/reload-configuration-as-code/?casc-reload-token returns a 500 when config contains a amazonEC2 section (but /configuration-as-code/reload does not)

[Kanshiroron]

Hello,
I have a Jenkins deployed in Kubernetes, using the official Docker image. I'm trying to set up a workflow where configuration is automatically reloaded when changes have been pushed to our Jenkins configuration repository. According to the documentation setting casc.reload.token as a system property should enable it the ability to reload configuration calling the /reload-configuration-as-code endpoint, but I'm still seeing an error.

Environment:
Jenkins v2.196
Plugin 1.29
Debian 9
Kubernetes 1.12

I have created the JAVA_OPTS environment variable and attached it to the Jenkins StatefulSet.
JAVA_OPTS: -Dhudson.footerURL="https://jenkins.example.com" -Djava.util.logging.config.file="/etc/jenkins/log.properties" -Dcasc.reload.token="myReloadPassword"

According to the entrypoint in the Jenkins docker, the JAVA_OPTS environment variable is indeed parsed and passed to the java command:
https://github.com/jenkinsci/docker/blob/master/jenkins.sh#L18

But when I call the endpoint, I have a 500 error:
hudson.security.AccessDeniedException2: anonymous is missing the Overall/RunScripts permission

k -n engineering exec -ti jenkins-0 -- curl -XPOST http://localhost:8080/reload-configuration-as-code/?casc-reload-token=myReloadPassword

