Framework Deployer permissions missing from the permissions list in new controllers

1 minute readKnowledge base

Issue

  • Framework Deployer plugin permissions - Deploy Now/Deploy, Deploy Now/JobCredentials and Deploy Now/UserCredentials - are not in the list of permissions available under my controller authorization settings although the plugin was successfully installed in the controller.

  • When I try to provision a new controller with CasC and any of the Framework Deployer plugin permissions in the rbac.yaml file by their fully qualified name - com.cloudbees.plugins.deployer.DeployNowRunAction.Deploy, com.cloudbees.plugins.deployer.DeployNowRunAction.JobCredentials, com.cloudbees.plugins.deployer.DeployNowRunAction.UserCredentials - the controller fails to start with the following error:

SEVERE jenkins.InitReactorRunner$1#onTaskFailed: Failed Bootstrap.initialize com.cloudbees.jenkins.plugins.casc.CasCException: Unknown or disabled permissions are not allowed to be part of the definition file. Please remove [com.cloudbees.plugins.deployer.DeployNowRunAction.Deploy, com.cloudbees.plugins.deployer.DeployNowRunAction.JobCredentials, com.cloudbees.plugins.deployer.DeployNowRunAction.UserCredentials] at com.cloudbees.jenkins.plugins.casc.rbac.CRoles.allPermissionAreEnabledCheck(CRoles.java:135)

Context

The Framework Deloyer permissions are only injected and configurable once a deploy step is used in a job for the first time. Moreover, that’s incompatible with configuring the plugin permissions via CasC for a brand new cotroller, because CasC loads the RBAC information before loading the items, so the permissions cannot be recognized at the moment of provisioning a new instance.

Workaround

In a new controller provisioned without the RBAC CasC file but with the deployer-framework plugin installed, you can make the permissions appear in the RBAC permissions matrix by creating a Freestyle job following the steps in CloudBees Amazon Web Services Deploy Engine.

This article is part of our Knowledge Base and is provided for guidance-based purposes only. The solutions or workarounds described here are not officially supported by CloudBees and may not be applicable in all environments. Use at your own discretion, and test changes in a safe environment before applying them to production systems.