New features

Initial release of Configuration as Code (CasC) for the operations center

Previously released as a Preview feature, CasC for the operations center is now fully supported. This allows you to capture the configuration of the operations center in human-readable declarative files that can be used in a reproducible way and eliminates the need for additional tools or custom scripts that must be manually maintained.

For more information, refer to Configuration as Code for the operations center.

Initial release of Configuration as Code bundle location

Previously released as a Preview feature, the Configuration as Code bundle location setting is now fully supported. It allows you to configure a local folder on the operations center server or an SCM repository for adding controller CasC bundles to the operations center’s internal storage.

Once you have added your controller CasC bundles to the operations center, you can configure how the bundles are synchronized with the operations center’s internal storage. This ensures any changes to the bundles are available to controllers using the CasC bundle.

Initial release of CasC item creation for the operations center and controllers

Previously released as a Preview feature, the creation of various items using the operations center and controller `items.yaml' file is now fully supported. When these items are created in an instance, it is possible to export their configuration in a YAML format that can be used to create and configure the items using CasC.

For more information, refer to Creating items with CasC for controllers.

Added an HTTP endpoint to validate the bundles in the operations center (BEE-10532)

When a bundle is added to the operations center using the Configuration as Code bundle location, it can be validated using a new HTTP endpoint.

The output provides the following information:

  • General validation messages in the files and folders of the bundle.

  • Specific validation messages on every online controller where the bundle is applied.

  • A list of the offline controllers where the bundle is applied, but the validation did not occur because of the controller’s status.

    For more information, refer to Configuration as Code (CasC) HTTP API.

Added the CLI command to validate the bundles in the operations center (BEE-10530)

When a bundle is added to the operations center using the Configuration as Code bundle location, it can be validated by using a new CLI command.

The CLI output provides the following information:

  • General validation messages in the files and folders of the bundle.

  • Specific validation messages on every online controller where the bundle is applied.

  • A list of the offline controllers where the bundle is applied, but the validation did not occur because of the controller’s status.

    For more information, refer to Configuration as Code (CasC) CLI.

Feature enhancements

Improve validation messages (BEE-15892)

There have been improvements made to the validation error and warning messages.

Credentials are supported as part of the folders definition in the items.yaml files (BEE-15846)

Credentials can now be exported and defined as part of the folder-based items in the items.yaml files of the CasC bundles.

Configuration Bundle variable support is now available for the jenkins.yaml, items.yaml, and rbac.yaml files (BEE-15842)

The variables that are defined in the configuration bundles are now exposed in the jenkins.yaml, items.yaml, and rbac.yaml files.

Added variable support for the items.yaml files and the rbac.yaml files (BEE-15839)

The JCasC variables format is now supported in the items and rbac sections of the configuration bundles.

Added a new section to define the variables in the configuration bundle (BEE-15835)

A new section that defines the variables is now available in the configuration bundle under the variables section name.

Allow CasC bundles to accept only one entry for a plugin catalog (BEE-14831)

When multiple plugin catalog files are in a bundle, a log message is generated to identify which file is effectively used.

For more information, refer to Troubleshooting CasC for controllers.

Validation is now performed on the CasC rbac.yaml file (BEE-10523)

The rbac.yaml file in the CasC bundle is now validated to verify the following:

  • The YAML format is correct.

  • The authorization strategy must be RoleMatrixAuthorizationStrategy ("CloudBeesRoleBasedAccessControl" in the jenkins.yaml file).

  • All of the permissions defined for a role must exist in the instance.

Resolved issues

Upgraded Woodstox in the SAML plugin (BEE-9264)

The version of Woodstox that was used in the SAML plugin contained an injection flaw that could cause issues during the parsing of XML data.

To resolve the issue, Woodstox 5.2.1 was upgraded to version 6.2.7.

Fixed Check now button in the CloudBees Update Center (BEE-9981)

The last update date function was not working when you clicked the Check now button in the controller plugin management options.

This issue has been resolved. The date is now correctly displayed when the check is finished.

Log displays "A connection to https://beekeeper-server.cloudbees.com/ was leaked" message (BEE-14484)

The connection was not closing properly when querying for security warnings.

