[JIRA] (JENKINS-56774) Support Configuration as Code

28 views
Skip to first unread message

jnz@topdanmark.dk (JIRA)

unread,
Mar 27, 2019, 5:56:02 AM3/27/19
to jenkinsc...@googlegroups.com
Jon Brohauge created an issue
 
Jenkins / Improvement JENKINS-56774
Support Configuration as Code
Issue Type: Improvement Improvement
Assignee: Unassigned
Components: authorize-project-plugin
Created: 2019-03-27 09:55
Labels: configuration-as-code
Priority: Minor Minor
Reporter: Jon Brohauge

This plugin should support setting properties via JCasC, i.e. Configuration-as-Code plugin.
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

jnz@topdanmark.dk (JIRA)

unread,
Mar 27, 2019, 5:59:01 AM3/27/19
to jenkinsc...@googlegroups.com
Jon Brohauge updated an issue
Change By: Jon Brohauge
Labels: configuration jcasc - as-code compatibility

carel.combrink@gmail.com (JIRA)

unread,
Apr 3, 2019, 3:45:03 AM4/3/19
to jenkinsc...@googlegroups.com
Carel Combrink commented on Improvement JENKINS-56774
 
Re: Support Configuration as Code

Allan BURDAJEWICZ Is this something that can perhaps be looked at?

victor.salaun@gmail.com (JIRA)

unread,
Apr 30, 2019, 9:51:02 AM4/30/19
to jenkinsc...@googlegroups.com

Hello,

it is already possible to configure the plugin using jcasc, for example like this:

    security: 
      queueItemAuthenticator: 
        authenticators: 
        - global: 
            strategy: 
              specificUsersAuthorizationStrategy: 
                userid: service-user

 

jnz@topdanmark.dk (JIRA)

unread,
May 1, 2019, 6:42:04 AM5/1/19
to jenkinsc...@googlegroups.com

Jenkins works when using this configuration:

---
security:
  queueItemAuthenticator:
    authenticators:
      - global:
          strategy:
            systemAuthorizationStrategy

Using the exporting the jenkins.yaml, I get an exception:

