[JIRA] (JENKINS-53460) JEP-200 com.amazonaws.services.kinesis.producer.KinesisProducer for security reasons
Title: Message Title Oleg Nenashev commented on JENKINS-53460 Re: JEP-200 com.amazonaws.services.kinesis.producer.KinesisProducer for security reasons Thanks for the update Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-53460) JEP-200 com.amazonaws.services.kinesis.producer.KinesisProducer for security reasons
Title: Message Title Oleg Nenashev updated JENKINS-53460 Jenkins / JENKINS-53460 JEP-200 com.amazonaws.services.kinesis.producer.KinesisProducer for security reasons Change By: Oleg Nenashev Status: Fixed but Unreleased Closed Resolution: Fixed Not A Defect Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-53460) JEP-200 com.amazonaws.services.kinesis.producer.KinesisProducer for security reasons
Title: Message Title Oleg Nenashev updated JENKINS-53460 Jenkins / JENKINS-53460 JEP-200 com.amazonaws.services.kinesis.producer.KinesisProducer for security reasons Change By: Oleg Nenashev Status: Open Fixed but Unreleased Resolution: Fixed Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-53460) JEP-200 com.amazonaws.services.kinesis.producer.KinesisProducer for security reasons
Title: Message Title juan perez commented on JENKINS-53460 Re: JEP-200 com.amazonaws.services.kinesis.producer.KinesisProducer for security reasons You were right, removed the class creation from the constructor and gave me no error. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-53460) JEP-200 com.amazonaws.services.kinesis.producer.KinesisProducer for security reasons
Title: Message Title Oleg Nenashev commented on JENKINS-53460 Re: JEP-200 com.amazonaws.services.kinesis.producer.KinesisProducer for security reasons I would suggest creating it on-demand in methods. If you want to optimize performance, you can cache it in a static variable or transuent field (will require restart handling then) Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-53460) JEP-200 com.amazonaws.services.kinesis.producer.KinesisProducer for security reasons
Title: Message Title
juan perez commented on JENKINS-53460
Re: JEP-200 com.amazonaws.services.kinesis.producer.KinesisProducer for security reasons
Yes class is created in the constructor:
@DataBoundConstructor
public Analytics(String ctsm_is_id, String project_id, String product_name, String version, String channel_id, String AWS_id){
this.project_id = project_id;
this.product_name = product_name;
this.version = version;
this.channel_id = channel_id;
this.AWS_id = AWS_id;
this.kinesisProducer = createKinessisProducer();
}
Add Comment
This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)
--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-53460) JEP-200 com.amazonaws.services.kinesis.producer.KinesisProducer for security reasons
Title: Message Title Oleg Nenashev commented on JENKINS-53460 Re: JEP-200 com.amazonaws.services.kinesis.producer.KinesisProducer for security reasons The reported code is unrelated. The issue happens when the project is saved, likely the class ia created in the constructor Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-53460) JEP-200 com.amazonaws.services.kinesis.producer.KinesisProducer for security reasons
Title: Message Title
juan perez commented on JENKINS-53460
Re: JEP-200 com.amazonaws.services.kinesis.producer.KinesisProducer for security reasons
Hi Oleg, Thanks for the reply yes attached the full stack trace (jenkinsStackTrace.txt). Following relevant code:
import com.amazonaws.services.kinesis.producer.Attempt;
import com.amazonaws.services.kinesis.producer.KinesisProducerConfiguration;
import com.amazonaws.services.kinesis.producer.KinesisProducer;
import com.amazonaws.services.kinesis.producer.UserRecordFailedException;
import com.amazonaws.services.kinesis.producer.UserRecordResult;
@Override
public boolean perform(AbstractBuild build, Launcher launcher, BuildListener listener) throws InterruptedException, IOException {
JsonObject build_identifier = new JsonObject();
build_identifier.addProperty("project_id", this.project_id);
build_identifier.addProperty("product_name", this.product_name);
build_identifier.addProperty("version", this.version);
build_identifier.addProperty("channel_id", this.channel_id);
throw new IOException(build_identifier.toString());
listener.getLogger().println("New created json : "+ build_identifier.toString());
