馃毃 Please review the guidelines for contributing to this repository.
[x] Jenkins version = 2.222.4
[x] Plugin version = 1.41
[x] OS = docker.io/jenkins/jenkins:2.222.4
Everything was going well until i introduced the securityRealm with Atlassian crowd.
I made sure that the plugin crowd2 is there. And this is my whole list of plugins :
installPlugins:
- kubernetes:1.25.7
- workflow-job:2.39
- workflow-aggregator:2.6
- credentials-binding:1.22
- git:4.2.2
- crowd2:2.0.2
- configuration-as-code:1.41
I've checked the the LOGs initContainer which is responsible for plugins downloads
kubectl -n jenkins logs -f jenkins-staging-8569c765bc-lwb8x -c copy-default-config
And all plugins are downloaded including crowd2 .
My config-as-code for crowd is (in format of helm chart stable/jenkins)
configScripts:
main-security-config: |
jenkins:
securityRealm:
crowd:
url: "http://crowd.crowd:8095/crowd"
applicationName: {{ requiredEnv "CROWD_JENKINS_USER" }}
password: {{ requiredEnv "CROWD_JENKINS_PASS" }}
I've checked jenkins logs ,
kubectl -n jenkins logs jenkins-staging-8569c765bc-lwb8x -c jenkins
I got these error messages:
SEVERE jenkins.InitReactorRunner$1#onTaskFailed: Failed ConfigurationAsCode.init
java.lang.NullPointerException
at de.theit.jenkins.crowd.CrowdSecurityRealm.<init>(CrowdSecurityRealm.java:197)
Caused: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.tryConstructor(DataBoundConfigurator.java:174)
Caused: io.jenkins.plugins.casc.ConfiguratorException: crowd: Failed to construct instance of class de.theit.jenkins.crowd.CrowdSecurityRealm.
Constructor: public de.theit.jenkins.crowd.CrowdSecurityRealm(java.lang.String,java.lang.String,hudson.util.Secret,java.lang.String,boolean,int,boolean,java.lang.String,java.lang.String,java.lang.Boolean,java.lang.String,java.lang.Strin
g,java.lang.String,hudson.util.Secret,java.lang.String,java.lang.String,java.lang.String,de.theit.jenkins.crowd.CrowdSecurityRealm$CacheConfiguration).
Arguments: [java.lang.String, java.lang.String, hudson.util.Secret, null, java.lang.Boolean, java.lang.Integer, java.lang.Boolean, null, null, null, null, null, null, null, null, null, null, null].
Expected Parameters: url java.lang.String, applicationName java.lang.String, password hudson.util.Secret, group java.lang.String, nestedGroups boolean, sessionValidationInterval int, useSSO boolean, cookieDomain java.lang.String, cookieTokenkey java.lang.String, useProxy java.lang.Boolean, httpProxyHost java.lang.String, httpProxyPort java.lang.String, httpProxyUsername java.lang.String, httpProxyPassword hudson.util.Secret, socketTimeout java.lang.String, httpTimeout java.lang.String, httpMaxConnections java.lang.String, cache de.theit.jenkins.crowd.CrowdSecurityRealm$CacheConfiguration
at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.tryConstructor(DataBoundConfigurator.java:192)
at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.instance(DataBoundConfigurator.java:77)
at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:267)
at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.configure(DataBoundConfigurator.java:83)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$doConfigure$16668e2$1(HeteroDescribableConfigurator.java:277)
at io.vavr.CheckedFunction0.lambda$unchecked$52349c75$1(CheckedFunction0.java:247)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.doConfigure(HeteroDescribableConfigurator.java:277)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$null$2(HeteroDescribableConfigurator.java:86)
at io.vavr.control.Option.map(Option.java:392)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$configure$3(HeteroDescribableConfigurator.java:86)
at io.vavr.Tuple2.apply(Tuple2.java:238)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.configure(HeteroDescribableConfigurator.java:83)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.check(HeteroDescribableConfigurator.java:92)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.check(HeteroDescribableConfigurator.java:55)
Are you expecting to give a group in the config of crowd: ?
if so, how can i handle that if i don't want to specify group ?
This is a bug in the crowd plugin.
I would suggest you report to them.
Try configuring it from the UI and export it.
My attempt at exporting, though I suspsect the default caching is hidden in this export which is most likely causing the null pointer.
jenkins:
securityRealm:
crowd:
applicationName: "hello"
cookieTokenkey: "crowd.token_key"
group: "jenkins-users"
httpMaxConnections: "20"
httpProxyPassword: "{AQAAABAAAAAQYf/BHq4dmnhKruDla/ZwuheAra68Vfh6+HulreqR+us=}"
httpTimeout: "5000"
nestedGroups: false
password: "{AQAAABAAAAAQ4Lkbp1P0N+uKLQMhQa5YoUFc94znK5UTP5TmBtSOGfg=}"
sessionValidationInterval: 2
socketTimeout: "20000"
url: "http://test"
useProxy: false
useSSO: false
Here with cache:
jenkins:
securityRealm:
crowd:
applicationName: "hello"
cache:
size: 50
ttl: 600
cookieTokenkey: "crowd.token_key"
group: "jenkins-users"
httpMaxConnections: "20"
httpProxyPassword: "{AQAAABAAAAAQYf/BHq4dmnhKruDla/ZwuheAra68Vfh6+HulreqR+us=}"
httpTimeout: "5000"
nestedGroups: false
password: "{AQAAABAAAAAQ4Lkbp1P0N+uKLQMhQa5YoUFc94znK5UTP5TmBtSOGfg=}"
sessionValidationInterval: 2
socketTimeout: "20000"
url: "http://test"
useProxy: false
useSSO: false
The minimal config applicatonName, group, password, url since trim is called on group, url, applicationName in a not so safe manner (they cannot handle null): https://github.com/jenkinsci/crowd2-plugin/blob/9e6948d74e2a63bf17fd026db23c8d5166c9efdb/src/main/java/de/theit/jenkins/crowd/CrowdSecurityRealm.java#L194-L197
jenkins:
securityRealm:
crowd:
applicationName: "jenkins"
group: "jenkins-users"
password: "password"
url: "http://test"
Thanks @jetersen
Fixed by giving empty string:
group: ""
Worth reporting an issue with their plugin, wouldn't take much to fix that, just needs to be null safe, (the UI submits empty strings to those methods).
Most helpful comment
Thanks @jetersen
Fixed by giving empty string:
group: ""