  <!DOCTYPE html><html><head resURL="/static/ad238a94" data-rooturl="" data-resurl="/static/ad238a94">
    <title>Jenkins [Jenkins]</title><link rel="stylesheet" href="/static/ad238a94/css/layout-common.css" type="text/css"><link rel="stylesheet" href="/static/ad238a94/css/style.css" type="text/css"><link rel="stylesheet" href="/static/ad238a94/css/color.css" type="text/css"><link rel="stylesheet" href="/static/ad238a94/css/responsive-grid.css" type="text/css"><link rel="shortcut icon" href="/static/ad238a94/favicon.ico" type="image/vnd.microsoft.icon"><link color="black" rel="mask-icon" href="/images/mask-icon.svg"><script>var isRunAsTest=false; var rootURL=""; var resURL="/static/ad238a94";</script><script src="/static/ad238a94/scripts/prototype.js" type="text/javascript"></script><script src="/static/ad238a94/scripts/behavior.js" type="text/javascript"></script><script src='/adjuncts/ad238a94/org/kohsuke/stapler/bind.js' type='text/javascript'></script><script src="/static/ad238a94/scripts/yui/yahoo/yahoo-min.js"></script><script src="/static/ad238a94/scripts/yui/dom/dom-min.js"></script><script src="/static/ad238a94/scripts/yui/event/event-min.js"></script><script src="/static/ad238a94/scripts/yui/animation/animation-min.js"></script><script src="/static/ad238a94/scripts/yui/dragdrop/dragdrop-min.js"></script><script src="/static/ad238a94/scripts/yui/container/container-min.js"></script><script src="/static/ad238a94/scripts/yui/connection/connection-min.js"></script><script src="/static/ad238a94/scripts/yui/datasource/datasource-min.js"></script><script src="/static/ad238a94/scripts/yui/autocomplete/autocomplete-min.js"></script><script src="/static/ad238a94/scripts/yui/menu/menu-min.js"></script><script src="/static/ad238a94/scripts/yui/element/element-min.js"></script><script src="/static/ad238a94/scripts/yui/button/button-min.js"></script><script src="/static/ad238a94/scripts/yui/storage/storage-min.js"></script><script src="/static/ad238a94/scripts/hudson-behavior.js" type="text/javascript"></script><script src="/static/ad238a94/scripts/sortable.js" type="text/javascript"></script><script>crumb.init("Jenkins-Crumb", "0ba712c00c25a5ede6f2e76e6f68367f571c86598c1fb9d4106f96c8db9a5ded");</script><link rel="stylesheet" href="/static/ad238a94/scripts/yui/container/assets/container.css" type="text/css"><link rel="stylesheet" href="/static/ad238a94/scripts/yui/assets/skins/sam/skin.css" type="text/css"><link rel="stylesheet" href="/static/ad238a94/scripts/yui/container/assets/skins/sam/container.css" type="text/css"><link rel="stylesheet" href="/static/ad238a94/scripts/yui/button/assets/skins/sam/button.css" type="text/css"><link rel="stylesheet" href="/static/ad238a94/scripts/yui/menu/assets/skins/sam/menu.css" type="text/css"><meta name="ROBOTS" content="INDEX,NOFOLLOW"><meta name="viewport" content="width=device-width, initial-scale=1"><script src="/static/ad238a94/jsbundles/page-init.js" type="text/javascript"></script></head><body data-model-type="hudson.model.Hudson" id="jenkins" class="yui-skin-sam two-column jenkins-2.194" data-version="2.194"><a href="#skip2content" class="skiplink">Skip to content</a><div id="page-head"><div id="header"><div class="logo"><a id="jenkins-home-link" href="/"><img src="/static/ad238a94/images/headshot.png" alt="[Jenkins]" id="jenkins-head-icon"><img src="/static/ad238a94/images/title.png" alt="Jenkins" width="139" id="jenkins-name-icon" height="34"></a></div><div class="login"> <a href="/login?from=%2Freload-configuration-as-code%2F"><b>log in</b></a></div><div class="searchbox hidden-xs"><form role="search" method="get" name="search" action="/search/" style="position:relative;" class="no-json"><div id="search-box-minWidth"></div><div id="search-box-sizer"></div><div id="searchform"><input role="searchbox" name="q" placeholder="search" id="search-box" class="has-default-text"> <a href="https://jenkins.io/redirect/search-box"><img src="/static/ad238a94/images/16x16/help.png" style="width: 16px; height: 16px; " class="icon-help icon-sm"></a><div id="search-box-completion"></div><script>createSearchBox("/search/");</script></div></form></div></div><div id="breadcrumbBar"><tr id="top-nav"><td id="left-top-nav" colspan="2"><link rel='stylesheet' href='/adjuncts/ad238a94/lib/layout/breadcrumbs.css' type='text/css' /><script src='/adjuncts/ad238a94/lib/layout/breadcrumbs.js' type='text/javascript'></script><div class="top-sticker noedge"><div class="top-sticker-inner"><div id="right-top-nav"></div><ul id="breadcrumbs"><li class="item"><a href="/" class="model-link inside">Jenkins</a></li><li href="/" class="children"></li></ul><div id="breadcrumb-menu-target"></div></div></div></td></tr></div></div><div id="page-body" class="clear"><div id="side-panel"><div class="task"><a href="https://jenkins.io/" class="task-icon-link"><img src="/static/ad238a94/images/24x24/next.png" style="width: 24px; height: 24px; width: 24px; height: 24px; margin: 2px;" class="icon-next icon-md"></a> <a href="https://jenkins.io/" class="task-link">Jenkins project</a></div><div class="task"><a href="https://jenkins.io/redirect/report-an-issue" class="task-icon-link"><img src="/static/ad238a94/images/24x24/gear2.png" style="width: 24px; height: 24px; width: 24px; height: 24px; margin: 2px;" class="icon-gear2 icon-md"></a> <a href="https://jenkins.io/redirect/report-an-issue" class="task-link">Bug tracker</a></div><div class="task"><a href="https://jenkins.io/redirect/mailing-lists" class="task-icon-link"><img src="/static/ad238a94/images/24x24/search.png" style="width: 24px; height: 24px; width: 24px; height: 24px; margin: 2px;" class="icon-search icon-md"></a> <a href="https://jenkins.io/redirect/mailing-lists" class="task-link">Mailing Lists</a></div><div class="task"><a href="https://twitter.com/jenkinsci" class="task-icon-link"><img src="/static/ad238a94/images/24x24/user.png" style="width: 24px; height: 24px; width: 24px; height: 24px; margin: 2px;" class="icon-user icon-md"></a> <a href="https://twitter.com/jenkinsci" class="task-link">Twitter: @jenkinsci</a></div></div><div id="main-panel"><a name="skip2content"></a><h1 style="text-align: center"><img src="/static/ad238a94/images/rage.png" width="154" height="179"><span style="font-size:50px"> Oops!</span></h1><div id="error-description"><p>A problem occurred while processing the request.
        Please check <a href="https://jenkins.io/redirect/issue-tracker">our bug tracker</a> to see if a similar problem has already been reported.
        If it is already reported, please vote and put a comment on it to let us gauge the impact of the problem.
        If you think this is a new issue, please file a new issue.
        When you file an issue, make sure to add the entire stack trace, along with the version of Jenkins and relevant plugins.
        <a href="https://jenkins.io/redirect/users-mailing-list">The users list</a> might be also useful in understanding what has happened.<h2>Stack trace</h2><pre style="margin:2em; clear:both">hudson.security.AccessDeniedException2: anonymous is missing the Overall/RunScripts permission
	at hudson.security.ACL.checkPermission(ACL.java:73)
	at hudson.security.AccessControlled.checkPermission(AccessControlled.java:47)
