Credentials created by groovy script are overrided by credential injected by YAML config

[gmarraff]

I need to create some credentials by a groovy script since I need some dynamic logic to be executed and others by simply declaring them as YAML configuration, so in the configmap that handle the credentials I have 2 entries:

apiVersion: v1
kind: ConfigMap
metadata:
  name: credentials
data:
 credentials.yaml: |
   credentials:
      system:
        domainCredentials:
        - credentials:
          - basicSSHUserPrivateKey:
              id: credential1
          - usernamePassword:
              id: credential2
 credentials.groovy: |
   // Code that creates credential3

And in the jenkins defintion:

...
configurationAsCode:
    configurations:
    - name: credentials
  groovyScripts:
    configurations:
    - name: credentials
...

When the reconcile loop starts it executes at first the groovy script the successfully creates credential3 (checked by disabling the yaml config), but then it applies the YAML configuration that creates credential1 and credential2 and removes credential3.
I don't know if there is a way to force the script to be executed after the YAML config but I couldn't find it documented anywhere.
Right now I'm workarounding the issue by creating the credentials by script only.

Expected Behavior

After the reconcile loop is finished, credential1, credential2 and credential3 should be present in the system.

Actual Behavior

After the reconcile loop is finished only credential1 and credential2 are present in the system.

Additional Info

• Kubernetes version:

Client Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.2", GitCommit:"66049e3b21efe110454d67df4fa62b08ea79a19b", GitTreeState:"clean", BuildDate:"2019-05-16T16:23:09Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.7", GitCommit:"be3d344ed06bff7a4fc60656200a93c74f31f9a4", GitTreeState:"clean", BuildDate:"2020-02-11T19:24:46Z", GoVersion:"go1.13.6", Compiler:"gc", Platform:"linux/amd64"}

• Jenkins Operator version:
  v0.4.0

[tomaszsek]

Hi @gmarraffa,

The sequence is set in the code: https://github.com/jenkinsci/kubernetes-operator/blob/master/pkg/controller/jenkins/configuration/user/reconcile.go#L80. The CasC plugin overrides all data so the fix will be to change the sequence to:

• apply CasC
• apply groovy script

Would you like to contribute?

Cheers

[gmarraff]

Hi @tomaszsek ,
I have 0 experience with go but by looking at the code it doesn't seem that hard to change the order.
I can try to create a PR when I have time.

[sarabesh]

Hi guys,.stuck at a very similar situation. Is this request been done in the Jenkins-operator currently?

[tomaszsek]

Improved in https://github.com/jenkinsci/kubernetes-operator/releases/tag/v0.5.0

[orlandoacevedo-pge]

What if we require a groovy script to run before CasC?
i.e. 1. Groovy installs custom plugin using plugin file. 2. CasC loads plugin config.