馃毃 Please review the guidelines for contributing to this repository.
馃挕 To better understand plugin compatibility issues, you can read more here
[x] Create an issue on issues.jenkins-ci.org, set the component to the plugin you are reporting it against
[x] Before creating an issue on Jenkins JIRA, check for an existing one via dashboard
[x] Link to Jenkins JIRA 59035 issue
[x] Ensure Jenkins JIRA issue has the label jcasc-compatibility
[x] Link to plugin's GitHub repository
oic-auth 1.6
configuration-as-code 1.27
Docker jenkins/jenkins:lts
configuration-as-code/viewExport fails to display the oic-auth-plugin settings after manual configuration and it also fails to configure the plugin from yaml.
jira issue JENKINS-59035
jenkins:
agentProtocols:
- "JNLP4-connect"
- "Ping"
disableRememberMe: false
markupFormatter: "plainText"
mode: NORMAL
myViewsTabBar: "standard"
numExecutors: 2
primaryView:
all:
name: "all"
projectNamingStrategy: "standard"
quietPeriod: 5
remotingSecurity:
enabled: false
scmCheckoutRetryCount: 0
securityRealm: |-
FAILED TO EXPORT
hudson.model.Hudson#securityRealm: io.jenkins.plugins.casc.ConfiguratorException: Can't read attribute 'automanualconfigure' from org.jenkinsci.plugins.oic.OicSecurityRealm@55ca3037
at io.jenkins.plugins.casc.Attribute._getValue(Attribute.java:392)
at io.jenkins.plugins.casc.Attribute.getValue(Attribute.java:214)
at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.describe(DataBoundConfigurator.java:283)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$convertToNode$de0cd4f8$1(HeteroDescribableConfigurator.java:283)
at io.vavr.CheckedFunction0.lambda$unchecked$52349c75$1(CheckedFunction0.java:201)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.convertToNode(HeteroDescribableConfigurator.java:283)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$describe$5(HeteroDescribableConfigurator.java:107)
at io.vavr.control.Option.map(Option.java:373)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.describe(HeteroDescribableConfigurator.java:107)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.describe(HeteroDescribableConfigurator.java:55)
at io.jenkins.plugins.casc.Attribute._describe(Attribute.java:260)
at io.jenkins.plugins.casc.Attribute.describe(Attribute.java:239)
at io.jenkins.plugins.casc.Configurator.describe(Configurator.java:161)
slaveAgentPort: 50000
Using the below YAML with correct values to configure the plugin also fails
Example with dummy data:
securityRealm:
oic:
clientId: "asdasdsad"
clientSecret: "asdasdasd"
tokenServerUrl: "https://asdsad/"
authorizationServerUrl: "https:/asdasdsad"
scopes: "openid email"
userNameField: "UserName"
Error
Aug 20 17:16:49 testbox01 java[28175]: Caused by: io.jenkins.plugins.casc.ConfiguratorException: jenkins: error configuring 'jenkins' with class io.jenkins.plugins.casc.core.JenkinsConfigurator configurator
Aug 20 17:16:49 testbox01 java[28175]: at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:670)
Aug 20 17:16:49 testbox01 java[28175]: at io.jenkins.plugins.casc.ConfigurationAsCode.checkWith(ConfigurationAsCode.java:702)
Aug 20 17:16:49 testbox01 java[28175]: at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:686)
Aug 20 17:16:49 testbox01 java[28175]: at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:585)
Aug 20 17:16:49 testbox01 java[28175]: at io.jenkins.plugins.casc.ConfigurationAsCode.configure(ConfigurationAsCode.java:280)
Aug 20 17:16:49 testbox01 java[28175]: at io.jenkins.plugins.casc.ConfigurationAsCode.init(ConfigurationAsCode.java:272)
Aug 20 17:16:49 testbox01 java[28175]: ... 13 more
Aug 20 17:16:49 testbox01 java[28175]: Caused by: io.jenkins.plugins.casc.ConfiguratorException: oic: Failed to construct instance of class org.jenkinsci.plugins.oic.OicSecurityRealm.
Aug 20 17:16:49 testbox01 java[28175]: Constructor: public org.jenkinsci.plugins.oic.OicSecurityRealm(java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,boolean,java.lang.Boolean,java.lang.String,java.lang.String,boolean,java.lang.String,java.lang.String,java.lang.String,java.lang.String) throws java.io.IOException.
