Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-55394

Error when manually updating Role-Strategy, when initially configured via JCasC plugin

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Labels:
      None
    • Environment:
      Jenkins Version 2.138.1
      configuration-as-code 1.3
      configuration-as-code-support 1.3
      role-strategy 2.9.0
    • Similar Issues:

      Description

      Hi Jenkins JCasC-Plugin and Role-Strategy-Plugin teams,
       
      following isse: 
      I have configured Role-Strategy using JCasC plugin see configuration and the end.
      But now following error occurs when updating manually
       
          http://localhost/jenkins/role-strategy/assign-roles
         User/group to add -> newuser -> save
       
      When I add a new user manually I will get following error:
       
      I have a workaround for this, see beneath this stack trace and configuration  
         
      Stack trace

      java.lang.UnsupportedOperationException
          at java.util.Collections$UnmodifiableCollection.clear(Collections.java:1074)
          at com.michelin.cio.hudson.plugins.rolestrategy.RoleMap.clearSidsForRole(RoleMap.java:208)
          at com.michelin.cio.hudson.plugins.rolestrategy.RoleMap.clearSids(RoleMap.java:248)
          at com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy$DescriptorImpl.doAssignSubmit(RoleBasedAuthorizationStrategy.java:696)
          at com.michelin.cio.hudson.plugins.rolestrategy.RoleStrategyConfig.doAssignSubmit(RoleStrategyConfig.java:165)
          at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
          at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343)
          at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:77)
          at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26)
          at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184)
          at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117)
          at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:129)
          at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
          at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:734)
      Caused: javax.servlet.ServletException
          at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:784)
          at org.kohsuke.stapler.Stapler.invoke(Stapler.java:864)
          at org.kohsuke.stapler.MetaClass$10.dispatch(MetaClass.java:374)
          at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:734)
          at org.kohsuke.stapler.Stapler.invoke(Stapler.java:864)
          at org.kohsuke.stapler.Stapler.invoke(Stapler.java:668)
          at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
          at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:865)
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655)
          at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
          at com.smartcodeltd.jenkinsci.plugin.assetbundler.filters.LessCSS.doFilter(LessCSS.java:47)
          at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
          at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:59)
          at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
          at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157)
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
          at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:99)
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
          at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
          at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90)
          at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
          at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
          at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
          at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
          at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533)
          at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146)
          at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)
          at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
          at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257)
          at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)
          at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
          at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1317)
          at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
          at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)
          at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)
          at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
          at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1219)
          at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
          at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
          at org.eclipse.jetty.server.Server.handle(Server.java:531)
          at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:352)
          at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260)
          at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:281)
          at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102)
          at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118)
          at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
          at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
          at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
          at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)
          at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366)
          at winstone.BoundedExecutorService.lambda$scheduleNext$0(BoundedExecutorService.java:80)
          at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
          at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
          at java.lang.Thread.run(Thread.java:748)
       
       
      Found a similar reported issue here
      https://github.com/jenkinsci/configuration-as-code-plugin/issues/504
      but that info did not give me any clue
       
      Can you please help me analyse this.
       
      Thanx!!!
       
      My Configuration
       
      Jenkins Version 2.138.1
      plugin versions
      configuration-as-code    1.3
      configuration-as-code-support    1.3
      role-strategy    2.9.0
       
