Exception on java 17

[ramunasd]

Jenkins and plugins versions report

Environment

```text Jenkins: 2.462.2 OS: Linux - 5.15.0-1026-aws Java: 17.0.12 - Ubuntu (OpenJDK 64-Bit Server VM) --- PrioritySorter:5.1.0 analysis-model-api:12.7.0 ansicolor:1.0.4 ant:511.v0a_a_1a_334f41b_ antisamy-markup-formatter:162.v0e6ec0fcfcf6 apache-httpcomponents-client-4-api:4.5.14-208.v438351942757 apache-httpcomponents-client-5-api:5.4-118.v199115451c4d asm-api:9.7-33.v4d23ef79fcc8 authentication-tokens:1.119.v50285141b_7e1 aws-java-sdk-ec2:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-minimal:1.12.767-467.vb_e93f0c614b_6 badge:2.1 bootstrap5-api:5.3.3-1 bouncycastle-api:2.30.1.78.1-248.ve27176eb_46cb_ branch-api:2.1178.v969d9eb_c728e build-blocker-plugin:166.vc82fc20b_a_ed6 build-timeout:1.33 build-user-vars-plugin:176.vb_9c7907fd524 caffeine-api:3.1.8-133.v17b_1ff2e0599 checks-api:2.2.1 cloudbees-folder:6.951.v5f91d88d76b_b_ cloverphp:0.6 command-launcher:115.vd8b_301cc15d0 commons-lang3-api:3.17.0-84.vb_b_938040b_078 commons-text-api:1.12.0-129.v99a_50df237f7 copyartifact:749.vfb_dca_a_9b_6549 credentials:1378.v81ef4269d764 credentials-binding:681.vf91669a_32e45 dark-theme:479.v661b_1b_911c01 data-tables-api:2.1.6-1 display-url-api:2.204.vf6fddd8a_8b_e9 docker-commons:443.v921729d5611d docker-workflow:580.vc0c340686b_54 dtkit-api:3.0.2 durable-task:577.v2a_8a_4b_7c0247 echarts-api:5.5.1-1 eddsa-api:0.3.0-4.v84c6f0f4969e email-ext:1844.v3ea_a_b_842374a_ envinject:2.919.v009a_a_1067cd0 envinject-api:1.199.v3ce31253ed13 font-awesome-api:6.6.0-2 forensics-api:2.6.0 git:5.5.1 git-client:5.0.0 github:1.40.0 github-api:1.321-468.v6a_9f5f2d5a_7e groovy:457.v99900cb_85593 groovy-postbuild:228.vcdb_cf7265066 gson-api:2.11.0-41.v019fcf6125dc hashicorp-vault-pipeline:1.4 hashicorp-vault-plugin:370.v946b_53544a_30 htmlpublisher:1.36 instance-identity:185.v303dc7c645f9 ionicons-api:74.v93d5eb_813d5f jackson2-api:2.17.0-379.v02de8ec9f64c jakarta-activation-api:2.1.3-1 jakarta-mail-api:2.1.3-1 javax-activation-api:1.2.0-7 javax-mail-api:1.6.2-10 jaxb:2.3.9-1 jdk-tool:80.v8a_dee33ed6f0 jobConfigHistory:1268.v75ce751da_911 joda-time-api:2.13.0-85.vb_64d1c2921f1 jquery3-api:3.7.1-2 jsch:0.2.16-86.v42e010d9484b_ json-api:20240303-41.v94e11e6de726 json-path-api:2.9.0-58.v62e3e85b_a_655 junit:1300.v03d9d8a_cf1fb_ mailer:472.vf7c289a_4b_420 material-theme:0.5.2-rc100.6121925fe229 matrix-auth:3.2.2 matrix-project:832.va_66e270d2946 metrics:4.2.21-451.vd51df8df52ec mina-sshd-api-common:2.13.2-125.v200281b_61d59 mina-sshd-api-core:2.13.2-125.v200281b_61d59 naginator:1.481.vcb_b_384a_3de89 oic-auth:3.0 okhttp-api:4.11.0-172.vda_da_1feeb_c6e parameterized-trigger:806.vf6fff3e28c3e pipeline-build-step:540.vb_e8849e1a_b_d8 pipeline-graph-analysis:216.vfd8b_ece330ca_ pipeline-graph-view:340.v28cecee8b_25f pipeline-groovy-lib:730.ve57b_34648c63 pipeline-input-step:495.ve9c153f6067b_ pipeline-milestone-step:119.vdfdc43fc3b_9a_ pipeline-model-api:2.2214.vb_b_34b_2ea_9b_83 pipeline-model-definition:2.2214.vb_b_34b_2ea_9b_83 pipeline-model-extensions:2.2214.vb_b_34b_2ea_9b_83 pipeline-rest-api:2.34 pipeline-stage-step:312.v8cd10304c27a_ pipeline-stage-tags-metadata:2.2214.vb_b_34b_2ea_9b_83 pipeline-stage-view:2.34 plain-credentials:183.va_de8f1dd5a_2b_ plugin-util-api:5.1.0 postbuildscript:3.3.0-654.v67cf36130d78 prism-api:1.29.0-17 publish-over:0.22 publish-over-ftp:1.17 resource-disposer:0.23 role-strategy:743.v142ea_b_d5f1d3 scm-api:696.v778d637b_a_762 script-security:1362.v67dc1f0e1b_b_3 simple-theme-plugin:196.v96d9592f4efa_ slack:741.v00f9591c586d snakeyaml-api:2.3-123.v13484c65210a_ ssh-agent:376.v8933585c69d3 ssh-credentials:343.v884f71d78167 sshd:3.330.vc866a_8389b_58 structs:338.v848422169819 text-finder:1.29 theme-manager:262.vc57ee4a_eda_5d thinBackup:2.1.1 timestamper:1.27 token-macro:400.v35420b_922dcb_ trilead-api:2.147.vb_73cc728a_32e variant:60.v7290fc0eb_b_cd warnings-ng:11.9.0 workflow-aggregator:600.vb_57cdd26fdd7 workflow-api:1336.vee415d95c521 workflow-basic-steps:1058.vcb_fc1e3a_21a_9 workflow-cps:3964.v0767b_4b_a_0b_fa_ workflow-durable-task-step:1371.vb_7cec8f3b_95e workflow-job:1436.vfa_244484591f workflow-multibranch:795.ve0cb_1f45ca_9a_ workflow-scm-step:427.v4ca_6512e7df1 workflow-step-api:678.v3ee58b_469476 workflow-support:926.v9f4f9b_b_98c19 ws-cleanup:0.46 xunit:3.1.5 ```

What Operating System are you using (both controller, and any agents involved in the problem)?

Ubuntu 22.04.5 LTS

