[JIRA] (JENKINS-60329) Username/password credentials can not be used with git

0 views
Skip to first unread message

peter@peterfich.com (JIRA)

unread,
Nov 29, 2019, 6:34:03 AM11/29/19
to jenkinsc...@googlegroups.com
Peter Fich created an issue
 
Jenkins / Bug JENKINS-60329
Username/password credentials can not be used with git
Issue Type: Bug Bug
Assignee: Chris Kilding
Components: aws-secrets-manager-credentials-provider-plugin
Created: 2019-11-29 11:33
Priority: Minor Minor
Reporter: Peter Fich

I'm trying to use username/password credentials with git in a pipeline like this:

 

pipeline {
  agent any
  stages {
    stage('Example') {
      steps {
        git credentialsId: 'git-creds', url:'https://github.com/jenkinsci/aws-secrets-manager-credentials-provider-plugin.git'
      }
    }
  }
}

 

The Git plugin will first test if the credentials are a ssh key, and then try to extract the key. Only if the credentials are not a ssh key will it test if it is a username/password.

The issue is that 'AwsCredentials' are implementing both 'StandardUsernamePasswordCredentials' and 'SSHUserPrivateKey'.

The solution would be (I think) to have different subclasses for each.
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)
Atlassian logo

chris+jenkins@chriskilding.com (JIRA)

unread,
Dec 6, 2019, 11:10:03 AM12/6/19
to jenkinsc...@googlegroups.com
Chris Kilding commented on Bug JENKINS-60329
 
Re: Username/password credentials can not be used with git

Hi Peter, I have added a failing test that reproduces the issue in a GitHub PR to get us started.

chris+jenkins@chriskilding.com (JIRA)

unread,
Dec 17, 2019, 6:28:03 AM12/17/19
to jenkinsc...@googlegroups.com

The options for fixing this appear (to me at least) to be:

  • Fix the naive credential type detection in the Git plugin.
  • Push type detection up the chain in the credentials provider, so that by the time we instantiate the primary credential object, we already know the exact type. This eliminates the multi-type object.
  • Decompose the multi-type object and return a single type object in the credential snapshot taker (this is a fragile solution: it would fix the Git plugin because it just so happens to snapshot credentials, but it doesn’t generalise to plugins that use credentials directly).

chris+jenkins@chriskilding.com (JIRA)

unread,
Dec 17, 2019, 6:30:02 AM12/17/19
to jenkinsc...@googlegroups.com

When I looked at option 3 - get creative with the credential snapshot taker - I found it has very strict type constraints, so I don’t think it is viable to change the returned credential type within the snapshot taker.

chris+jenkins@chriskilding.com (JIRA)

unread,
Jan 17, 2020, 6:44:07 AM1/17/20
to jenkinsc...@googlegroups.com
Chris Kilding started work on Bug JENKINS-60329
 
Change By: Chris Kilding
Status: Open In Progress

chris+jenkins@chriskilding.com (JIRA)

unread,
Jan 17, 2020, 6:45:07 AM1/17/20
to jenkinsc...@googlegroups.com
Change By: Chris Kilding
Status: In Progress Review

chris+jenkins@chriskilding.com (JIRA)

unread,
Jan 17, 2020, 6:47:06 AM1/17/20
to jenkinsc...@googlegroups.com
 
Re: Username/password credentials can not be used with git

A fix is ready to test (if you're willing to build the .hpi from source) in this pull request: https://github.com/jenkinsci/aws-secrets-manager-credentials-provider-plugin/pull/10 

 

Note that you'll need to add the jenkins:credentials:type tag to your AWS secrets, per the README.

chris+jenkins@chriskilding.com (JIRA)

unread,
Jan 23, 2020, 6:23:05 AM1/23/20
to jenkinsc...@googlegroups.com
Change By: Chris Kilding
Status: In Review Resolved
Resolution: Fixed
Released As: 0.2.0
Reply all
Reply to author
Forward
0 new messages