prepare for JCasC compatibility #110
Conversation
- update parent pom to latest v3.51 - set java level to 8. - target Jenkins 2.60.3 in preparation for adding JCasC compatibility - fix upper bound dependency between credential plugins and ssh slaves plugin - json-lib is coming from Jenkins core. - remove custom build steps as they are no longer necessary due to pom update and spotbugs.skip is available
|
Jenkins says NO, need to add the DescriptorVisibilityFilterImpl from #100 😄 |
|
Here is the code related to visibility /**
* Returns the list of {@link ComputerLauncher} descriptors appropriate to the supplied {@link Slave}.
*
* @param it the {@link Slave} or {@code null} to assume the slave is of type {@link #clazz}.
* @return the filtered list
* @since 2.12
*/
@Nonnull
@Restricted(NoExternalUse.class) // intended for use by Jelly EL only (plus hack in DelegatingComputerLauncher)
public final List<Descriptor<ComputerLauncher>> computerLauncherDescriptors(@CheckForNull Slave it) {
DescriptorExtensionList<ComputerLauncher, Descriptor<ComputerLauncher>> all =
Jenkins.getInstance().<ComputerLauncher, Descriptor<ComputerLauncher>>getDescriptorList(
ComputerLauncher.class);
return it == null ? DescriptorVisibilityFilter.applyType(clazz, all)
: DescriptorVisibilityFilter.apply(it, all);
}Does the same as what |
|
Okay green build 👍 Should I apply the DescriptorVisibilityFilter to the other methods here or do you want a separate PR for that? |
src/main/java/org/jenkinsci/plugins/vSphereCloudSlaveTemplate.java
Outdated
Show resolved
Hide resolved
src/main/java/org/jenkinsci/plugins/vsphere/VSphereConnectionConfig.java
Show resolved
Hide resolved
|
Thanks for getting back on this :-) FYI my "at work" workload is currently such that I don't have the time to deep delve into this and learn enough to offer informed-and-instructive opinion so I guess you're going to be the subject-matter-expert on this without much help from me (although, if you can point me at specific documentation to improve my understanding, that'd be appreciated). Re: the one-or-many-PRs question, I'm a bit torn between "do it all for consistency" vs "cautious iterative changes"... but anything involving After this PR, I think that, as long as you're willing to do the necessary tests to ensure that "it's all good" then we can do it in as many or as few PRs as you want. i.e. if you're driving it, it's up to you. I'll just push the "merge" button when you say. However, this is all contingent on (you) doing some manual tests (or you writing unit tests) to convince me that it not only works in isolation but also continues to work "as intended" when there are other plugins contributing other As far as testing goes, we don't want vSphere-specific launchers being suggested as an option for non-vsphere slaves, so that either means a unit-test (which would be the preferred option) or it means manual testing (typically by running up a test Jenkins with this plugin and a few others and checking that they're not interfering with each other in unexpected ways). So, overall, I think we need to build up a list of TL;DR: Convince me that this PR is all fine and I'll merge it; I don't want to have to test it myself 😛 |
|
I'm not deliberately ignoring you ... work's been a tad busy. i.e. either you test it (see my previous comment), or you'll have to wait for me to test it. |
|
I'd like to consume the incremental build (I would need to add a commit to enable incremental repo publishing) |
|
incremental allows me to do this in our production setup diff --git a/dockerfile b/dockerfile
index b6022ed..26a139d 100644
--- a/dockerfile
+++ b/dockerfile
@@ -30,9 +30,7 @@ COPY --chown=jenkins plugins.txt $jenkins_refdir/
# plugin installation layer, plugins are redownloaded everytime when plugins.txt is changed
RUN mkdir -p $jenkins_refdir/plugins && \
- install-plugins.sh < $jenkins_refdir/plugins.txt && \
- curl -sSfL $artifactory/maven/org/jenkins-ci/plugins/vsphere-cloud/2.21-SNAPSHOT/vsphere-cloud-2.21-20191104.103446-1.hpi \
- -o $jenkins_refdir/plugins/vsphere-cloud.jpi.override
+ install-plugins.sh < $jenkins_refdir/plugins.txt
ARG CONTAINER_BUILD_TAG
ENV CONTAINER_BUILD_TAG=$CONTAINER_BUILD_TAG
diff --git a/plugins.txt b/plugins.txt
index 40d1dd9..ddc27d7 100644
--- a/plugins.txt
+++ b/plugins.txt
@@ -132,8 +132,7 @@ token-macro:2.10
trilead-api:1.0.5
variant:1.3
view-job-filters:2.1.1
# PR in progress: https://github.com/jenkinsci/vsphere-cloud-plugin/pull/100
-# vsphere-cloud:2.21-SNAPSHOT (private-d8485ff2-Joseph Petersen)
+vsphere-cloud:incrementals;org.jenkins-ci.plugins;2.21-rc447.075d17a3a216
vstestrunner:1.0.8
warnings-ng:7.1.0
windows-azure-storage:1.1.2 |
|
If you hadn't snuck that Note: I would prefer incremental support to have been added as a separate PR so if it's just as easy to remove that commit from here and put it in a new PR then please do so. If not, it'll have to be fixed here and merging this will have to wait until that's fixed. |
|
I can't keep separating PRs... to do honest work 😭 |
This reverts commit 075d17a.
