[JIRA] (JENKINS-60440) Invalid git username/password on Jenkins agent when using Vault Username-Password Credential

[gordonli@hotmail.com (JIRA)]

Gordon Li created an issue

Jenkins / JENKINS-60440 Invalid git username/password on Jenkins agent when using Vault Username-Password Credential Issue Type: Bug Assignee: Mark Waite Components: git-plugin, hashicorp-vault-plugin Created: 2019-12-11 11:45 Environment: VM host: Windows 10 1909 running Docker Desktop Community 19.03.5 Jenkins master: Docker image jenkins/jenkins:latest Jenkins agent: Docker image openjdk:8-stretch + Swarm-Client 3.17 plugin Hashicorp Vault: Docker image vault:latest Labels: vault credentials Priority: Major Reporter: Gordon Li My Jenkins master is running Debian 9 with Jenkins 2.208, Git-plugin 4.0.0 and Hashicorp-vault-plugin 3.0.0. My Jenkins agent is running Debian 9 with Swarm-client plugin 3.17. My master is set to 0 executors so that all jobs run on the agent. I have my Bitbucket credentials saved in Jenkins 3 times - "Username with password", "Vault Username-Password Credential" with K/V engine 1 and "Vault Username-Password Credential" with K/V engine 2. I have a test freestyle job that does nothing except fetch a Git repository from https://bitbucket.org/... If set the job's Git credentials to use the "Username with password" credentials then the agent successfully fetches the repository. If I use either of the "Vault Username-Password Credential" credentials then the agent fails on the command "git fetch --tags --progress ..." with "remote: Invalid username or password" In a pipeline job with script from SCM, the master is able to fetch the repository with all 3 credential types but the agent can only fetch when using "Username with password" credentials - it is unable to fetch with "Vault Username-Password Credential" credentials. Bitbucket usernames are email addresses so they contain "@" special character. In Vault I have tried URL encoding the username to "user%40domain.com" but this causes the master to also fail with invalid username. Add Comment

This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)

[mark.earl.waite@gmail.com (JIRA)]

Mark Waite assigned an issue to Unassigned

Jenkins / JENKINS-60440 Invalid git username/password on Jenkins agent when using Vault Username-Password Credential

Change By: Mark Waite Assignee: Mark Waite

Add Comment

[mark.earl.waite@gmail.com (JIRA)]

Mark Waite commented on JENKINS-60440

Re: Invalid git username/password on Jenkins agent when using Vault Username-Password Credential Submitter notes that an @ sign embedded in the username will cause authentication failures in the git client plugin. Also an issue for the google code repositories since their user names include an @ sign as well.

Add Comment

[mark.earl.waite@gmail.com (JIRA)]

Mark Waite edited a comment on JENKINS-60440

Re: Invalid git username/password on Jenkins agent when using Vault Username-Password Credential

Submitter notes that an \@ sign embedded in the username will cause authentication failures in the git client plugin. Also an issue for the google code repositories since their user names include an \@ sign as well.

I assume the use of an embedded \@ character in the username is used on Bitbucket Server and Bitbucket Data Center.  I use markewaite as my Bitbucket Cloud username.  Bitbucket Cloud knows my google e-mail address and has connected my google e-mail address to my Bitbucket Cloud account. Can you define a username in Bitbucket server that does not include the \@ character in the username?

Add Comment

[mark.earl.waite@gmail.com (JIRA)]

Mark Waite edited a comment on JENKINS-60440

Re: Invalid git username/password on Jenkins agent when using Vault Username-Password Credential

Submitter notes that an \@ sign embedded in the username will cause authentication failures in the git client plugin. Also an issue for the google code repositories since their user names include an \@ sign as well.

I assume the use of an embedded \@ character in the username is used on Bitbucket Server and Bitbucket Data Center.  I use markewaite as my [ Bitbucket Cloud username |https://bitbucket . org/%7Bfeeb1516-e0f7-4759-89a0-1d3fe983b1f8%7D/].   Bitbucket Cloud knows my google e-mail address and has connected my google e-mail address to my Bitbucket Cloud account.

Can you define a username in Bitbucket server that does not include the \@ character in the username?

Add Comment

[mark.earl.waite@gmail.com (JIRA)]

Mark Waite edited a comment on JENKINS-60440

Re: Invalid git username/password on Jenkins agent when using Vault Username-Password Credential

Submitter notes that an \@ sign embedded in the username will cause authentication failures in the git client plugin. Also an issue for the google code repositories since their user names include an \@ sign as well.

I assume the use of an embedded \@ character in the username is used on Bitbucket Server and Bitbucket Data Center.  I use markewaite as my [Bitbucket Cloud username|https://bitbucket.org/%7Bfeeb1516-e0f7-4759-89a0-1d3fe983b1f8%7D/].  Bitbucket Cloud knows my google e-mail address and has connected my google e-mail address to my Bitbucket Cloud account.

Can you define a username in Bitbucket server that does not include the \@ character in the username?

Add Comment

[mark.earl.waite@gmail.com (JIRA)]

Mark Waite edited a comment on JENKINS-60440

Re: Invalid git username/password on Jenkins agent when using Vault Username-Password Credential

Submitter notes that an \@ sign embedded in the username will cause authentication failures in the git client plugin. Also an issue for the google code repositories since their user names include an \@ sign as well.

I was not aware of Bitbucket Cloud supporting a username which includes an \@ character.  My Bitbucket Cloud account does not contain an embedded \@ character. I assume the use of an embedded \@ character in the username is used on Bitbucket Server and Bitbucket Data Center.  I use markewaite as my [Bitbucket Cloud username|https://bitbucket.org/%7Bfeeb1516-e0f7-4759-89a0-1d3fe983b1f8%7D/].  Bitbucket Cloud knows my google e-mail address and has connected my google e-mail address to my Bitbucket Cloud account.

Can you define a username in Bitbucket server that does not include the \@ character in the username?

Are you able to define an app password in Bitbucket Cloud, store that app password in Hashicorp Vault, and use that app password as part of a Vault username / password credential?

Add Comment