New Features
- Configuration as Code Permissions
-
Up until now, only Administrators were able to create, update, and do anything with Configuration as Code bundles. With this new feature, Administrators can grant different permissions to their team members to allow them to perform different tasks with Configuration as Code.
The following five new permissions have been added to the CloudBees permissions:
-
CasC Administer: This permission grants overall Configuration as Code permissions to a user/group without granting them overall cluster permissions. Users and groups with this permission will be able to perform actions such as: seeing the update log, seeing which branch/bundle is in use, exporting the bundle, and many others.
-
CasC Item: This permission grants users the ability to perform certain actions on a Configuration as Code controller such as: create an item using the endpoint/CLI, create a group that is attached to that item, and manage RBAC for that item.
-
CasC Checkout: This permission grants users the ability to checkout bundles.
-
CasC Read: This permission grants users the ability to see which branch or bundle is in use in the operations center or in a Configuration as Code controller.
-
CasC Read Checkout: This permission grants users the ability to see which bundle was checked out by the operations center.
Refer to CasC permissions for more information.
Feature Enhancements
- CloudBees Pipeline Explorer improvements related to traversing the log
-
-
The CloudBees Pipeline Explorer shows all build causes
Previously, the CloudBees Pipeline Explorer only showed build causes if there was an upstream build trigger. Now, the CloudBees Pipeline Explorer shows all types of build causes. They are shown in the map view and the related builds panel.
-
In the CloudBees Pipeline Explorer Map, add a message when a Pipeline does not contain stages
In the CloudBees Pipeline Explorer Map, a message is now displayed when a Pipeline does not contain stages.
-
CloudBees Pipeline Explorer no longer shows a redundant duration for in progress builds
The CloudBees Pipeline Explorer previously showed both a duration and a relative start time for incomplete builds that were always identical. Now, only the relative start time is shown for in progress builds.
-
- Configuration as Code Plugin Management - New customization mechanism for download URL
-
Configuration as Code Plugin Management (
apiVersion: 2) now includes a new repository layout that allows users to configure a download URL that accepts parameters such as theplugin ID.Any plugin using this new layout will configure the parameter values. For example:
plugins: - id: "beer" parameters: env: "staging" tier: "customization" repositoryId: test-repo - id: "chucknorris" parameters: env: "staging" tier: "customization" repositoryId: test-repo repositories: - id: test-repo layout: parameters url: http://my-web-server/$env/$tier/$pluginId.hpi
- Improvement of log entries
-
The Configuration as Code bundle now suppresses the log file strings that read
No items.yaml in configuration bundleorNo rbac.yaml in configuration bundlewhen not applicable.
- New Pipeline policy rule for use of agents without retry
-
The new Pipeline policy rule Agent without Retry can be used to guide Pipeline authors to make sure agent usages are retried automatically if there is an infrastructure outage.
- New full caching capability to CyberArk Credentials Provider
-
The CyberArk Credentials Provider plugin already caches details of the
GetPasswordrequest to CyberArk, but not the password itself. Additionally, the plugin always makes a call to retrieve the credentials password.
Now a new option, Cache Password, when enabled, caches the encrypted value of the password, that saves in API calls and cache writes.
Resolved Issues
- Failed parsing of data in the User Activity Monitoring plugin leads to incomplete data
-
Failed parsing of data from the User Activity Monitoring plugin resets the user activity database that leads to incomplete data. If you cannot update to a version that includes the fix, please open a new ticket with the CloudBees Support team. There is a new version of the UAM (v 1.50) that can be provided by our support team.
This issue has been resolved.
- HTTP Client used for Operations Center to Controllers connection leads to performance issues
-
Because of known issues in the Java HTTP Client, there could be performance issues in the Operations Center to Controllers interactions in heavily loaded environments.
This is now resolved after switching to OkHttp client instead.
- CloudBees HashiCorp Vault plugin is leaking HTTP clients
-
The CloudBees HashiCorp Vault plugin is leaking HTTP clients when calling Vault and this could cause performance issues over time.
The issue has been fixed.
- CloudBees SCM Reporting Plugin causes frequent credentials lookup
-
The CloudBees SCM Reporting Plugin was causing unwanted and frequent credentials lookup from controllers that defined GitHub Multibranch and Organization items. This could lead to further performance problems and delays on credentials related operations.
The issue has been fixed.
- Prevent possible thread leak in ReverseProxy
-
Addressed a code path where a thread could be leaked on reverse proxying failure.
This issue has been fixed.
- In the CloudBees Pipeline Explorer, the "Go to line number" feature erroneously triggered when the input box was clicked
-
In CloudBees Pipeline Explorer, when you click on the input box for the "Go to line number" feature, it immediately caused the page to load the last entered number. This behavior has been fixed to only trigger when you press the Enter key after you type in a line number or click on the arrow icon to the right of the input box.
- In the CloudBees Pipeline Explorer Map, the node display breaks when it collapses a parallel stage
-
When a parallel stage collapses in the CloudBees Pipeline Explorer Map, the node display breaks.
This issue has been fixed.
- Non-CAP plugins defined in the Configuration as Code bundle are compatible with the CloudBees CI release
-
The CloudBees Update Centers offer the latest compatible version with the CBCI release of non-CAP plugins. If the latest release of one of them is not compatible, that version was not offered by the Update Center, being provided the latest compatible one.
With Configuration as Code, however, the latest version was always offered even if it was not compatible, and it had to use the Plugin Catalog to fix the compatible version.
Now, the issue is fixed and the Configuration as Code bundle installs the latest compatible version.
- Migrate from MapDB to Caffeine Cache
-
The Cyberark Credentials Provider used an outdated version of MapDB for on-disk caching layer.
It now uses Caffeine as its in-memory cache.
- Operations center sublicense signature uses SHA512 instead of SHA1
-
The operations center generates sublicenses for controllers. The sublicense signature used the deprecated SHA1 algorithm. It now uses the SHA512 algorithm.
Known Issues
- Validating Kubernetes Cluster Endpoint leads to NPE
-
When using credentials in the Kubernetes Cluster Endpoints configuration, the
Validatefunctionality shows an Angry Jenkins in the UI and a null pointer exception in Jenkins logs.
- Duplicate Pipeline Template Catalogs in the Configuration as Code for controllers
jenkins.yamlfile on each instance restart -
If a Pipeline Template Catalog is configured in the Configuration as Code
jenkins.yamlfile and theidproperty is not defined, the catalog is duplicated on each instance restart and in the exported Configuration as Code configuration.
- Pod templates page is read only for
NonConfigurableKubernetesCloud -
The
NonConfigurableKubernetesCloudsetting on the pod template page appeared to be editable. However, it is read-only.
- Clouds do not disappear after the Folder configuration update by a user without Administer permissions
-
Clouds deselect after a user without Administer permissions edit the Folder configuration.