[JIRA] (JENKINS-60091) HashiCorp Vault plugin using approle is not working since v3.0.0

9 views
Skip to first unread message

c35sys@gmail.com (JIRA)

unread,
Nov 7, 2019, 11:43:02 AM11/7/19
to jenkinsc...@googlegroups.com
Christophe Le Guern created an issue
 
Jenkins / Bug JENKINS-60091
HashiCorp Vault plugin using approle is not working since v3.0.0
Issue Type: Bug Bug
Assignee: Peter Tierno
Components: hashicorp-vault-plugin
Created: 2019-11-07 16:42
Environment: Jenkins ver. 2.190.2
Hashicorp Vault Plugin: 3.0.0
Hashicorp Vault Pipeline Plugin: 1.3
Priority: Blocker Blocker
Reporter: Christophe Le Guern

The Hashicorp Vault plugin was upgraded from 2.5.0 to 3.0.0 and pipelines don't work anymore.
We are using an approle to login to Vault.

Note: we don't have namespaces in our environment.
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)
Atlassian logo

mbrown@tradewindenergy.com (JIRA)

unread,
Nov 7, 2019, 9:05:03 PM11/7/19
to jenkinsc...@googlegroups.com

josephp90@gmail.com (JIRA)

unread,
Apr 22, 2020, 12:12:03 AM4/22/20
to jenkinsc...@googlegroups.com
Joseph Petersen assigned an issue to Joseph Petersen
 
Change By: Joseph Petersen
Assignee: Peter Tierno Joseph Petersen
This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38)
Atlassian logo

josephp90@gmail.com (JIRA)

unread,
Apr 22, 2020, 12:13:02 AM4/22/20
to jenkinsc...@googlegroups.com
Joseph Petersen resolved as Fixed
 

Fixed in v3.1.1

c35sys@gmail.com (JIRA)

unread,
May 4, 2020, 3:03:04 AM5/4/20
to jenkinsc...@googlegroups.com
Christophe Le Guern reopened an issue
 

Hello,

I tried both versions 3.4.1 and 3.1.1 without success.

Actual Jenkins version: 2.222.3

 

Here is the logs for 3.1.1 version:

 

java.lang.IllegalArgumentException: One or more variables have some issues with their values: VAULT_ENTRY
	at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.withEnvBlock(ModelInterpreter.groovy:433)
	at com.cloudbees.groovy.cps.CpsDefaultGroovyMethods.callClosureForMapEntry(CpsDefaultGroovyMethods:5226)
	at com.cloudbees.groovy.cps.CpsDefaultGroovyMethods.collect(CpsDefaultGroovyMethods:3446)
	at com.cloudbees.groovy.cps.CpsDefaultGroovyMethods.collect(CpsDefaultGroovyMethods:3463)
	at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.withEnvBlock(ModelInterpreter.groovy:429)
	at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.call(ModelInterpreter.groovy:78)
	at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.withCredentialsBlock(ModelInterpreter.groovy:481)
	at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.withCredentialsBlock(ModelInterpreter.groovy:480)
	at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.call(ModelInterpreter.groovy:77)
	at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.inDeclarativeAgent(ModelInterpreter.groovy:590)
	at org.jenkinsci.plugins.docker.workflow.declarative.DockerPipelineScript.runImage(DockerPipelineScript.groovy:58)
	at org.jenkinsci.plugins.docker.workflow.Docker$Image.inside(Docker.groovy:127)
	at ___cps.transform___(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
	at org.codehaus.groovy.reflection.CachedConstructor.invoke(CachedConstructor.java:83)
	at org.codehaus.groovy.runtime.callsite.ConstructorSite$ConstructorSiteNoUnwrapNoCoerce.callConstructor(ConstructorSite.java:105)
	at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallConstructor(CallSiteArray.java:60)
	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callConstructor(AbstractCallSite.java:235)
	at com.cloudbees.groovy.cps.sandbox.DefaultInvoker.constructorCall(DefaultInvoker.java:25)
	at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.dispatchOrArg(FunctionCallBlock.java:97)
	at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.fixArg(FunctionCallBlock.java:83)
	at sun.reflect.GeneratedMethodAccessor177.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72)
	at com.cloudbees.groovy.cps.impl.ContinuationGroup.methodCall(ContinuationGroup.java:89)
	at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.dispatchOrArg(FunctionCallBlock.java:113)
	at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.fixArg(FunctionCallBlock.java:83)
	at sun.reflect.GeneratedMethodAccessor177.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72)
	at com.cloudbees.groovy.cps.impl.LocalVariableBlock$LocalVariable.get(LocalVariableBlock.java:39)
	at com.cloudbees.groovy.cps.LValueBlock$GetAdapter.receive(LValueBlock.java:30)
	at com.cloudbees.groovy.cps.impl.LocalVariableBlock.evalLValue(LocalVariableBlock.java:28)
	at com.cloudbees.groovy.cps.LValueBlock$BlockImpl.eval(LValueBlock.java:55)
	at com.cloudbees.groovy.cps.LValueBlock.eval(LValueBlock.java:16)
	at com.cloudbees.groovy.cps.Next.step(Next.java:83)
	at com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:174)
	at com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:163)
	at org.codehaus.groovy.runtime.GroovyCategorySupport$ThreadCategoryInfo.use(GroovyCategorySupport.java:129)
	at org.codehaus.groovy.runtime.GroovyCategorySupport.use(GroovyCategorySupport.java:268)
	at com.cloudbees.groovy.cps.Continuable.run0(Continuable.java:163)
	at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.access$001(SandboxContinuable.java:18)
	at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.run0(SandboxContinuable.java:51)
	at org.jenkinsci.plugins.workflow.cps.CpsThread.runNextChunk(CpsThread.java:185)
	at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.run(CpsThreadGroup.java:400)
	at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.access$400(CpsThreadGroup.java:96)
	at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:312)
	at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:276)
	at org.jenkinsci.plugins.workflow.cps.CpsVmExecutorService$2.call(CpsVmExecutorService.java:67)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at hudson.remoting.SingleLaneExecutorService$1.run(SingleLaneExecutorService.java:131)
	at jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28)
	at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:59)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)

 

I downgraded Hashicorp Vault plugin to 2.5.0 and it's working again.

 
Change By: Christophe Le Guern
Resolution: Fixed
Status: Resolved Reopened

josephp90@gmail.com (JIRA)

unread,
May 4, 2020, 3:01:02 PM5/4/20
to jenkinsc...@googlegroups.com
Joseph Petersen commented on Bug JENKINS-60091
 
Re: HashiCorp Vault plugin using approle is not working since v3.0.0

Christophe Le Guern That does not seem like a bug with the vault plugin.

That seems like a bug with your pipeline script.

Did you read the release notes? https://github.com/jenkinsci/hashicorp-vault-plugin/releases

c35sys@gmail.com (JIRA)

unread,
May 5, 2020, 7:52:02 AM5/5/20
to jenkinsc...@googlegroups.com

Joseph Petersen thanks for checking.

I tried, without success, to disable ssl verification since this is the biggest breaking change.

For the record, here is my pipeline script:

pipeline {
    agent {
        docker {
            image 'xxx'
        }
    }
    
    environment {
        VAULT_ENTRY = vault path: 'dd/try-me', key: 'ansible', engineVersion: "1"
    }    stages {
        stage("Vault try me") {
            steps {
                ansiColor('xterm') {
                    sh '''
                        echo $VAULT_ENTRY
                        echo "test"
                    '''
                }
            }
        }
    }
    post { 
        failure {
            rocketSend emoji: ':jenkins:', rawMessage: true, message: "> :fire: [$JOB_NAME]($RUN_DISPLAY_URL) job #$BUILD_NUMBER *"+currentBuild.currentResult+"* :fire:"
        }
    }
}
Reply all
Reply to author
Forward
0 new messages