CloudBees CI on modern cloud platforms 2.289.1.2

Rolling release: 2021-06-02

Based on Jenkins LTS 2.289.1-cb-5

Security fixes

The default RBAC configuration contained invalid roles (BEE-3042)

Invalid roles were being added to the default RBAC configuration.

Generic, disabled, and dangerous permissions are now filtered out when creating the default RBAC roles configuration.

New features

A Continuous Integration build audit report capability has been added to CloudBees CD/RO and CloudBees Analytics (BEE-2043)

A Continuous Integration build audit report capability has been added to CloudBees CD/RO and CloudBees Analytics to generate real-time reports of build events captured during the run of a given build or pipeline and is done in a systematic and scalable manner. This report offers the shared services owners and administrators a way to provide auditors with a comprehensive view of the pipeline audit trail in a time-saving, automated manner, thus reducing manual effort and error. The build events help trace:

  • Approvals and approvers

  • Test results

  • Generated artifacts

  • Source control activity

For more information, see Continuous Integration build audit report.

Initial release of assigning a Configuration as Code (CasC) bundle to more than one controller

Previously released as a Preview feature, specifying an Availability pattern to assign a bundle to more than one controller is now fully supported. For more information, see Configuration as Code (CasC) for Controllers.

The Configuration as Code bundles screen now provides additional bundle information (BEE-1251)

In Operations Center, the Configuration as Code bundles screen now includes Used by and Available for columns that allow you to easily determine:

  • Controllers currently assigned to a bundle.

  • Controllers that can be assigned to a bundle based on the current Availability pattern.

Configuration as Code (CasC) bundles can be configured as an inheritance chain (BEE-1974)

You can now simplify CasC bundle composition and maintenance by creating a "child" bundle that inherits common configuration elements from a "parent" bundle. This allows you to maintain common configuration elements in a single parent bundle that are automatically inherited by all bundles in the inheritance chain. This eliminates the need to manually maintain and update individual bundles. CasC bundle inheritance is a Preview feature. For more information, see Configuration as Code (CasC) for Controllers.

A default Configuration as Code (CasC) bundle can be pre-selected for new controllers (BEE-1983)

In Operations Center, a Default bundle option is now available in the Configuration as Code bundles screen to allow you to pre-select a CasC bundle in the controller configuration screen when setting up a new controller. For more information, see Configuration as Code (CasC) for Controllers.

Unified authentication via single sign-on (BEE-2227)

Unified authentication via single sign-on enables CloudBees Software Delivery Automation users to sign in once to access both CloudBees CI and CloudBees CD/RO. CloudBees CI can be configured to authenticate with CloudBees Software Delivery Automation, where the CloudBees Software Delivery Automation server serves as the identity provider for CloudBees CI. For more information, see Enabling CloudBees CI to use single sign-on.

Feature enhancements

Multiple files per section within a Configuration as Code (CasC) bundle (BEE-391)

CasC bundles now support storing configuration settings within subfolders for: jcasc, items, rbac, and plugins. The plugin catalog does not support more than one file.

  • Jenkins Configuration as Code (JCasC) files are processed by folder, as described in the Jenkins Configuration as Code plugin documentation.

  • All plugins included within individual plugin files are installed.

  • Existing global groups and roles are replaced by groups and roles in the files.

  • Files are processed by adding groups and roles, but never removing groups or roles.

  • Items files are processed one-by-one using the same criteria as before.

The Configuration as Code (CasC) bundle version is automatically generated (BEE-1254)

The CasC bundle version number is automatically generated based on the content of the files to avoid potential problems during a configuration bundle update.

CloudBees Unified Data plugin can send new events about user log in and license changes (BEE-2529)

The CloudBees Unified Data plugin is able to send new events to CloudBees Software Delivery Automation about:

  • Users that log in via any log in mechanism (for example, a website, CLI or REST API).

  • When the changelog of an SCM repository is calculated and the users that authored the changelog entries.

  • The license used in the CloudBees CI instance, when this instance is started, or when its license changes.

The Configuration as Code (CasC) link file information is now available in the controller’s Manage screen in Operations Center (BEE-2011)

In Operations Center, the link file details and download link are now available in the controller’s Manage screen. Previously, the link file and download link were available from the Configuration as Code bundles screen. For more information, see Configuration as Code (CasC) for Controllers.

The following options have also been removed from the Configuration as Code bundles screen:

  • Viewing the bundle’s URL and security token.

  • Regenerate the security token button.

  • Copy link file content button.

