[JENKINS-40422] Inferring credentials resolves wrong credential

Type: Bug
Resolution: Unresolved
Priority: Minor
Component/s: pipeline-githubnotify-step-plugin
Labels:
None
Environment:
pipeline-githubnotify-step-plugin 1.0.0
jenkins 2.36

Similar Issues:
Powered by SuggestiMate

Show

The inference for the github credentials uses getCredentials which return checkout credentials.

Checkout credentials can be SSH credentials, unsuitable for API calls such as commit status updates.

When checkout credentials are SSH credentials, inference fails with: java.lang.IllegalArgumentException: The credentialsId does not seem to exist, please check it

Instead, the plugin should probably use getScanCredentialsId to obtain its credentials.

links to

PR-2

Martin Ringehahn created issue - 2016-12-13 21:17

Martin Ringehahn made changes - 2016-12-13 21:17

Description

Original: The inference for the github credentials uses `getCredentials` which return checkout credentials.

Checkout credentials can be SSH credentials, unsuitable for API calls such as commit status updates.

When checkout credentials are SSH credentials, inference fails with: {{java.lang.IllegalArgumentException: The credentialsId does not seem to exist, please check it}}

Instead, the plugin should probably use {{getScanCredentialsId}} to obtain its credentials.

New: The inference for the github credentials uses {{getCredentials}} which return checkout credentials.

Checkout credentials can be SSH credentials, unsuitable for API calls such as commit status updates.

When checkout credentials are SSH credentials, inference fails with: {{java.lang.IllegalArgumentException: The credentialsId does not seem to exist, please check it}}

Instead, the plugin should probably use {{getScanCredentialsId}} to obtain its credentials.

Raul Arabaolaza added a comment - 2016-12-13 21:53

Hi chrono,

Thanks a lot for your time and feedback, Your suggestion makes a lot of sense, I will investigate this and keep you informed

Regards, Raúl

Raul Arabaolaza added a comment - 2016-12-13 21:53 Hi chrono , Thanks a lot for your time and feedback, Your suggestion makes a lot of sense, I will investigate this and keep you informed Regards, Raúl

Raul Arabaolaza made changes - 2016-12-13 21:53

Status

Original: Open [ 1 ]

New: In Progress [ 3 ]

SCM/JIRA link daemon added a comment - 2016-12-18 12:29

Code changed in jenkins
User: Raul
Path:
src/main/java/org/jenkinsci/plugins/pipeline/githubstatusnotification/GitHubStatusNotificationStep.java
http://jenkins-ci.org/commit/pipeline-githubnotify-step-plugin/77a59ad97a85ec7da331cba8b40d844a033d239e
Log:
JENKINS-40422 Use scanCredentials if available over checkoutCredentials

When you use a separate set of credentials for checkout and scanning
it makes sense to use the scan credentials to notify, for example it could
be that checkout credentials are of type SSH whilst scan are of type username/
password, or even that due to GH API limits both of them may be adecuate
but you want to use the scan ones

SCM/JIRA link daemon added a comment - 2016-12-18 12:29 Code changed in jenkins User: Raul Path: src/main/java/org/jenkinsci/plugins/pipeline/githubstatusnotification/GitHubStatusNotificationStep.java http://jenkins-ci.org/commit/pipeline-githubnotify-step-plugin/77a59ad97a85ec7da331cba8b40d844a033d239e Log: JENKINS-40422 Use scanCredentials if available over checkoutCredentials When you use a separate set of credentials for checkout and scanning it makes sense to use the scan credentials to notify, for example it could be that checkout credentials are of type SSH whilst scan are of type username/ password, or even that due to GH API limits both of them may be adecuate but you want to use the scan ones

SCM/JIRA link daemon added a comment - 2016-12-19 16:32

Code changed in jenkins
User: Raul
Path:
src/main/java/org/jenkinsci/plugins/pipeline/githubstatusnotification/GitHubStatusNotificationStep.java
http://jenkins-ci.org/commit/pipeline-githubnotify-step-plugin/90e63f1d945fc1218e590145e52e7fed296d9ae2
Log:
JENKINS-40422 Use scanCredentials for infering