There's a lot more fields that need to be set.
https://github.com/jenkinsci/oic-auth-plugin/blob/master/src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java#L128-L132
This issue better belongs at the oic-auth-plugin, can't transfer it there though 馃槩
That is ONE NASTY constructor... yikes!
There's a lot more fields that need to be set.
This wasn't clear to me that all, even unconfigured settings needs to be provided.
So essentially if I do this, then it seems to be working - still running some tests but already looks like it will be working
securityRealm:
oic:
clientId: "abcd"
clientSecret: ""
wellKnownOpenIDConfigurationUrl: ""
userInfoServerUrl: ""
tokenFieldToCheckKey: ""
tokenFieldToCheckValue: ""
fullNameFieldName: ""
groupsFieldName: ""
disableSslVerification: false
logoutFromOpenidProvider: ""
endSessionEndpoint: ""
postLogoutRedirectUrl: ""
escapeHatchEnabled: false
escapeHatchUsername: ""
escapeHatchSecret: ""
escapeHatchGroup: ""
automanualconfigure: ""
emailFieldName: "email"
userNameField: "UserName"
tokenServerUrl: "https://foo.com/adfs/oauth2/token"
authorizationServerUrl: "https://foo.com/adfs/oauth2/authorize"
scopes: "openid email"
well this could be fixed in the plugin if they switched so only mandatory fields wherein the @DataBoundConstructor and the rest were @DataBoundSetter
one correction
endSessionEndpoint -> endSessionUrl
jenkins:
securityRealm:
oic:
clientId: "abcd"
clientSecret: ""
wellKnownOpenIDConfigurationUrl: ""
userInfoServerUrl: ""
tokenFieldToCheckKey: ""
tokenFieldToCheckValue: ""
fullNameFieldName: ""
groupsFieldName: ""
disableSslVerification: false
logoutFromOpenidProvider: ""
endSessionUrl: ""
postLogoutRedirectUrl: ""
escapeHatchEnabled: false
escapeHatchUsername: ""
escapeHatchSecret: ""
escapeHatchGroup: ""
automanualconfigure: ""
emailFieldName: "email"
userNameField: "UserName"
tokenServerUrl: "https://foo.com/adfs/oauth2/token"
authorizationServerUrl: "https://foo.com/adfs/oauth2/authorize"
scopes: "openid email"
authorizationStrategy: loggedInUsersCanDoAnything
With this I was able to spin up a docker container, install the plugins with install-plugins.sh then drop the yaml to the $JENKINS_HOME and it came up with OpenIdConnect configured with AD FS!
Sweet!
Thank you guys, this is an awesome plugin! Wish it would be already part of Jenkins out of the box, so can also do plugins.
Based on this issue I might would just add a note on the readme that some plugins may require specifying all properties with empty string.
So if the config viewExport / download fails with can't read attribute or if the yaml import fails with the constructor error, then try to specify all properties.
There is ongoing work in the right place to take care of plugins: https://github.com/jenkinsci/plugin-installation-manager-tool
opened an issue for the oic-auth plugin https://github.com/jenkinsci/oic-auth-plugin/issues/75
Based on this issue I might would just add a note on the readme that some plugins may require specifying all properties with empty string.
So if the config viewExport / download fails with can't read attribute or if the yaml import fails with the constructor error, then try to specify all properties.
Wouldn't really want that noted on the readme, you could include a demo to the demos folder with a workaround, but this is rarely needed, it's just because the plugin needs some work to be properly compatible.
There is ongoing work in the right place to take care of plugins: https://github.com/jenkinsci/plugin-installation-manager-tool
Another awesome news, thanks!
Is there by any chance a complete example of using this plugin installation manager tool ?
One thing is unclear to me is the jenkins.yaml support.
Will configuration-as-code just ignore the plugins section and the cli tool parse that ?
Thx
with a simple patch, JCasC could ignore plugins section all together without having to configure unknown. However, the CLI can take a -f/--file argument for the YAML file
Here is an example of using it https://github.com/seanmceligot/casc_docker
configuration-as-code:
version: 1
unknown: warn
Another example: https://gist.github.com/casz/9400cb6455a29a4efe606f77a0947b63
I'm going to fix this if there's no one already started it.
@csharmath can you confirm jenkinsci/oic-auth-plugin#78 fixed this issue?
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
I believe this was fixed in oic-auth-1.7
Most helpful comment
well this could be fixed in the plugin if they switched so only mandatory fields wherein the
@DataBoundConstructorand the rest were@DataBoundSetter