If you need to regenerate the bundle’s token, you can use the casc-bundle-regenerate-token CLI command. For more information, see CasC bundle management on Operations Center CLI.
The list of events and their properties sent to CloudBees for purposes of tracking CloudBees CI product usage patterns was duplicated (BEE-3432)

The list of events and their properties sent to CloudBees for purposes of tracking CloudBees CI product usage patterns was duplicated in an internal document and in the CloudBees documentation, but neither document precisely matched the actual behavior in the product. It was difficult to keep all sources synchronized, and some events or properties applied only to preview features or software versions not yet released.

The exact event and property names used by this system are now automatically recorded in CloudBees CI, and can be viewed from the Configure System screen by scrolling down to Usage Statistics, clicking the ? icon for the Help make CloudBees better by sending telemetry and metrics to evaluate patterns of usage checkbox, and selecting the see details link in the expanded help text.

Several CloudBees plugins are now installed by default on the Operations Center for CloudBees CI (BEE-3262)

The CloudBees Unified Data plugin, CloudBees Plugin Usage Analyzer plugin, and Handy URI Templates 2.x API plugin are now installed by default on the Operations Center for CloudBees CI.

Resolved issues

Error when running a backup cluster operation to Amazon S3 (BEE-3409)

An error was occurring when a backup cluster operation was targeted for Amazon S3 storage. The backup operation would fail.

This issue has been resolved. You can now save backup cluster operations to S3 storage without issue.

OperationsCenter.HostName was required for installation (BEE-3186)

A known issue was causing installation to fail unless you provided a value for the OperationsCenter.HostName, even though it is optional.

This issue has been resolved. Installations no longer fail if you do not provide a value for the OperationsCenter.HostName.

Unused Role-Based Access Control (RBAC) role definitions were being pushed to connected clients (BEE-177)

Previously, RBAC role definitions were being pushed to connected clients even if you were not using RBAC.

This issue has been resolved. RBAC role definitions are no longer being pushed to connected clients if RBAC is not in use.

RBAC caching issue (BEE-3553)

An RBAC function was occasionally causing livelock issues, where a request for access is repeatedly denied until the system stops responding.

This caching issue has been resolved. The RBAC function no longer causes the system to stop responding.

The CloudBees Software Delivery Automation navigation bar was not properly displayed when logged out and accessing CloudBees CI screens (BEE-748)

When logged out and accessing CloudBees CI screens, the CloudBees Software Delivery Automation navigation bar did not display properly.

This issue has been resolved. The CloudBees Software Delivery Automation navigation bar now displays properly.

When a controller was moved using Move/Copy/Promote it lost the relationship with its Configuration as Code (CasC) bundle (BEE-2518)

When a controller was moved to a new location in Operations Center using Move/Copy/Promote, the controller loses the relationship with its CasC bundle if the new location is not matched by the Availability pattern.

A preflight check has been added to Move/Copy/Promote, to warn the user if the controller’s bundle is not available at the destination.

Additions and removal of bundles when the Operations Center is down were not detected (BEE-3430)

If an existing bundle was removed from Operations Center when the instance is not up and running, its access control configuration remained in the configuration files and the bundle was still in memory.

If a new bundle was added in Operations Center when the instance was not up and running, its access control could be configured through the configuration page, but an error was thrown when the Save button for that bundle was selected.

Now, when the Operations Center is starting, it checks for bundle additions and removals, and saves the new configuration so an error is no longer returned on the configuration page.

Add check to ensure a Configuration as Code (CasC) bundle is available for controllers using the bundle (BEE-3437)

If the Availability pattern was changed and no check was executed, it was possible to reduce the visibility of the bundle, making it unavailable for the controllers using it.

A new check has been added, so if the new Availability pattern makes the bundle not visible for at least one of the controllers using the bundle, the change is not applied and the Availability pattern remains.

An error message is now displayed on the Configuration as Code bundles page.

GUI displays may have been slow to render when using GitHub multibranch projects (BEE-3448)

GUI displays may have been slow to render when using GitHub multibranch projects due to the propagation of credentials from Operations Center to a controller while deciding whether to display a link to convert authentication to a GitHub App.

This lookup is now deferred.

When a Configuration as Code (CasC) bundle was removed from Operations Center, all former associations between the bundle and the controller were retained (BEE-3449)

When a bundle was removed from Operations Center, added to Operations Center, and then removed from Operations Center a second time, all former associates with the bundle were retained and an error was returned.

This issue has been resolved. Now after removing the bundle, all the relationships and associations are correctly updated.

Configuration as Code (CasC) bundles were not properly updated (BEE-3649)

When a new CasC bundle is added to Operations Center or an existing bundle is updated, the bundle was not properly updated.

An event is now fired to update the internal bundles model.