sendReportToKinesis(build_identifier.toString(),listener);
return true;
}
private void sendReportToKinesis(String jsonString, BuildListener listener) {
String partitionKey = this.project_id + this.product_name;
byte[] reportBytes = jsonString.getBytes(StandardCharsets.UTF_8);
ListenableFuture f = kinesisProducer.addUserRecord(
"joan_testkinessisstream",
partitionKey,
ByteBuffer.wrap(reportBytes)
);
Futures.addCallback(f, new FutureCallback() {
@Override
public void onSuccess(UserRecordResult userRecordResult) {
}
@Override
public void onFailure(Throwable throwable) {
listener.getLogger().println("Error sending the string to AWS Kinesis");
}
});
}
[JIRA] (JENKINS-53460) JEP-200 com.amazonaws.services.kinesis.producer.KinesisProducer for security reasons
Title: Message Title juan perez updated an issue Jenkins / JENKINS-53460 JEP-200 com.amazonaws.services.kinesis.producer.KinesisProducer for security reasons Change By: juan perez Attachment: jenkinsStackTrace.txt Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-53460) JEP-200 com.amazonaws.services.kinesis.producer.KinesisProducer for security reasons
Title: Message Title Oleg Nenashev commented on JENKINS-53460 Re: JEP-200 com.amazonaws.services.kinesis.producer.KinesisProducer for security reasons I can explain the root cause if you provide a full stacktrace and code samples for your plugin. The problem here is not with the library being used. The problem is that "KinesisProducer" class is being serialized to the disk, likely as a part of the Job configuration or build.xml field. In order to perform such serialization, the classes would need to be whitelisted. But nothing blocks you from using the class in your code (local variables, transient fields, etc.) Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-53460) JEP-200 com.amazonaws.services.kinesis.producer.KinesisProducer for security reasons
Title: Message Title juan perez commented on JENKINS-53460 Re: JEP-200 com.amazonaws.services.kinesis.producer.KinesisProducer for security reasons Hi Oleg, sorry not sure I follow you, when you say a particular reason to store this class you mean to whitelist the class? I am just trying to create a custom plugin that sends build reports to an amazon kinesis stream using KPL library (the blacklisted one). Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-53460) JEP-200 com.amazonaws.services.kinesis.producer.KinesisProducer for security reasons
Title: Message Title Oleg Nenashev updated an issue Jenkins / JENKINS-53460 JEP-200 com.amazonaws.services.kinesis.producer.KinesisProducer for security reasons Change By: Oleg Nenashev Component/s: other Component/s: customtools-plugin Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-53460) JEP-200 com.amazonaws.services.kinesis.producer.KinesisProducer for security reasons
Title: Message Title Oleg Nenashev updated an issue Jenkins / JENKINS-53460 JEP-200 com.amazonaws.services.kinesis.producer.KinesisProducer for security reasons Change By: Oleg Nenashev Labels: JEP-200 Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-53460) JEP-200 com.amazonaws.services.kinesis.producer.KinesisProducer for security reasons
Title: Message Title Oleg Nenashev commented on JENKINS-53460 Re: JEP-200 com.amazonaws.services.kinesis.producer.KinesisProducer for security reasons The library is not blacklisted. it is "NOT whitelisted". I am not sure what is the particular reason to store this class on the disk, so I cannot advice. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-53460) JEP-200 com.amazonaws.services.kinesis.producer.KinesisProducer for security reasons
Title: Message Title juan perez created an issue Jenkins / JENKINS-53460 JEP-200 com.amazonaws.services.kinesis.producer.KinesisProducer for security reasons Issue Type: Task Assignee: Oleg Nenashev Components: customtools-plugin Created: 2018-09-07 09:28 Priority: Major Reporter: juan perez trying to crate a java plugin for jenkins but when testing it I get the follwing error: ava.lang.UnsupportedOperationException: Refusing to marshal com.amazonaws.services.kinesis.producer.KinesisProducer for security reasons; see https://jenkins.io/redirect/class-filter/ at hudson.util.XStream2$BlacklistedTypesConverter.marshal(XStream2.java:546) reading a bit found out the amazon library may have been blacklisted, didn't find any workaorund for that. Add Comment
