Folder Credential by credentialId not found using credentials API
224 views
Skip to first unread message
Arnold van Wijnbergen
Oct 30, 2022, 4:34:01 PM10/30/22
to Jenkins Developers
Hi Jenkins Developers,
We are currently busy with adding a new feature to OSS code signing plugin. In the current situation we store credentials (username/password) as global in Jenkins as credentials provider. For this we use the credentials plugin.
This works well, but we want to improve this to support FolderCredentialsProvider used in combination with the Role strategy plugin. Currently this works okay.
1) First step we moved UI code to the simplebuildStep. This works and we can choose and save the folder based 'global' credential. We can see this credential in the dropdown list. So this UI and persistence part works.
Now the second part is where we see some problems occur when we execute the job. The job is inside the folder we created the credentials.
2) When we now execute the job we use following code to lookup the credential by credentialId.
@Nullable
public static StandardUsernamePasswordCredentials findCredentials(String credentialsId) {
return findCredentials(credentialsId, null);
}
@Nullable
public static StandardUsernamePasswordCredentials findCredentials(String credentialsId, Item item) {
if (StringUtils.isBlank(credentialsId)) {
return null;
}
return CredentialsMatchers.firstOrNull(
CredentialsProvider.lookupCredentials(
StandardUsernamePasswordCredentials.class,
item,
ACL.SYSTEM,
Collections.emptyList()),
CredentialsMatchers.allOf(
CredentialsMatchers.withId(credentialsId),
CredentialsMatchers.anyOf(
CredentialsMatchers.instanceOf(StandardUsernamePasswordCredentials.class))));
}
This code executes but throws an exception (as defined by us) that the credentialID is not found. I can see that this ID corresponds to the folder based credential.
When updating the configuration with a Jenkins global credential everything works.
To summarise : Seems that we currently still only can see Jenkins global credentials instead of folder global credentials we want to include as well.
We already tried to look deeper into credentials API, but don't find a good hint, so looking for a suggestion here. The job is started by an admin user and running as SYSTEM.
How can we include both Jenkins and folder provider credentials in the lookup, so both can be matched ? Currently the folder credentials are not found.
Any help here is welcome. I think we just oversee something here
We are currently busy with adding a new feature to OSS code signing plugin. In the current situation we store credentials (username/password) as global in Jenkins as credentials provider. For this we use the credentials plugin.
This works well, but we want to improve this to support FolderCredentialsProvider used in combination with the Role strategy plugin. Currently this works okay.
1) First step we moved UI code to the simplebuildStep. This works and we can choose and save the folder based 'global' credential. We can see this credential in the dropdown list. So this UI and persistence part works.
Now the second part is where we see some problems occur when we execute the job. The job is inside the folder we created the credentials.
2) When we now execute the job we use following code to lookup the credential by credentialId.
@Nullable
public static StandardUsernamePasswordCredentials findCredentials(String credentialsId) {
return findCredentials(credentialsId, null);
}
@Nullable
public static StandardUsernamePasswordCredentials findCredentials(String credentialsId, Item item) {
if (StringUtils.isBlank(credentialsId)) {
return null;
}
return CredentialsMatchers.firstOrNull(
CredentialsProvider.lookupCredentials(
StandardUsernamePasswordCredentials.class,
item,
ACL.SYSTEM,
Collections.emptyList()),
CredentialsMatchers.allOf(
CredentialsMatchers.withId(credentialsId),
CredentialsMatchers.anyOf(
CredentialsMatchers.instanceOf(StandardUsernamePasswordCredentials.class))));
}
This code executes but throws an exception (as defined by us) that the credentialID is not found. I can see that this ID corresponds to the folder based credential.
When updating the configuration with a Jenkins global credential everything works.
To summarise : Seems that we currently still only can see Jenkins global credentials instead of folder global credentials we want to include as well.
We already tried to look deeper into credentials API, but don't find a good hint, so looking for a suggestion here. The job is started by an admin user and running as SYSTEM.
How can we include both Jenkins and folder provider credentials in the lookup, so both can be matched ? Currently the folder credentials are not found.
Any help here is welcome. I think we just oversee something here
Gavin Mogan
Oct 30, 2022, 4:36:18 PM10/30/22
to jenkin...@googlegroups.com
Its been a long time since i touched this api, but wouldn't you want
return findCredentials(credentialsId, Jenkins.get());
not null?
--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/a33f9274-b484-4f74-ae0d-384c0ff3ba85n%40googlegroups.com.
Jesse Glick
Oct 31, 2022, 8:55:20 AM10/31/22
to jenkin...@googlegroups.com
I suspect you wanted https://javadoc.jenkins.io/plugin/credentials/com/cloudbees/plugins/credentials/CredentialsProvider.html#findCredentialById(java.lang.String,java.lang.Class,hudson.model.Run,com.cloudbees.plugins.credentials.domains.DomainRequirement...) which should take into account the folder context.
Arnold van Wijnbergen
Oct 31, 2022, 3:08:55 PM10/31/22
to Jenkins Developers
Hi Jesse, Gavin,
Both thanks for your input. With kudos to Jesse we now have the authentication at folder context working. We adjusted our code and did an initial test. Coming days I will continue more testing, but for now this look better during the first local tests.
That great community support. Some snippet for the internet archive ;)
Both thanks for your input. With kudos to Jesse we now have the authentication at folder context working. We adjusted our code and did an initial test. Coming days I will continue more testing, but for now this look better during the first local tests.
That great community support. Some snippet for the internet archive ;)
@Nullable
public static StandardUsernamePasswordCredentials findCredentialsById(String credentialsId, Run<?,?> run) {
public static StandardUsernamePasswordCredentials findCredentialsById(String credentialsId, Run<?,?> run) {
if (StringUtils.isBlank(credentialsId)) {
return null;
}
return
return null;
}
return
CredentialsProvider.findCredentialById(credentialsId, StandardUsernamePasswordCredentials.class, run,
Collections.emptyList());
}
Additional this Community question/answer also helped. https://community.jenkins.io/t/what-does-mean-to-support-folder-scope-credentials/2202/3
Collections.emptyList());
}
Additional this Community question/answer also helped. https://community.jenkins.io/t/what-does-mean-to-support-folder-scope-credentials/2202/3
Reply all
Reply to author
Forward
0 new messages