Validating CasC bundles
Validation of CasC bundles is performed automatically and if problems are detected, a validation message is returned. Each CasC bundle validation message includes the type of validation, a general validation code, and a descriptive message. For example:
ERROR - [VERSIONVAL] - Missing version property in the bundle.yaml file.
There are three types of validation messages: ERROR
, INFO
, and WARNING
.
-
An
ERROR
indicates a critical problem with the CasC bundle that must be resolved before the bundle can be applied to the instance. -
An
INFO
message lists:-
the validations run during the validation check
-
the total number of validations run during the validation check
-
-
A
WARNING
indicates the current file is invalid. However, the entire bundle may still be valid.For example, when creating items, specific plugins must first be installed. If the bundle contains an
items.yaml
file with the correctkind
property for the item type, but the required plugin is not currently installed, a warning is returned. Since the plugin may be installed once the updated bundle has been applied to the instance, the warning indicates that you should verify the required plugin is included in theplugins.yaml
file.
Accessing validation messages
For controller CasC bundles, you can access validation messages on the Configuration as Code export and update screen and the CloudBees Configuration as Code bundles screen.
Accessing validation messages on the Configuration as Code export and update screen
Validation messages displayed on the Configuration as Code export and update screen are available in the controller’s log files.
The validation messages displayed depend on whether Quiet mode is set for your CasC configuration. Quiet mode only displays error and warning messages on the Configuration as Code export and update screen. If your CasC configuration is not set to quiet mode, all validation messages (ERROR, INFO, and WARNING) are displayed.
To configure quiet mode:
-
From the controller dashboard, select Manage Jenkins.
-
Select System.
-
On the System Configuration screen, navigate to Configuration as Code validation visualization mode and select Quiet mode.
Quiet mode is disabled by default. Figure 1. Configure quiet mode -
Select Save.
Each bundle validation message includes the type of validation, the total number of validations ran, a general validation code, and a descriptive message.
-
WARNING message
-
ERROR validation message
-
INFO validation messages
Accessing validation messages on the CloudBees Configuration as Code bundles screen
When a controller CasC bundle is added to the operations center using the Configuration as Code bundle location and the bundle has structural validation errors or warnings, an administrative monitor is displayed. Select the Configuration as Code bundles link to navigate directly to this screen and view the configuration bundles as shown in the following example. To view the error or warning message for a bundle, select the EDIT
button on the right-side of the screen.
An example of the status display of a valid (green button) CasC bundle is as follows:
An example of the status display of a CasC bundle with an error (red button) is as follows:
An example of the status display of a CasC bundle with a warning (yellow button) is as follows:
An example of a status display with a validation error message (for example, an error occurs when you update the availability pattern or you add an invalid regexp) is as follows:
You can select the green (valid)/yellow (warning)/red (error) status button next to the bundle name to view, copy, or download the bundle update log, as shown in the following example.
When the bundle is assigned to the controller and the bundle has controller validation errors or warnings, the following message is displayed in the operations center dashboard: The bundle has errors or warnings. From the operations center dashboard, select the down arrow to the right of your controller’s name, and then select Manage to view the message details. Together with the validation messages for the current version, the previous validation results are displayed in the validation log. The validation log only displays the last five entries. An example of the validation log is as follows:
General validation codes
The following general validation codes are included in each CasC bundle validation message.
