[JIRA] (JENKINS-59302) Name fields of AWS Secrets Manager Secrets are not distinct

talbot.nat@gmail.com (JIRA)

unread,

Sep 10, 2019, 4:43:01 PM9/10/19

to jenkinsc...@googlegroups.com

Nat Talbot updated an issue

Jenkins /

JENKINS-59302

Name fields of AWS Secrets Manager Secrets are not distinct

Change By:	Nat Talbot
Summary:	Description Name fields of AWS Secrets Manager Secrets are not distinct

Currently, any AWS Secret in Jenkins has the description name "AWS Secrets Manager secret." This is not a major issue in the credentials browser or accessing in a pipeline script, as the credential ID is unique – however, in the "Configure System" page, many plugins use the descriptions names rather than the ID to choose these secrets from the dropdown (see images)

The solution that I will experiment with is to source the credential description name from the description field attached to the secret in AWS, however, using the ID as the description instead would work well.

!image-2019-09-10-15-54-15-902.png!

!image-2019-09-10-15-54-24-054.png!

Add Comment

This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)

chris+jenkins@chriskilding.com (JIRA)

unread,

Sep 11, 2019, 5:43:04 AM9/11/19

to jenkinsc...@googlegroups.com

Chris Kilding commented on

JENKINS-59302

Re: Name fields of AWS Secrets Manager Secrets are not distinct

Ah yes, I think this bug was introduced by accident, since my team defines all its jobs through either JobDSL or Jenkinsfiles (and not through the Web UI - where we would have noticed and caught this bug). It definitely needs fixing.

Add Comment

talbot.nat@gmail.com (JIRA)

unread,

Sep 11, 2019, 12:46:02 PM9/11/19

to jenkinsc...@googlegroups.com

Nat Talbot commented on

JENKINS-59302

Re: Name fields of AWS Secrets Manager Secrets are not distinct

Was this introduced from the multiple-credential-types changes, or is it a separate issue? I had assumed it was a separate issue, but looking at the changes I'd guess it's related to the DescriptorImpl in AwsCredentials.java?

Add Comment

talbot.nat@gmail.com (JIRA)

unread,

Sep 11, 2019, 12:59:03 PM9/11/19

to jenkinsc...@googlegroups.com

Nat Talbot commented on

JENKINS-59302

Re: Name fields of AWS Secrets Manager Secrets are not distinct

Aha, looks like it was introduced by the changes, after re-installing from master.

Add Comment

talbot.nat@gmail.com (JIRA)

unread,

Sep 11, 2019, 1:18:02 PM9/11/19

to jenkinsc...@googlegroups.com

Nat Talbot updated an issue

Jenkins /

JENKINS-59302

Name fields of AWS Secrets Manager Secrets are not distinct

Change By:	Nat Talbot
Environment:	Running off of the feature/multiple-credential-types branch , but this should be an overall issue not specific to the branch

Add Comment

chris+jenkins@chriskilding.com (JIRA)

unread,

Sep 12, 2019, 6:08:08 AM9/12/19

to jenkinsc...@googlegroups.com

Chris Kilding commented on

JENKINS-59302

Re: Name fields of AWS Secrets Manager Secrets are not distinct

I investigated a bit and found the following...

As long as the `AwsCredentials` type implements `StringCredentials`, the ID is used for the name. But if it extends any of the other credentials types (`StandardUsernamePasswordCredentials` etc), even individually, the fallback text appears instead.

I initially wondered if this could have been a bug in the credentials type definitions themselves so tried spawning some creds in the local disk-backed creds provider. But the names all worked properly, so the credentials type definitions are fine.

One interesting thing is that when AWS credentials are shown in the list view, no matter what credentials interface I tell the `AwsCredentials` class to implement instead of `StringCredentials`, it is always presented as 'secret text' (with the blue key icon). So it seems that the `AwsCredentials` objects are always being treated as `StringCredentials`, even when they do not implement that type. And when they don't fit the `StringCredentials` form I guess the default descriptor message is used to fill in the blanks.