalPlugins:
# Authorization
- role-strategy:569.v7476f8e4fe29
containerEnv:
- name: CASC_MERGE_STRATEGY
value: "override"
JCasC:
defaultConfig: true
authorizationStrategy: |-
roleBased:
roles:
global:
- assignments:
- "guillaume_lecroc"
name: "admin"
pattern: ".*"
permissions:
- "Overall/Administer"
configScripts:
jenkins-casc-config: |-
jenkins:
projectNamingStrategy:
roleBased:
forceExistingJobs: false
And supposedly two configuration files will be created as follows:
- /var/jenkins_home/casc_configs/jcasc-default-config.yaml:
jenkins:
authorizationStrategy:
roleBased:
roles:
global:
- assignments:
- "guillaume_lecroc"
name: "admin"
pattern: ".*"
permissions:
- "Overall/Administer"
securityRealm:
# I omit IOC configuration
disableRememberMe: false
mode: NORMAL
numExecutors: 0
labelString: ""
projectNamingStrategy: "standard"
markupFormatter:
plainText
clouds:
- kubernetes:
containerCapStr: "10"
defaultsProviderTemplate: ""
connectTimeout: "5"
readTimeout: "15"
jenkinsUrl: "http://jenkinsci.jenkinsci.svc.cluster.local:8080"
jenkinsTunnel: "jenkinsci-agent.jenkinsci.svc.cluster.local:50000"
maxRequestsPerHostStr: "32"
name: "kubernetes"
namespace: "jenkinsci"
serverUrl: "https://kubernetes.default"
podLabels:
- key: "jenkins/jenkinsci-jenkins-agent"
value: "true"
templates:
- name: "default"
namespace: "jenkinsci"
id: ec9481133f16b4bfc8be7ba738f0c6d698e96e979bb73abd5c6089ad5ee48fde
containers:
- name: "jnlp"
alwaysPullImage: false
args: "^${computer.jnlpmac} ^${computer.name}"
command:
envVars:
- envVar:
key: "JENKINS_URL"
value: "http://jenkinsci.jenkinsci.svc.cluster.local:8080/"
image: "jenkins/inbound-agent:4.11.2-4"
privileged: "false"
resourceLimitCpu: 512m
resourceLimitMemory: 512Mi
resourceRequestCpu: 512m
resourceRequestMemory: 512Mi
runAsUser:
runAsGroup:
ttyEnabled: false
workingDir: /home/jenkins/agent
idleMinutes: 0
instanceCap: 2147483647
label: "jenkinsci-jenkins-agent "
nodeUsageMode: "NORMAL"
podRetention: Never
showRawYaml: true
serviceAccount: "default"
slaveConnectTimeoutStr: "100"
yamlMergeStrategy: override
crumbIssuer:
standard:
excludeClientIPFromCrumb: true
security:
apiToken:
creationOfLegacyTokenEnabled: false
tokenGenerationOnCreationEnabled: false
usageStatisticsEnabled: true
unclassified:
location:
adminAddress:
url: myUrl
- /var/jenkins_home/casc_configs/jenkins-casc-config.yaml:
jenkins:
projectNamingStrategy:
roleBased:
forceExistingJobs: false
Hey, @krisstern I am trying to install Jenkins using the helm chart values I have created a values.yml file in which I have put the above value I am trying to install Jenkins using the command helm install my-jenkins jenkinsci/jenkins -f values.yaml but the installation failed. can you help me regarding this
See I have done the following things on my gitpod I have installed Helm Check the version of the helm Added the Jenkins Helm repository to my local Helm repository list Updated my local Helm repository list to ensure that I have the latest Jenkins chart Created values.yaml file in which I put the helm chart value you have been provided After that, I am trying to install Jenkins by running the following command
helm install my-jenkins jenkinsci/jenkins -f values.yaml
specifying the values file I have created but it showing this error
#Error: INSTALLATION FAILED: Kubernetes cluster unreachable: Get "http://localhost:8080/version": dial tcp [::1]:8080: connect: connection refused
Hi @pushker001 I think for a GitPod environment you will need to take extra steps like they describe here: https://www.gitpod.io/docs/configure/self-hosted/helm-deprecated/installation/on-kubernetes. Supposedly according to the post https://jimmyb.ninja/post/1607033505, you can have the following at the bottom of the values.yaml file:
docker-registry:
enabled: false
minio:
enabled: false
mysql:
enabled: false
So do check out the two posts with links provided here to see if you are missing any config. I will try to see if I can get everything running with GitPod meanwhile.
I think I can reproduce the warning mentioned previously:
But I kind of cheated cause I just ran
mvn hpi:run
from within Gitpod because I don't think we need to use Kubernetes / Docker for tackling this issue necessarily. Also, I used SSH to bridge between my localhost:8080 with that of the one on Gitpod.