Code | Description |
---|---|
APIVAL |
Validates the |
CATALOGVAL |
Validates the |
CONTVAL |
Validates the content of the |
DESCVAL |
Validates the |
EMPTY |
Validates that the folder containing the bundle is empty. |
FORMATVAL |
Validates the format of one file in the bundle. |
ITEMS |
Validates that items can be created. |
JCASC |
Validates the Jenkins Configuration-as-Code file(s). |
LOADERR |
Validates that the bundle can be loaded or downloaded before it is applied to the instance. For example, if the operations center is inaccessible and controllers cannot access CasC bundles, |
NONEXIST |
Validates the existence of the CasC bundle folder or the |
PLUGINVAL |
Validates that the plugins in the |
RBAC |
Validates the Role-Based Access Control (RBAC) configuration. |
SCHEMA |
Validates YAML files in the bundle against their schemas. |
SEC |
Validates that potentially unsecure files are not included in the bundle. |
STRUCTURE |
Validates the folder containing the bundle in the file system. |
UNDEFINED |
Undefined validation or unexpected error occurred during a validation. For example, an undefined validation due to legacy code. |
VERSIONVAL |
Validates the |
Structural validations
The following validations verify the CasC bundle structure, including the files within the bundle and the content of the bundle.yaml
file. The validation is performed when the instance is started and the bundle is applied. If an error is returned, the instance does not start and the validation error is included in the log file.
If you add a controller CasC bundle to the operations center using the Configuration as Code bundle location and a problem occurs, an ERROR message is properly returned, but does not prevent the instance from starting or the bundle from being applied to the controller.
|
Code | Type | Message | Meaning |
---|---|---|---|
APIVAL |
ERROR |
Missing |
The |
APIVAL |
ERROR |
|
The |
CONTVAL |
ERROR |
Found file-name file specified in the |
The file is referenced in the |
CONTVAL |
WARNING |
Not referenced file/folder file-name found in bundle folder. |
A file has been detected in the bundle, but it is not directly referenced in the |
CONTVAL |
ERROR |
Missing file-name file specified in the |
The file is referenced in the |
DESCVAL |
ERROR |
The bundle descriptor is wrong or the |
The |
DESCVAL |
ERROR |
Missing |
The |
EMPTY |
ERROR |
The CasC bundle folder is empty. |
The CasC bundle folder is empty. |
NONEXIST |
ERROR |
The CasC bundle folder does not exist. Impossible to validate. |
The folder containing one or more bundles does not exist. This error occurs when the instance is starting and the system property points to a folder that does not exist. |
NONEXIST |
ERROR |
The |
All bundles should have a |
PLUGINVAL |
WARNING |
Plugin plugin-id is not in the CloudBees Assurance Program (CAP) or in applicable plugin catalog(s). |
Any plugin in the |
SEC |
ERROR |
The |
The |
SCHEMA |
ERROR |
Example: Errors (2) validating |
YAML content of that file ( |
STRUCTURE |
WARNING |
The following files have been detected in the bundle folder but they are not yaml files: list of files. |
Files in the bundle folder are not YAML files. Bundles can only contain YAML files and/or folders containing YAML files. |
STRUCTURE |
ERROR |
The CasC bundle is not a folder. Impossible to validate. |
This error occurs when the instance is starting and the system property points to a file instead of a folder. |
STRUCTURE |
ERROR |
Impossible to read folder X content in the bundle: error message Impossible to read bundle content: error message |
An unexpected error occurred when reading the files and folders. Refer to the error message for details. |
STRUCTURE |
ERROR |
The bundle inherits from parent but the parent folder does not exist. The bundle inherits from a parent bundle, but the parent bundle does not contain a valid |
The |
VERSIONVAL |
ERROR |
Missing |
The |
Controller validations
The following validations verify the controller CasC bundles and are performed remotely on the controllers when:
-
A bundle is applied to the controller.
-
The controller is connected to the operations center.
-
A controller is offline and is then placed online.
