jenkinsci / configuration-as-code-plugin

Jenkins Configuration as Code Plugin
https://plugins.jenkins.io/configuration-as-code
MIT License
2.7k stars 722 forks source link

reload via HTTP POST and casc.reload.token not working #1959

Closed kerr-bighealth closed 2 years ago

kerr-bighealth commented 2 years ago

Jenkins and plugins versions report

Environment Jenkins: 2.332.2 OS: Linux - 5.13.0-1022-aws --- ace-editor:1.1 amazon-ecr:1.73.v741d474abe74 antisamy-markup-formatter:2.7 apache-httpcomponents-client-4-api:4.5.13-1.0 atlassian-jira-software-cloud:2.0.2 audit-trail:3.10 authentication-tokens:1.4 authorize-project:1.4.0 aws-credentials:191.vcb_f183ce58b_9 aws-java-sdk:1.12.201-326.veb_6ce41104a_e aws-java-sdk-cloudformation:1.12.201-326.veb_6ce41104a_e aws-java-sdk-codebuild:1.12.201-326.veb_6ce41104a_e aws-java-sdk-ec2:1.12.201-326.veb_6ce41104a_e aws-java-sdk-ecr:1.12.201-326.veb_6ce41104a_e aws-java-sdk-ecs:1.12.201-326.veb_6ce41104a_e aws-java-sdk-elasticbeanstalk:1.12.201-326.veb_6ce41104a_e aws-java-sdk-iam:1.12.201-326.veb_6ce41104a_e aws-java-sdk-logs:1.12.201-326.veb_6ce41104a_e aws-java-sdk-minimal:1.12.201-326.veb_6ce41104a_e aws-java-sdk-ssm:1.12.201-326.veb_6ce41104a_e basic-branch-build-strategies:1.3.2 bootstrap4-api:4.6.0-3 bootstrap5-api:5.1.3-6 bouncycastle-api:2.25 branch-api:2.1045.v4ec3ed07b_e4f build-timeout:1.20 build-user-vars-plugin:1.8 caffeine-api:2.9.2-29.v717aac953ff3 checks-api:1.7.2 cloudbees-folder:6.714.v79e858ef76a_2 command-launcher:1.6 configuration-as-code:1429.v09b_044a_c93de configuration-as-code-secret-ssm:1.0.1 credentials:1087.1089.v2f1b_9a_b_040e4 credentials-binding:523.vd859a_4b_122e6 dark-theme:156.v6cf16af6f9ef display-url-api:2.3.6 docker-commons:1.19 docker-workflow:1.28 durable-task:495.v29cd95ec10f2 ec2:1.68 echarts-api:5.3.2-1 font-awesome-api:6.0.0-1 git:4.11.0 git-client:3.11.0 git-server:1.10 github:1.34.3 github-api:1.303-400.v35c2d8258028 github-branch-source:1598.v91207e9f9b_4a_ global-slack-notifier:1.5 jackson2-api:2.13.2.20220328-273.v11d70a_b_a_1a_52 javax-activation-api:1.2.0-2 javax-mail-api:1.6.2-5 jaxb:2.3.0.1 jdk-tool:1.5 jjwt-api:0.11.2-9.c8b45b8bb173 job-dsl:1.79 jquery3-api:3.6.0-2 jsch:0.1.55.2 junit:1.60 lockable-resources:2.14 mailer:408.vd726a_1130320 matrix-auth:3.1.1 matrix-project:758.v7a_ea_491852f3 node-iterator-api:1.5.1 okhttp-api:4.9.3-105.vb96869f8ac3a parameterized-scheduler:1.0 pipeline-aws:1.43 pipeline-build-step:2.17 pipeline-input-step:448.v37cea_9a_10a_70 pipeline-milestone-step:101.vd572fef9d926 pipeline-model-api:2.2077.vc78ec45162f1 pipeline-model-definition:2.2077.vc78ec45162f1 pipeline-model-extensions:2.2077.vc78ec45162f1 pipeline-stage-step:293.v200037eefcd5 pipeline-stage-tags-metadata:2.2077.vc78ec45162f1 plain-credentials:1.8 plugin-util-api:2.16.0 popper-api:1.16.1-2 popper2-api:2.11.5-1 rebuild:1.33.1 role-strategy:3.2.0 saml:2.296.v0016349946db_ scm-api:602.v6a_81757a_31d2 script-security:1146.vdf547f19a_473 slack:608.v19e3b_44b_b_9ff snakeyaml-api:1.30.1 ssh-credentials:1.19 ssh-slaves:1.806.v2253cedd3295 sshd:3.228.v4c9f9e652c86 structs:308.v852b473a2b8c test-results-aggregator:1.2.9 theme-manager:0.6 timestamper:1.17 token-macro:293.v283932a_0a_b_49 trilead-api:1.57.v6e90e07157e1 variant:1.4 workflow-aggregator:2.7 workflow-api:1144.v61c3180fa_03f workflow-basic-steps:948.v2c72a_091b_b_68 workflow-cps:2687.v3f09155513c1 workflow-cps-global-lib:570.v21311f4951f8 workflow-durable-task-step:1130.v8fd69d0b_8857 workflow-job:1174.vdcb_d054cf74a_ workflow-multibranch:712.vc169a_1387405 workflow-scm-step:2.13 workflow-step-api:625.vd896b_f445a_f8 workflow-support:819.v37d707a_71d9b_