	at hudson.plugins.ec2.UnixData.readResolve(UnixData.java:31)
	at hudson.plugins.ec2.UnixData.&lt;init>(UnixData.java:27)
Caused: java.lang.reflect.InvocationTargetException
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
	at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.tryConstructor(DataBoundConfigurator.java:175)
Caused: io.jenkins.plugins.casc.ConfiguratorException: unixData: Failed to construct instance of class hudson.plugins.ec2.UnixData.
 Constructor: public hudson.plugins.ec2.UnixData(java.lang.String,java.lang.String,java.lang.String,java.lang.String).
 Arguments: [java.lang.String, null, null, java.lang.String].
 Expected Parameters: rootCommandPrefix java.lang.String, slaveCommandPrefix java.lang.String, slaveCommandSuffix java.lang.String, sshPort java.lang.String
	at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.tryConstructor(DataBoundConfigurator.java:193)
	at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.instance(DataBoundConfigurator.java:77)
	at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:267)
	at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.configure(DataBoundConfigurator.java:83)
	at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$doConfigure$16668e2$1(HeteroDescribableConfigurator.java:278)
	at io.vavr.CheckedFunction0.lambda$unchecked$52349c75$1(CheckedFunction0.java:201)
	at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.doConfigure(HeteroDescribableConfigurator.java:278)
	at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$null$2(HeteroDescribableConfigurator.java:86)
	at io.vavr.control.Option.map(Option.java:373)
	at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$configure$3(HeteroDescribableConfigurator.java:86)
	at io.vavr.Tuple2.apply(Tuple2.java:239)
	at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.configure(HeteroDescribableConfigurator.java:83)
	at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.configure(HeteroDescribableConfigurator.java:55)
	at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.tryConstructor(DataBoundConfigurator.java:161)
	at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.instance(DataBoundConfigurator.java:77)
	at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:267)
	at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.configure(DataBoundConfigurator.java:83)
	at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.tryConstructor(DataBoundConfigurator.java:153)
	at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.instance(DataBoundConfigurator.java:77)
	at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:267)
	at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.configure(DataBoundConfigurator.java:83)
	at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$doConfigure$16668e2$1(HeteroDescribableConfigurator.java:278)
	at io.vavr.CheckedFunction0.lambda$unchecked$52349c75$1(CheckedFunction0.java:201)
	at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.doConfigure(HeteroDescribableConfigurator.java:278)
	at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$null$2(HeteroDescribableConfigurator.java:86)
	at io.vavr.control.Option.map(Option.java:373)
	at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$configure$3(HeteroDescribableConfigurator.java:86)
	at io.vavr.Tuple2.apply(Tuple2.java:239)
	at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.configure(HeteroDescribableConfigurator.java:83)
	at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.check(HeteroDescribableConfigurator.java:92)
	at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.check(HeteroDescribableConfigurator.java:55)
	at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:344)
	at io.jenkins.plugins.casc.BaseConfigurator.check(BaseConfigurator.java:287)
	at io.jenkins.plugins.casc.ConfigurationAsCode.lambda$checkWith$7(ConfigurationAsCode.java:709)
	at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:659)
Caused: io.jenkins.plugins.casc.ConfiguratorException: jenkins: error configuring 'jenkins' with class io.jenkins.plugins.casc.core.JenkinsConfigurator configurator
	at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:665)
	at io.jenkins.plugins.casc.ConfigurationAsCode.checkWith(ConfigurationAsCode.java:709)
	at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:694)
	at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:585)
	at io.jenkins.plugins.casc.ConfigurationAsCode.configure(ConfigurationAsCode.java:280)
	at io.jenkins.plugins.casc.TokenReloadAction.doIndex(TokenReloadAction.java:53)
	at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
	at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396)
	at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408)
	at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:77)
	at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26)
	at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212)
	at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145)
	at org.kohsuke.stapler.IndexDispatcher.dispatch(IndexDispatcher.java:27)
	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747)
	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:878)
	at org.kohsuke.stapler.MetaClass$9.dispatch(MetaClass.java:456)
	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747)
	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:878)
	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:676)
	at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:873)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1623)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
	at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:128)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
	at io.jenkins.plugins.casc.TokenReloadCrumbExclusion.process(TokenReloadCrumbExclusion.java:20)
	at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:73)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
	at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
	at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90)
	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
	at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:540)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146)
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1700)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1345)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:480)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1667)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1247)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
	at org.eclipse.jetty.server.Server.handle(Server.java:505)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
	at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:698)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:804)
	at java.lang.Thread.run(Thread.java:748)
</pre></div></div></div><footer><div class="container-fluid"><div class="row"><div class="col-md-6" id="footer"></div><div class="col-md-18"><span class="page_generated">Page generated: Oct 15, 2019 10:44:57 AM UTC</span><span class="rest_api"><a href="api/">REST API</a></span><span class="jenkins_ver"><a href="https://jenkins.admin.eu.pype.engineering">Jenkins ver. 2.194</a></span></div></div></div></footer></body></html>

