[JENKINS-73789] empty certificate is valid now (#1605)

jenkinsci · Sep 17, 2024 · 9a8dca4 · 9a8dca4
1 parent 1719f9d
commit 9a8dca4
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 1 deletion.
diff --git a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesCloud.java b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesCloud.java
@@ -702,7 +702,7 @@ private static void ensureServerCertificateInFipsMode(String serverCertificate)
             return;
         }
         if (StringUtils.isBlank(serverCertificate)) {
-            throw new IllegalArgumentException(Messages.KubernetesCloud_serverCertificateKeyEmpty());
+            return; // JENKINS-73789, no certificate is accepted
         }
         try {
             PEMEncodable pem = PEMEncodable.decode(serverCertificate);

diff --git a/src/test/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesCloudFIPSTest.java b/src/test/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesCloudFIPSTest.java
@@ -61,6 +61,10 @@ public void onlyFipsCompliantValuesAreAcceptedTest() throws IOException {
     @LocalData
     public void nonCompliantCloudsAreCleanedTest() {
         assertThat("compliant-cloud is loaded", r.jenkins.getCloud("compliant-cloud"), notNullValue());
+        assertThat(
+                "no certificate is a valid cloud",
+                r.jenkins.getCloud("no-certificate-compliant-cloud"),
+                notNullValue());
         assertThat("with-skip-tls is not loaded", r.jenkins.getCloud("with-skip-tls"), nullValue());
         assertThat("with-http-endpoint is not loaded", r.jenkins.getCloud("with-http-endpoint"), nullValue());
         assertThat("with-invalid-cert is not loaded", r.jenkins.getCloud("with-invalid-cert"), nullValue());

diff --git a/...ns/plugins/kubernetes/KubernetesCloudFIPSTest/nonCompliantCloudsAreCleanedTest/config.xml b/...ns/plugins/kubernetes/KubernetesCloudFIPSTest/nonCompliantCloudsAreCleanedTest/config.xml
@@ -150,6 +150,27 @@ ovacsJACHC8VSwu0hEqevytqT7HH9E/DCMYORANJBZz5GyY=
       <waitForPodSec>600</waitForPodSec>
       <podRetention class="org.csanchez.jenkins.plugins.kubernetes.pod.retention.Never"/>
     </org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud>
+    <org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud plugin="kubernetes@999999-SNAPSHOT">
+        <name>no-certificate-compliant-cloud</name>
+        <templates/>
+        <serverUrl>https://example.org</serverUrl>
+        <useJenkinsProxy>false</useJenkinsProxy>
+        <skipTlsVerify>false</skipTlsVerify>
+        <addMasterProxyEnvVars>false</addMasterProxyEnvVars>
+        <capOnlyOnAlivePods>false</capOnlyOnAlivePods>
+        <restrictedPssSecurityContext>false</restrictedPssSecurityContext>
+        <webSocket>false</webSocket>
+        <directConnection>false</directConnection>
+        <containerCap>10</containerCap>
+        <retentionTimeout>5</retentionTimeout>
+        <connectTimeout>5</connectTimeout>
+        <readTimeout>15</readTimeout>
+        <podLabels/>
+        <usageRestricted>false</usageRestricted>
+        <maxRequestsPerHost>32</maxRequestsPerHost>
+        <waitForPodSec>600</waitForPodSec>
+        <podRetention class="org.csanchez.jenkins.plugins.kubernetes.pod.retention.Never"/>
+    </org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud>
   </clouds>
   <scmCheckoutRetryCount>0</scmCheckoutRetryCount>
   <views>