search

ghale / gradle-jenkins-plugin

Gradle plugin to programmatically configure Jenkins jobs.
123 stars 42 forks source link

Add support for ignoring SSL certificate errors #55

Closed shorn closed 8 years ago

shorn commented 9 years ago

Possible solutions:

Upgrade http-builder with configuration option: Upgrade to recent version of http-builder (0.7.1+) and adding a configuration option to tell the serviceFactory to apply ignoreSSLIssues().

Add configuration option without upgrading http-builder Easy enough to implement your own method that does what ignoreSSLIssues() method does.

Provide easier way to customise the RESTClient Iterating all the gradle-jenkins-plugin tasks and using a custom ServiceFactory is a lot of jiggery-pokery to have to do just to customise the HTTP connection.

This is the work-around I'm using in my buildscript at the moment:

buildscript {
  dependencies {
    classpath "com.terrafolio:gradle-jenkins-plugin:1.2.3"
  }

  // force recent version of http-builder so we can call ignoreSSLIssues()
  configurations.classpath.resolutionStrategy {
    eachDependency { details ->
      if( details.requested.name == "http-builder"){
        details.useVersion '0.7.2'
      }
    }
  }
}
....
project.tasks.each { task ->
  if( task instanceof AbstractJenkinsTask ){
    AbstractJenkinsTask jenkinsTask = (AbstractJenkinsTask) task
    jenkinsTask.serviceFactory = new JenkinsRESTServiceFactory() {
      @Override
      JenkinsService getService(String url, String username, String password) {
        def service = new JenkinsRESTServiceImpl(url, username, password)
        // ignoreSSLIssues() ignores problems with self-signed certificate
        // used by Jenkins server
        service.restClient.ignoreSSLIssues()
        return service
      }
    }
  }
}

Happy to provide a proper pull request if you're open to it.

iwarapter commented 9 years ago

I tried your work-around for this issue but now it cannot connect with the server, always giving me: Jenkins Service Call failed

Invalid password/token for user:

Did you encounter this?

reiz commented 8 years ago

I think ignoring SSL certs is not the right solution for this problem. We just updated our SSL certs. Please try again and let me know if it works for you.

shorn commented 8 years ago

The problem wasn't on your side - it was that the cert was self-signed (unless your new configuration allows self-signed certs somehow?)

Sometimes bad configuration happens and it's not under your control - that's why the RestClient API themselves added the ignoreSSLIssues() option in the first place.
In my case at the time, the issue with the certificate was known and deemed temporarily acceptable - but there was no easy way to tell the plugin "yes, I know there are cert issues - it's fine, don't worry about it."