Error when manually updating Role-Strategy, when initially configured via JCasC plugin

[spikkie]

Hi Jenkins JCasC-Plugin and Role-Strategy-Plugin teams,

following isse:

I have configured Role-Strategy using JCasC plugin see configuration and the end.

But now following error occurs when updating manually

    http://localhost/jenkins/role-strategy/assign-roles

   User/group to add -> newuser -> save

When I add a new user manually I will get following error:

   

Stack trace

java.lang.UnsupportedOperationException
    at java.util.Collections$UnmodifiableCollection.clear(Collections.java:1074)
    at com.michelin.cio.hudson.plugins.rolestrategy.RoleMap.clearSidsForRole(RoleMap.java:208)
    at com.michelin.cio.hudson.plugins.rolestrategy.RoleMap.clearSids(RoleMap.java:248)
    at com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy$DescriptorImpl.doAssignSubmit(RoleBasedAuthorizationStrategy.java:696)
    at com.michelin.cio.hudson.plugins.rolestrategy.RoleStrategyConfig.doAssignSubmit(RoleStrategyConfig.java:165)
    at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
    at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343)
    at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:77)
    at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26)
    at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184)
    at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117)
    at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:129)
    at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:734)
Caused: javax.servlet.ServletException
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:784)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:864)
    at org.kohsuke.stapler.MetaClass$10.dispatch(MetaClass.java:374)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:734)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:864)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:668)
    at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:865)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
    at com.smartcodeltd.jenkinsci.plugin.assetbundler.filters.LessCSS.doFilter(LessCSS.java:47)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
    at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:59)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
    at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
    at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:99)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
    at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
    at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90)
    at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
    at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
    at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
    at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146)
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257)
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1317)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1219)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
    at org.eclipse.jetty.server.Server.handle(Server.java:531)
    at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:352)
    at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260)
    at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:281)
    at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102)
    at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118)
    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)
    at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366)
    at winstone.BoundedExecutorService.lambda$scheduleNext$0(BoundedExecutorService.java:80)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:748)

Found a similar reported issue here

https://github.com/jenkinsci/configuration-as-code-plugin/issues/504

but that info did not give me any clue

Can you please help me analyse this.

Thanx!!!

My Configuration

Jenkins Version 2.138.1

plugin versions

configuration-as-code    1.3
configuration-as-code-support    1.3

role-strategy    2.9.0

JCasC configuration: jenkins.yaml in JENKINS_HOME

configuration-as-code:
  version: "1"
  deprecated: warn
  restricted: warn
  unknown: warn
jenkins:

   version: "1"
   deprecated: warn
   restricted: warn
   unknown: warn

  authorizationStrategy:
    roleBased:
      roles:
        global:
          - name: "admin"
            description: "Jenkins Administrators"
            permissions:
              - "Overall/Administer"
              - "Overall/Read"
              - "Credentials/Create"
              - "Credentials/Delete"
              - "Credentials/ManageDomains"
              - "Credentials/Update"
              - "Credentials/View"
              - "Build Failure Analyzer/RemoveCause"
              - "Build Failure Analyzer/UpdateCauses"
              - "Build Failure Analyzer/ViewCauses"
              - "Agent/Build"
              - "Agent/Configure"
              - "Agent/Connect"
              - "Agent/Create"
              - "Agent/Delete"
              - "Agent/Disconnect"
              - "Agent/Provision"
              - "Job/Build"
              - "Job/Cancel"
              - "Job/Configure"
              - "Job/Create"
              - "Job/Delete"
              - "Job/Discover"
              - "Job/Move"
              - "Job/Read"
              - "Job/Workspace"
              - "Run/Delete"
              - "Run/Replay"
              - "Run/Update"
              - "View/Configure"
              - "View/Create"
              - "View/Delete"
              - "View/Read"
            assignments:
              - "admin"

              - "bas"
          - name: "jenkinsAdmin"
            description: "Jenkins Administrators"
            permissions:
              - "Overall/Administer"
              - "Overall/Read"
              - "Credentials/Create"
              - "Credentials/Delete"
              - "Credentials/ManageDomains"
              - "Credentials/Update"
              - "Credentials/View"
              - "Build Failure Analyzer/RemoveCause"
              - "Build Failure Analyzer/UpdateCauses"
              - "Build Failure Analyzer/ViewCauses"
              - "Agent/Build"
              - "Agent/Configure"
              - "Agent/Connect"
              - "Agent/Create"
              - "Agent/Delete"
              - "Agent/Disconnect"
              - "Job/Build"
              - "Job/Cancel"
              - "Job/Configure"
              - "Job/Create"
              - "Job/Delete"
              - "Job/Discover"
              - "Job/Move"
              - "Job/Read"
              - "Job/Workspace"
              - "Run/Delete"
              - "Run/Update"
              - "View/Configure"
              - "View/Create"
              - "View/Delete"
              - "View/Read"
            assignments:
              - "admin"
          - name: "projectAdmin"
            description: "Jenkins Project Administrators"
            permissions:
              - "Overall/Read"
              - "Credentials/Create"
              - "Credentials/Delete"
              - "Credentials/ManageDomains"
              - "Credentials/Update"
              - "Credentials/View"
              - "Build Failure Analyzer/RemoveCause"
              - "Build Failure Analyzer/UpdateCauses"
              - "Build Failure Analyzer/ViewCauses"
              - "Job/Build"
              - "Job/Discover"
              - "Job/Read"
              - "View/Configure"
              - "View/Create"
              - "View/Delete"
              - "View/Read"
            assignments:
              - "admin"
          - name: "projectUser"
            description: "Jenkins Project User"
            permissions:
              - "Overall/Read"
              - "Build Failure Analyzer/UpdateCauses"
              - "Build Failure Analyzer/ViewCauses"
              - "Job/Build"
              - "Job/Discover"
              - "Job/Read"
              - "View/Read"
            assignments:
              - "admin"
          - name: "projectViewer"
            description: "Jenkins Project Viewer"
            permissions:
              - "Overall/Read"
              - "Build Failure Analyzer/ViewCauses"
              - "Job/Discover"
              - "Job/Read"
              - "View/Read"
            assignments:
              - "admin"
          - name: "projectWorkspace"
            description: "Jenkins Project Workspace"
            permissions:
              - "Job/Workspace"
            assignments:
              - "admin"
          - name: "anon"
            description: "Anonymous users"
            assignments:
              - "anonymous"

[spikkie]

Hi Jenkins JCasC-Plugin and Role-Strategy-Plugin teams,

I found a work around for this issue. :-)

Initially when Jenkins has started I go to "role-strategy/manage-roles"

http://localhost/role-strategy/manage-roles

and then just click "Save" button

After this "save" I can make changes to http://localhost/role-strategy/assign-roles without errors

Now I'm trying to find out how to make a groovy script to implement this workaround

I tried the following code but that didn't work

      def currentAuthenticationStrategy = Jenkins.instance.getAuthorizationStrategy()
      Jenkins.instance.setAuthorizationStrategy(currentAuthenticationStrategy)
      Jenkins.instance.save()

I hope you can support me here.

thanx

kind regards,

Bas

[Oleg Nenashev]

Could you please create a Jenkins JIRA issue for that?

https://wiki.jenkins.io/display/JENKINS/How+to+report+an+issue

[spikkie]

hi,

I created folloing issue

https://issues.jenkins-ci.org/browse/JENKINS-55394

Error when manually updating Role-Strategy, when initially configured via JCasC plugin

kind regards,

Bas