[JIRA] (JENKINS-58970) Backwards compatibility broken with version 2.3.0 for KV1
Title: Message Title Joseph Petersen assigned an issue to Joseph Petersen Jenkins / JENKINS-58970 Backwards compatibility broken with version 2.3.0 for KV1 Change By: Joseph Petersen Assignee: Joseph Petersen (old) Add Comment This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.201317.1565984294000.1787.1583561245193%40Atlassian.JIRA.
[JIRA] (JENKINS-58970) Backwards compatibility broken with version 2.3.0 for KV1
Title: Message Title David Dumas commented on JENKINS-58970 Re: Backwards compatibility broken with version 2.3.0 for KV1 Yes, maybe I should create a new issue, my intent was to discuss that setting a default engine version does not prevent issues or show explicit errors when trying to use engine v2 on v1 (or v1 on v2) Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.201317.1565984294000.6412.1566328260245%40Atlassian.JIRA.
[JIRA] (JENKINS-58970) Backwards compatibility broken with version 2.3.0 for KV1
Title: Message Title Brian Saville commented on JENKINS-58970 Re: Backwards compatibility broken with version 2.3.0 for KV1 David Dumas, this sounds like a new problem unrelated to the actual problem fixed in this one, does that sound right? I could see how the summary might lead you to think it's the same issue, but the real problem for us is that the default engine version was 2 for everything instead of 1. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.201317.1565984294000.6407.1566327780142%40Atlassian.JIRA.
[JIRA] (JENKINS-58970) Backwards compatibility broken with version 2.3.0 for KV1
Title: Message Title David Dumas edited a comment on JENKINS-58970 Re: Backwards compatibility broken with version 2.3.0 for KV1 1) Updated Hashicorp Vault from 0.9.6 to 1.0+2) Updated plugin from 2.1.1 to 2.3.1 (bumps Java vault driver 2.0.0 to 4.0.0)Result: nothing was working anymore without an explicit error message and engine v2 was set by default globally (Jenkins configured with CasC 1.27)Possible fixes I used: * explicitly set engine v1 usage in CasC* upgrade existing version 1 kv store to version 2 kv store with CLI command vault kv enable-versioning secret/ I don't know if there is a way to have an explicit error when trying to use API v2 on a K/V engine v1, but it might save users from troubles Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.201317.1565984294000.6401.1566326760321%40Atlassian.JIRA.
[JIRA] (JENKINS-58970) Backwards compatibility broken with version 2.3.0 for KV1
Title: Message Title David Dumas commented on JENKINS-58970 Re: Backwards compatibility broken with version 2.3.0 for KV1 1) Updated Hashicorp Vault from 0.9.6 to 1.0+ 2) Updated plugin from 2.1.1 to 2.3.1 (bumps Java vault driver 2.0.0 to 4.0.0) Result: nothing was working anymore without an explicit error message and engine v2 was set by default globally (Jenkins configured with CasC 1.27) Possible fixes I used: explicitly set engine v1 usage in CasC upgrade existing version 1 kv store to version 2 kv store with CLI command vault kv enable-versioning secret/ I don't know if there is a way to have an explicit error when trying to use API v2 on a K/V engine v1, but it might save users from troubles Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.201317.1565984294000.6397.1566326640169%40Atlassian.JIRA.
[JIRA] (JENKINS-58970) Backwards compatibility broken with version 2.3.0 for KV1
Title: Message Title Joseph Petersen commented on JENKINS-58970 Re: Backwards compatibility broken with version 2.3.0 for KV1 David Dumas I know for a fact it will throw an error. Could you share more information on what you're trying to attempt? Since without further details I have no chance of helping you. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.201317.1565984294000.6360.1566325740181%40Atlassian.JIRA.
[JIRA] (JENKINS-58970) Backwards compatibility broken with version 2.3.0 for KV1
Title: Message Title David Dumas edited a comment on JENKINS-58970 Re: Backwards compatibility broken with version 2.3.0 for KV1 I am quite concerned that when enabling v2 in configuration (at any level), if K/V engine v2 is not enabled in Vault after upgrading from v1, not a single explicit error shows up in both Jenkins & Vault logs, secret is retrieved with no data and envVars are not set: ``` {{ No such property: testing for class: groovy.lang.Binding ``` }} Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.201317.1565984294000.6354.1566325260371%40Atlassian.JIRA.
[JIRA] (JENKINS-58970) Backwards compatibility broken with version 2.3.0 for KV1
Title: Message Title David Dumas commented on JENKINS-58970 Re: Backwards compatibility broken with version 2.3.0 for KV1 I am quite concerned that when enabling v2 in configuration (at any level), if K/V engine v2 is not enabled in Vault after upgrading from v1, not a single explicit error shows up in both Jenkins & Vault logs, secret is retrieved with no data and envVars are not set: ```No such property: testing for class: groovy.lang.Binding``` Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.201317.1565984294000.6351.1566325200507%40Atlassian.JIRA.
[JIRA] (JENKINS-58970) Backwards compatibility broken with version 2.3.0 for KV1
Title: Message Title Brian Saville commented on JENKINS-58970 Re: Backwards compatibility broken with version 2.3.0 for KV1 Tried it out this morning, and works great. Thanks for the quick turnaround on this! Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.201317.1565984294000.6207.1566312540228%40Atlassian.JIRA.