Reproduction steps

1. Switch JAVA_HOME to version 17
2. Restart jenkins
3. Trigger build with vault plugin enabled

Expected Results

No exception

Actual Results

Exception is thrown at the very beginning of job:

04:30:36 FATAL: Cannot invoke "java.util.Map.get(Object)" because "this.tokenExpiryCache" is null
04:30:36 java.lang.NullPointerException: Cannot invoke "java.util.Map.get(Object)" because "this.tokenExpiryCache" is null
04:30:36    at PluginClassLoader for hashicorp-vault-plugin//com.datapipe.jenkins.vault.credentials.AbstractVaultTokenCredentialWithExpiration.tokenExpired(AbstractVaultTokenCredentialWithExpiration.java:158)
04:30:36    at PluginClassLoader for hashicorp-vault-plugin//com.datapipe.jenkins.vault.credentials.AbstractVaultTokenCredentialWithExpiration.authorizeWithVault(AbstractVaultTokenCredentialWithExpiration.java:117)
04:30:36    at PluginClassLoader for hashicorp-vault-plugin//com.datapipe.jenkins.vault.VaultAccessor.init(VaultAccessor.java:69)
04:30:36    at PluginClassLoader for hashicorp-vault-plugin//com.datapipe.jenkins.vault.VaultAccessor.retrieveVaultSecrets(VaultAccessor.java:203)
04:30:36    at PluginClassLoader for hashicorp-vault-plugin//com.datapipe.jenkins.vault.VaultBuildWrapper.provideEnvironmentVariablesFromVault(VaultBuildWrapper.java:99)
04:30:36    at PluginClassLoader for hashicorp-vault-plugin//com.datapipe.jenkins.vault.VaultBuildWrapper.setUp(VaultBuildWrapper.java:73)
04:30:36    at jenkins.tasks.SimpleBuildWrapper.setUp(SimpleBuildWrapper.java:294)
04:30:36    at hudson.model.Build$BuildExecution.doRun(Build.java:158)
04:30:36    at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:526)
04:30:36    at hudson.model.Run.execute(Run.java:1894)
04:30:36    at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:44)
04:30:36    at hudson.model.ResourceController.execute(ResourceController.java:101)
04:30:36    at hudson.model.Executor.run(Executor.java:446)

Anything else?

Works fine on java 11

Are you interested in contributing a fix?

No response

[basil]

Does the incremental build from https://github.com/jenkinsci/hashicorp-vault-plugin/pull/341/checks?check_run_id=30715481071 help?

https://www.jenkins.io/doc/book/managing/plugins/#advanced-installation

[Waschndolos]

Hi @basil, I just ran into the same issue and installed the incremental build - unfortunatelly it still persists. What I found is that when you save the credential again which you use to connect to vault it will work again. Maybe that helps to narrow down the issue? Let me know if I can assist in debugging

[sodul]

What worked for us was to update <tokenExpiry> ... </tokenExpiry> to <tokenExpiryCache> ... </tokenExpiryCache> in the credentials.xml of the jenkins controller home directory, then RestartSafely.

This is a migration bug in the plugin introduced by #336 and should be fixed.

@dwnusbaum @jetersen FYI ^

[dwnusbaum]

Looks unrelated to Java 17. I think it was probably also possible prior to #336, but only for credentials saved after https://github.com/jenkinsci/hashicorp-vault-plugin/pull/325 (so anyone running the plugin since https://github.com/jenkinsci/hashicorp-vault-plugin/pull/223 might not have been affected until #336, and anyone running the plugin since before #223 had other problems: https://github.com/jenkinsci/hashicorp-vault-plugin/issues/323, https://github.com/jenkinsci/hashicorp-vault-plugin/issues/324, and https://github.com/jenkinsci/hashicorp-vault-plugin/issues/326). The class either needs a readResolve method to set its transient fields, or to make sure all transient fields are set before they are used.

update ... to ... in the credentials.xml of the jenkins controller home directory

Don't do this, instead delete <tokenExpiry>, <tokenCache> and <tokenExpiryCache> completely. This data never should have been serialized.

[dwnusbaum]

Or maybe it really was only possible after #336 because I did not change https://github.com/jenkinsci/hashicorp-vault-plugin/blob/946b53544a30ed5a2333e2a1abc79b1090d9be45/src/main/java/com/datapipe/jenkins/vault/credentials/AbstractVaultTokenCredentialWithExpiration.java#L110 to also check the renamed field. It's hard to follow all of the possible code paths for all of the possible states of the serialized data given the prior issues with these fields, so I'm not sure.

[dwnusbaum]

Either way, https://github.com/jenkinsci/hashicorp-vault-plugin/pull/342 should fix the issue.