Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How do I get Bamboo Specs to use Azure Keyvault for fetching secret variables? Edited

I have a Bamboo Specs repo that uses Azure KeyVault for fetching a few variables (passwords) used by build/deploy jobs. 

I'm curious if anyone knows a way around the Access Control Exceptions

[ERROR] Failed to execute goal com.atlassian.bamboo:bamboo-specs-runner:6.5.0:run (default-cli) on project bamboo-specs-generator: Execution default-cli of goal com.atlassian.bamboo:bamboo-specs-runner:6.5.0:run failed: access denied ("java.net.NetPermission" "getProxySelector") -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal com.atlassian.bamboo:bamboo-specs-runner:6.5.0:run (default-cli) on project bamboo-specs-generator: Execution default-cli of goal com.atlassian.bamboo:bamboo-specs-runner:6.5.0:run failed: access denied ("java.net.NetPermission" "getProxySelector")
	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:213)
	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:154)
	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:146)
	at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:117)
	at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:81)
	at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51)
	at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128)
	at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:309)
	at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:194)
	at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:107)
	at org.apache.maven.cli.MavenCli.execute(MavenCli.java:993)
	at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:345)
	at org.apache.maven.cli.MavenCli.main(MavenCli.java:191)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:497)
	at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289)
	at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229)
	at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415)
	at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356)
Caused by: org.apache.maven.plugin.PluginExecutionException: Execution default-cli of goal com.atlassian.bamboo:bamboo-specs-runner:6.5.0:run failed: access denied ("java.net.NetPermission" "getProxySelector")
	at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:145)
	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:208)
	... 20 more
Caused by: java.security.AccessControlException: access denied ("java.net.NetPermission" "getProxySelector")
	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:457)
	at java.security.AccessController.checkPermission(AccessController.java:884)
	at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
	at com.atlassian.bamboo.specs.maven.sandbox.AbstractThreadPermissionVerifier.checkPermission(AbstractThreadPermissionVerifier.java:18)
	at com.atlassian.bamboo.specs.maven.sandbox.BambooSpecsSecurityManager.checkPermission(BambooSpecsSecurityManager.java:37)
	at java.net.ProxySelector.getDefault(ProxySelector.java:94)
	at okhttp3.OkHttpClient$Builder.<init>(OkHttpClient.java:425)
	at com.microsoft.azure.AzureServiceClient.<init>(AzureServiceClient.java:25)
	at com.microsoft.azure.keyvault.KeyVaultClientImpl.<init>(KeyVaultClientImpl.java:203)
	at com.microsoft.azure.keyvault.KeyVaultClientImpl.<init>(KeyVaultClientImpl.java:193)
	at com.microsoft.azure.keyvault.KeyVaultClient.<init>(KeyVaultClient.java:179)
	at com.hiscox.plan.Default.<init>(Default.java:28)
	at com.hiscox.plan.DockerComposeCommon.<init>(DockerComposeCommon.java:35)
	at com.hiscox.plan.DockerComposeCommon.<init>(DockerComposeCommon.java:40)
	at com.hiscox.PlanSpec.main(PlanSpec.java:22)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:497)
	at com.atlassian.bamboo.specs.maven.sandbox.SpecsRunner.callMainMethod(SpecsRunner.java:95)
	at com.atlassian.bamboo.specs.maven.sandbox.SpecsRunner.runSpecsInternal(SpecsRunner.java:76)
	at com.atlassian.bamboo.specs.maven.sandbox.SpecsRunner$$Lambda$13/1222908765.get(Unknown Source)
	at com.atlassian.bamboo.specs.maven.sandbox.SecureMethodInvoker.lambda$invokeInternal$0(SecureMethodInvoker.java:34)
	at com.atlassian.bamboo.specs.maven.sandbox.SecureMethodInvoker$$Lambda$14/1331644236.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)

 Edit:

 

bamboo 6.5

I see documents reference a Enable secure Specs processing setting but I'm not seeing it in Security settings

Reference: https://confluence.atlassian.com/bamboo/repository-stored-bamboo-specs-security-938844473.html

 

1 answer

@Dakota Brown not sure if this would still help you in any way given the time since your question, but it might help others.

I don't know much about your context, but it seems to me your Bamboo installation is running Tomcat (i.e. Catalina) in security mode (have a look at the bin/catalina.sh file in your installation directory, where security mode is selected). When this is the case, the security policies as defined in the file conf/catalina.policy are in place.

Your Bamboo specs are being executed by the bamboo specs runner (see jar at https://mvnrepository.com/artifact/com.atlassian.bamboo/bamboo-specs-runner/6.5.0) in some kind of sandbox environment. Your dependency on the Azure Key Vault triggers network communication from bamboo-specs-runner-6.0.5.jar, for which I cannot find an exception in catalina.policy, hence the exception.

So the solution would be to adjust the catalina.policy file and include the following permission:

permission java.net.NetPermission "getProxySelector";

For bamboo-specs-runner-6.0.5.jar.

Mind that I did not try this and I'm not an expert on Catalina security policies.

As an alternative, there is now a plugin (note that I am the author!) which avoids the need to fetch secret variables from your specs, it rather resolves them at build and deploy time by reference. See https://marketplace.atlassian.com/apps/1221965/secret-managers-for-bamboo

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bamboo

Bamboo 101 Video

G’day Community! As we gear up to introduce Bamboo Data Center to the world, we wanted to make sure that we shared a bit more about Bamboo, the product. Our team has put together an overview video ...

256 views 4 6
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you