What Operating System are you using (both controller, and any agents involved in the problem)?

Ubuntu 20.04.4 LTS across the board.

Reproduction steps

  1. Configure CasC with a reload token via JAVA_ARGS in /etc/default/jenkins as follows: JAVA_ARGS="$JAVA_ARGS -Dcasc.reload.token={token_value}"

  2. Reload CasC config via HTTP POST

Expected Results

HTTP 200 response

Actual Results

Receive an HTTP 403 response with the following text:

HTTP ERROR 403 No valid crumb was included in the request

Anything else?

Reloading via HTTP POST with the reload token was working just fine up to and including the following environment and plugin versions.

Prior Working Environment Jenkins: 2.319.3 OS: Linux - 5.13.0-1022-aws --- ace-editor:1.1 amazon-ecr:1.7 antisamy-markup-formatter:2.7 apache-httpcomponents-client-4-api:4.5.13-1.0 atlassian-jira-software-cloud:1.4.5 audit-trail:3.10 authentication-tokens:1.4 authorize-project:1.4.0 aws-credentials:189.v3551d5642995 aws-java-sdk:1.12.148-310.v5e3b_c2681d79 aws-java-sdk-cloudformation:1.12.148-310.v5e3b_c2681d79 aws-java-sdk-codebuild:1.12.148-310.v5e3b_c2681d79 aws-java-sdk-ec2:1.12.148-310.v5e3b_c2681d79 aws-java-sdk-ecr:1.12.148-310.v5e3b_c2681d79 aws-java-sdk-ecs:1.12.148-310.v5e3b_c2681d79 aws-java-sdk-elasticbeanstalk:1.12.148-310.v5e3b_c2681d79 aws-java-sdk-iam:1.12.148-310.v5e3b_c2681d79 aws-java-sdk-logs:1.12.148-310.v5e3b_c2681d79 aws-java-sdk-minimal:1.12.148-310.v5e3b_c2681d79 aws-java-sdk-ssm:1.12.148-310.v5e3b_c2681d79 basic-branch-build-strategies:1.3.2 bootstrap4-api:4.6.0-3 bootstrap5-api:5.1.3-6 bouncycastle-api:2.25 branch-api:2.7.0 build-timeout:1.20 build-user-vars-plugin:1.8 caffeine-api:2.9.2-29.v717aac953ff3 checks-api:1.7.2 cloudbees-folder:6.708.ve61636eb_65a_5 command-launcher:1.6 configuration-as-code:1346.ve8cfa_3473c94 configuration-as-code-secret-ssm:1.0.1 credentials:1074.v60e6c29b_b_44b_ credentials-binding:1.27.1 display-url-api:2.3.5 docker-commons:1.19 docker-workflow:1.28 durable-task:493.v195aefbb0ff2 ec2:1.66 echarts-api:5.3.0-2 font-awesome-api:6.0.0-1 git:4.10.3 git-client:3.11.0 git-server:1.10 github:1.34.2 github-api:1.301-378.v9807bd746da5 github-branch-source:2.11.4 global-slack-notifier:1.5 handlebars:3.0.8 jackson2-api:2.13.1-246.va8a9f3eaf46a javax-activation-api:1.2.0-2 