|
OK. Are you happy for me to merge what we've got here as of 25989eb ? |
|
yes please. I then need to add a new PR... that I then need #100 to be rebased on 😭 |
| return new StandardListBoxModel().includeEmptyValue() | ||
| .includeMatching(Jenkins.getInstance(), StandardCredentials.class, | ||
| Collections.singletonList(getDomainRequirement(vsHost)), CREDENTIALS_MATCHER); |
There was a problem hiding this comment.
With this change, I can no longer select any credentials since the dropdown list only contains “-none-“. I reverted the change to this method and the dropdown list is properly populated.
I would like to understand why the change was made and if the problem I am seeing is a bug or not. Any feedback you can supply would be appreciated.
There was a problem hiding this comment.
Hmm.... my guess is that you don't have sufficient rights on your Jenkins server to see all the credentials you're used to seeing.
The old code specified
return new StandardListBoxModel().withEmptySelection().withMatching(
CREDENTIALS_MATCHER, CredentialsProvider.lookupCredentials(StandardCredentials.class,
instance, ACL.SYSTEM, getDomainRequirement(vsHost))
whereas the new code is missing the ACL.SYSTEM bit, so I would guess that it's showing you what credentials you're allowed to see instead of all the credentials the system can see.
...but that's a guess - I'm not hugely familiar with how StandardListBoxModel is (or should be) used so I can't tell the difference between "good enough that it'll work in my own local environment" and "actually correct".
I can tell you that it "works for me" - if I go to "manage jenkins" -> "configure system", scroll down to "clouds" and then click on the drop-down list of credentials for a specific vSphere cloud then I see lots of credentials ... but I'm logged as "as administrator" and I don't have any restrictions on how my credentials are used. My assumption is that your setup differs, which is why it's not working for you.
If we can get to the bottom of this, I'd be quite happy to receive a PR that fixes it for you (as long as it doesn't break it for anyone else)...
There was a problem hiding this comment.
I believe for this to work with folder credentials it might need some tweaking
There was a problem hiding this comment.
Ah, yes, folders make everything vastly more complicated, and they're not something I have any experience with.
If you are able to try out different options ... try using the new code but where it says Jenkins.getInstance() put instead containingFolderOrNull!=null?containingFolderOrNull:Jenkins.getInstance()
That should then provide the folder as the "context" for the credentials list instead of the Jenkins administrator-only list.
...and if that works then I suspect that we'll need similar changes elsewhere too...
There was a problem hiding this comment.
This change seems to be the cause of JENKINS-61131.
Can please a maintainer take a look at my proposed fix in #116?
There was a problem hiding this comment.
Looked; merged.
@albers Given that you know enough on this subject to be able to code a fix ... what's your opinion on containingFolderOrNull!=null?containingFolderOrNull:Jenkins.getInstance() vs Jenkins.getInstance() ?
My own experience with credential lists is more "shooting in the dark" than actual informed opinion so if you know enough to suggest fixes you probably know more about how this should be done than I do - I'd welcome any informed suggestions, especially if it'll let us get it right this time - trial and error isn't an approach I like to use...
There was a problem hiding this comment.
ContainingFolderOrNull is not the proper way of doing it.
From jenkins you can ask for the context using @AncestorInPath Item item
There was a problem hiding this comment.
While I am familiar (as in, I've seen it used before) with @AncestorInPath Item item, I'm less certain about Tasks.getAuthenticationOf((Queue.Task) project); I suspect that the vSphere plugin is unlikely to encounter a Queue.Task and that this is more specific to the git plugin's use-case...
The existing vsphere-plugin code already obtains @AncestorInPath AbstractFolder<?> containingFolderOrNull and as AbstractFolder is instanceof Item I would expect containingFolderOrNull to be the same value we'd get if this code had requested @AncestorInPath Item item instead.
What I'm less certain of is exactly what to do with it...
jenkinsci#110 changed the population of the credentials selection to no longer use deprecated api. Credentials are now resolved in the context of Jenkins.getAuthentication(), which does not return any matches. According to the documentation of the credentials-plugin, interactive lookups on the main configuration page should be performed as ACL.SYSTEM.
jenkinsci#110 changed the population of the credentials selection to no longer use deprecated api. Credentials are now resolved in the context of Jenkins.getAuthentication(), which does not return any matches. According to the documentation of the credentials-plugin, interactive lookups on the main configuration page should be performed as ACL.SYSTEM. Signed-off-by: Harald Albers <[email protected]>
and spotbugs.skip is available