Error execution of cloud sdk pipelines

[T1mey]

All our cloud sdk pipelines are failing. We're running on v19 of cx-master (ON_K8S false) & master branch of pipeline.

Error is:

java.io.FileNotFoundException: /var/cx-server/server.cfg (Permission denied)

[fwilhe]

Does it work with v18? Since we had no commits between both releases in the cx-server repo, I'll assume it is something with the plugin config.

[T1mey]

I can't confirm because we were on Kubernetes before. Kubernetes stopped working, so we disabled it. So it could be that it wasn't working before ...

What is strange is that out of the cloud sdk pipeline ther server.cfg is read ? Maybe we restricted the permission of that file because it holds sensitive data. Question is which user / group wants to access it ?

[fwilhe]

How did you start the cx server? What is your environment?

What is strange is that out of the cloud sdk pipeline ther server.cfg is read ? Maybe we restricted the permission of that file because it holds sensitive data. Question is which user / group wants to access it ?

We use it for gathering debug information, cf. As I understand it now, the issue occurs after modifying the permissions of the server.cfg file or its directory? This is not something we support as of now.

The whole idea of cx-server is to have an isolated system, if your thread model includes some malicious actor being able to run pipelines on your cx-server Jenkins, they have control over the host machine anyway.

[T1mey]

@fwilhe Are we talking about the same file? Is it the server.cfg file which is generated via cx-server-companion which is used for starting the jenkins docker image?

[fwilhe]

Yes. In https://github.com/SAP/jenkins-library/blob/1c247de9d072fc6078ea3a15144aaa3d71294fb1/src/com/sap/piper/DebugReport.groovy#L42 we read the docker image that is used to start the Jenkins container. This is for creating a debug report that should make it easier to understand issues with a build.