SCM/JIRA link daemon added a comment - 2016-12-19 16:32 Code changed in jenkins User: Raul Path: src/main/java/org/jenkinsci/plugins/pipeline/githubstatusnotification/GitHubStatusNotificationStep.java http://jenkins-ci.org/commit/pipeline-githubnotify-step-plugin/90e63f1d945fc1218e590145e52e7fed296d9ae2 Log: JENKINS-40422 Use scanCredentials for infering

SCM/JIRA link daemon added a comment - 2016-12-19 16:35

Code changed in jenkins
User: Raul
Path:
src/main/java/org/jenkinsci/plugins/pipeline/githubstatusnotification/GitHubStatusNotificationStep.java
http://jenkins-ci.org/commit/pipeline-githubnotify-step-plugin/a902495a7dcd5a613239f02b01109ca741de5dd6
Log:
JENKINS-40422 Use scanCredentials instead of checkoutCredentials

SCM/JIRA link daemon added a comment - 2016-12-19 16:35 Code changed in jenkins User: Raul Path: src/main/java/org/jenkinsci/plugins/pipeline/githubstatusnotification/GitHubStatusNotificationStep.java http://jenkins-ci.org/commit/pipeline-githubnotify-step-plugin/a902495a7dcd5a613239f02b01109ca741de5dd6 Log: JENKINS-40422 Use scanCredentials instead of checkoutCredentials When you use a separate set of credentials for checkout and scanning it makes sense to use the scan credentials to notify, for example it could be that checkout credentials are of type SSH whilst scan are of type username/ password

SCM/JIRA link daemon added a comment - 2016-12-19 16:38

Code changed in jenkins
User: Raul
Path:
src/main/java/org/jenkinsci/plugins/pipeline/githubstatusnotification/GitHubStatusNotificationStep.java
http://jenkins-ci.org/commit/pipeline-githubnotify-step-plugin/d88d474e93d96a264b82baa984be2a1096e92016
Log:
JENKINS-40422 Use scanCredentials instead of checkoutCredentials

SCM/JIRA link daemon added a comment - 2016-12-19 16:38 Code changed in jenkins User: Raul Path: src/main/java/org/jenkinsci/plugins/pipeline/githubstatusnotification/GitHubStatusNotificationStep.java http://jenkins-ci.org/commit/pipeline-githubnotify-step-plugin/d88d474e93d96a264b82baa984be2a1096e92016 Log: JENKINS-40422 Use scanCredentials instead of checkoutCredentials When you use a separate set of credentials for checkout and scanning it makes sense to use the scan credentials to notify, for example it could be that checkout credentials are of type SSH whilst scan are of type username/ password

Raul Arabaolaza made changes - 2016-12-20 08:26

Remote Link

New: This issue links to "PR-2 (Web Link)" [ 15148 ]

Raul Arabaolaza added a comment - 2016-12-20 08:27

chrono I have attached the PR in case you want to take a look, I will wait two days before merging and cut a new minor version of the plugin

Raul Arabaolaza added a comment - 2016-12-20 08:27 chrono I have attached the PR in case you want to take a look, I will wait two days before merging and cut a new minor version of the plugin

Assignee:: Raul Arabaolaza

Reporter:: Martin Ringehahn

Votes:: 2 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2016-12-13 21:17

Updated:: 2017-12-25 20:21

Jenkins

Details

Description

Attachments

Issue Links

Activity

Collapse comment: Raul Arabaolaza added a comment - 2016-12-13 21:53

Expand comment: Raul Arabaolaza added a comment - 2016-12-13 21:53

Collapse comment: SCM/JIRA link daemon added a comment - 2016-12-18 12:29

Expand comment: SCM/JIRA link daemon added a comment - 2016-12-18 12:29

Collapse comment: SCM/JIRA link daemon added a comment - 2016-12-19 16:32

Expand comment: SCM/JIRA link daemon added a comment - 2016-12-19 16:32

Collapse comment: SCM/JIRA link daemon added a comment - 2016-12-19 16:35

Expand comment: SCM/JIRA link daemon added a comment - 2016-12-19 16:35

Collapse comment: SCM/JIRA link daemon added a comment - 2016-12-19 16:38

Expand comment: SCM/JIRA link daemon added a comment - 2016-12-19 16:38

Collapse comment: Raul Arabaolaza added a comment - 2016-12-20 08:27

Expand comment: Raul Arabaolaza added a comment - 2016-12-20 08:27

People

Dates