Code | Type | Message | Meaning |
---|---|---|---|
CATALOGVAL |
ERROR |
error-message |
The plugin catalog cannot be installed. See the error-message details. |
CATALOGVAL |
ERROR |
The |
The |
CATALOGVAL |
WARNING |
More than one plugin catalog file used in bundle_id. Using only first read file. |
The bundle descriptor ( |
ITEMS |
ERROR |
The |
The |
ITEMS |
ERROR |
The The |
The |
ITEMS |
WARNING |
Impossible to parse file-name or missing |
The file is not a YAML file or is missing the |
ITEMS |
WARNING |
There are unknown attributes in the file-name file: list of unknown attributes. |
The file has an invalid format. It should only contain the |
ITEMS |
WARNING |
No items in the file-name file. Consider removing it from the CasC bundle. |
The file does not contain |
ITEMS |
WARNING |
Found items missing the kind in file-name, so it is impossible to create them: list of names. |
One or more elements in the |
ITEMS |
WARNING |
The file-name file cannot be properly parsed: Impossible to parse item name of type kind. Reason: error-message Please check the items format. If any property cannot be parsed, verify that the required plugin is included in the |
One or more elements in the
|
ITEMS |
WARNING |
The following types of item in file-name cannot be recognized: list of kind. Please check the items and make sure the needed plugin will be installed through the plugin YAML files. |
The
|
ITEMS |
WARNING |
The file-name declares a root directory parent. It cannot be found either in the instance or in the files parsed. Please verify that parent is in a YAML file and that the files are correctly ordered. |
The file has the
|
ITEMS |
WARNING |
Item |
The item is configuring the RBAC roles but they are not in any
|
JCASC |
ERROR |
The The |
The |
JCASC |
ERROR |
It is impossible to validate the Jenkins configuration. Please review your Jenkins and plugin configurations. Reason: error-message |
The configuration is invalid and cannot be validated. There may be a misspelling in a symbol or the symbol cannot be configured because a required plugin is not installed. You must verify the plugins in the |
JCASC |
WARNING |
Invalid Jenkins configuration: error-message |
The required plugin is installed in the instance, but it cannot be properly configured. The potential reasons are as follows:
|
RBAC |
ERROR |
|
The authorization strategy is not the role-based matrix authorization strategy. This is due to the following:
In both cases, the role-based matrix authorization strategy must be added to the authorizationStrategy: "cloudBeesRoleBasedAccessControl" |
RBAC |
ERROR |
The bundle configures RBAC but the authorization strategy that will be configured is not |
The |
RBAC |
ERROR |
The The |
The |
RBAC |
ERROR |
The The |
The |
RBAC |
ERROR |
Impossible to parse file-name. Please review the file format: reason |
The file has an incorrect syntax or format and it must be reviewed and updated. reason gives details about the error. The possible reasons are as follows:
|
RBAC |
ERROR |
The following permissions in file-name cannot be recognized: list-of-permissions. Please check the permissions and make sure the needed plugin will be installed through the plugin yaml files. |
RBAC needs the permissions configured in the
|
RBAC |
WARNING |
The bundle configures RBAC but the authorization strategy is not configured as |
RBAC is currently configured in the authorizationStrategy: "cloudBeesRoleBasedAccessControl" |
RBAC |
WARNING |
No RBAC configuration in the file-name file. Consider removing it from the CasC bundle. |
The file does not have roles or groups defined. Remove this file from the CasC bundle. |
JSON schema validations
The following are JSON schema based validations for YAML files.
