[JIRA] (JENKINS-60791) Plugin can break other providers' credential bindings when it cannot contact AWS

chris+jenkins@chriskilding.com (JIRA)

unread,

Jan 16, 2020, 6:50:07 AM1/16/20

to jenkinsc...@googlegroups.com

Chris Kilding created an issue

Jenkins /

JENKINS-60791

Plugin can break other providers' credential bindings when it cannot contact AWS

Issue Type:	Bug
Assignee:	Chris Kilding
Components:	aws-secrets-manager-credentials-provider-plugin
Created:	2020-01-16 11:49
Environment:	Jenkins: 2.204.1 aws-secrets-manager-credentials-provider: 0.1.2
Priority:	Major
Reporter:	Chris Kilding

when ever this plugin does not have a connection to AWS it breaks many screens. e.g. every screen which wants to list some credentials in a dropdown will show an error message e.g. in http://localhost:8080/configure when the docker-commons-plugin or cloudbees-bitbucket-branch-source-plugin is installed.

Also all build accessing any credential will fail, even if the credentials requested by the build are provided by a different credentials-provider (e.g. default jenkins provider).

This can easily reproduced by just installing the plugin on a local instance and not configuring anything more.

The exception looks like this:

 
                                                                com.amazonaws.SdkClientException: Unable to find a region via the region provider chain. Must provide an explicit region in the builder or setup environment to supply a region.
	at com.amazonaws.client.builder.AwsClientBuilder.setRegion(AwsClientBuilder.java:462)
	at com.amazonaws.client.builder.AwsClientBuilder.configureMutableProperties(AwsClientBuilder.java:424)
	at com.amazonaws.client.builder.AwsSyncClientBuilder.build(AwsSyncClientBuilder.java:46)
	at io.jenkins.plugins.credentials.secretsmanager.AwsCredentialsProvider.fetchCredentials(AwsCredentialsProvider.java:103)
	at com.google.common.base.Suppliers$ExpiringMemoizingSupplier.get(Suppliers.java:173)
	at io.jenkins.plugins.credentials.secretsmanager.AwsCredentialsProvider.getCredentials(AwsCredentialsProvider.java:61)
	at com.cloudbees.plugins.credentials.CredentialsProvider.getCredentials(CredentialsProvider.java:1147)
	at com.cloudbees.plugins.credentials.CredentialsProvider.getCredentials(CredentialsProvider.java:1222)
	at com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials(CredentialsProvider.java:549)
	at com.cloudbees.plugins.credentials.CredentialsProvider.findCredentialById(CredentialsProvider.java:906)
	at com.cloudbees.plugins.credentials.CredentialsProvider.findCredentialById(CredentialsProvider.java:850)
	at org.jenkinsci.plugins.credentialsbinding.MultiBinding.getCredentials(MultiBinding.java:144)
	at org.jenkinsci.plugins.credentialsbinding.impl.UsernamePasswordMultiBinding.bind(UsernamePasswordMultiBinding.java:75)
	at org.jenkinsci.plugins.credentialsbinding.impl.BindingStep$Execution2.doStart(BindingStep.java:135)  
                                                            

Add Comment

This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)

chris+jenkins@chriskilding.com (JIRA)

unread,

Jan 16, 2020, 6:53:06 AM1/16/20

to jenkinsc...@googlegroups.com

Chris Kilding updated an issue

Jenkins /

JENKINS-60791

Plugin can break other providers' credential bindings when it cannot contact AWS

Change By:	Chris Kilding

when ever When this plugin does not have a connection to cannot contact AWS it breaks many screens. e.g. every screen which wants to list some credentials in a dropdown will show an error message e.g. in can break [http://localhost:8080/configure] when the [docker-commons-plugin|https://plugins.jenkins.io/docker-commons] or [cloudbees-bitbucket-branch-source-plugin|https://plugins.jenkins.io/cloudbees-bitbucket-branch-source] is installed.

Also all a build accessing that binds any credential will fail credentials , even if the credentials requested by the build are provided by all come from a different credentials- provider (e.g. default jenkins provider).

This can easily reproduced by just installing the plugin on a local instance and not configuring anything more.

The exception looks like this:

{code:java}

com.amazonaws.SdkClientException: Unable to find a region via the region provider chain. Must provide an explicit region in the builder or setup environment to supply a region.
at com.amazonaws.client.builder.AwsClientBuilder.setRegion(AwsClientBuilder.java:462)
at com.amazonaws.client.builder.AwsClientBuilder.configureMutableProperties(AwsClientBuilder.java:424)
at com.amazonaws.client.builder.AwsSyncClientBuilder.build(AwsSyncClientBuilder.java:46)
at io.jenkins.plugins.credentials.secretsmanager.AwsCredentialsProvider.fetchCredentials(AwsCredentialsProvider.java:103)
at com.google.common.base.Suppliers$ExpiringMemoizingSupplier.get(Suppliers.java:173)
at io.jenkins.plugins.credentials.secretsmanager.AwsCredentialsProvider.getCredentials(AwsCredentialsProvider.java:61)
at com.cloudbees.plugins.credentials.CredentialsProvider.getCredentials(CredentialsProvider.java:1147)
at com.cloudbees.plugins.credentials.CredentialsProvider.getCredentials(CredentialsProvider.java:1222)
at com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials(CredentialsProvider.java:549)
at com.cloudbees.plugins.credentials.CredentialsProvider.findCredentialById(CredentialsProvider.java:906)
at com.cloudbees.plugins.credentials.CredentialsProvider.findCredentialById(CredentialsProvider.java:850)
at org.jenkinsci.plugins.credentialsbinding.MultiBinding.getCredentials(MultiBinding.java:144)
at org.jenkinsci.plugins.credentialsbinding.impl.UsernamePasswordMultiBinding.bind(UsernamePasswordMultiBinding.java:75)

at org.jenkinsci.plugins.credentialsbinding.impl.BindingStep$Execution2.doStart(BindingStep.java:135) {code}