Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-38963

User-scoped credentials cannot be looked up in pipeline

XMLWordPrintable

      It's possible to look-up User-scoped credentials in Freestyle jobs with Bindings. The same seems not to work in pipeline jobs.

      node {
    withCredentials([[$class          : 'UsernamePasswordMultiBinding', credentialsId: 'bc047678-37b8-4747-95d8-c1a8b3df51a6',
                      usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD']]) {
        echo "${env.USERNAME}"
    }
}

      org.jenkinsci.plugins.credentialsbinding.impl.CredentialNotFoundException: bc047678-37b8-4747-95d8-c1a8b3df51a6
	at org.jenkinsci.plugins.credentialsbinding.MultiBinding.getCredentials(MultiBinding.java:124)
	at org.jenkinsci.plugins.credentialsbinding.impl.UsernamePasswordMultiBinding.bind(UsernamePasswordMultiBinding.java:68)
	at org.jenkinsci.plugins.credentialsbinding.impl.BindingStep$Execution.start(BindingStep.java:92)

      Plugin versions:
      credentials-binding: 1.9
      credentials: 2.1.5

          [JENKINS-38963] User-scoped credentials cannot be looked up in pipeline

          Martin Vehovsky created issue -
          Martin Vehovsky made changes -
          Summary Original: User-scoped credentials cannot be looked up with pipeline New: User-scoped credentials cannot be looked up in pipeline
          Martin Vehovsky made changes -
          Description Original: It's possible to look-up User-scoped credentials in Freestyle jobs with Bindings. The same seems not to works in pipeline jobs.

          {code:java}
          node {
              withCredentials([[$class : 'UsernamePasswordMultiBinding', credentialsId: 'bc047678-37b8-4747-95d8-c1a8b3df51a6',
                                usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD']]) {
                  echo "${env.USERNAME}"
              }
          }
          {code}



          {code:java}
          org.jenkinsci.plugins.credentialsbinding.impl.CredentialNotFoundException: bc047678-37b8-4747-95d8-c1a8b3df51a6
          at org.jenkinsci.plugins.credentialsbinding.MultiBinding.getCredentials(MultiBinding.java:124)
          at org.jenkinsci.plugins.credentialsbinding.impl.UsernamePasswordMultiBinding.bind(UsernamePasswordMultiBinding.java:68)
          at org.jenkinsci.plugins.credentialsbinding.impl.BindingStep$Execution.start(BindingStep.java:92)
          {code}
          		 New: It's possible to look-up User-scoped credentials in Freestyle jobs with Bindings. The same seems not to work in pipeline jobs.

          {code:java}
          node {
              withCredentials([[$class : 'UsernamePasswordMultiBinding', credentialsId: 'bc047678-37b8-4747-95d8-c1a8b3df51a6',
                                usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD']]) {
                  echo "${env.USERNAME}"
              }
          }
          {code}



          {code:java}
          org.jenkinsci.plugins.credentialsbinding.impl.CredentialNotFoundException: bc047678-37b8-4747-95d8-c1a8b3df51a6
          at org.jenkinsci.plugins.credentialsbinding.MultiBinding.getCredentials(MultiBinding.java:124)
          at org.jenkinsci.plugins.credentialsbinding.impl.UsernamePasswordMultiBinding.bind(UsernamePasswordMultiBinding.java:68)
          at org.jenkinsci.plugins.credentialsbinding.impl.BindingStep$Execution.start(BindingStep.java:92)
          {code}
          Martin Vehovsky made changes -
          Description Original: It's possible to look-up User-scoped credentials in Freestyle jobs with Bindings. The same seems not to work in pipeline jobs.

          {code:java}
          node {
              withCredentials([[$class : 'UsernamePasswordMultiBinding', credentialsId: 'bc047678-37b8-4747-95d8-c1a8b3df51a6',
                                usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD']]) {
                  echo "${env.USERNAME}"
              }
          }
          {code}



          {code:java}
          org.jenkinsci.plugins.credentialsbinding.impl.CredentialNotFoundException: bc047678-37b8-4747-95d8-c1a8b3df51a6
          at org.jenkinsci.plugins.credentialsbinding.MultiBinding.getCredentials(MultiBinding.java:124)
          at org.jenkinsci.plugins.credentialsbinding.impl.UsernamePasswordMultiBinding.bind(UsernamePasswordMultiBinding.java:68)
          at org.jenkinsci.plugins.credentialsbinding.impl.BindingStep$Execution.start(BindingStep.java:92)
          {code}
          		 New: It's possible to look-up User-scoped credentials in Freestyle jobs with Bindings. The same seems not to work in pipeline jobs.

