Configuration-as-code-plugin: oic-auth plugin fails to export or import

Created on 21 Aug 2019  路  15Comments  路  Source: jenkinsci/configuration-as-code-plugin

Your checklist for this issue

馃毃 Please review the guidelines for contributing to this repository.
馃挕 To better understand plugin compatibility issues, you can read more here

Plugin versions

oic-auth 1.6
configuration-as-code 1.27

Platform

Docker jenkins/jenkins:lts

Description

configuration-as-code/viewExport fails to display the oic-auth-plugin settings after manual configuration and it also fails to configure the plugin from yaml.
jira issue JENKINS-59035

jenkins:
  agentProtocols:
  - "JNLP4-connect"
  - "Ping"
  disableRememberMe: false
  markupFormatter: "plainText"
  mode: NORMAL
  myViewsTabBar: "standard"
  numExecutors: 2
  primaryView:
    all:
      name: "all"
  projectNamingStrategy: "standard"
  quietPeriod: 5
  remotingSecurity:
    enabled: false
  scmCheckoutRetryCount: 0
  securityRealm: |-
    FAILED TO EXPORT
    hudson.model.Hudson#securityRealm: io.jenkins.plugins.casc.ConfiguratorException: Can't read attribute 'automanualconfigure' from org.jenkinsci.plugins.oic.OicSecurityRealm@55ca3037
      at io.jenkins.plugins.casc.Attribute._getValue(Attribute.java:392)
      at io.jenkins.plugins.casc.Attribute.getValue(Attribute.java:214)
      at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.describe(DataBoundConfigurator.java:283)
      at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$convertToNode$de0cd4f8$1(HeteroDescribableConfigurator.java:283)
      at io.vavr.CheckedFunction0.lambda$unchecked$52349c75$1(CheckedFunction0.java:201)
      at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.convertToNode(HeteroDescribableConfigurator.java:283)
      at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$describe$5(HeteroDescribableConfigurator.java:107)
      at io.vavr.control.Option.map(Option.java:373)
      at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.describe(HeteroDescribableConfigurator.java:107)
      at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.describe(HeteroDescribableConfigurator.java:55)
      at io.jenkins.plugins.casc.Attribute._describe(Attribute.java:260)
      at io.jenkins.plugins.casc.Attribute.describe(Attribute.java:239)
      at io.jenkins.plugins.casc.Configurator.describe(Configurator.java:161)
  slaveAgentPort: 50000

Using the below YAML with correct values to configure the plugin also fails

Example with dummy data:

securityRealm:
  oic:
    clientId: "asdasdsad"
    clientSecret: "asdasdasd"
    tokenServerUrl: "https://asdsad/"
    authorizationServerUrl: "https:/asdasdsad"
    scopes: "openid email"
    userNameField: "UserName"

Error

Aug 20 17:16:49 testbox01 java[28175]: Caused by: io.jenkins.plugins.casc.ConfiguratorException: jenkins: error configuring 'jenkins' with class io.jenkins.plugins.casc.core.JenkinsConfigurator configurator
Aug 20 17:16:49 testbox01 java[28175]: at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:670)
Aug 20 17:16:49 testbox01 java[28175]: at io.jenkins.plugins.casc.ConfigurationAsCode.checkWith(ConfigurationAsCode.java:702)
Aug 20 17:16:49 testbox01 java[28175]: at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:686)
Aug 20 17:16:49 testbox01 java[28175]: at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:585)
Aug 20 17:16:49 testbox01 java[28175]: at io.jenkins.plugins.casc.ConfigurationAsCode.configure(ConfigurationAsCode.java:280)
Aug 20 17:16:49 testbox01 java[28175]: at io.jenkins.plugins.casc.ConfigurationAsCode.init(ConfigurationAsCode.java:272)
Aug 20 17:16:49 testbox01 java[28175]: ... 13 more
Aug 20 17:16:49 testbox01 java[28175]: Caused by: io.jenkins.plugins.casc.ConfiguratorException: oic: Failed to construct instance of class org.jenkinsci.plugins.oic.OicSecurityRealm.
Aug 20 17:16:49 testbox01 java[28175]: Constructor: public org.jenkinsci.plugins.oic.OicSecurityRealm(java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,boolean,java.lang.Boolean,java.lang.String,java.lang.String,boolean,java.lang.String,java.lang.String,java.lang.String,java.lang.String) throws java.io.IOException.
plugin-compatibility stale

Most helpful comment

well this could be fixed in the plugin if they switched so only mandatory fields wherein the @DataBoundConstructor and the rest were @DataBoundSetter

All 15 comments

There's a lot more fields that need to be set.
https://github.com/jenkinsci/oic-auth-plugin/blob/master/src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java#L128-L132

This issue better belongs at the oic-auth-plugin, can't transfer it there though 馃槩

That is ONE NASTY constructor... yikes!

