Multibranch not able to use existing credential, or create a new one
24 views
Skip to first unread message
itchymuzzle
Nov 7, 2017, 12:53:36 PM11/7/17
to Jenkins Users
Jenkins v2.79 AWS EC2 Linux instances for both master and node, Bitbucket for Git
This is really strange. I have a credential which is working fine for a “regular” pipeline. The credential contains a private ssh key and Bitbucket app password.
When I create the multibranch job it is
- not able to find/see that existing
credential, and
- is not able to create a new one using that same private ssh
key, and a new Bitbucket app password.
Been going around in circles for hours now, doesn’t make any sense. Any idea what I am not understanding here?
Thanks.
Mark Waite
Nov 7, 2017, 2:09:18 PM11/7/17
to jenkins...@googlegroups.com
I don't understand your reference to a credential which "contains a private ssh key and Bitbucket app password". That's not a credential type I recognize.
I'm accustomed to credentials which contain a private key, and I can envision a credential which includes a Bitbucket app password. I've never seen a credential which combines those two things into a single credential.
Can you explain further how that credential is created?
As far as I know, the git plugin can use private key based credentials with ssh protocol repositories (like ssh://hostname/path/to/repo.git and user@hostname:path/to/repo.git) and it can use username / password credentials with http and https repositories (like http://hostname/path/to/repo and https://hostname/path/to/repo).
Is your working case a use of the git plugin, or is it using some other source control access method?
Mark Waite
--Thanks.
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/0c73ff95-27ad-43c8-bcd6-444252d86850%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
itchymuzzle
Nov 7, 2017, 2:22:54 PM11/7/17
to Jenkins Users
Do these screen shots help?
The bitbucket app passwords (just showing label column)
itchymuzzle
Nov 7, 2017, 2:24:48 PM11/7/17
to Jenkins Users
I have tried creating the credential without the app password, and that doesn't seem to work.
Mark Waite
Nov 7, 2017, 2:28:36 PM11/7/17
to jenkins...@googlegroups.com
On Tue, Nov 7, 2017 at 12:23 PM itchymuzzle <chris...@3derm.com> wrote:
Do these screen shots help?Credential which works
That looks like a private key based credential. As far as I've seen with that type of credential, there is no location to insert an app password.
A separate credential can be created which uses an app password, but there is no location to enter the Bitbucket app password in the private key credential.
The bitbucket app passwords (just showing label column)
That looks like a bitbucket user interface. Do you copy the resulting Bitbucket app password into a separate Jenkins credential, or do you pass that information to Jenkins in some other way?
Mark Waite
--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/27efbee6-3343-463f-86fe-fa2d3cb7e035%40googlegroups.com.
itchymuzzle
Nov 7, 2017, 2:38:28 PM11/7/17
to Jenkins Users
> resulting Bitbucket app password
It is the value in the ID field, in the first screen shot.
Mark Waite
Nov 7, 2017, 2:49:29 PM11/7/17
to jenkins...@googlegroups.com
On Tue, Nov 7, 2017 at 12:38 PM itchymuzzle <chris...@3derm.com> wrote:
> resulting Bitbucket app passwordIt is the value in the ID field, in the first screen shot.
Ah, that clarifies it. The value in the ID field is only used inside Jenkins. It is never transmitted as part of any credential.
Unfortunately, that doesn't solve your problem. You're using a private key credential which is working in one location and not working in another location. The app password you entered is a nicely creative, random identifier for the private key credential, but it is only an internally used identifier, not something that is passed as a credential value.
I don't know why private key credentials would behave differently in those two scenarios.
Is the credential attached to the folder which contains the working job, but not visible from the folder of the non-working job? Folder scoped credentials are a great way to limit who can use specific credentials.
Mark Waite
--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/15f37ec5-87ea-454b-8d96-59ef38844766%40googlegroups.com.
itchymuzzle
Nov 7, 2017, 3:00:58 PM11/7/17
to Jenkins Users
Looking back at my notes I am not using bitbucket App password, that item must have been left over from my very first attempts. So my bad on that item.
But I still have the original issue, that when I am creating a new multibranch job I am not able to select/find/see my existing credentials. Which sets me off in the loop of trying to create a new one.
(screen shot) The first drop-down only has a selection of None, while the second drop-down has selections of "Multibranch_test_02" and "Jenkins", both forcing me to create new ones.
Why I can't I use/find/see/select the credential I already have for bitbucket, which works.
itchymuzzle
Nov 7, 2017, 3:03:31 PM11/7/17
to Jenkins Users
> Is the credential attached to the folder which contains the working job, but not visible from the folder of the non-working job? Folder scoped credentials are a great way to limit who can use specific credentials.
It says global, is that not the case?
Stephen Connolly
Nov 7, 2017, 3:17:17 PM11/7/17
to jenkins...@googlegroups.com
This only accepts username/password credentials as it accesses the Bitbucket api (which is https and http doesn’t understand ash keys)
The password doesn’t have to be a password, it can be an api token... but the credentials must be of type username password
--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/d8ba7267-f4b8-4a17-afdc-430fe8c3ce77%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Sent from my phone
itchymuzzle
Nov 7, 2017, 4:32:52 PM11/7/17
to Jenkins Users
> This only accepts username/password credentials
Ok, but ...
Bitbucket has my public key, and the Jenkins credential has my private key.
Stephen Connolly
Nov 7, 2017, 4:44:53 PM11/7/17
to jenkins...@googlegroups.com
And accessing the Bitbucket REST API only works over http (because it's REST)... so having the key is fine... but doesn't work for the REST API shortcuts that this dedicated Branch Source uses... if you want to use the private key then use a plain Git Source and specify the ssh: url
--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/8cd604a8-73ef-4141-8b98-a96e2d823704%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages