[JIRA] (JENKINS-59016) GitHub branch source scan ignores credentials based on credential domain

[mark.earl.waite@gmail.com (JIRA)]

Mark Waite updated an issue

Jenkins / JENKINS-59016 GitHub branch source scan ignores credentials based on credential domain Change By: Mark Waite Summary: GitHub branch source won't scan with folder scoped ignores credentials based on credential domain Add Comment

This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

[mark.earl.waite@gmail.com (JIRA)]

Mark Waite updated an issue

Jenkins / JENKINS-59016 GitHub branch source scan ignores credentials based on credential domain Change By: Mark Waite

The GitHub branch source plugin uses the GitHub REST API to scan  remote repositories for changes.  I had incorrectly defined my GitHub credential in a credential domain that only included to If I define a credential at the root level, then the GitHub branch source can use the credential to scan the repository for branches.  If I define the credential in a folder, then the GitHub branch source accepts the credential, but then the scan does not use the credential and the scan log reports: {code} Started [Tue Aug 20 13:00:40 MDT 2019] Starting branch indexing... 13:00:40 Connecting to https://api.github.com with no credentials, anonymous access {code} Without the credentials, scanning of private repositories is not allowed and scanning of public repositories is limited by a much smaller value for the GitHub API rate limit. ||Version||Result|| ||2.5.6||Credentials ignored| ||2.5.5||Credentials ignored| ||2.5.4|Credentials honored| ||2.5.3|Credentials honored| ||2.4.5|Credentials honored| ||2.3.6|Credentials honored| Refer to the [JENKINS-59016 branch in my jenkins-bugs repo|https://github.com/MarkEWaite/jenkins-bugs/tree/JENKINS-59016] for the Jenkins Pipeline that I use to test this.  The jobs are run from inside a Docker image that I use which includes credentials used to access the repository.

Add Comment

[mark.earl.waite@gmail.com (JIRA)]

Mark Waite updated an issue

Jenkins / JENKINS-59016 GitHub branch source scan ignores credentials based on credential domain Change By: Mark Waite

The GitHub branch source plugin uses the GitHub REST API to scan  remote repositories for changes.  I had incorrectly defined my GitHub credential in a credential domain that only included to If I define a credential at the root level, then the {{github.com}} domain.  The GitHub branch source can plugin allowed me to select that credential, but then would not use the that credential to scan because it was making the repository for branches request to {{api .   If I define the github.com}} rather than {{github.com}}. My working credential in a folder domains had defined the domain as {{github.com , then *.github.com}}.  That working definition matched {{api.github.com}}. When the GitHub branch source accepts the incorrect credential domain was specified , but then the repository scan does not use the credential and the scan log reports would report :

{code} Started [Tue Aug 20 13:00:40 MDT 2019] Starting branch indexing... 13:00:40 Connecting to https://api.github.com with no credentials, anonymous access {code} Without the credentials, scanning of private repositories is not allowed and scanning of public repositories is limited by a much smaller value for the GitHub API rate limit. ||Version||Result||

||2.5.6||Credentials ignored if assigned incorrect domain | ||2.5.5||Credentials ignored if assigned incorrect domain | ||2.5.4|Credentials honored if assigned incorrect domain | ||2.5.3|Credentials honored if assigned incorrect domain | ||2.4.5|Credentials honored if assigned incorrect domain | ||2.3.6|Credentials honored if assigned incorrect domain |

Refer to the [JENKINS-59016 branch in my jenkins-bugs repo|https://github.com/MarkEWaite/jenkins-bugs/tree/JENKINS-59016] for the Jenkins Pipeline that I use to test this.  The jobs are run from inside a Docker image that I use which includes credentials used to access the repository.

Add Comment

[mark.earl.waite@gmail.com (JIRA)]

Mark Waite updated an issue

Jenkins / JENKINS-59016 GitHub branch source scan ignores credentials based on credential domain

Change By: Mark Waite Priority: Critical Trivial

Add Comment

[mark.earl.waite@gmail.com (JIRA)]

Mark Waite updated an issue

Jenkins / JENKINS-59016 GitHub branch source scan ignores credentials based on credential domain Change By: Mark Waite

The GitHub branch source plugin uses the GitHub REST API to scan  remote repositories for changes.  I had incorrectly defined my GitHub credential in a credential domain that only included the {{github.com}} domain.  The GitHub branch source plugin allowed me to select that credential, but then would not use that credential because it was making the request to {{api.github.com}} rather than {{github.com}}. My working credential domains had defined the domain as {{github.com,*.github.com}}.  That working definition matched {{api.github.com}}. When the My incorrect credential domain was specified as only including {{github.com}}.  With that incorrect domain specificiation , the repository scan log would report:

{code} Started [Tue Aug 20 13:00:40 MDT 2019] Starting branch indexing... 13:00:40 Connecting to https://api.github.com with no credentials, anonymous access {code} Without the credentials, scanning of private repositories is not allowed and scanning of public repositories is limited by a much smaller value for the GitHub API rate limit. ||Version||Result|| ||2.5.6||Credentials ignored if assigned incorrect domain| ||2.5.5||Credentials ignored if assigned incorrect domain| ||2.5.4|Credentials honored if assigned incorrect domain| ||2.5.3|Credentials honored if assigned incorrect domain| ||2.4.5|Credentials honored if assigned incorrect domain| ||2.3.6|Credentials honored if assigned incorrect domain| Refer to the [JENKINS-59016 branch in my jenkins-bugs repo|https://github.com/MarkEWaite/jenkins-bugs/tree/JENKINS-59016] for the Jenkins Pipeline that I use to test this.  The jobs are run from inside a Docker image that I use which includes credentials used to access the repository.

Add Comment

[bitwiseman@gmail.com (JIRA)]

Liam Newman commented on JENKINS-59016

Re: GitHub branch source scan ignores credentials based on credential domain For anyone, looking at the comments (and not the full history view), Mark helped us analyze this issue and then updated the description.  Same people are likely to be the ones to work on this further, but the regression is much lower priority/severity that initially thought.

Add Comment

[mark.earl.waite@gmail.com (JIRA)]

Mark Waite updated an issue

Jenkins / JENKINS-59016

GitHub branch source scan ignores credentials based on credential domain

Change By: Mark Waite Comment: Based on the change history between 2.5.4 and 2.5.5, I assume that [~lnewman] or [~dnusbaum] or [~jtaboada] are the likely ones to investigate the code.

Add Comment