[JENKINS-38963] User-scoped credentials cannot be looked up in pipeline - Jenkins Jira

Details

Type: Bug
Status: Resolved (View Workflow)
Priority: Major
Resolution: Fixed
Component/s: credentials-binding-plugin
Labels:

Similar Issues:

Show

Description

It's possible to look-up User-scoped credentials in Freestyle jobs with Bindings. The same seems not to work in pipeline jobs.

node {
    withCredentials([[$class          : 'UsernamePasswordMultiBinding', credentialsId: 'bc047678-37b8-4747-95d8-c1a8b3df51a6',
                      usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD']]) {
        echo "${env.USERNAME}"
    }
}

org.jenkinsci.plugins.credentialsbinding.impl.CredentialNotFoundException: bc047678-37b8-4747-95d8-c1a8b3df51a6
	at org.jenkinsci.plugins.credentialsbinding.MultiBinding.getCredentials(MultiBinding.java:124)
	at org.jenkinsci.plugins.credentialsbinding.impl.UsernamePasswordMultiBinding.bind(UsernamePasswordMultiBinding.java:68)
	at org.jenkinsci.plugins.credentialsbinding.impl.BindingStep$Execution.start(BindingStep.java:92)

Plugin versions:
credentials-binding: 1.9
credentials: 2.1.5

Attachments

Issue Links

is related to

JENKINS-44772 User Scoped credentials are not used by the "withCredentials" pipeline step

Open

JENKINS-47699 Cannot use user-scoped credentials from pipeline input step parameters

Resolved

relates to

JENKINS-44774 User Scoped credentials don't appear in credentials drop down lists

Resolved

JENKINS-58170 Allow credential parameters to shadow credential ids in lookup

Resolved

links to

CloudBees Internal CLTS-1179

Jenkins Users post

(1 links to)

Activity

Ascending order - Click to sort in descending order

View 7 older comments

Ben Dean added a comment - 2017-10-26 21:26

stephenconnolly's method #2 does seem to work for me. Here's an example pipeline.

properties([
    parameters([
        credentials(name: 'creds_param', credentialType: 'org.jenkinsci.plugins.plaincredentials.impl.StringCredentialsImpl', required: true)
    ])
])


stage('example'){
    node {
        withCredentials([string(credentialsId: '${creds_param}', variable: 'SECRET')]) {
            sh 'echo $SECRET'
        }
    }
}

Note that the single quotes around '${creds_param}' is not a mistake. The CredentialsProvider.findCredentalById method specifically looks to see if the id starts with ${ and ends with }. See https://github.com/jenkinsci/credentials-plugin/blob/master/src/main/java/com/cloudbees/plugins/credentials/CredentialsProvider.java#L882

This makes it so user creds selected as build params work in the withCredentials pipeline step. That's not really enough for my problems because I want to use parameters from an input step, but that's maybe a different issue. Thought I'd share this.

Ben Dean added a comment - 2017-10-26 21:26 stephenconnolly 's method #2 does seem to work for me. Here's an example pipeline. properties([ parameters([ credentials(name: 'creds_param' , credentialType: 'org.jenkinsci.plugins.plaincredentials.impl.StringCredentialsImpl' , required: true ) ]) ]) stage( 'example' ){ node { withCredentials([string(credentialsId: '${creds_param}' , variable: 'SECRET' )]) { sh 'echo $SECRET' } } } Note that the single quotes around '${creds_param}' is not a mistake. The CredentialsProvider.findCredentalById method specifically looks to see if the id starts with ${ and ends with } . See https://github.com/jenkinsci/credentials-plugin/blob/master/src/main/java/com/cloudbees/plugins/credentials/CredentialsProvider.java#L882 This makes it so user creds selected as build params work in the withCredentials pipeline step. That's not really enough for my problems because I want to use parameters from an input step, but that's maybe a different issue. Thought I'd share this.

Jesse Glick added a comment - 2017-12-07 19:28

Well that is surprising, to say the least. Would need to be emphasized in inline help for the credentials parameter type.

Jesse Glick added a comment - 2017-12-07 19:28 Well that is surprising, to say the least. Would need to be emphasized in inline help for the credentials parameter type.

Matt Sicker added a comment - 2019-08-26 19:22

This feature is improved in ~~JENKINS-58170~~ and will also be supported by an upcoming release of pipeline-input-step to support user-scoped credentials prompted via an input step.

Matt Sicker added a comment - 2019-08-26 19:22 This feature is improved in JENKINS-58170 and will also be supported by an upcoming release of pipeline-input-step to support user-scoped credentials prompted via an input step.

Matt Sicker added a comment - 2019-08-26 19:31

This was implemented in ~~JENKINS-58170~~, though it requires the use of credentials build parameters. Alternatively, you can use authorize-project to automate the user who is bound to the build to access their credentials.

Matt Sicker added a comment - 2019-08-26 19:31 This was implemented in JENKINS-58170 , though it requires the use of credentials build parameters. Alternatively, you can use authorize-project to automate the user who is bound to the build to access their credentials.

Vít Zikmund added a comment - 2019-09-23 12:51 - edited

Hello there, jvz. If you suggest using the authorize-project plugin for this purpose, can you confirm it actually works? All my white-box attempts so far failed as those in JENKINS-44772.

Vít Zikmund added a comment - 2019-09-23 12:51 - edited Hello there, jvz . If you suggest using the authorize-project plugin for this purpose, can you confirm it actually works? All my white-box attempts so far failed as those in JENKINS-44772 .

Jenkins

User-scoped credentials cannot be looked up in pipeline

Details

Description

Attachments

Issue Links

Activity

People

Dates