configuration-as-code-plugin: java.lang.IllegalArgumentException: Permission can not be null for sid:[USERNAME]
Jenkins version 2.158 Plugin version: 1.4 (incl CasC-Support) OS: Jenkins:2.158/Docker Image
Starting a new docker container based on the Official Jenkins Docker Image fails when I have specifiv users listed. If I only have anonymous listed, it works. Prior to upgrading Jenkins+plugins the complete permissions-list worked fine.
jenkins:
authorizationStrategy:
globalMatrix:
grantedPermissions:
- "Overall/Administer:anonymous"
... [Bunch of permissions for anonymous]
- "Overall/Administer:[USERNAME]"
... [Bunch of permissions for USERNAME]
Exception:
java.lang.IllegalArgumentException: Permission can not be null for sid:[USERNAME]
at hudson.security.GlobalMatrixAuthorizationStrategy.add(GlobalMatrixAuthorizationStrategy.java:94)
at io.jenkins.plugins.casc.support.matrixauth.MatrixAuthorizationStrategyConfigurator.lambda$setGrantedPermissions$2(MatrixAuthorizationStrategyConfigurator.java:57)
at java.util.ArrayList.forEach(ArrayList.java:1257)
at io.jenkins.plugins.casc.support.matrixauth.MatrixAuthorizationStrategyConfigurator.setGrantedPermissions(MatrixAuthorizationStrategyConfigurator.java:54)
at io.jenkins.plugins.casc.Attribute.setValue(Attribute.java:170)
at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:355)
Caused: io.jenkins.plugins.casc.ConfiguratorException: string: Failed to set attribute grantedPermissions(class: class java.lang.String, multiple: true)
at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:357)
at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:273)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.configure(HeteroDescribableConfigurator.java:96)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.check(HeteroDescribableConfigurator.java:101)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.check(HeteroDescribableConfigurator.java:43)
at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:349)
at io.jenkins.plugins.casc.BaseConfigurator.check(BaseConfigurator.java:284)
at io.jenkins.plugins.casc.ConfigurationAsCode.lambda$checkWith$8(ConfigurationAsCode.java:657)
at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:620)
Caused: io.jenkins.plugins.casc.ConfiguratorException: jenkins: error configuring 'jenkins' with class io.jenkins.plugins.casc.core.JenkinsConfigurator configurator
at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:626)
at io.jenkins.plugins.casc.ConfigurationAsCode.checkWith(ConfigurationAsCode.java:657)
at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:642)
at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:545)
at io.jenkins.plugins.casc.ConfigurationAsCode.configure(ConfigurationAsCode.java:275)
at io.jenkins.plugins.casc.ConfigurationAsCode.init(ConfigurationAsCode.java:267)
Caused: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:104)
Caused: java.lang.Error
at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:110)
at hudson.init.TaskMethodFinder$TaskImpl.run(TaskMethodFinder.java:175)
at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:296)
at jenkins.model.Jenkins$5.runTask(Jenkins.java:1083)
at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:214)
at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:117)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused: org.jvnet.hudson.reactor.ReactorException
at org.jvnet.hudson.reactor.Reactor.execute(Reactor.java:282)
at jenkins.InitReactorRunner.run(InitReactorRunner.java:48)
at jenkins.model.Jenkins.executeReactor(Jenkins.java:1117)
at jenkins.model.Jenkins.<init>(Jenkins.java:921)
at hudson.model.Hudson.<init>(Hudson.java:85)
at hudson.model.Hudson.<init>(Hudson.java:81)
at hudson.WebAppMain$3.run(WebAppMain.java:233)
Caused: hudson.util.HudsonFailedToLoad
at hudson.WebAppMain$3.run(WebAppMain.java:250)
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Comments: 16 (9 by maintainers)
This link is broken https://wiki.jenkins.io/display/JENKINS/Matrix-based+security
After painstakingly adding permissions one line at a time, it appears that a plugin has removed one permission entry without notification. Thanks to the JFrog/Artifactory Plugin 👎
Hmm… I have quite a few more than the two. I’ll have stab at rewriting the permissions after next week some time. I have a weeks vacation coming up.
Diving a bit deeper. It looks like the
PermissionFinderreturnsnull:https://github.com/jenkinsci/configuration-as-code-plugin/blob/f857cab4172a73959a2cd20524bb2afa58ac044b/plugin/src/main/java/io/jenkins/plugins/casc/util/PermissionFinder.java#L42-L63
So, simplifying my set-up, this works:
So the plugin works, it’s just that you can’t:
config.xmland expect things to workYou’ll have to manually add the permissions, using the correct patterns (I haven’t done so yet, so I’m assuming that’s possible, and I won’t run into a related issue).