hashicorp-vault-plugin icon indicating copy to clipboard operation
hashicorp-vault-plugin copied to clipboard

Published 20 hours ago verified publisher icon jenkinsci

Upgrading to the lastest plugin (364.vf5d54b_3dc313) breaks any Org or pipeline that uses with Vault.

Open ScottWatsonWork opened this issue 4 months ago • 3 comments

Jenkins and plugins versions report

Environment 
Jenkins: 2.401.1
OS: Linux - 5.15.0-1051-azure
Java: 11.0.19 - Eclipse Adoptium (OpenJDK 64-Bit Server VM)
---
ace-editor:1.1
ant:487.vd79d090d4ea_e
antisamy-markup-formatter:159.v25b_c67cd35fb_
apache-httpcomponents-client-4-api:4.5.14-150.v7a_b_9d17134a_5
authentication-tokens:1.53.v1c90fd9191a_b_
authorize-project:1.7.0
azure-commons:1.1.3
azure-credentials:254.v64da_8176c83a
azure-keyvault:200.v115e9b_1644d5
azure-sdk:132.v62b_48eb_6f32f
blueocean:1.27.4
blueocean-autofavorite:1.2.5
blueocean-bitbucket-pipeline:1.27.4
blueocean-commons:1.27.4
blueocean-config:1.27.4
blueocean-core-js:1.27.4
blueocean-dashboard:1.27.4
blueocean-display-url:2.4.2
blueocean-events:1.27.4
blueocean-executor-info:1.27.4
blueocean-git-pipeline:1.27.4
blueocean-github-pipeline:1.27.4
blueocean-i18n:1.27.4
blueocean-jira:1.27.4
blueocean-jwt:1.27.4
blueocean-personalization:1.27.4
blueocean-pipeline-api-impl:1.27.4
blueocean-pipeline-editor:1.27.4
blueocean-pipeline-scm-api:1.27.4
blueocean-rest:1.27.4
blueocean-rest-impl:1.27.4
blueocean-web:1.27.4
bootstrap4-api:4.6.0-6
bootstrap5-api:5.3.0-1
bouncycastle-api:2.28
branch-api:2.1109.vdf225489a_16d
build-history-manager:1.7.0
build-history-metrics-plugin:112.v476124de7dfc
build-timeout:1.31
caffeine-api:3.1.6-115.vb_8b_b_328e59d8
checks-api:2.0.0
cloudbees-bitbucket-branch-source:809.vc1d904b_30426
cloudbees-folder:6.815.v0dd5a_cb_40e0e
command-launcher:100.v2f6722292ee8
commons-lang3-api:3.12.0-36.vd97de6465d5b_
commons-text-api:1.10.0-36.vc008c8fcda_7b_
credentials:1254.vb_96f366e7b_a_d
credentials-binding:604.vb_64480b_c56ca_
data-tables-api:1.13.4-3
display-url-api:2.3.7
docker-commons:419.v8e3cd84ef49c
docker-workflow:563.vd5d2e5c4007f
durable-task:507.v050055d0cb_dd
echarts-api:5.4.0-5
email-ext:2.99
favorite:2.4.2
font-awesome-api:6.4.0-1
git:5.1.0
git-client:4.4.0
git-server:99.va_0826a_b_cdfa_d
github:1.37.1
github-api:1.314-431.v78d72a_3fe4c3
github-branch-source:1728.v859147241f49
github-oauth:0.39
google-container-registry-auth:0.3
google-oauth-plugin:1.0.9
gradle:2.8
handlebars:3.0.8
handy-uri-templates-2-api:2.1.8-22.v77d5b_75e6953
hashicorp-vault-pipeline:1.4
hashicorp-vault-plugin:364.vf5d54b_3dc313
htmlpublisher:1.31
instance-identity:173.va_37c494ec4e5
ionicons-api:56.v1b_1c8c49374e
jackson2-api:2.15.2-350.v0c2f3f8fc595
jakarta-activation-api:2.0.1-3
jakarta-mail-api:2.0.1-3
javax-activation-api:1.2.0-6
javax-mail-api:1.6.2-9
jaxb:2.3.8-1
jdk-tool:66.vd8fa_64ee91b_d
jenkins-design-language:1.27.4
jersey2-api:2.39.1-2
jira:3.10
jjwt-api:0.11.5-77.v646c772fddb_0
jquery-detached:1.2.1
jquery3-api:3.7.0-1
jsch:0.2.8-65.v052c39de79b_2
junit:1214.va_2f9db_3e6de0
kubernetes:3952.v88e3b_0cf300b_
kubernetes-cd:2.3.1
kubernetes-cli:1.12.0
kubernetes-client-api:6.4.1-215.v2ed17097a_8e9
kubernetes-credentials:0.10.0
kubernetes-credentials-provider:1.225.v14f9e6b_28f53
kubernetes-pipeline-devops-steps:1.6
ldap:682.v7b_544c9d1512
lockable-resources:1171.v7a_4699ec2e7e
mailer:457.v3f72cb_e015e5
matrix-auth:3.1.8
matrix-project:789.v57a_725b_63c79
mercurial:1260.vdfb_723cdcc81
metrics:4.2.18-439.v86a_20b_a_8318b_
mina-sshd-api-common:2.10.0-69.v28e3e36d18eb_
mina-sshd-api-core:2.10.0-69.v28e3e36d18eb_
momentjs:1.1.1
oauth-credentials:0.645.ve666a_c332668
okhttp-api:4.11.0-145.vcb_8de402ef81
pam-auth:1.10
pipeline-build-step:496.v2449a_9a_221f2
pipeline-github-lib:42.v0739460cda_c4
pipeline-graph-analysis:202.va_d268e64deb_3
pipeline-groovy-lib:656.va_a_ceeb_6ffb_f7
pipeline-input-step:468.va_5db_051498a_4
pipeline-milestone-step:111.v449306f708b_7
pipeline-model-api:2.2141.v5402e818a_779
pipeline-model-definition:2.2141.v5402e818a_779
pipeline-model-extensions:2.2141.v5402e818a_779
pipeline-rest-api:2.33
pipeline-stage-step:305.ve96d0205c1c6
pipeline-stage-tags-metadata:2.2141.v5402e818a_779
pipeline-stage-view:2.33
plain-credentials:143.v1b_df8b_d3b_e48
plugin-util-api:3.3.0
popper-api:1.16.1-3
popper2-api:2.11.6-2
pubsub-light:1.17
resource-disposer:0.22
scm-api:676.v886669a_199a_a_
script-security:1251.vfe552ed55f8d
simple-theme-plugin:160.vb_76454b_67900
slack:664.vc9a_90f8b_c24a_
snakeyaml-api:1.33-95.va_b_a_e3e47b_fa_4
sonar:2.15
sse-gateway:1.26
ssh-credentials:305.v8f4381501156
ssh-slaves:2.877.v365f5eb_a_b_eec
sshd:3.303.vefc7119b_ec23
structs:324.va_f5d6774f3a_d
timestamper:1.25
token-macro:359.vb_cde11682e0c
trilead-api:2.84.v72119de229b_7
variant:59.vf075fe829ccb
workflow-aggregator:596.v8c21c963d92d
workflow-api:1215.v2b_ee3e1b_dd39
workflow-basic-steps:1017.vb_45b_302f0cea_
workflow-cps:3691.v28b_14c465a_b_b_
workflow-cps-global-lib:609.vd95673f149b_b
workflow-durable-task-step:1247.v7f9dfea_b_4fd0
workflow-job:1308.v58d48a_763b_31
workflow-multibranch:756.v891d88f2cd46
workflow-scm-step:415.v434365564324
workflow-step-api:639.v6eca_cd8c04a_a_
workflow-support:839.v35e2736cfd5c
ws-cleanup:0.45

What Operating System are you using (both controller, and any agents involved in the problem)?

I am using a kubernetes cluster to host my jenkins 2.401.1-LTS. No need to run an agent as the controller is the one that is having a problem.

Reproduction steps

  1. Update Hashicorp vault plug in from 360.v0a_1c04cf807d to 364.vf5d54b_3dc313

image

Expected Results

Was expecting my jobs to work and be accessible after only updating the vault plugin.

Actual Results

Now if I click on the org or a repo with a pipeline that uses vault I get a stacktrace and cannot access that repo.

I uncovered this when I was trying to upgrade to 2.426.3. From trial and error I have narrowed down the problem to the upgrade to this plugin. So I am not sure if we have something strange in our Jenkinsfile or what but this plugin version is not happy with something.

Anything else?

I am not sure if this is expected or not but the section in my config.xml for my repo is pointing to version 3.60. I am wondering if that is why it is greyed out in the image I uploaded.

</com.datapipe.jenkins.vault.credentials.VaultAppRoleCredential> <com.datapipe.jenkins.vault.credentials.VaultAppRoleCredential plugin="[email protected]_1c04cf807d"> <id>vault_bot_sre</id> <description>https://vault.tools.copr/ui/vault/secrets?namespace=ssc%2Fcxai%2Fsre</description> <tokenExpiry> <time>1675197378315</time> <timezone>Etc/UTC</timezone> </tokenExpiry> <currentClientToken>not Important</currentClientToken> <namespace>ssc/cxai/sre</namespace> <secretId>not important</secretId> <roleId>roleID goes here </roleId> <path>approle</path> </com.datapipe.jenkins.vault.credentials.VaultAppRoleCredential>

Are you interested in contributing a fix?

No response

ScottWatsonWork avatar Feb 27 '24 19:02 ScottWatsonWork