security:
  queueItemAuthenticator:
    authenticators:
    - global:
        strategy: "FAILED TO EXPORT org.jenkinsci.plugins.authorizeproject.GlobalQueueItemAuthenticator#strategy:\
          \ \njava.lang.NullPointerException\n\tat io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$describe$4(HeteroDescribableConfigurator.java:99)\n\
          \tat io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$describe$6(HeteroDescribableConfigurator.java:103)\n\
          \tat io.vavr.control.Option.map(Option.java:373)\n\tat io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.describe(HeteroDescribableConfigurator.java:102)\n\
          \tat io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.describe(HeteroDescribableConfigurator.java:50)\n\
          \tat io.jenkins.plugins.casc.Attribute.describe(Attribute.java:195)\n\t\
          at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.describe(DataBoundConfigurator.java:255)\n\
          \tat io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$convertToNode$de0cd4f8$1(HeteroDescribableConfigurator.java:230)\n\
          \tat io.vavr.CheckedFunction0.lambda$unchecked$52349c75$1(CheckedFunction0.java:201)\n\
          \tat io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.convertToNode(HeteroDescribableConfigurator.java:230)\n\
          \tat io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$describe$5(HeteroDescribableConfigurator.java:101)\n\
          \tat io.vavr.control.Option.map(Option.java:373)\n\tat io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.describe(HeteroDescribableConfigurator.java:101)\n\
          \tat io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.describe(HeteroDescribableConfigurator.java:50)\n\
          \tat io.jenkins.plugins.casc.Attribute.describe(Attribute.java:191)\n\t\
          at io.jenkins.plugins.casc.Configurator.describe(Configurator.java:162)\n\
          \tat io.jenkins.plugins.casc.impl.configurators.GlobalConfigurationCategoryConfigurator.describe(GlobalConfigurationCategoryConfigurator.java:107)\n\
          \tat io.jenkins.plugins.casc.impl.configurators.GlobalConfigurationCategoryConfigurator.lambda$describe$5(GlobalConfigurationCategoryConfigurator.java:100)\n\
          \tat java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:184)\n\
          \tat java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:175)\n\
          \tat java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:175)\n\
          \tat java.util.Iterator.forEachRemaining(Iterator.java:116)\n\tat java.util.Spliterators$IteratorSpliterator.forEachRemaining(Spliterators.java:1801)\n\
          \tat java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:482)\n\
          \tat java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:472)\n\
          \tat java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:151)\n\
          \tat java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:174)\n\
          \tat java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)\n\
          \tat java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:418)\n\
          \tat io.jenkins.plugins.casc.impl.configurators.GlobalConfigurationCategoryConfigurator.describe(GlobalConfigurationCategoryConfigurator.java:100)\n\
          \tat io.jenkins.plugins.casc.impl.configurators.GlobalConfigurationCategoryConfigurator.describe(GlobalConfigurationCategoryConfigurator.java:31)\n\
          \tat io.jenkins.plugins.casc.ConfigurationAsCode.export(ConfigurationAsCode.java:403)\n\
          \tat io.jenkins.plugins.casc.ConfigurationAsCode.doExport(ConfigurationAsCode.java:393)\n\
          \tat java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)\n\
          \tat org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396)\n\
          \tat org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408)\n\
          \tat org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:77)\n\
          \tat org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26)\n\
          \tat org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212)\n\tat\
          \ org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145)\n\
          \tat org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:537)\n\t\
          at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)\n\
          \tat org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739)\n\tat org.kohsuke.stapler.Stapler.invoke(Stapler.java:870)\n\
          \tat org.kohsuke.stapler.MetaClass$9.dispatch(MetaClass.java:458)\n\tat\
          \ org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739)\n\tat org.kohsuke.stapler.Stapler.invoke(Stapler.java:870)\n\
          \tat org.kohsuke.stapler.Stapler.invoke(Stapler.java:668)\n\tat org.kohsuke.stapler.Stapler.service(Stapler.java:238)\n\
          \tat javax.servlet.http.HttpServlet.service(HttpServlet.java:790)\n\tat\
          \ org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:873)\n\
          \tat org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1623)\n\
          \tat hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)\n\
          \tat org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:243)\n\
          \tat hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)\n\
          \tat io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134)\n\
          \tat hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)\n\
          \tat io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:61)\n\
          \tat hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)\n\
          \tat com.smartcodeltd.jenkinsci.plugin.assetbundler.filters.LessCSS.doFilter(LessCSS.java:47)\n\
          \tat hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)\n\
          \tat jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:128)\n\
          \tat hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)\n\
          \tat hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157)\n\
          \tat org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)\n\
          \tat hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:99)\n\t\
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)\n\
          \tat hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)\n\
          \tat hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)\n\
          \tat hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)\n\
          \tat jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)\n\
          \tat hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)\n\
          \tat org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)\n\
          \tat hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)\n\
          \tat org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)\n\
          \tat hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)\n\
          \tat org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)\n\
          \tat hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)\n\
          \tat jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)\n\
          \tat hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)\n\
          \tat org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)\n\
          \tat hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)\n\
          \tat hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)\n\
          \tat hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90)\n\
          \tat hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)\n\tat\
          \ org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)\n\
          \tat org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)\n\
          \tat org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)\n\
          \tat hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)\n\
          \tat org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)\n\
          \tat org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)\n\
          \tat org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)\n\
          \tat org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:540)\n\
          \tat org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146)\n\
          \tat org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)\n\
          \tat org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)\n\
          \tat org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257)\n\
          \tat org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1701)\n\
          \tat org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)\n\
          \tat org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1345)\n\
          \tat org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)\n\
          \tat org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:480)\n\
          \tat org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1668)\n\
          \tat org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)\n\
          \tat org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1247)\n\
          \tat org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)\n\
          \tat org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)\n\
          \tat org.eclipse.jetty.server.Server.handle(Server.java:502)\n\tat org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370)\n\
          \tat org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267)\n\
          \tat org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305)\n\
          \tat org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)\n\
          \tat org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)\n\
          \tat org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)\n\
          \tat org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)\n\
          \tat org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)\n\
          \tat org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)\n\
          \tat org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366)\n\
          \tat org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765)\n\
          \tat org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683)\n\
          \tat java.lang.Thread.run(Thread.java:748)\n"