[JIRA] (JENKINS-58970) Backwards compatibility broken with version 2.3.0 for KV1
Title: Message Title Joseph Petersen resolved as Fixed Jenkins / JENKINS-58970 Backwards compatibility broken with version 2.3.0 for KV1 Change By: Joseph Petersen Status: In Progress Resolved Assignee: Peter Tierno Joseph Petersen Resolution: Fixed Released As: https://github.com/jenkinsci/hashicorp-vault-plugin/releases/tag/hashicorp-vault-plugin-2.3.1 Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.201317.1565984294000.5841.1566276000492%40Atlassian.JIRA.
[JIRA] (JENKINS-58970) Backwards compatibility broken with version 2.3.0 for KV1
Title: Message Title Joseph Petersen commented on JENKINS-58970 Re: Backwards compatibility broken with version 2.3.0 for KV1 v2.3.1 should be in the update center shortly Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.201317.1565984294000.5838.1566275940185%40Atlassian.JIRA.
[JIRA] (JENKINS-58970) Backwards compatibility broken with version 2.3.0 for KV1
Title: Message Title Joseph Petersen started work on JENKINS-58970 Change By: Joseph Petersen Status: Open In Progress Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.201317.1565984294000.5833.1566274860345%40Atlassian.JIRA.
[JIRA] (JENKINS-58970) Backwards compatibility broken with version 2.3.0 for KV1
Title: Message Title Brian Saville commented on JENKINS-58970 Re: Backwards compatibility broken with version 2.3.0 for KV1 You work fast Joseph Petersen, this is exactly what I was looking for, thanks! Any idea on timeline for the next release? Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.201317.1565984294000.5802.1566270840169%40Atlassian.JIRA.
[JIRA] (JENKINS-58970) Backwards compatibility broken with version 2.3.0 for KV1
Title: Message Title Brian Saville commented on JENKINS-58970 Re: Backwards compatibility broken with version 2.3.0 for KV1 Joseph Petersen, Jacob Truman is absolutely right, I would like to not have to change any existing workflow scripts since many of them are outside of our control. I would argue that the default has already been changed with 2.3.0 and should be set to 1 to match the previous behavior, but I can understand completely if you don't want to do it that way. I would quite happy with a solution that let me set the default version system wide (perhaps in the global configuration options?) so that individual teams/users don't have to update their scripts to have it continue working with v1 engine versions. Thanks! Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.201317.1565984294000.5800.1566270480203%40Atlassian.JIRA.
[JIRA] (JENKINS-58970) Backwards compatibility broken with version 2.3.0 for KV1
Title: Message Title Joseph Petersen commented on JENKINS-58970 Re: Backwards compatibility broken with version 2.3.0 for KV1 I'd disagree with changing the default, let me come up with a different solution Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.201317.1565984294000.5709.1566252540427%40Atlassian.JIRA.
[JIRA] (JENKINS-58970) Backwards compatibility broken with version 2.3.0 for KV1
Title: Message Title Jacob Truman commented on JENKINS-58970 Re: Backwards compatibility broken with version 2.3.0 for KV1 Joseph Petersen I think Brian Saville is suggesting that you should not have to specify the engine version to maintain existing functionality. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.201317.1565984294000.5705.1566252300192%40Atlassian.JIRA.
[JIRA] (JENKINS-58970) Backwards compatibility broken with version 2.3.0 for KV1
Title: Message Title Joseph Petersen commented on JENKINS-58970 Re: Backwards compatibility broken with version 2.3.0 for KV1 You can already specify the engine version. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.201317.1565984294000.5697.1566252000206%40Atlassian.JIRA.
[JIRA] (JENKINS-58970) Backwards compatibility broken with version 2.3.0 for KV1
Title: Message Title Brian Saville updated an issue Jenkins / JENKINS-58970 Backwards compatibility broken with version 2.3.0 for KV1 Change By: Brian Saville The latest release is great that it adds support for KV2 secret storage, but it also breaks backwards compatibility. We have many users of Jenkins with their own Jenkinsfiles in various repositories (~300 different references in different places). Instead of requiring the {{engineVersion: 1}} parameter, I would like this to be treated as the default value to preserve the previous behavior. - I'm happy to put together a patch for this, and likely will soon here. -Here is a patch to change this: https://github.com/jenkinsci/hashicorp-vault-plugin/pull/40I realize that the newer vault library uses 2 as the default, but I still think preserving the previous behavior is the easiest path forward. If you do not like this solution, I could probably also code something up that allows an admin to set the default version globally in Jenkins so we can do it just on our instance and it doesn't affect anyone else. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view
[JIRA] (JENKINS-58970) Backwards compatibility broken with version 2.3.0 for KV1
Title: Message Title Brian Saville created an issue Jenkins / JENKINS-58970 Backwards compatibility broken with version 2.3.0 for KV1 Issue Type: Bug Assignee: Peter Tierno Components: hashicorp-vault-plugin Created: 2019-08-16 19:38 Priority: Critical Reporter: Brian Saville The latest release is great that it adds support for KV2 secret storage, but it also breaks backwards compatibility. We have many users of Jenkins with their own Jenkinsfiles in various repositories (~300 different references in different places). Instead of requiring the engineVersion: 1 parameter, I would like this to be treated as the default value to preserve the previous behavior. I'm happy to put together a patch for this, and likely will soon here. Add Comment