Then, what exactly do we need to do to resolve the Kubernetes issue that I have told you about previously
Hi @pushker001 Have you tried port forwarding?: https://www.gitpod.io/docs/configure/workspaces/ports#port-forwarding
Hey, @krisstern I am trying to install Jenkins using the helm chart values I have created a values.yml file in which I have put the above value I am trying to install Jenkins using the command helm install my-jenkins jenkinsci/jenkins -f values.yaml but the installation failed. can you help me regarding this
BTW @pushker001 You cannot simply copy and paste the values given, since you will need to customise for your own setup.
I have a feeling we don't really need to test via a Helm setup, but will need to simulate the situation by equivalent configurations for JCasC.
Have you tried port forwarding?
Yes I am doing it on gitpod I using an access token to connect with ssh Here this is showing in my terminal
$ ssh 'pushker001-configuratio-th8pm80z7cq#uLR5NZoqm1QpMR4SisKz.teYY4Br5FiE@pushker001-configuratio-th8pm80z7cq.ssh.ws-us86.gitpod.io'
Welcome to Gitpod: Always ready to code. Try the following commands to get started:
gp tasks list List all your defined tasks in .gitpod.yml
gp tasks attach Attach your terminal to a workspace task
gp ports list Lists workspace ports and their states
gp stop Stop current workspace
gp help To learn about the gp CLI commands
Have you tried exposing the port using something like the following?:
gp ports expose 8080
And since your linux instance is likely Ubuntu, try opening the firewall port like the below:
sudo ufw allow 8080/tcp
More relevant documentation can be found at https://www.ibm.com/docs/es/spectrum-scale/5.1.0?topic=firewall-examples-how-open-ports.
Yes I have tried exposing the port it showing me this
gp ports expose 8080
Forwarding traffic: 0.0.0.0:8081 -> 127.0.0.1:8080
2023/02/14 17:32:25 tcpproxy: for incoming conn 192.168.19.8:39538, error dialing "127.0.0.1:8080": dial tcp 127.0.0.1:8080: connect: connection refused
2023/02/14 17:32:31 tcpproxy: for incoming conn 192.168.19.8:39546, error dialing "127.0.0.1:8080": dial tcp 127.0.0.1:8080: connect: connection refused
See this https://8081-pushker001-configuratio-smqa7qdurwo.ws-us86.gitpod.io
Hi @pushker001,
As I am not on the same machine as yours, I cannot view what you saw https://8081-pushker001-configuratio-smqa7qdurwo.ws-us86.gitpod.io/.
Have you tried running the command mvn hpi:run in the terminal at the root of the configuration-as-code-plugin repo on Gitpod and see if anything shows up on port 8080? That worked for me.
So you want that first I do exposing the port through commad
gp ports expose 8080
Then I have to run mvn hpi: run command in the terminal?? Is that right?
Hi @pushker001!
Let's try running mvn hpi:run first, if need be then expose the port.
after running the above command it is showing this in the terminal
[WARNING] The POM for org.jenkins-ci.tools:maven-hpi-plugin:jar:3.32 is missing, no dependency information available
Downloading from incrementals: https://repo.jenkins-ci.org/incrementals/org/jenkins-ci/tools/maven-hpi-plugin/3.32/maven-hpi-plugin-3.32.jar
[WARNING] Failed to build parent project for io.jenkins.configuration-as-code:parent:pom:999999-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Configuration as Code Parent [pom]
[INFO] Configuration as Code Plugin [hpi]
[INFO] Configuration as Code Test harness [jar]
[INFO] Configuration as Code Integration tests [jar]
also, see this after running the above command port 8080 is opened https://8080-pushker001-configuratio-smqa7qdurwo.ws-us87.gitpod.io/
Good to know @pushker001 So did it work as expected? If so, we could start reproducing the error using the new configurations, but we will need to customise the values for our settings.
I think if you navigate to either http://127.0.0.1:8080/jenkins/ on a local browser or https://8080-pushker001-configuratio-smqa7qdurwo.ws-us87.gitpod.io/jenkins/ you will able to see what you expected.
after running the bash mvn hpi:run command I don't need to expose the port what do next?
If you see the following page showing up at either http://127.0.0.1:8080/jenkins/ or something similar to https://8080-pushker001-configuratio-smqa7qdurwo.ws-us87.gitpod.io/jenkins/ you are then good to go:
But if you see the following instead you should just click on the "Context Path" and be redirected to the above interface:
After that we will be all set to try and reproduce the issues reported in the description above, which is to configure the role-strategy plugin in the manner specified. To do this we will need to be able to know how to modify the configurations similarly using the web interface. Note that we can get close to the problem but not entire reproduce it because of the limitiations of Gitpod within our current knowledge of it. Please note the below:
To quote Mark's words:
(We can then...) define the configuration interactively from within the Jenkins administration pages, then use the "View configuration" button in the configuration as code page to show how the current configuration would be represented
Hey @krisstern I am trying to configure the role strategy plugin in the manner that is specified but clicking on "Configure Global Security" it is showing me error see this http://localhost:8080/jenkins/configureSecurity/
HI @pushker001 I cannot see what can only be seen locally at http://localhost:8080/jenkins/configureSecurity/. Could you copy and paste the relevant stack trace or take a screenshot of the error for us to see?
