Configuration-as-code-plugin: [jenkins.securityRealm.crowd] Atlassian Crowd plugin issue java.lang.NullPointerException at de.theit.jenkins.crowd.CrowdSecurityRealm

Created on 14 Jun 2020  路  6Comments  路  Source: jenkinsci/configuration-as-code-plugin

Your checklist for this issue

馃毃 Please review the guidelines for contributing to this repository.

  • [x] Jenkins version = 2.222.4

  • [x] Plugin version = 1.41

  • [x] OS = docker.io/jenkins/jenkins:2.222.4

Description

Everything was going well until i introduced the securityRealm with Atlassian crowd.
I made sure that the plugin crowd2 is there. And this is my whole list of plugins :

  installPlugins:
    - kubernetes:1.25.7
    - workflow-job:2.39
    - workflow-aggregator:2.6
    - credentials-binding:1.22
    - git:4.2.2
    - crowd2:2.0.2
    - configuration-as-code:1.41

I've checked the the LOGs initContainer which is responsible for plugins downloads

kubectl -n jenkins logs -f jenkins-staging-8569c765bc-lwb8x -c copy-default-config

And all plugins are downloaded including crowd2 .

My config-as-code for crowd is (in format of helm chart stable/jenkins)


   configScripts:
      main-security-config: |
        jenkins:
          securityRealm:
            crowd:
              url: "http://crowd.crowd:8095/crowd"
              applicationName: {{ requiredEnv "CROWD_JENKINS_USER" }}
              password: {{ requiredEnv "CROWD_JENKINS_PASS" }}

I've checked jenkins logs ,

kubectl -n jenkins logs jenkins-staging-8569c765bc-lwb8x -c jenkins

I got these error messages:

 SEVERE  jenkins.InitReactorRunner$1#onTaskFailed: Failed ConfigurationAsCode.init
java.lang.NullPointerException
        at de.theit.jenkins.crowd.CrowdSecurityRealm.<init>(CrowdSecurityRealm.java:197)
Caused: java.lang.reflect.InvocationTargetException
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
        at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.tryConstructor(DataBoundConfigurator.java:174)
Caused: io.jenkins.plugins.casc.ConfiguratorException: crowd: Failed to construct instance of class de.theit.jenkins.crowd.CrowdSecurityRealm.
 Constructor: public de.theit.jenkins.crowd.CrowdSecurityRealm(java.lang.String,java.lang.String,hudson.util.Secret,java.lang.String,boolean,int,boolean,java.lang.String,java.lang.String,java.lang.Boolean,java.lang.String,java.lang.Strin
g,java.lang.String,hudson.util.Secret,java.lang.String,java.lang.String,java.lang.String,de.theit.jenkins.crowd.CrowdSecurityRealm$CacheConfiguration).
 Arguments: [java.lang.String, java.lang.String, hudson.util.Secret, null, java.lang.Boolean, java.lang.Integer, java.lang.Boolean, null, null, null, null, null, null, null, null, null, null, null].
 Expected Parameters: url java.lang.String, applicationName java.lang.String, password hudson.util.Secret, group java.lang.String, nestedGroups boolean, sessionValidationInterval int, useSSO boolean, cookieDomain java.lang.String, cookieTokenkey java.lang.String, useProxy java.lang.Boolean, httpProxyHost java.lang.String, httpProxyPort java.lang.String, httpProxyUsername java.lang.String, httpProxyPassword hudson.util.Secret, socketTimeout java.lang.String, httpTimeout java.lang.String, httpMaxConnections java.lang.String, cache de.theit.jenkins.crowd.CrowdSecurityRealm$CacheConfiguration
        at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.tryConstructor(DataBoundConfigurator.java:192)
        at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.instance(DataBoundConfigurator.java:77)
        at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:267)
        at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.configure(DataBoundConfigurator.java:83)
        at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$doConfigure$16668e2$1(HeteroDescribableConfigurator.java:277)
        at io.vavr.CheckedFunction0.lambda$unchecked$52349c75$1(CheckedFunction0.java:247)
        at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.doConfigure(HeteroDescribableConfigurator.java:277)
        at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$null$2(HeteroDescribableConfigurator.java:86)
        at io.vavr.control.Option.map(Option.java:392)
        at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$configure$3(HeteroDescribableConfigurator.java:86)
        at io.vavr.Tuple2.apply(Tuple2.java:238)
        at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.configure(HeteroDescribableConfigurator.java:83)
        at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.check(HeteroDescribableConfigurator.java:92)
        at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.check(HeteroDescribableConfigurator.java:55)

Are you expecting to give a group in the config of crowd: ?
if so, how can i handle that if i don't want to specify group ?

bug

Most helpful comment

Thanks @jetersen
Fixed by giving empty string:

group: ""

All 6 comments

This is a bug in the crowd plugin.
I would suggest you report to them.

Try configuring it from the UI and export it.

My attempt at exporting, though I suspsect the default caching is hidden in this export which is most likely causing the null pointer.

jenkins:
  securityRealm:
    crowd:
      applicationName: "hello"
      cookieTokenkey: "crowd.token_key"
      group: "jenkins-users"
      httpMaxConnections: "20"
      httpProxyPassword: "{AQAAABAAAAAQYf/BHq4dmnhKruDla/ZwuheAra68Vfh6+HulreqR+us=}"
      httpTimeout: "5000"
      nestedGroups: false
      password: "{AQAAABAAAAAQ4Lkbp1P0N+uKLQMhQa5YoUFc94znK5UTP5TmBtSOGfg=}"
      sessionValidationInterval: 2
      socketTimeout: "20000"
      url: "http://test"
      useProxy: false
      useSSO: false

Here with cache:

jenkins:
  securityRealm:
    crowd:
      applicationName: "hello"
      cache:
        size: 50
        ttl: 600
      cookieTokenkey: "crowd.token_key"
      group: "jenkins-users"
      httpMaxConnections: "20"
      httpProxyPassword: "{AQAAABAAAAAQYf/BHq4dmnhKruDla/ZwuheAra68Vfh6+HulreqR+us=}"
      httpTimeout: "5000"
      nestedGroups: false
      password: "{AQAAABAAAAAQ4Lkbp1P0N+uKLQMhQa5YoUFc94znK5UTP5TmBtSOGfg=}"
      sessionValidationInterval: 2
      socketTimeout: "20000"
      url: "http://test"
      useProxy: false
      useSSO: false

The minimal config applicatonName, group, password, url since trim is called on group, url, applicationName in a not so safe manner (they cannot handle null): https://github.com/jenkinsci/crowd2-plugin/blob/9e6948d74e2a63bf17fd026db23c8d5166c9efdb/src/main/java/de/theit/jenkins/crowd/CrowdSecurityRealm.java#L194-L197

jenkins:
  securityRealm:
    crowd:
      applicationName: "jenkins"
      group: "jenkins-users"
      password: "password"
      url: "http://test"

Thanks @jetersen
Fixed by giving empty string:

group: ""

Worth reporting an issue with their plugin, wouldn't take much to fix that, just needs to be null safe, (the UI submits empty strings to those methods).

Was this page helpful?
0 / 5 - 0 ratings