Missing JavaScript caused a WARNING in the logs (BEE-3753)

A link to a missing JavaScript file caused a WARNING message in the logs when the Configuration as Code bundles screen was accessed.

This issue has been resolved. A WARNING message is no longer displayed when the Configuration as Code bundles screen is accessed.

Security access tokens were not properly set in controllers (BEE-3818)

When security access tokens were created, they were not visible, and the ConfigurationMap/Secret was not properly created when the controller was provisioned.

This issue has been resolved.

A Configuration as Code (CasC) bundle’s Availability pattern cannot be defined programmatically (BEE-3819)

If using CloudBees CI 2.277.4.2 or 2.277.4.3, and you issued the casc-bundle-set-master CLI command, no CasC bundles were available to assign to the controller and an error was returned.

A new CLI command has been added to programmatically set the Availability pattern of a CasC bundle. For more information, see CasC bundle management on Operations Center CLI

Error when a new Configuration as Code (CasC) bundle version is detected (BEE-4074)

When a new version of a bundle is detected and downloaded, an error occurred when the bundle folder was deleted, which prevented the bundle from being updated. This issue has been resolved.

The content of YAML files inside a section were overwritten (BEE-4158)

When a Configuration as Code (CasC) bundle with multiple files in a section was downloaded, the content of all files was overwritten with the content contained in the first file. This issue has been resolved.

The jcasc system property value could not be a Uniform Resource Identifier (URI) (BEE-4159)

A URI could not be used as value of the jcasc system property when the target is a folder instead of a file. This issue has been resolved.

The link file content returned by the casc-bundle-set-master CLI command was incorrect (BEE-4456)

This issue has been resolved. The casc-bundle-set-master CLI command now returns the correct information.

Exception if using CloudBees Software Delivery Automation with CloudBees Plugin Usage Analyzer plugin version 2.9 and running non-Pipeline builds (BEE-4923)

Users who had CloudBees Software Delivery Automation configured, were running CloudBees Plugin Usage Analyzer plugin version 2.9, and ran non-Pipeline builds on a CloudBees CI controller would see exceptions containing the text "Unhandled exception in EventContextContributor" in the CloudBees CI controller logs for every non-Pipeline build that finished executing. These exceptions no longer occur.

High lock contention in queue prevents builds from triggering (BEE-4071) (JENKINS-65262)

The github-branch-source plugin experiences high lock contention due to excessive and incorrect rate limit checking.

Locking was removed from most code paths and the incorrect rate limit checking was fixed. This issue is resolved.

Incorrect checking of "Distinguished Name (DN)" in LDAP plugin (BEE-2927) (JENKINS-65117)

The LDAP server incorrectly uses string equality to check a DN.

The DN is now parsed so that the difference in attribute name case is ignored.

Legacy terminology update (BEE-2392, BEE-2433, BEE-2435, BEE-2442, BEE-2520, BEE-2537, BEE-2538, BEE-2540, BEE-2541, BEE-2542, BEE-3590, BEE-3715, BEE-3719)

CloudBees is updating terminology to remove offensive text. During this ongoing initiative, “controller” replaces “master,” “agent” replaces “slave,” “allowlist” replaces “whitelist,” and “denylist” replaces “blacklist.”

HTTP 500 error on the stand-by Operations Center or controller (BEE-4194)

A rendering issue was causing an HTTP 500 error that prevented the stand-by node page from loading properly on stand-by Operations Center or controller instances.

This issue has been resolved. The stand-by node page now loads properly.

User interface becomes non-responsive when browsing shared agents (BEE-408)

In some circumstances, while browsing shared agents, the user interface became non-responsive and created blocking issues for build-related objects.

This issue has been resolved. Browsing shared agent information no longer causes the user interface to become non-responsive.

Known issues

Ingress fails when deploying CloudBees CI on modern cloud platforms to an Amazon Elastic Kubernetes Service (EKS) environment (BEE-3609)

When you use Helm to deploy CloudBees CI on modern cloud platforms to an EKS environment running Kubernetes 1.19 or later with a version of the ALB Ingress Controller that is greater than 2.1.3, the controller fails to process the Ingress with the following error:

ingress: cubic/cjoc: prefix path shouldn’t contain wildcards /*

This is a known issue. You should use the Kubernetes path type ImplementationSpecific when you deploy to EKS.

In the Continuous Integration Builds screen, the Project column may be blank (BEE-4921)

In the CloudBees CD/RO and CloudBees Analytics Continuous Integration Builds screen, if a build has a Running status, the Project column may temporarily not display project information. Once the build has completed, the Project column correctly displays the project information for each build.