       
      JCasC configuration: jenkins.yaml in JENKINS_HOME
       
      configuration-as-code:
        version: "1"
        deprecated: warn
        restricted: warn
        unknown: warn
      jenkins:
         version: "1"
         deprecated: warn
         restricted: warn
         unknown: warn
        authorizationStrategy:
          roleBased:
            roles:
              global:
                - name: "admin"
                  description: "Jenkins Administrators"
                  permissions:
                    - "Overall/Administer"
                    - "Overall/Read"
                    - "Credentials/Create"
                    - "Credentials/Delete"
                    - "Credentials/ManageDomains"
                    - "Credentials/Update"
                    - "Credentials/View"
                    - "Build Failure Analyzer/RemoveCause"
                    - "Build Failure Analyzer/UpdateCauses"
                    - "Build Failure Analyzer/ViewCauses"
                    - "Agent/Build"
                    - "Agent/Configure"
                    - "Agent/Connect"
                    - "Agent/Create"
                    - "Agent/Delete"
                    - "Agent/Disconnect"
                    - "Agent/Provision"
                    - "Job/Build"
                    - "Job/Cancel"
                    - "Job/Configure"
                    - "Job/Create"
                    - "Job/Delete"
                    - "Job/Discover"
                    - "Job/Move"
                    - "Job/Read"
                    - "Job/Workspace"
                    - "Run/Delete"
                    - "Run/Replay"
                    - "Run/Update"
                    - "View/Configure"
                    - "View/Create"
                    - "View/Delete"
                    - "View/Read"
                  assignments:
                    - "admin"
                    - "bas"
                - name: "jenkinsAdmin"
                  description: "Jenkins Administrators"
                  permissions:
                    - "Overall/Administer"
                    - "Overall/Read"
                    - "Credentials/Create"
                    - "Credentials/Delete"
                    - "Credentials/ManageDomains"
                    - "Credentials/Update"
                    - "Credentials/View"
                    - "Build Failure Analyzer/RemoveCause"
                    - "Build Failure Analyzer/UpdateCauses"
                    - "Build Failure Analyzer/ViewCauses"
                    - "Agent/Build"
                    - "Agent/Configure"
                    - "Agent/Connect"
                    - "Agent/Create"
                    - "Agent/Delete"
                    - "Agent/Disconnect"
                    - "Job/Build"
                    - "Job/Cancel"
                    - "Job/Configure"
                    - "Job/Create"
                    - "Job/Delete"
                    - "Job/Discover"
                    - "Job/Move"
                    - "Job/Read"
                    - "Job/Workspace"
                    - "Run/Delete"
                    - "Run/Update"
                    - "View/Configure"
                    - "View/Create"
                    - "View/Delete"
                    - "View/Read"
                  assignments:
                    - "admin"
                - name: "projectAdmin"
                  description: "Jenkins Project Administrators"
                  permissions:
                    - "Overall/Read"
                    - "Credentials/Create"
                    - "Credentials/Delete"
                    - "Credentials/ManageDomains"
                    - "Credentials/Update"
                    - "Credentials/View"
                    - "Build Failure Analyzer/RemoveCause"
                    - "Build Failure Analyzer/UpdateCauses"
                    - "Build Failure Analyzer/ViewCauses"
                    - "Job/Build"
                    - "Job/Discover"
                    - "Job/Read"
                    - "View/Configure"
                    - "View/Create"
                    - "View/Delete"
                    - "View/Read"
                  assignments:
                    - "admin"
                - name: "projectUser"
                  description: "Jenkins Project User"
                  permissions:
                    - "Overall/Read"
                    - "Build Failure Analyzer/UpdateCauses"
                    - "Build Failure Analyzer/ViewCauses"
                    - "Job/Build"
                    - "Job/Discover"
                    - "Job/Read"
                    - "View/Read"
                  assignments:
                    - "admin"
                - name: "projectViewer"
                  description: "Jenkins Project Viewer"
                  permissions:
                    - "Overall/Read"
                    - "Build Failure Analyzer/ViewCauses"
                    - "Job/Discover"
                    - "Job/Read"
                    - "View/Read"
                  assignments:
                    - "admin"
                - name: "projectWorkspace"
                  description: "Jenkins Project Workspace"
                  permissions:
                    - "Job/Workspace"
                  assignments:
                    - "admin"
                - name: "anon"
                  description: "Anonymous users"
                  assignments:
                    - "anonymous"
       
       
       
       
       
      WORKAROUND:
      Hi Jenkins JCasC-Plugin and Role-Strategy-Plugin teams,
       
      I found a work around for this issue.
      Initially when Jenkins has started I go to "role-strategy/manage-roles"
      http://localhost/role-strategy/manage-roles
       
      and then just click "Save" button
      After this "save" I can make changes to http://localhost/role-strategy/assign-roles without errors
       
      Now I'm trying to find out how to make a groovy script to implement this workaround
       
      I tried the following code but that didn't work
            def currentAuthenticationStrategy = Jenkins.instance.getAuthorizationStrategy()
            Jenkins.instance.setAuthorizationStrategy(currentAuthenticationStrategy)
            Jenkins.instance.save()
       
      I hope you can support me here.
       
      thanx
       
      kind regards,
      Bas

        Attachments

          Activity

          There are no comments yet on this issue.

            People

            • Assignee:
              Unassigned
              Reporter:
              spikkie spikkie spikkie
            • Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: