Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

java.lang.IllegalStateException: Vault plugin has not been configured. #274

Open
ranma2913 opened this issue Dec 1, 2022 · 5 comments
Open

java.lang.IllegalStateException: Vault plugin has not been configured. #274

ranma2913 opened this issue Dec 1, 2022 · 5 comments
Labels
bug

Comments

@ranma2913
Copy link

ranma2913 commented Dec 1, 2022
edited
Loading

Jenkins and plugins versions report

Environment 
Jenkins: 2.332.2
OS: Linux - 4.18.0-305.25.1.el8_4.x86_64
---
ace-editor:1.1
active-directory:2.27
ant:481.v7b_09e538fcca
antisamy-markup-formatter:155.v795fb_8702324
apache-httpcomponents-client-4-api:4.5.13-138.v4e7d9a_7b_a_e61
artifactory:3.17.3
audit-trail:3.10
authentication-tokens:1.4
backup-interrupt-plugin:1.0
basic-branch-build-strategies:1.3.2
bootstrap4-api:4.6.0-5
bootstrap5-api:5.2.0-1
bouncycastle-api:2.26
branch-api:2.1051.v9985666b_f6cc
build-keeper-plugin:1.3
build-pipeline-plugin:1.5.8
build-timeout:1.20
build-with-parameters:73.v3ed13cb_d6cca
caffeine-api:2.9.3-65.v6a_47d0f4d1fe
checks-api:1.7.5
cloudbees-disk-usage-simple:0.10
cloudbees-folder:6.740.ve4f4ffa_dea_54
command-launcher:90.v669d7ccb_7c31
commons-lang3-api:3.12.0-36.vd97de6465d5b_
commons-text-api:1.10.0-27.vb_fa_3896786a_7
conditional-buildstep:1.4.2
config-file-provider:3.10.0
configuration-as-code:1569.vb_72405b_80249
copyartifact:1.48
credentials:1087.1089.v2f1b_9a_b_040e4
credentials-binding:523.vd859a_4b_122e6
cucumber-reports:5.7.4
display-url-api:2.3.6
docker-commons:1.21
docker-java-api:3.2.13-37.vf3411c9828b9
docker-plugin:1.2.10
docker-workflow:528.v7c193a_0b_e67c
durable-task:503.v57154d18d478
echarts-api:5.3.3-1
email-ext:2.92
envinject:2.881.v37c62073ff97
envinject-api:1.199.v3ce31253ed13
extended-read-permission:3.2
external-monitor-job:203.v683c09d993b_9
folder-properties:1.2.1
font-awesome-api:6.1.2-1
gatling:1.3.0
git:4.11.5
git-client:3.11.2
git-parameter:0.9.18
git-server:1.11
github:1.34.3.1
github-api:1.303-400.v35c2d8258028
github-branch-source:1677.v731f745ea_0cf
global-variable-string-parameter:1.2
gradle:2.1.1
groovy:453.vcdb_a_c5c99890
handlebars:3.0.8
hashicorp-vault-pipeline:1.4
hashicorp-vault-plugin:359.v2da_3b_45f17d5
icon-shim:3.0.0
ivy:2.4
jackson2-api:2.14.1-313.v504cdd45c18b
jacoco:3.3.2
jakarta-activation-api:2.0.1-2
jakarta-mail-api:2.0.1-2
javadoc:226.v71211feb_e7e9
javax-activation-api:1.2.0-5
javax-mail-api:1.6.2-8
jaxb:2.3.7-1
jdk-tool:63.v62d2fd4b_4793
jjwt-api:0.11.5-77.v646c772fddb_0
jobConfigHistory:1139.v888b_656ca_f6d
jquery:1.12.4-1
jquery-detached:1.2.1
jquery3-api:3.6.1-1
jsch:0.1.55.61.va_e9ee26616e7
junit:1143.1145.v81b_b_9579a_019
kubernetes:3724.v0920c1e0ec69
kubernetes-client-api:5.12.2-193.v26a_6078f65a_9
kubernetes-credentials:0.9.0
ldap:2.11
lockable-resources:2.18
logstash:2.5.0205.vd05825ed46bd
mailer:435.438.v5b_81173f5b_a_1
matrix-auth:3.1.5
matrix-project:772.v494f19991984
maven-plugin:3.20
metrics:4.1.6.2
mina-sshd-api-common:2.9.2-50.va_0e1f42659a_a
mina-sshd-api-core:2.9.2-50.va_0e1f42659a_a
modernstatus:1.3
momentjs:1.1.1
oauth-credentials:0.5
okhttp-api:4.9.3-108.v0feda04578cf
pam-auth:1.10
parameterized-trigger:2.45
pipeline-build-step:2.18
pipeline-github-lib:38.v445716ea_edda_
pipeline-graph-analysis:195.v5812d95a_a_2f9
pipeline-groovy-lib:612.v84da_9c54906d
pipeline-input-step:466.v6d0a_5df34f81
pipeline-milestone-step:101.vd572fef9d926
pipeline-model-api:2.2118.v31fd5b_9944b_5
pipeline-model-definition:2.2118.v31fd5b_9944b_5
pipeline-model-extensions:2.2118.v31fd5b_9944b_5
pipeline-rest-api:2.28
pipeline-stage-step:293.v200037eefcd5
pipeline-stage-tags-metadata:2.2118.v31fd5b_9944b_5
pipeline-stage-view:2.28
pipeline-utility-steps:2.14.0
plain-credentials:139.ved2b_9cf7587b
plugin-util-api:2.17.0
popper-api:1.16.1-3
popper2-api:2.11.6-1
read-only-configurations:1.10
resource-disposer:0.20
run-condition:1.5
saferestart:0.3
scm-api:621.vda_a_b_055e58f7
script-security:1190.v65867a_a_47126
snakeyaml-api:1.31-84.ve43da_fb_49d0b
ssh-agent:295.v9ca_a_1c7cc3a_a_
ssh-credentials:277.280.v1e86b_7d0056b_
ssh-slaves:1.821.vd834f8a_c390e
sshd:3.242.va_db_9da_b_26a_c3
structs:324.va_f5d6774f3a_d
timestamper:1.21
token-macro:321.vd7cc1f2a_52c8
trilead-api:1.67.vc3938a_35172f
variant:59.vf075fe829ccb
windows-slaves:1.8.1
workflow-aggregator:590.v6a_d052e5a_a_b_5
workflow-api:1200.v8005c684b_a_c6
workflow-basic-steps:994.vd57e3ca_46d24
workflow-cps:2729.2732.vda_e3f07b_5a_f8
workflow-cps-global-lib:609.vd95673f149b_b
workflow-durable-task-step:1190.vc93d7d457042
workflow-job:1189.va_d37a_e9e4eda_
workflow-multibranch:716.vc692a_e52371b_
workflow-scm-step:400.v6b_89a_1317c9a_
workflow-step-api:639.v6eca_cd8c04a_a_
workflow-support:839.v35e2736cfd5c
ws-cleanup:0.43