JSON schema for items.yaml
{ "$schema": "http://json-schema.org/draft-07/schema#", "$ref": "#/definitions/items", "definitions": { "items": { "title": "items", "type": "object", "additionalProperties": false, "patternProperties": { "^x-.*$": { "$comment": "We allow extra properties starting with x- to allow anchors usage", "type": "object" } }, "required": ["items"], "properties": { "removeStrategy": { "$ref": "#/definitions/removeStrategy", "description": "Not required, as it can also be defined in bundle.yaml" }, "items": { "$ref": "#/definitions/items-array" }, "root": { "type": "string" } } }, "items-array": { "type": "array", "minItems": 1, "items": { "$ref" : "#/definitions/item" } }, "removeStrategy": { "title": "removeStrategy", "type": "object", "additionalProperties": false, "required": ["items", "rbac"], "properties": { "items": { "enum": [ "NONE", "none", "SYNC", "sync", "REMOVE_SUPPORTED", "remove_supported", "REMOVE-SUPPORTED", "remove-supported", "REMOVE_ALL", "remove_all", "REMOVE-ALL", "remove-all"] }, "rbac": { "enum": ["SYNC", "sync", "UPDATE", "update"] } } }, "item": { "title": "item", "type": "object", "additionalProperties": true, "required": ["kind", "name"], "properties": { "kind": { "type": "string" }, "name": { "type": "string" }, "items": { "$ref": "#/definitions/items-array" }, "groups": { "type": "array", "items": { "$ref": "#/definitions/group" } }, "filteredRoles": { "type": "array", "items": { "type": "string" }, "minItems": 1 } } }, "group": { "title": "groups", "type": "object", "additionalProperties": false, "required": ["name"], "properties": { "name": { "type": "string" }, "members": { "$ref": "#/definitions/groupMembers" }, "roles": { "$ref": "#/definitions/groupRoles" } } }, "groupMembers": { "title": "Members in group", "type": "object", "properties": { "users": { "type": "array", "items": { "type": "string" } }, "external_groups": { "type": "array", "items": { "type": "string" } }, "internal_groups": { "type": "array", "items": { "type": "string" } } } }, "groupRoles": { "title": "Roles in group", "type": "array", "items": { "$ref": "#/definitions/groupRole" } }, "groupRole": { "type": "object", "title": "Role in group", "additionalProperties": false, "required": ["name"], "properties": { "name": { "type": "string" }, "grantedAt": { "type": "string" }, "propagates": { "anyOf": [ { "enum": ["true", "TRUE", "false", "FALSE"] }, { "type": "boolean"} ] } } } } }
JSON schema for plugin-catalog.yaml
{ "$schema": "http://json-schema.org/draft-07/schema#", "$ref": "#/definitions/plugin-catalog", "definitions": { "plugin-catalog": { "title": "plugin catalog", "type": "object", "additionalProperties": false, "patternProperties": { "^x-.*$": { "$comment": "We allow extra properties starting with x- to allow anchors usage", "type": "object" } }, "required": ["type", "version", "name", "configurations"], "properties": { "type": { "enum": ["plugin-catalog"] }, "version": { "enum": ["1"] }, "name": { "type": "string", "pattern": "^[^\\s]*$" }, "displayName":{ "type": "string" }, "configurations": { "type": "array", "minItems": 1, "items": { "$ref": "#/definitions/configuration" } }, "settings": { "$ref": "#/definitions/settings" } } }, "configuration": { "type": "object", "additionalProperties": false, "properties": { "description": { "type": "string" }, "prerequisites": { "$ref": "#/definitions/prerequisite" }, "includePlugins": { "$ref": "#/definitions/includePlugin" }, "beekeeperExceptions": { "$ref": "#/definitions/beekeeperException" } } }, "prerequisite": { "type": "object", "required": ["productVersion"], "additionalProperties": false, "properties": { "productVersion": { "type": "string" } } }, "includePlugin": { "type": "object", "additionalProperties": false, "patternProperties": { "^.*$": { "$ref": "#/definitions/pluginDefinition" } } }, "beekeeperException": { "type": "object", "additionalProperties": false, "patternProperties": { "^.*$": { "$ref": "#/definitions/pluginDefinition" } } }, "pluginDefinition": { "type": "object", "additionalProperties": false, "properties": { "version": { "anyOf": [ { "type": "string" }, { "type": "number" } ] }, "url": { "type": "string", "format": "uri", "pattern": "https?://.