My first question would be: why is it returning a 500 instead of a 401/403?
Second, what am I doing wrong?

Thanks for your help!

[lmmc]

Having a similar issue:

HTTP/1.1 500 Server Error

org.acegisecurity.AccessDeniedException: Failed to authenticate to run builds as authorization anonymous.

[lmmc]

Having a similar issue:

HTTP/1.1 500 Server Error

org.acegisecurity.AccessDeniedException: Failed to authenticate to run builds as authorization anonymous.

Found the issue, it was Authorize Project plugin. After removal, it started to work again.

[timja]

@Kanshiroron

Caused: io.jenkins.plugins.casc.ConfiguratorException: unixData: Failed to construct instance of class hudson.plugins.ec2.UnixData.
 Constructor: public hudson.plugins.ec2.UnixData(java.lang.String,java.lang.String,java.lang.String,java.lang.String).
 Arguments: [java.lang.String, null, null, java.lang.String].
 Expected Parameters: rootCommandPrefix java.lang.String, slaveCommandPrefix java.lang.String, slaveCommandSuffix java.lang.String, sshPort java.lang.String

That looks it's failing to reload your configuration

I've just tested this feature and it's working fine for me

[Kanshiroron]

@timja Thank you for your answer.
I'm still facing a 500, however when the server starts it doesn't complain about the configuration, and same thing if I manually click on the Reload existing configuration button on the Management > Configuration as Code menu. So the error seems to only happen when sending the cURL request.

I indeed do think the error is not coming from the token but from the config, since I have the log: 2019-11-13 15:46:15.988+0000 [id=99] INFO i.j.p.casc.TokenReloadAction#doIndex: Configuration reload triggered via token before the Warning stack trace.

As you pointed out, the issue may come from our EC2/UnixData config, which looks like:

jenkins:
  clouds:
  - amazonEC2:
      cloudName: "Slaves-${AWS_REGION}"
      credentialsId: "AWS_Admin"
      privateKey: "${EC2_SSH_KEY}"
      region: "${AWS_REGION}"
      templates:
      - ami: "${AWS_SLAVES_AMI}"
        amiType:
          unixData:
            rootCommandPrefix: "sudo"
            sshPort: "22"
.
.
.

But my question is why do the plugin replace empty values with null? As the error says:

 Constructor: public hudson.plugins.ec2.UnixData(java.lang.String,java.lang.String,java.lang.String,java.lang.String).
 Arguments: [java.lang.String, null, null, java.lang.String].
 Expected Parameters: rootCommandPrefix java.lang.String, slaveCommandPrefix java.lang.String, slaveCommandSuffix java.lang.String, sshPort java.lang.String

(I indeed do not specify slaveCommandPrefix & slaveCommandSuffix options).