What Operating System are you using (both controller, and any agents involved in the problem)?

OS: Linux - 4.18.0-305.25.1.el8_4.x86_64

Reproduction steps

  1. Configure Vault Plugin in Global Settings
  2. Configure Global Vault Username-Password Credential
  3. Configure checkout scm step referencing that credentialId

Expected Results

Job should run without error.

Actual Results

java.lang.IllegalStateException: Vault plugin has not been configured.
	at com.datapipe.jenkins.vault.credentials.common.VaultHelper.getVaultSecret(VaultHelper.java:47)
	at com.datapipe.jenkins.vault.credentials.common.VaultHelper.getVaultSecretKey(VaultHelper.java:98)
Also:   hudson.remoting.Channel$CallSiteStackTrace: Remote call to docker-001qc4j2x76sf
		at hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1784)
		at hudson.remoting.UserRequest$ExceptionResponse.retrieve(UserRequest.java:356)
		at hudson.remoting.Channel.call(Channel.java:1000)
		at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.execute(RemoteGitImpl.java:143)
		at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

		at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
		at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
		at java.lang.reflect.Method.invoke(Method.java:498)
		at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.invoke(RemoteGitImpl.java:129)
		at com.sun.proxy.$Proxy97.execute(Unknown Source)
		at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1226)
		at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1308)
		at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:129)
		at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:97)
		at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:84)

		at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47)
		at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
		at java.util.concurrent.FutureTask.run(FutureTask.java:266)
		at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
		at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
		at java.lang.Thread.run(Thread.java:748)

Caused: java.lang.IllegalStateException
	at com.datapipe.jenkins.vault.credentials.common.VaultHelper.getVaultSecretKey(VaultHelper.java:109)
	at com.datapipe.jenkins.vault.credentials.common.AbstractVaultBaseStandardCredentials.getVaultSecretKeyValue(AbstractVaultBaseStandardCredentials.java:87)
	at com.datapipe.jenkins.vault.credentials.common.VaultUsernamePasswordCredentialImpl.getUsername(VaultUsernamePasswordCredentialImpl.java:63)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.createUsernameFile(CliGitAPIImpl.java:2400)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:2056)

	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$500(CliGitAPIImpl.java:85)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:619)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$2.execute(CliGitAPIImpl.java:848)
	at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$GitCommandMasterToSlaveCallable.call(RemoteGitImpl.java:158)
	at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$GitCommandMasterToSlaveCallable.call(RemoteGitImpl.java:151)
	at hudson.remoting.UserRequest.perform(UserRequest.java:211)
	at hudson.remoting.UserRequest.perform(UserRequest.java:54)

	at hudson.remoting.Request$2.run(Request.java:376)
	at hudson.remoting.InterceptingExecutorService.lambda$wrap$0(InterceptingExecutorService.java:78)
	at java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)

	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.lang.Thread.run(Thread.java:829)
Finished: FAILURE

Anything else?

I downgraded the plugin one version at a time until it worked. hashicorp-vault-plugin:3.7.0 is what I landed on and my pipeline worked fine again. So it seems like there's some breaking change in the plugin after that version.
@ranma2913 ranma2913 added the bug label Dec 1, 2022
@xeongm
Copy link

xeongm commented Dec 12, 2022

I have the same thing, rolled back to 3.7.0.

@conor-mccullough
Copy link

FYI, while testing the plugin recently I ran into this same issue.

@hamidgholami
Copy link

FYI, I also have the same issue.

Jenkins 2.375.3
httpRequest 1.16
hashicorp-vault-plugin 360.v0a_1c04cf807d

@keithlai124
Copy link

Hi, I've also ran into this same issue.

For our use case we're trying to just do a simple checkout of a code base in the agent (example Jenkinsfile below):

pipeline {
    agent any
    stages {
        stage('Test checkout from agent') {
            steps {
                script {
                    checkout([$class: 'GitSCM', branches: [[name: '*/main']], extensions: [], userRemoteConfigs: [[credentialsId: 'git-user-password-from-vault', url: 'https://github.com/org/dummy-repo.git']]])
                }
            }
        }

    }
}

From investigations it seems that in the latest tagged version (currently 368.v48134f694db_f) it is making an assumption
that the checkout scm code is run on the controller. However in the hashicorp-vault-plugin-3.7.0 version it has logic to detect whether the code is run on the agent or the controller. If it is on the agent, it will attempt to communicate back to the controller to get the data.

Not sure if this is the new expected behaviour or whether it is an existing bug, would appreciate a fix if possible.

Commit which changed this behaviour: 3958ecc

@keithlai124
Copy link

It seems that someone has recently provided a fix to this problem in version 369.vd49b_f7441a_a_3.

Related pull request can be found here: #334

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ranma2913 @keithlai124 @hamidgholami @conor-mccullough @xeongm