victor.salaun@gmail.com (JIRA)

unread,
May 1, 2019, 8:26:02 AM5/1/19
to jenkinsc...@googlegroups.com

Hello Jon Brohauge,

Near the jcasc export button, you should have this message `Export is not intended to offer a directly usable jenkins.yaml configuration. It can be used for inspiration writing your own, be aware export can be partial, or fail for some components.`.

Based on this message and like you said jenkins works with the configuration, everything is working as expected.

jnz@topdanmark.dk (JIRA)

unread,
May 3, 2019, 1:42:02 AM5/3/19
to jenkinsc...@googlegroups.com

It works, yes. Still would be nice if it was 100% compatible, i.e. the plugin works during the export.

chinzhiqiang@gmail.com (JIRA)

unread,
Jun 16, 2019, 10:51:03 PM6/16/19
to jenkinsc...@googlegroups.com

It does not work if we use the following:
 

security: queueItemAuthenticator: authenticators: - project: strategy: anonymousAuthorizationStrategy

 

chinzhiqiang@gmail.com (JIRA)

unread,
Jun 16, 2019, 10:52:02 PM6/16/19
to jenkinsc...@googlegroups.com
Zhi Qiang Chin edited a comment on Improvement JENKINS-56774
It does not work if we use the following:
 
{code :java }
security: queueItemAuthenticator:
authenticators:
- project:
strategy: anonymousAuthorizationStrategy{code}
 
Errors was:
{code:java}
hudson.util.HudsonFailedToLoad: org.jvnet.hudson.reactor.ReactorException: java.lang.Error: java.lang.reflect.InvocationTargetException
at hudson.WebAppMain$3.run(WebAppMain.java:250)
Caused by: org.jvnet.hudson.reactor.ReactorException: java.lang.Error: java.lang.reflect.InvocationTargetException
at org.jvnet.hudson.reactor.Reactor.execute(Reactor.java:282)
at jenkins.InitReactorRunner.run(InitReactorRunner.java:48)
at jenkins.model.Jenkins.executeReactor(Jenkins.java:1125)
at jenkins.model.Jenkins.<init>(Jenkins.java:932)
at hudson.model.Hudson.<init>(Hudson.java:85)
at hudson.model.Hudson.<init>(Hudson.java:81)
at hudson.WebAppMain$3.run(WebAppMain.java:233)
Caused by: java.lang.Error: java.lang.reflect.InvocationTargetException
at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:110)
at hudson.init.TaskMethodFinder$TaskImpl.run(TaskMethodFinder.java:175)
at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:296)
at jenkins.model.Jenkins$5.runTask(Jenkins.java:1091)
at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:214)
at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:117)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:104)
... 8 more
Caused by: java.lang.IllegalStateException: No configurator implementation to manage class org.jenkinsci.plugins.authorizeproject.ProjectQueueItemAuthenticator
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$forceLookupConfigurator$8(HeteroDescribableConfigurator.java:133)
at io.vavr.control.Option.getOrElseThrow(Option.java:332)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.forceLookupConfigurator(HeteroDescribableConfigurator.java:133)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$null$1(HeteroDescribableConfigurator.java:81)
at io.vavr.control.Option.map(Option.java:373)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$configure$3(HeteroDescribableConfigurator.java:81)
at io.vavr.Tuple2.apply(Tuple2.java:239)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.configure(HeteroDescribableConfigurator.java:79)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.check(HeteroDescribableConfigurator.java:88)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.check(HeteroDescribableConfigurator.java:51)
at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:345)
at io.jenkins.plugins.casc.BaseConfigurator.check(BaseConfigurator.java:288)
at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:353)
at io.jenkins.plugins.casc.BaseConfigurator.check(BaseConfigurator.java:288)
at io.jenkins.plugins.casc.ConfigurationAsCode.lambda$checkWith$6(ConfigurationAsCode.java:666)
at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:628)
at io.jenkins.plugins.casc.ConfigurationAsCode.checkWith(ConfigurationAsCode.java:666)
at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:650)
at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:549)
at io.jenkins.plugins.casc.ConfigurationAsCode.configure(ConfigurationAsCode.java:277)
at io.jenkins.plugins.casc.ConfigurationAsCode.init(ConfigurationAsCode.java:269)
... 13 more
{code}

