-
Bug
-
Resolution: Duplicate
-
Major
-
None
-
CloudBees Docker Workflow 1.2
Jenkins ver. 1.625.3.1 (CloudBees Jenkins Enterprise 15.11)
withCredentials(FileBinding){...} is ignored in docker.image('cloudbees:java-build-tools').inside{...}. The same withCredentials step works in 'standard' linux node.
See logs below.
It seems to be because FileBinding#secretsDir() creates a "secretFiles" directory under "node.getRootPath()" that is not 'mounted' in the docker container.
withCredentials(FileBinding){...} ignored in docker.image(...).inside{...}
docker.image('busybox').inside{ withCredentials([[$class: 'FileBinding', credentialsId: 'secret-file', variable: 'SECRET_FILE']]) { sh 'ls -al $SECRET_FILE' } }
Started by user Cyrille Le Clerc
[Pipeline] Allocate node : Start
Running on vagrant in /home/vagrant/jenkins/workspace/test-credentials-binding
[Pipeline] node {
[Pipeline] sh
[test-credentials-binding] Running shell script
+ docker inspect -f . busybox
.
[Pipeline] Run build steps inside a Docker container : Start
$ docker run -t -d -u 1000:1000 -w /home/vagrant/jenkins/workspace/test-credentials-binding -v /home/vagrant/jenkins/workspace/test-credentials-binding:/home/vagrant/jenkins/workspace/test-credentials-binding:rw -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** busybox cat
[Pipeline] withDockerContainer {
[Pipeline] Bind credentials to variables : Start
[Pipeline] withCredentials {
[Pipeline] sh
[test-credentials-binding] Running shell script
+ ls -al ****
ls: ****: No such file or directory
- duplicates
-
JENKINS-27152 Store sh control files outside of workspace
-
- Resolved
-
[JENKINS-32943] withCredentials(FileBinding){} ignored when executed in docker.image().inside{...}
| Link |
New:
This issue depends on |
| Component/s | New: credentials-binding-plugin [ 18129 ] | |
| Component/s | Original: ssh-agent-plugin [ 17509 ] | |
| Description |
Original:
{{sshagent('my-ssh-key')\{...\}}} is ignored in {{docker.image('cloudbees:java-build-tools').inside\{...\}}}. The same sshagent step works in 'standard' linux node. See attached logs {code:title=sshagent()\{...\} ignored in docker.image(...).inside\{...\} } docker.image ('cloudbees/java-build-tools:0.0.7.1').inside { sh 'ls -al ~/.ssh/ || true' sshagent(['aws-cleclerc-ssh-key-ubuntu-cleclerc']) { sh 'echo SSH_AUTH_SOCK=$SSH_AUTH_SOCK' sh 'ls -al $SSH_AUTH_SOCK || true' sh "ssh -vvv -o StrictHostKeyChecking=no ubuntu@docker-agent.beesshop.org uname -a" } } {code} {code:title=sshagent()\{...\} WORKS in node\{...\} } node { sh 'ls -al ~/.ssh/ || true' sshagent(['aws-cleclerc-ssh-key-ubuntu-cleclerc']) { sh 'echo SSH_AUTH_SOCK=$SSH_AUTH_SOCK' sh 'ls -al $SSH_AUTH_SOCK || true' sh "ssh -vvv -o StrictHostKeyChecking=no ubuntu@docker-agent.beesshop.org uname -a" } } {code} |
New:
{{withCredentials(FileBinding)\{...\}}} is ignored in {{docker.image('cloudbees:java-build-tools').inside\{...\}}}. The same withCredentials step works in 'standard' linux node. See logs below. It seems to be because [FileBinding#secretsDir()|https://github.com/jenkinsci/credentials-binding-plugin/blob/689655d67923955358572b37155c26cea4de04be/src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/FileBinding.java#L88] creates a "secretFiles" directory under "node.getRootPath()" that is not 'mounted' in the docker container. {code:title=withCredentials(FileBinding)\{...\} ignored in docker.image(...).inside\{...\} } docker.image('busybox').inside{ withCredentials([[$class: 'FileBinding', credentialsId: 'secret-file', variable: 'SECRET_FILE']]) { sh 'ls -al $SECRET_FILE' } } {code} {noformat} Started by user Cyrille Le Clerc [Pipeline] Allocate node : Start Running on vagrant in /home/vagrant/jenkins/workspace/test-credentials-binding [Pipeline] node { [Pipeline] sh [test-credentials-binding] Running shell script + docker inspect -f . busybox . [Pipeline] Run build steps inside a Docker container : Start $ docker run -t -d -u 1000:1000 -w /home/vagrant/jenkins/workspace/test-credentials-binding -v /home/vagrant/jenkins/workspace/test-credentials-binding:/home/vagrant/jenkins/workspace/test-credentials-binding:rw -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** busybox cat [Pipeline] withDockerContainer { [Pipeline] Bind credentials to variables : Start [Pipeline] withCredentials { [Pipeline] sh [test-credentials-binding] Running shell script + ls -al **** ls: ****: No such file or directory {noformat} |
| Link |
New:
This issue duplicates |
| Resolution | New: Duplicate [ 3 ] | |
| Status | Original: Open [ 1 ] | New: Resolved [ 5 ] |
| Link |
Original:
This issue depends on |
Code changed in jenkins
User: Jesse Glick
Path:
src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/FileBinding.java
http://jenkins-ci.org/commit/credentials-binding-plugin/8661953085e98b71a5f2eaa3c191d4cecd3b66f4
Log:
JENKINS-32943 Use a standardized temporary directory for secretFiles.
Code changed in jenkins
User: Jesse Glick
Path:
src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/FileBinding.java
src/main/resources/org/jenkinsci/plugins/credentialsbinding/impl/BindingStep/help.html
src/test/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStepTest.java
http://jenkins-ci.org/commit/credentials-binding-plugin/ed93648cf8404ad67d7d69ffeb76f5da83c96e2a
Log:
Merge pull request #13 from jglick/temp-dir-JENKINS-27152
JENKINS-32943 Use a standardized temporary directory for secretFiles
Compare: https://github.com/jenkinsci/credentials-binding-plugin/compare/689655d67923...ed93648cf840
| Workflow | Original: JNJira [ 168662 ] | New: JNJira + In-Review [ 198455 ] |
A facet of
JENKINS-27152.