*" }, "sha1": { "type": "string" }, "sha256": { "type": "string" } }, "oneOf": [ { "required": ["version"] }, { "required": ["url"] } ] }, "settings": { "type": "object", "additionalProperties": false, "properties": { "httpCredentialsProvider": { "$ref": "#/definitions/httpCredentialsProvider" }, "repository": { "$ref": "#/definitions/repository" } }, "anyOf": [ { "required": ["httpCredentialsProvider"] }, { "required": ["repository"] } ] }, "httpCredentialsProvider": { "type": "object", "additionalProperties": false, "properties": { "credentials": { "$ref": "#/definitions/httpCredentialsProvider-credentials" } }, "required": ["credentials"] }, "httpCredentialsProvider-credentials": { "type": "object", "additionalProperties": false, "properties": { "authenticationScope": { "type": "string" }, "id": { "type": "string" } }, "required": ["authenticationScope", "id"] }, "repository": { "type": "object", "additionalProperties": false, "properties": { "layout": { "type": "string" }, "url": { "type": "string", "format": "uri", "pattern": "https?://.*" } }, "required": ["url"] } } }
JSON schema for plugins.yaml
{ "$schema": "http://json-schema.org/draft-07/schema#", "$ref": "#/definitions/plugins", "definitions": { "plugins": { "title": "plugins", "type": "object", "additionalProperties": false, "patternProperties": { "^x-.*$": { "$comment": "We allow extra properties starting with x- to allow anchors usage", "type": "object" } }, "required": ["plugins"], "properties": { "plugins": { "type": "array", "minItems": 1, "items": { "$ref": "#/definitions/plugin" } } } }, "plugin": { "title": "plugin declaration", "type": "object", "additionalProperties": false, "properties": { "id": { "type": "string" } }, "required": ["id"] } } }
JSON schema for rbac.yaml
{ "$schema": "http://json-schema.org/draft-07/schema#", "$ref": "#/definitions/rbac", "definitions": { "rbac": { "title": "rbac", "type": "object", "additionalProperties": false, "patternProperties": { "^x-.*$": { "$comment": "We allow extra properties starting with x- to allow anchors usage", "type": "object" } }, "anyOf": [ { "required": ["groups"] }, { "required": ["roles"] } ], "properties": { "removeStrategy": { "$ref": "#/definitions/removeStrategy", "description": "Not required, as it can also be defined in bundle.yaml" }, "groups": { "type": "array", "items": { "$ref": "#/definitions/group" } }, "roles": { "type": "array", "items": { "$ref": "#/definitions/role" } } } }, "removeStrategy": { "title": "removeStrategy", "type": "object", "additionalProperties": false, "required": [ "rbac" ], "properties": { "rbac": { "enum": ["SYNC", "sync", "UPDATE", "update"] } } }, "group": { "title": "groups", "type": "object", "additionalProperties": false, "required": ["name"], "properties": { "name": { "type": "string" }, "members": { "$ref": "#/definitions/groupMembers" }, "roles": { "$ref": "#/definitions/groupRoles" } } }, "groupMembers": { "title": "Members in group", "type": "object", "properties": { "users": { "type": "array", "items": { "type": "string" } }, "external_groups": { "type": "array", "items": { "type": "string" } }, "internal_groups": { "type": "array", "items": { "type": "string" } } } }, "groupRoles": { "title": "Roles in group", "type": "array", "items": { "$ref": "#/definitions/groupRole" } }, "groupRole": { "type": "object", "title": "Role in group", "additionalProperties": false, "required": ["name"], "properties": { "name": { "type": "string" }, "grantedAt": { "type": "string" }, "propagates": { "anyOf": [ { "enum": ["true", "TRUE", "false", "FALSE"] }, { "type": "boolean"} ] } } }, "role": { "type": "object", "title": "Role", "additionalProperties": false, "required": ["name"], "properties": { "name": { "type": "string" }, "permissions": { "type": "array", "items": { "type": "string" } }, "filterable": { "anyOf": [ { "enum": ["true", "TRUE", "false", "FALSE"] }, { "type": "boolean"} ] } } } } }
JSON schema for variables.yaml
{ "$schema": "http://json-schema.org/draft-07/schema#", "$ref": "#/definitions/variables", "definitions": { "variables": { "title": "variables", "type": "object", "additionalProperties": false, "patternProperties": { "^x-.*$": { "$comment": "We allow extra properties starting with x- to allow anchors usage", "type": "object" } }, "required": ["variables"], "properties": { "variables": { "type": "array", "minItems": 1, "items": { "type": "object" } } } } } }
Exporting the original CasC bundle
You can export the original CasC bundle and compare it to the current configuration to determine if recent changes may have been incorrectly applied.