chinzhiqiang@gmail.com (JIRA)

unread,
Jun 16, 2019, 10:52:04 PM6/16/19
to jenkinsc...@googlegroups.com

adrien.ribette+jenkins@gmail.com (JIRA)

unread,
Jul 15, 2019, 7:32:03 AM7/15/19
to jenkinsc...@googlegroups.com
Adrien Ribette assigned an issue to Adrien Ribette
Change By: Adrien Ribette
Assignee: Adrien Ribette

adrien.ribette+jenkins@gmail.com (JIRA)

unread,
Jul 15, 2019, 7:33:03 AM7/15/19
to jenkinsc...@googlegroups.com
Adrien Ribette assigned an issue to Unassigned

rene.scheibe@gmail.com (JIRA)

unread,
Aug 25, 2019, 4:35:04 AM8/25/19
to jenkinsc...@googlegroups.com

I checked all the strategies for JCasC compatibility using the latest configuration-as-code-plugin v1.28 and authorize-project v1.3.0.

Results

strategy global - configure global - export project - configure project - export
AnonymousAuthorizationStrategy OK OK ERROR ERROR
SpecificUsersAuthorizationStrategy OK ERROR ERROR ERROR
SystemAuthorizationStrategy OK OK ERROR ERROR
TriggeringUsersAuthorizationStrategy OK OK ERROR ERROR

Configuration

AnonymousAuthorizationStrategy

---
security:
  queueItemAuthenticator:
    authenticators:
    - global:
        strategy: "anonymousAuthorizationStrategy"

SpecificUsersAuthorizationStrategy

---
security:
  queueItemAuthenticator:
    authenticators:
    - global:
        strategy: 
          specificUsersAuthorizationStrategy: 
            userid: "some-user"
            dontRestrictJobConfiguration: true

SystemAuthorizationStrategy

---
security:
  queueItemAuthenticator:
    authenticators:
    - global:
        strategy: "systemAuthorizationStrategy"

TriggeringUsersAuthorizationStrategy

---
security:
  queueItemAuthenticator:
    authenticators:
    - global:
        strategy: "triggeringUsersAuthorizationStrategy"

Issues

1) When exporting the configuration in case SpecificUsersAuthorizationStrategy is configured, the below exception is thrown.

security:
  queueItemAuthenticator:
    authenticators:
    - global:
        strategy: |-
          FAILED TO EXPORT
          org.jenkinsci.plugins.authorizeproject.GlobalQueueItemAuthenticator#strategy: io.jenkins.plugins.casc.ConfiguratorException: Can't read attribute 'useApitoken' from org.jenkinsci.plugins.authorizeproject.strategy.SpecificUsersAuthorizationStrategy@1127ad4c
            at io.jenkins.plugins.casc.Attribute._getValue(Attribute.java:392)
            at io.jenkins.plugins.casc.Attribute.getValue(Attribute.java:214)
            at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.describe(DataBoundConfigurator.java:283)
            ...