The issue was resolved and the connection is now closed correctly when querying for security warnings.

Fixed RBAC groups autocompletion (BEE-14968)

When adding groups as members of an RBAC group, the autocompletion feature only worked for groups that were defined in the root of the current controller.

Now, autocompletion applies to groups from parent folders as well as from the operations center, if applicable. This issue has been resolved.

Reduced number of calls to Queue.maintain() (BEE-15022)

Frequent calls to the Jenkins method Queue.maintain() could have a negative impact on performance. Occasionally, the number of calls resulted in poor instance health and connection issues that could only be resolved by restarting the controller.

The number of calls made to Queue.maintain() has been reduced, since the call already occurs periodically in the background. This fix should improve instance health and resolve some connection issues.

Terminology updates (BEE-15058, BEE-15634)

CloudBees is updating terminology to remove offensive text. During this ongoing initiative, “controller” replaces “master,” “agent” replaces “slave,” “allowlist” replaces “whitelist,” and “denylist” replaces “blacklist.”

Starting with this release, the Docker images were renamed to remove offensive text.

Fixed file locking issues for Windows (BEE-15841)

There were instances of file locks that could cause failures in certain use cases when you run a controller in a Windows environment.

This issue has been resolved.

Removed duplicate code as maintenance (BEE-15942)

Some code was duplicated from Jenkins core into the proprietary plugin.

This duplicate code was removed for better maintenance of the plugin.

Created shaded Jenkins High Availability libraries (BEE-16798)

To avoid version conflicts with other components in CloudBees CI, the High Availability plugin now shades its dependencies.

Prevented a` NullPointerException` when the items.yaml file was exported, if a property expected by the constructor is missing (BEE-16664)

In the definition of an item in the items.yaml file, if a property that was expected by the constructor was missing, a NullPointerException was returned. For example, there is a missing scope in a credential definition.

This issue has been resolved.

The DescriptorValidator invocation was missing on the bundle synchronization (BEE-16142)

When bundles were loaded, the bundle synchronization was missing the bundle descriptor validator that checks the mandatory fields and sections information.

This issue was resolved and the validation is now properly performed.

Some enumerations were not handled properly by item creation with CasC (BEE-16140)

Some anonymous classes were not considered as enumerations during the items creation with CasC.

The issue was resolved.

A ClassCastException was returned when an item with an enumeration in its constructor was created (BEE-16075)

When an item in the items.yaml file has a property that receives an enumeration class in its constructor, the value was not cast to the proper type, and an exception was returned.

This issue was resolved.

Validate bundles when they are checked out using the build step (BEE-16005)

If controller bundles are synchronized in the operations center using a Freestyle job with the Synchronize bundles from workspace with internal storage build step, the bundles were not validated.

Now, it uses the same validations as when you select the Configuration as Code bundle location.

A warning message was displayed when you referenced a folder with files (BEE-15925)

In the bundle.yaml file, when a folder was referenced with files instead of the list of files, a warning message was displayed that states the files in that folder are not referenced.

This issue has been resolved.

Changes to the CasC bundle subfolders were not propagated (BEE-15492)

If the CasC bundle.yaml file specified a subfolder instead of the list of files within the subfolder and one of those files within the folder was changed, the change was not propagated and the new version of the bundle was not available to the controllers.

This issue was resolved.

The SCMSources array was incorrectly exported with the Organization Folder (BEE-15130)

The SCMSources array was incorrectly being exported with the Organization Folder during a CasC export.

This issue has been resolved, the array will no longer be exported.

If the CasC rbac.yaml file did not include a roles section, the current roles were not synchronized (BEE-15036)

If the CasC rbac.yaml file did not include a roles section, the authenticated role was incorrectly initialized with the Overall/Read permission granted.

This issue was resolved.

Prevented the property ParametersDefinitionProperty#parameterDefinitionNames from being exported (BEE-14427)

When you exported a parameterized Pipeline, the parameterDefinitionNames property was exported as part of the parameter definitions. If the exported item was imported later, an error occurred.

This property is no longer exported, so it is able to be imported. This issue is resolved.

The Promoted Builds plugin contain broken icons due to the icon paths being removed in the Jenkins core (BEE-160452)

The icon paths have been updated and the issue has been resolved.

The withEnv step does not document keys that are case insensitive (BEE-15944)

The inline help for the withEnv step was updated to show that the environment variable keys are case insensitive, but they do preserve the case.

Fixed the incorrect display for disabled plugins in the CloudBees Plugin Usage Analyzer report (BEE-7063)

Plugins that were disabled were displayed as blank lines in the CloudBees Plugin Usage Analyzer report.

This issue has been resolved. Disabled plugins now display with a strikethrough.

Known issues

None.

Upgrade notes

Migration to Java 11 will soon be required for new releases (BEE-42)

The Jenkins community will begin supporting Java 11-specific features soon (Java 11 byte code), at which point it will no longer be possible to use a Java 8 runtime environment. Because CloudBees CI on traditional platforms is based on the Jenkins LTS, future releases of CloudBees CI on traditional platforms will have the same requirement.

CloudBees strongly recommends upgrading your CloudBees CI on traditional platforms environment to run Java 11 as soon as possible. Some of the Java 11 updates may require action on your part, and there may be a specific order in which you should upgrade components in your environment. For more information, refer to Migrating to Java 11.

Guava library upgrade (BEE-8569)

The Guava library has been upgraded from 11.0.1 to 31.0.1.

This upgrade removes the usage of deprecated methods for all plugins in the CloudBees Assurance Program. Please ensure that all other plugins (those not in the CloudBees Assurance Program and any custom developed plugins) are updated to a recent version that is compatible. If you have questions about this upgrade, contact CloudBees Support for assistance.

Updated minimum Jenkins version to LTS 2.332.1 (BEE-10651)

The minimum required Jenkins version was updated to the latest LTS, version 2.332.1.

When upgrading to Java 11, you must update your Java garbage collection arguments (BEE-16018)

Garbage collection has been updated in Java 11. Many of the previously recommended arguments are no longer supported. When you upgrade your JDK to Java 11, you must also update your garbage collection configuration. Using unsupported Java arguments will result in startup failure.

Jenkins agent-to-controller security changes affect several plugins

Jenkins 2.326 removes the ability to disable or customize the agent-to-controller-security system. The following plugins are known to be affected by this change:

  • Cobertura Plugin

  • Code Coverage API Plugin

  • Log Parser Plugin

  • Maven Integration Plugin

  • XUnit Plugin After upgrading to Jenkins 2.326, you must update these plugins.

Other plugins may be affected as well. Refer to Agent → Controller Security Changes in 2.326 for more information.

Matrix Authorization Strategy plugin version 3.0 upgrade

Version 3.0 of the Matrix Authorization Strategy plugin extends the formats for permission assignments both internally and when used with the Job DSL and Configuration as Code plugins. With the upgrade to version 3.0, all past permission assignments are now considered ambiguous. While existing configurations can still be read, if the permission assignment configurations contain ambiguous entries, warnings will appear in the UI and in logs.

Downgrading to an earlier release of the plugin may cause problems once you have used version 3.0 or later to assign new permissions or migrate existing permission assignments. Earlier releases will not be able to load the updated, version 3.0 permission assignments.

Further, the Matrix Authorization Strategy plugin’s APIs have changed significantly. While some compatibility is retained, other plugins that depend on the Matrix Authorization Strategy plugin will likely need to be adapted to the changes, or they may behave in unexpected ways.

If you use any plugins that have a dependency on the Matrix Authorization Strategy plugin, you should make sure they are compatible with version 3.0 before you upgrade. For example, the Role-based Authorization Strategy plugin has been reported to be incompatible with version 3.0.

Customers that use the CloudBees Role-Based Access Control Plugin for authorization are not affected by this change in behavior.

If you configured the Matrix Authorization Strategy plugin’s job level permissions using the Job DSL plugin’s special syntax (authorization top-level element), you will not be able to assign unambiguous permissions in current releases of the Job DSL plugin, version 1.78.3 and earlier. Instead, you should use the syntax documented here using the authorizationMatrix child of the properties element.