CloudBees AWS creds plugin 1.33 issues

Alan Sparks

unread,

Jan 6, 2022, 11:55:10 AM1/6/22

to Jenkins Users

I did an update on my test Jenkins instance, which included updates to the CloudBees AWS credentials plugin. Doesn’t seem that the EC2 Fleet plugin was part of that update, but not I have a big problem…

I’m getting this over and over in the logs, below. Appears to be caused by an issue in the new “externalID” code in the creds plugin. I’ve opened a bug on JIRA (JENKINS-67452). Seems to be a similar but different issue reported in GitHub project (issue 116). Hoping this gets fixed soon.

Update: Don’t seem to be getting any attention on the Jira for this. It’s been 20 days. Anyone know a workaround?

-Alan

2021-12-24 19:19:53.568+0000 [id=32] INFO c.a.jenkins.ec2fleet.CloudNanny#doRun: Error during fleet 'FleetCloud' stats update

com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException: 1 validation error detected: Value '' at 'externalId' failed to satisfy constraint: Member must have length greater than or equal to 2 (Service: AWSSecurityTokenService; Status Code: 400; Error Code: ValidationError; Request ID: a50581d4-050c-4601-81ad-18184a9293be; Proxy: null)

at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1862)

at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleServiceErrorResponse(AmazonHttpClient.java:1415)

at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1384)

at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1154)

at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:811)

at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:779)

at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:753)

at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:713)

at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:695)

at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:559)

at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:539)

at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.doInvoke(AWSSecurityTokenServiceClient.java:1682)

at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.invoke(AWSSecurityTokenServiceClient.java:1649)

at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.invoke(AWSSecurityTokenServiceClient.java:1638)

at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.executeAssumeRole(AWSSecurityTokenServiceClient.java:498)

at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.assumeRole(AWSSecurityTokenServiceClient.java:467)

at com.cloudbees.jenkins.plugins.awscredentials.AWSCredentialsImpl.getCredentials(AWSCredentialsImpl.java:161)

at com.amazonaws.http.AmazonHttpClient$RequestExecutor.getCredentialsFromContext(AmazonHttpClient.java:1266)

at com.amazonaws.http.AmazonHttpClient$RequestExecutor.runBeforeRequestHandlers(AmazonHttpClient.java:842)

at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:792)

at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:779)

at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:753)

at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:713)

at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:695)

at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:559)

at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:539)

at com.amazonaws.services.autoscaling.AmazonAutoScalingClient.doInvoke(AmazonAutoScalingClient.java:4931)

at com.amazonaws.services.autoscaling.AmazonAutoScalingClient.invoke(AmazonAutoScalingClient.java:4898)

at com.amazonaws.services.autoscaling.AmazonAutoScalingClient.invoke(AmazonAutoScalingClient.java:4887)

at com.amazonaws.services.autoscaling.AmazonAutoScalingClient.executeDescribeAutoScalingGroups(AmazonAutoScalingClient.java:1847)

at com.amazonaws.services.autoscaling.AmazonAutoScalingClient.describeAutoScalingGroups(AmazonAutoScalingClient.java:1815)

at com.amazon.jenkins.ec2fleet.fleet.AutoScalingGroupFleet.getState(AutoScalingGroupFleet.java:78)

at com.amazon.jenkins.ec2fleet.EC2FleetCloud.update(EC2FleetCloud.java:464)

at com.amazon.jenkins.ec2fleet.CloudNanny.doRun(CloudNanny.java:55)

at hudson.triggers.SafeTimerTask.run(SafeTimerTask.java:90)

at jenkins.security.ImpersonatingScheduledExecutorService$1.run(ImpersonatingScheduledExecutorService.java:67)

at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)

at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

at java.lang.Thread.run(Thread.java:748)

alan.l...@gmail.com

unread,

Jan 11, 2022, 11:14:04 AM1/11/22

to Jenkins Users

Bump... Has anyone had any success with this? I created a JIRA, but no responses. Also no responses on the Github issue (https://github.com/jenkinsci/aws-credentials-plugin/issues/116). Thanks for any advice.

alan.l...@gmail.com

unread,

Jan 11, 2022, 1:26:15 PM1/11/22

to Jenkins Users

To add more information, I've determined that for my case (using the ec2-fleet plugin), I need to add a dummy value to the CloudBees AWS credential (like 'xx') advanced external-id configuration. If I put that there, I can run. If I take it back out, I start getting continuous errors from the credentials plugin.

Reply all

Reply to author

Forward