          {code:java}
          node {
              withCredentials([[$class : 'UsernamePasswordMultiBinding', credentialsId: 'bc047678-37b8-4747-95d8-c1a8b3df51a6',
                                usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD']]) {
                  echo "${env.USERNAME}"
              }
          }
          {code}



          {code:java}
          org.jenkinsci.plugins.credentialsbinding.impl.CredentialNotFoundException: bc047678-37b8-4747-95d8-c1a8b3df51a6
          at org.jenkinsci.plugins.credentialsbinding.MultiBinding.getCredentials(MultiBinding.java:124)
          at org.jenkinsci.plugins.credentialsbinding.impl.UsernamePasswordMultiBinding.bind(UsernamePasswordMultiBinding.java:68)
          at org.jenkinsci.plugins.credentialsbinding.impl.BindingStep$Execution.start(BindingStep.java:92)
          {code}

          Plugin versions:
          _credentials-binding: 1.9_
          _credentials: 2.1.5_

          Martin Vehovsky added a comment -

          Just found out, that it's possible to look-up user-scoped sredentials with '${Credentials}'

          node {
    withCredentials([[$class          : 'UsernamePasswordMultiBinding', credentialsId: '${Credentials}',
                      usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD']]) {
    }
}

          Could someone please clarify documentation for this?
          Thank you

          Martin Vehovsky added a comment - Just found out, that it's possible to look-up user-scoped sredentials with '${Credentials}' node { withCredentials([[$class : 'UsernamePasswordMultiBinding' , credentialsId: '${Credentials}' , usernameVariable: 'USERNAME' , passwordVariable: 'PASSWORD' ]]) { } } Could someone please clarify documentation for this? Thank you

          Emmanuel Rousselle added a comment -

          I'm facing the same issue and it's not clear to me if:

          • It's a documentation problem (the plugin is able to fetch user-scope credentials but how to do this is absent from the documentation), OR
          • The plugin doesn't support fetching user-scope credentials at all

          Can someone familiar with the code clarify this?

          Thank you.

          Emmanuel Rousselle added a comment - I'm facing the same issue and it's not clear to me if: It's a documentation problem (the plugin is able to fetch user-scope credentials but how to do this is absent from the documentation), OR The plugin doesn't support fetching user-scope credentials at all Can someone familiar with the code clarify this? Thank you.

          Jesse Glick added a comment -

          stephenconnolly knows more about user-scoped credentials. Possibly you need to use Authorized Project to associate an authentication with the build. There is no test case in this plugin that covers user-scoped credentials so as far as I am concerned it is not supported.

          Jesse Glick added a comment - stephenconnolly knows more about user-scoped credentials. Possibly you need to use Authorized Project to associate an authentication with the build. There is no test case in this plugin that covers user-scoped credentials so as far as I am concerned it is not supported.

          Stephen Connolly added a comment -

          So to fetch user scoped credentials there are one of two conditions that must be met, either:

          1. The build must be running as the user that owns the credentials (this requires the AuthorizedProject plugin be configured); or
          2. The credentials must come from a credentials parameter and be selected by the user and that user must have the Credentials/USE_OWN permission (typically implied by Job/BUILD unless you request them separated out by setting a system property). If you use the default credentials in the parameter, then those will not be searched for as the idea is to prevent the user's credentials being hijacked without an explicit selection by the user triggering the build

          Stephen Connolly added a comment - So to fetch user scoped credentials there are one of two conditions that must be met, either: 1. The build must be running as the user that owns the credentials (this requires the AuthorizedProject plugin be configured); or 2. The credentials must come from a credentials parameter and be selected by the user and that user must have the Credentials/USE_OWN permission (typically implied by Job/BUILD unless you request them separated out by setting a system property). If you use the default credentials in the parameter, then those will not be searched for as the idea is to prevent the user's credentials being hijacked without an explicit selection by the user triggering the build
          Jesse Glick made changes -
          Labels New: pipeline
          Jesse Glick made changes -
          Labels Original: pipeline New: documentation pipeline

            Unassigned Unassigned
            vehovmar Martin Vehovsky
            Votes:
            28 Vote for this issue
            Watchers:
            34 Start watching this issue

              Created:
              Updated:
              Resolved: