From 9a8dca4c42070cb1a5571046aaf8b1e5e5b9eeab Mon Sep 17 00:00:00 2001
From: Pere <pbuenoyerbes@cloudbees.com>
Date: Tue, 17 Sep 2024 18:13:48 +0200
Subject: [PATCH] [JENKINS-73789] empty certificate is valid now (#1605)

---
 .../plugins/kubernetes/KubernetesCloud.java   |  2 +-
 .../kubernetes/KubernetesCloudFIPSTest.java   |  4 ++++
 .../config.xml                                | 21 +++++++++++++++++++
 3 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesCloud.java b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesCloud.java
index 81f5091db..45827e0e7 100644
--- a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesCloud.java
+++ b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesCloud.java
@@ -702,7 +702,7 @@ private static void ensureServerCertificateInFipsMode(String serverCertificate)
             return;
         }
         if (StringUtils.isBlank(serverCertificate)) {
-            throw new IllegalArgumentException(Messages.KubernetesCloud_serverCertificateKeyEmpty());
+            return; // JENKINS-73789, no certificate is accepted
         }
         try {
             PEMEncodable pem = PEMEncodable.decode(serverCertificate);
diff --git a/src/test/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesCloudFIPSTest.java b/src/test/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesCloudFIPSTest.java
index 037d06570..65492b120 100644
--- a/src/test/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesCloudFIPSTest.java
+++ b/src/test/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesCloudFIPSTest.java
@@ -61,6 +61,10 @@ public void onlyFipsCompliantValuesAreAcceptedTest() throws IOException {
     @LocalData
     public void nonCompliantCloudsAreCleanedTest() {
         assertThat("compliant-cloud is loaded", r.jenkins.getCloud("compliant-cloud"), notNullValue());
+        assertThat(
+                "no certificate is a valid cloud",
+                r.jenkins.getCloud("no-certificate-compliant-cloud"),
+                notNullValue());
         assertThat("with-skip-tls is not loaded", r.jenkins.getCloud("with-skip-tls"), nullValue());
         assertThat("with-http-endpoint is not loaded", r.jenkins.getCloud("with-http-endpoint"), nullValue());
         assertThat("with-invalid-cert is not loaded", r.jenkins.getCloud("with-invalid-cert"), nullValue());
diff --git a/src/test/resources/org/csanchez/jenkins/plugins/kubernetes/KubernetesCloudFIPSTest/nonCompliantCloudsAreCleanedTest/config.xml b/src/test/resources/org/csanchez/jenkins/plugins/kubernetes/KubernetesCloudFIPSTest/nonCompliantCloudsAreCleanedTest/config.xml
index fe51f35c0..aaa43ab22 100644
--- a/src/test/resources/org/csanchez/jenkins/plugins/kubernetes/KubernetesCloudFIPSTest/nonCompliantCloudsAreCleanedTest/config.xml
+++ b/src/test/resources/org/csanchez/jenkins/plugins/kubernetes/KubernetesCloudFIPSTest/nonCompliantCloudsAreCleanedTest/config.xml
@@ -150,6 +150,27 @@ ovacsJACHC8VSwu0hEqevytqT7HH9E/DCMYORANJBZz5GyY=
       <waitForPodSec>600</waitForPodSec>
       <podRetention class="org.csanchez.jenkins.plugins.kubernetes.pod.retention.Never"/>
     </org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud>
+    <org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud plugin="kubernetes@999999-SNAPSHOT">
+        <name>no-certificate-compliant-cloud</name>
+        <templates/>
+        <serverUrl>https://example.org</serverUrl>
+        <useJenkinsProxy>false</useJenkinsProxy>
+        <skipTlsVerify>false</skipTlsVerify>
+        <addMasterProxyEnvVars>false</addMasterProxyEnvVars>
+        <capOnlyOnAlivePods>false</capOnlyOnAlivePods>
+        <restrictedPssSecurityContext>false</restrictedPssSecurityContext>
+        <webSocket>false</webSocket>
+        <directConnection>false</directConnection>
+        <containerCap>10</containerCap>
+        <retentionTimeout>5</retentionTimeout>
+        <connectTimeout>5</connectTimeout>
+        <readTimeout>15</readTimeout>
+        <podLabels/>
+        <usageRestricted>false</usageRestricted>
+        <maxRequestsPerHost>32</maxRequestsPerHost>
+        <waitForPodSec>600</waitForPodSec>
+        <podRetention class="org.csanchez.jenkins.plugins.kubernetes.pod.retention.Never"/>
+    </org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud>
   </clouds>
   <scmCheckoutRetryCount>0</scmCheckoutRetryCount>
   <views>