That's because the constructor of SpecificUsersAuthorizationStrategy contains 3 parameters (useApitoken, apitoken, password) that are not used as fields in the class. Therefore JCasC cannot find them.

I had a look at the git history. It shows that readResolve() and newInstance() have already been used in the past to perform some checks.
After seeing the details/fixed issues in the git history, it's not clear to me where to move this check (which requires these 3 values from the web request).

2) Configuring & exporting the configuration for "project-level" strategies does not work at all.

That's because:
a) The constructor of ProjectQueueItemAuthenticator has no @DataBoundConstructor annotation.
b) The field strategyEnabledMap is a Map which is not supported by JCasC.

After adding the @DataBoundConstructor annotation, when trying to somehow configure the strategies, the below exception is thrown.

Cannot find configurator for type java.util.Map<java.lang.String, java.lang.Boolean>

io.jenkins.plugins.casc.ConfiguratorException: Cannot find configurator for type java.util.Map<java.lang.String, java.lang.Boolean>
	at io.jenkins.plugins.casc.impl.DefaultConfiguratorRegistry$1.load(DefaultConfiguratorRegistry.java:96)
	at io.jenkins.plugins.casc.impl.DefaultConfiguratorRegistry$1.load(DefaultConfiguratorRegistry.java:92)
	...

 

ikedam / Joseph Petersen / Tim Jacomb do you have suggestions how to resolve these issues?

josephp90@gmail.com (JIRA)

unread,
Aug 25, 2019, 8:29:03 AM8/25/19
to jenkinsc...@googlegroups.com

If the values aren't mandatory, you should be able to change the constructor to have zero parameters and use databoundsetters.
All fields should have getters that match the constructor parameter naming and private fields naming.
Hence it is good practice to use the same naming for constructor parameter and private fields.
Looking at you Artifactory plugin :laughing:

devld@ikedam.jp (JIRA)

unread,
Aug 27, 2019, 4:31:02 AM8/27/19
to jenkinsc...@googlegroups.com
ikedam commented on Improvement JENKINS-56774

Authorize-project and especially SpecificUserAuthorizationStrategy expects configuration via UI to check the configurator has appropriate permissions.

That issue can be fixed by updating constructor parameters, but I’m afraid it might cause a path bypassing permission checks.
I’m not so sure, and also I don’t know much about JCaC, but I suppose this extension costs much not for the extension itself, but for checking whether the extension don’t affect existing security mechanisms.

I’ve just posted a topic on jenkinsci-dev, and please also have a look on that.

josephp90@gmail.com (JIRA)

unread,
Aug 27, 2019, 7:55:02 AM8/27/19
to jenkinsc...@googlegroups.com

ikedam JCasC is no different... JCasC is relying on standard Java bean expectations.

rene.scheibe@gmail.com (JIRA)

unread,
Aug 27, 2019, 6:20:03 PM8/27/19
to jenkinsc...@googlegroups.com

Joseph Petersen can you provide more details on how usage of the variable Map<String, Boolean> strategyEnabledMap here could be changed to be JCasC compliant in a backward compatible way?

josephp90@gmail.com (JIRA)

unread,
Aug 27, 2019, 8:00:02 PM8/27/19
to jenkinsc...@googlegroups.com

We currently do not support map.

The suggestion is to use a list of objects with data binding

josephp90@gmail.com (JIRA)

unread,
Aug 27, 2019, 8:03:10 PM8/27/19
to jenkinsc...@googlegroups.com

Matrix Auth and role based Auth decided to implement a Configurator and so so did credentials plugin to get around the limitations.

faucher.benp@gmail.com (JIRA)

unread,
Mar 6, 2020, 9:28:03 PM3/6/20
to jenkinsc...@googlegroups.com

+1 for wanting this fixed
This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38)
Atlassian logo
Reply all
Reply to author
Forward
0 new messages