There's a lot more fields that need to be set.

This wasn't clear to me that all, even unconfigured settings needs to be provided.

So essentially if I do this, then it seems to be working - still running some tests but already looks like it will be working

  securityRealm:
    oic:
      clientId: "abcd"
      clientSecret: ""
      wellKnownOpenIDConfigurationUrl: ""
      userInfoServerUrl: ""
      tokenFieldToCheckKey: ""
      tokenFieldToCheckValue: ""
      fullNameFieldName: ""
      groupsFieldName: ""
      disableSslVerification: false
      logoutFromOpenidProvider: ""
      endSessionEndpoint: ""
      postLogoutRedirectUrl: ""
      escapeHatchEnabled: false
      escapeHatchUsername: ""
      escapeHatchSecret: ""
      escapeHatchGroup: ""
      automanualconfigure: ""
      emailFieldName: "email"
      userNameField: "UserName"
      tokenServerUrl: "https://foo.com/adfs/oauth2/token"
      authorizationServerUrl: "https://foo.com/adfs/oauth2/authorize"
      scopes: "openid email"

well this could be fixed in the plugin if they switched so only mandatory fields wherein the @DataBoundConstructor and the rest were @DataBoundSetter

one correction
endSessionEndpoint -> endSessionUrl

jenkins:
  securityRealm:
    oic:
      clientId: "abcd"
      clientSecret: ""
      wellKnownOpenIDConfigurationUrl: ""
      userInfoServerUrl: ""
      tokenFieldToCheckKey: ""
      tokenFieldToCheckValue: ""
      fullNameFieldName: ""
      groupsFieldName: ""
      disableSslVerification: false
      logoutFromOpenidProvider: ""
      endSessionUrl: ""
      postLogoutRedirectUrl: ""
      escapeHatchEnabled: false
      escapeHatchUsername: ""
      escapeHatchSecret: ""
      escapeHatchGroup: ""
      automanualconfigure: ""
      emailFieldName: "email"
      userNameField: "UserName"
      tokenServerUrl: "https://foo.com/adfs/oauth2/token"
      authorizationServerUrl: "https://foo.com/adfs/oauth2/authorize"
      scopes: "openid email"
  authorizationStrategy: loggedInUsersCanDoAnything

With this I was able to spin up a docker container, install the plugins with install-plugins.sh then drop the yaml to the $JENKINS_HOME and it came up with OpenIdConnect configured with AD FS!
Sweet!

Thank you guys, this is an awesome plugin! Wish it would be already part of Jenkins out of the box, so can also do plugins.

Based on this issue I might would just add a note on the readme that some plugins may require specifying all properties with empty string.
So if the config viewExport / download fails with can't read attribute or if the yaml import fails with the constructor error, then try to specify all properties.

There is ongoing work in the right place to take care of plugins: https://github.com/jenkinsci/plugin-installation-manager-tool

opened an issue for the oic-auth plugin https://github.com/jenkinsci/oic-auth-plugin/issues/75

Based on this issue I might would just add a note on the readme that some plugins may require specifying all properties with empty string.
So if the config viewExport / download fails with can't read attribute or if the yaml import fails with the constructor error, then try to specify all properties.

Wouldn't really want that noted on the readme, you could include a demo to the demos folder with a workaround, but this is rarely needed, it's just because the plugin needs some work to be properly compatible.

There is ongoing work in the right place to take care of plugins: https://github.com/jenkinsci/plugin-installation-manager-tool

Another awesome news, thanks!
Is there by any chance a complete example of using this plugin installation manager tool ?
One thing is unclear to me is the jenkins.yaml support.
Will configuration-as-code just ignore the plugins section and the cli tool parse that ?

Thx

with a simple patch, JCasC could ignore plugins section all together without having to configure unknown. However, the CLI can take a -f/--file argument for the YAML file

Here is an example of using it https://github.com/seanmceligot/casc_docker

configuration-as-code:
  version: 1
  unknown: warn

I'm going to fix this if there's no one already started it.

@csharmath can you confirm jenkinsci/oic-auth-plugin#78 fixed this issue?

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

I believe this was fixed in oic-auth-1.7

Was this page helpful?
0 / 5 - 0 ratings