This allows forcing HTTP 1.1 per official suggestion, since HTTP 2 regularly fails when downloading.
When updating credentials or using the puppet debug flag credentials leak to the puppet log.
This PR is an attempt to avoid this without requiring the user to apply the Sensitive data type to all parameters.
This is incomplete, see the last commit message for details. Sharing here in case anyone has time to dig into it.
This PR adds support for OpenId Connect Authentication https://plugins.jenkins.io/oic-auth/ securityRealm.
I am not very happy with the use of the "Boolean:" construct that i added for boolean parameters.
This was necessary because one of the parameters for the OicSecurityRealm constructor is a classed Boolean opposed to all others being primitive booleans. I am not very fluent in Java so i did not know how to solve this a different way. If anyone can provide a more elegant way around this issue i would love to change it.
Retries is only used by the CLI providers. Puppet itself also provides retry functionality. This avoids the need to ensure a gem is installed in the right environment, which may not even work if it's a disconnected environment.
This does ignore a parameter for the maximum time to sleep. I'm looking for feedback on how to best deal with this.
While on Debian10 plugin installation very often fails with:
Error: /Stage[main]/Jenkins::Plugins/Jenkins::Plugin[conditional-buildstep]/Archive[conditional-buildstep.hpi]/ensure: change from 'absent' to 'present' failed: Execution of '/usr/bin/curl https://updates.jenkins.io/latest/conditional-buildstep.hpi -o /tmp/conditional-buildstep.hpi_20220728-1598563-1n3z4vb -fsSLg --max-redirs 5' returned 16: curl: (16) Error in the HTTP2 framing layer
i added http1.1 hard as download option to prevent those errors.
Pull Request (PR) description
This PR changes the jenkins_plugins fact from a simple string value to a structured fact to avoid the error about a fact value being too long.
This Pull Request (PR) fixes the following issues
Fixes https://github.com/voxpupuli/puppet-jenkins/issues/1048
Maybe this gives too much information as the Hash contains much more than the name and version number that was in the 'old' fact.
It could easily be reduced to only some keys.
"jenkins_plugins": {
"blueocean-dashboard": {
"manifest_version": "1.0",
"archiver_version": "Plexus Archiver",
"created_by": "Apache Maven",
"built_by": "olamy",
"build_jdk": "11.0.13",
"extension_name": "blueocean-dashboard",
"specification_title": "The Jenkins Plugins Parent POM Project",
"implementation_title": "blueocean-dashboard",
"implementation_version": "1.25.2",
"group_id": "io.jenkins.blueocean",
"short_name": "blueocean-dashboard",
"long_name": "Dashboard for Blue Ocean",
"url": "https://github.com/jenkinsci/blueocean-plugin/blob/master/blueoce",
"minimum_java_version": "1.8",
"plugin_version": "1.25.2",
"hudson_version": "2.277.4",
"jenkins_version": "2.277.4",
"plugin_dependencies": "blueocean-web:1.25.2",
"plugin_developers": "Thorsten Iberian Sumurai:scherler:,Cliff Meyers:cli",
"support_dynamic_loading": "true",
"plugin_license_name": "MIT License",
"plugin_license_url": "https://opensource.org/licenses/MIT",
"plugin_scmurl": "https://github.com/jenkinsci/blueocean-plugin/blueocean"
},
"blueocean-autofavorite": {
"manifest_version": "1.0",
"archiver_version": "Plexus Archiver",
"created_by": "Apache Maven",
"built_by": "gmogan",
"build_jdk": "1.8.0_192",
"extension_name": "blueocean-autofavorite",
"specification_title": "Automatically favorites multibranch pipeline jobs",
"implementation_title": "blueocean-autofavorite",
"implementation_version": "1.2.4",
"group_id": "org.jenkins-ci.plugins",
"short_name": "blueocean-autofavorite",
"long_name": "Autofavorite for Blue Ocean",
"url": "https://wiki.jenkins-ci.org/display/JENKINS/Blue+Ocean+Autofavori",
"minimum_java_version": "1.8",
"plugin_version": "1.2.4",
"hudson_version": "2.121.1",
"jenkins_version": "2.121.1",
"plugin_dependencies": "workflow-job:2.32,branch-api:2.0.11,git-client:2.",
"plugin_developers": "James Dumay:jdumay:jdumay@cloudbees.com"
},
"blueocean": {
"manifest_version": "1.0",
"archiver_version": "Plexus Archiver",
"created_by": "Apache Maven",
...
...
modulesync 5.3.0
…t runs
<!--
Thank you for contributing to this project!
-->
Passes credentials to jenkins-cli as environement variables by default so passwords aren't visible in the output of ps during puppet agent runs.
Not sure if this has an associated issue
<!--
Thank you for contributing to this project!
-->
<!--
Replace this comment with a description of your pull request.
-->
<!--
Replace this comment with the list of issues or n/a.
Use format:
Fixes #123
Fixes #124
-->