-
Sign in as a user with the Administer permission.
-
Select Manage Jenkins in the left pane.
Figure 11. CloudBees Configuration as Code export and update -
Select CloudBees Configuration as Code export and update.
-
Select Original bundle.
Figure 12. Original bundle -
Select Download to export the original bundle. You can export individual YAML files or export all files in zip format.
-
Select Current configuration.
Figure 13. Current configuration -
Select Download to export the current configuration. You can export individual YAML files or export all files in zip format.
-
Compare the original bundle to the current configuration to determine if recent changes may have been incorrectly applied.
Validating the bundle deployment in operations center
You can check that the configuration bundle is properly deployed to the operations center server using an HTTP client tool such as cURL. Use the tool to fetch the bundle.yaml
using the URL you entered into the casc-bundle-link.yml
file. To authenticate the request, you will also need to provide the token value from the casc-bundle-link.yml
file as an HTTP header named X-CasC-Token
.
Example request with authentication token
curl -v -H "X-CasC-Token: abc123de-f456-7891-gh23-i4jkl45m6n7o" \ http://oc1.example.org:8180/config-bundle/bundle-1
This request should return the bundle.yaml
file from the configuration bundle in the directory named bundle-1
.
If the bundle.yaml
file is not returned and you received the following error: No response/connection refused/timeout.
-
Check that the operations center server is running.
-
Check that the hostname matches the Operation Center’s.
-
Check that the port in the URL matches the operations center’s port.
-
Check whether a firewall between the client and the Operation’s Center could be blocking the connection.
If the bundle.yaml
file is not returned and you received the following error: Wrong bundle returned.
Check that the bundle files were placed into the correct directory on the operations center server.
If the bundle.yaml
file is not returned and you received the following error: HTTP status code 404/Not Found returned.
This can happen when either the URL path was incorrect, or the token was not found.
-
Check that the URL matches the format specified above, and that the final part matches the name of the directory containing the configuration bundle.
-
Check that the token value provided matches the one for this bundle in the bundles list in operations center under Manage Jenkins > Configuration as Code Bundles.
Delaying Configuration as Code configuration for Jenkins to load global configuration
Jenkins 2.199 introduced a check to prevent saving global configurations before they are loaded. Configuration as Code needs to apply global configurations before Jenkins loads jobs to correctly reference any global state. Therefore, until JENKINS-51856 is implemented, there is a race condition where Jenkins may fail to start when used with the Configuration as Code plugin.
If you encounter the race condition, Jenkins will fail to start with an exception message similar to the following:
SEVERE jenkins.InitReactorRunner$1#onTaskFailed: Failed ConfigurationAsCode.init java.lang.IllegalStateException: An attempt to save the global configuration was made before it was loaded
The workaround for this race condition is to delay Configuration as Code configuration to give Jenkins time to load the global configuration.
To enable this delay, set the io.jenkins.plugins.casc.ConfigurationAsCode.initialDelay
system property to the amount of delay time in milliseconds. This delay time value will be dependent on aspects of your system (cpu/disk) and configuration.
To find a value that will work with your system, start with 5000 (5 seconds) and increment by 2000 (2 seconds) until the issue is corrected, then add 1000 (1 second) to the final value for extra safety.
Enabling CasC configuration delay on a managed controller/team controller
In the case of a managed controller or team controller, the workaround can be applied as a system property on the configuration page of the controller item in the operations center dashboard as illustrated below:
Enabling CasC configuration delay on a client controller
Applying the workaround system property to a client controller depends on the client controller installation method.
In the same way other system properties have been added to the init script, set the -Dio.jenkins.plugins.casc.ConfigurationAsCode.initialDelay
system property to the amount of delay time in milliseconds.
Support bundles for CasC
When generating a support bundle, you can include the CasC bundle update log within the support bundle. For more information, see Generating a support bundle.