Also, I updated Jenkins to version 2.204 & casc to 1.32

Thanks for your help.

[Kanshiroron]

After changing the configuration to add those missing parameters (slaveCommandPrefix & slaveCommandSuffix), the error has slightly changed, but no longer make any sense to me since the argument types seems to be correct...

Caused: io.jenkins.plugins.casc.ConfiguratorException: unixData: Failed to construct instance of class hudson.plugins.ec2.UnixData.
 Constructor: public hudson.plugins.ec2.UnixData(java.lang.String,java.lang.String,java.lang.String,java.lang.String).
 Arguments: [java.lang.String, java.lang.String, java.lang.String, java.lang.String].
 Expected Parameters: rootCommandPrefix java.lang.String, slaveCommandPrefix java.lang.String, slaveCommandSuffix java.lang.String, sshPort java.lang.String

🤔

[timja]

What did you set for the other values? what's the full config now?

[Kanshiroron]

@timja
Here is my config now:

jenkins:
  clouds:
  - amazonEC2:
      cloudName: "Slaves-${AWS_REGION}"
      credentialsId: "AWS_Admin"
      privateKey: "${EC2_SSH_KEY}"
      region: "${AWS_REGION}"
      useInstanceProfileForCredentials: false
      templates:
      - ami: "${AWS_SLAVES_AMI}"
        amiType:
          unixData:
            rootCommandPrefix: "sudo"
            sshPort: "22"
            slaveCommandPrefix: "sudo -u centos"
            slaveCommandSuffix: ""
        associatePublicIp: false
        connectBySSHProcess: true
        customDeviceMapping: "/dev/sda1=:250"
        deleteRootOnTermination: true
        description: "Centos Slaves ${AWS_REGION}a"
        ebsOptimized: false
        idleTerminationMinutes: "120"
        initScript: "${AWS_SLAVES_CLOUD_INIT}"
        instanceCapStr: "50"
        labelString: "centos-${AWS_REGION}a"
        mode: NORMAL
        monitoring: false
        numExecutors: 1
        remoteAdmin: "centos"
        remoteFS: "/jenkins"
        securityGroups: "${AWS_SLAVES_SG}"
        stopOnTerminate: false
        subnetId: "${AWS_SLAVES_SUBNET_A}"
        type: ${AWS_REGULAR_SLAVES_SIZE}
        useDedicatedTenancy: false
        useEphemeralDevices: false
        zone: "${AWS_REGION}a"

The AMI template is repeated multiple times (for each AZ).
I also tried to set slaveCommandSuffix to a 'random' string value but that didn't change anything.
Thanks for your help

[Kanshiroron]

Hey @timja, do you confirm this is a bug?
Thanks

[timja]

No, reloading is working fine you have an issue configuring the amazon ec2 plugin

[Kanshiroron]

@timja
I agree the error is linked to the EC2 module however, I don't understand why I don't see any error when Jenkins starts, and also why I do not face this error when I manually push the Reload existing configuration button from the WebUI (which calls the /configuration-as-code/reload endpoint).
Also, my EC2 configuration seems to be working fine since Jenkins is able to spawn VMs and build jobs on them.

[Kanshiroron]

@timja Here you can find a minimal config with which you can reproduce this issue. It contains the jenkins.yml file, a script to launch the docker (Jenkins v2.204) and a script that contains the cURL command to ease testing. You will have to install the EC2 & casc plugins yourself.

jenkins_config.tar.gz

[janario]

Hi guys, I've just had the same error

As I could understand the error is not actually related to the constructor, the main cause seems to be at ec2-plugin while constructing UnixData.readResolve togheter with configAutoReload

It looks like the request is done with an anonymous user which gets invalid

....
Caused by: hudson.security.AccessDeniedException2: anonymous is missing the Overall/RunScripts permission
	at hudson.security.ACL.checkPermission(ACL.java:73)
	at hudson.security.AccessControlled.checkPermission(AccessControlled.java:47)
	at hudson.plugins.ec2.UnixData.readResolve(UnixData.java:31)
	at hudson.plugins.ec2.UnixData.<init>(UnixData.java:27)
	... 124 more