javax-mail-api:1.6.2-5 jaxb:2.3.0.1 jdk-tool:1.5 jjwt-api:0.11.2-9.c8b45b8bb173 job-dsl:1.78.3 jquery3-api:3.6.0-2 jsch:0.1.55.2 junit:1.54 lockable-resources:2.14 mailer:408.vd726a_1130320 matrix-auth:3.0.1 matrix-project:1.20 momentjs:1.1.1 node-iterator-api:1.5.1 okhttp-api:4.9.3-105.vb96869f8ac3a parameterized-scheduler:1.0 pipeline-aws:1.43 pipeline-build-step:2.16 pipeline-graph-analysis:188.v3a01e7973f2c pipeline-input-step:446.vf27b_0b_83500e pipeline-milestone-step:100.v60a_03cd446e1 pipeline-model-api:1.9.3 pipeline-model-definition:1.9.3 pipeline-model-extensions:1.9.3 pipeline-rest-api:2.21 pipeline-stage-step:291.vf0a8a7aeeb50 pipeline-stage-tags-metadata:1.9.3 pipeline-stage-view:2.21 plain-credentials:1.8 plugin-util-api:2.14.0 popper-api:1.16.1-2 popper2-api:2.11.2-1 rebuild:1.33 role-strategy:3.2.0 saml:2.1.1-275.va_5718591a_999 scm-api:595.vd5a_df5eb_0e39 script-security:1131.v8b_b_5eda_c328e slack:602.v0da_f7458945d snakeyaml-api:1.29.1 ssh-credentials:1.19 ssh-slaves:1.33.0 sshd:3.1.0 structs:308.v852b473a2b8c test-results-aggregator:1.2.6 timestamper:1.17 token-macro:277.v7c8f82a_d66b_3 trilead-api:1.0.13 variant:1.4 workflow-aggregator:2.6 workflow-api:1138.v619fd5201b_2f workflow-basic-steps:2.24 workflow-cps:2659.v52d3de6044d0 workflow-cps-global-lib:564.ve62a_4eb_b_e039 workflow-durable-task-step:1121.va_65b_d2701486 workflow-job:1145.v7f2433caa07f workflow-multibranch:711.vdfef37cda_816 workflow-scm-step:2.13 workflow-step-api:622.vb_8e7c15b_c95a_ workflow-support:813.vb_d7c3d2984a_0
timja commented 2 years ago

If you go to:

https://$JENKINS_URL/systemInfo

and search casc.reload.token is it there?

kerr-bighealth commented 2 years ago

Hi, @timja thanks for the fast follow-up. Confirmed that casc.reload.token does not exist in my most current system config, though does exist in my prior system config.

timja commented 2 years ago

On newer versions the configuration is using systemd.

Take a look at the instructions here: https://www.jenkins.io/doc/book/system-administration/systemd-services/

cc @basil and @MarkEWaite in case this should've been handled.

kerr-bighealth commented 2 years ago

Ahh, thanks! I moved the config over to a systemd drop-in, and reload is working again!

MarkEWaite commented 2 years ago

Originally reported as JENKINS-67724.