• Type: Bug
• Resolution: Duplicate
• Priority: Major
• Component/s: credentials-binding-plugin, docker-workflow-plugin
• Labels:

  None
• Environment:

  CloudBees Docker Workflow 1.2
  Jenkins ver. 1.625.3.1 (CloudBees Jenkins Enterprise 15.11)

[JENKINS-32943] withCredentials(FileBinding){} ignored when executed in docker.image().inside{...}

Cyrille Le Clerc created issue - 2016-02-15 09:26

Cyrille Le Clerc made changes - 2016-02-15 09:26

Link

New: This issue depends on JENKINS-27152 [ JENKINS-27152 ]

Cyrille Le Clerc made changes - 2016-02-15 09:32

Component/s		New: credentials-binding-plugin [ 18129 ]
Component/s	Original: ssh-agent-plugin [ 17509 ]
Description	Original: {{sshagent('my-ssh-key')\{...\}}} is ignored in {{docker.image('cloudbees:java-build-tools').inside\{...\}}}. The same sshagent step works in 'standard' linux node. See attached logs {code:title=sshagent()\{...\} ignored in docker.image(...).inside\{...\} } docker.image ('cloudbees/java-build-tools:0.0.7.1').inside {     sh 'ls -al ~/.ssh/ || true'     sshagent(['aws-cleclerc-ssh-key-ubuntu-cleclerc']) {        sh 'echo SSH_AUTH_SOCK=$SSH_AUTH_SOCK'        sh 'ls -al $SSH_AUTH_SOCK || true'        sh "ssh -vvv -o StrictHostKeyChecking=no ubuntu@docker-agent.beesshop.org uname -a"     } } {code} {code:title=sshagent()\{...\} WORKS in node\{...\} } node {     sh 'ls -al ~/.ssh/ || true'     sshagent(['aws-cleclerc-ssh-key-ubuntu-cleclerc']) {        sh 'echo SSH_AUTH_SOCK=$SSH_AUTH_SOCK'        sh 'ls -al $SSH_AUTH_SOCK || true'        sh "ssh -vvv -o StrictHostKeyChecking=no ubuntu@docker-agent.beesshop.org uname -a"     } } {code}	New: {{withCredentials(FileBinding)\{...\}}} is ignored in {{docker.image('cloudbees:java-build-tools').inside\{...\}}}. The same withCredentials step works in 'standard' linux node. See logs below. It seems to be because [FileBinding#secretsDir()|https://github.com/jenkinsci/credentials-binding-plugin/blob/689655d67923955358572b37155c26cea4de04be/src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/FileBinding.java#L88] creates a "secretFiles" directory under "node.getRootPath()" that is not 'mounted' in the docker container. {code:title=withCredentials(FileBinding)\{...\} ignored in docker.image(...).inside\{...\} } docker.image('busybox').inside{     withCredentials([[$class: 'FileBinding', credentialsId: 'secret-file', variable: 'SECRET_FILE']]) {         sh 'ls -al $SECRET_FILE'     } } {code} {noformat} Started by user Cyrille Le Clerc [Pipeline] Allocate node : Start Running on vagrant in /home/vagrant/jenkins/workspace/test-credentials-binding [Pipeline] node { [Pipeline] sh [test-credentials-binding] Running shell script + docker inspect -f . busybox . [Pipeline] Run build steps inside a Docker container : Start $ docker run -t -d -u 1000:1000 -w /home/vagrant/jenkins/workspace/test-credentials-binding -v /home/vagrant/jenkins/workspace/test-credentials-binding:/home/vagrant/jenkins/workspace/test-credentials-binding:rw -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** busybox cat [Pipeline] withDockerContainer { [Pipeline] Bind credentials to variables : Start [Pipeline] withCredentials { [Pipeline] sh [test-credentials-binding] Running shell script + ls -al **** ls: ****: No such file or directory {noformat}

Jesse Glick made changes - 2016-02-20 04:12

Link

New: This issue duplicates JENKINS-27152 [ JENKINS-27152 ]

Jesse Glick made changes - 2016-02-20 04:12

Resolution		New: Duplicate [ 3 ]
Status	Original: Open [ 1 ]	New: Resolved [ 5 ]

Jesse Glick made changes - 2016-02-20 04:12

Link

Original: This issue depends on JENKINS-27152 [ JENKINS-27152 ]

R. Tyler Croy made changes - 2016-07-25 23:57

Workflow

Original: JNJira [ 168662 ]

New: JNJira + In-Review [ 198455 ]