Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JCASC plugin not managing correctly ssl certificate set to " - none - " #35

Open
2 tasks
mbuccarello opened this issue Dec 21, 2020 · 4 comments
Open
2 tasks

JCASC plugin not managing correctly ssl certificate set to " - none - " #35

mbuccarello opened this issue Dec 21, 2020 · 4 comments
Labels
component/jenkins contributor kind/bug

Comments

@mbuccarello
Copy link
Contributor

mbuccarello commented Dec 21, 2020
edited
Loading

Hello team
I shared detail about the problem in jenkins Jira in the JCASC section as described here:

https://issues.jenkins.io/browse/JENKINS-64492

Steps to Reproduce

Steps to reproduce the behavior:

  1. configure jenkins using the cacerts insted of .p12 file as described here https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-DAP/Latest/en/Content/Integrations/jenkins-configure.htm?tocpath=Integrations%7CJenkins%7C_____2#Preparethecertificate
  2. make sure jenkins as JCASC plugin installed and your conjur plugin is configured in this wayimage
  3. restart jenkins and run a pipeline that is expected to work because certificate is managed at cacerts level
  4. The pipeline should not be able to fetch the secret from DAP / Conjur
    image

Expected Results

Conjur / Cyberark plugin should work correctly with JCASC and manage correctly empty values in the plugin

Actual Results (including error logs, if applicable)

This is the error i have in all the pipele implementing the secret fetching
image

Reproducible

  • [ X] Always
  • Sometimes
  • Non-Reproducible

Version/Tag number

1.0.2

Environment setup

jenkins 2.263.1
DAP 11.7
JCASC plugin
conjur plugin

Additional Information

A workaround we found is, reapply the configuration the " - none -" value in the SSL Certificate field make the plugin and the pipeline working as expected.
@izgeri
Copy link
Contributor

izgeri commented Dec 21, 2020

Thanks for this bug report @mbuccarello. I've alerted the maintainer of this project, @cyberark-bizdev, to this issue and I hope they'll get back to you soon - given the holiday this week, it may take a bit longer than usual.

@mbuccarello
Copy link
Contributor Author

I'm working on a PR, based on my first analisys the problem seems related on the combination of JCASC and Conjur plugin.

It seems only if we configure the plugin through JCASC plugin the Channel object is null and this lead in a null point exception on lin 52, because CredentialsMatchers.withId(configuration.getCertificateCredentialID()) is null

image

I'm trying to test a modifed version of the plugin in this way

image

by checking the certificate field, because if it is null this means the certificate should be null and work with the jenkins cacerts

@mbuccarello
Copy link
Contributor Author

mbuccarello commented Dec 22, 2020
edited
Loading

I opened a PR tested in our qa enviroment and it's working well, here the link jenkinsci#3

Please try to take a look @cyberark-bizdev,

Thanks

Michele

@izgeri
Copy link
Contributor

izgeri commented Dec 28, 2020

Thanks @mbuccarello - I'm working on getting in touch with @cyberark-bizdev via other channels to try to make sure you get a review on this, but with the holidays response times are sure to be slow right now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component/jenkins contributor kind/bug
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mbuccarello @izgeri