Type: Bug
Resolution: Won't Fix
Priority: Major
Component/s: credentials-binding-plugin
Labels:
None

Similar Issues:
Powered by SuggestiMate

Show

Environment

Jenkins 2.46.2
credentials:2.1.13 'Credentials Plugin'
credentials-binding:1.11 'Credentials Binding Plugin'
workflow-aggregator:2.5 'Pipeline'
workflow-api:2.12 'Pipeline: API'
workflow-basic-steps:2.4 'Pipeline: Basic Steps'
workflow-cps:2.29 'Pipeline: Groovy'
workflow-cps-checkpoint:2.4 'CloudBees Pipeline: Groovy Checkpoint Plugin'
workflow-cps-global-lib:2.7 'Pipeline: Shared Groovy Libraries'
workflow-durable-task-step:2.10 'Pipeline: Nodes and Processes'
workflow-job:2.10 'Pipeline: Job'
workflow-multibranch:2.14 'Pipeline: Multibranch'
workflow-scm-step:2.4 'Pipeline: SCM Step'
workflow-step-api:2.9 'Pipeline: Step API'
workflow-support:2.14 'Pipeline: Supporting APIs'

Scenario to Use User Scoped Credentials in "withCredentials()"

Many organizations use GPG signing keys and special permissions on Git / Nexus / Artifactory to create releases. For traceability and security, these privileged credentials credentials are "per individual/personal credentials", they are not shared with team members.

For this kind of credentials, we want to use Jenkins User Scoped Credentials in pipeline (withCredentials, git, config-file-provider, ssh-agent...)

Description

Even when using the authorize project plugin, user Scoped Credentials don't appear in the drop down lists of credentials.
User scoped credentials don't appear in the drop down lists of credentials of the "Config File Provider Plugin" (problem not covered by this jira issue, I'll work on it later)

Reproduce

Install the Project Authorize Plugin and configure it "Run as user who triggered the build"
Create user scoped credentials "my-username-password"
Create a pipeline
Use the pipeline syntax assistant to generate a "withCredentials" wrapper
The drop down list of credentials don't display the user scoped credentials "my-username-password"

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

cloudbees-support_cje-master.alliances.beescloud.com_2017-04-27_14.09.05.zip
939 kB
2017-06-08 11:28

is related to

JENKINS-44772 User Scoped credentials are not used by the "withCredentials" pipeline step

Open

JENKINS-44773 User Scoped credentials are not used by the "git" pipeline step

Closed

JENKINS-47864 Allow to select User Scope Credentials

Resolved

relates to

JENKINS-38963 User-scoped credentials cannot be looked up in pipeline

Resolved

JENKINS-58170 Allow credential parameters to shadow credential ids in lookup

Resolved

links to

CloudBees Internal OSS-2235

(1 links to)

Cyrille Le Clerc created issue - 2017-06-08 11:28

Cyrille Le Clerc made changes - 2017-06-08 11:30

Link

New: This issue is related to JENKINS-44772 [ JENKINS-44772 ]

Cyrille Le Clerc made changes - 2017-06-08 11:30

Link

New: This issue is related to ~~JENKINS-44773~~ [ ~~JENKINS-44773~~ ]

John Zerbe added a comment - 2017-06-09 16:06

should be "blocker"

John Zerbe added a comment - 2017-06-09 16:06 should be "blocker"

Cyrille Le Clerc made changes - 2017-06-09 16:14

Priority

Original: Minor [ 4 ]

New: Major [ 3 ]

Cyrille Le Clerc added a comment - 2017-06-09 16:15 - edited

FYI the reasoning why xjg6yzl feels it's a "blocker" are also detailed on

xjg6yzl I changed the priority of this issue to "major" for the moment. I'll let the community discussion help us define how important it is. I share your opinion that it's a very important feature but I don't want to interfere with the thought process of the community

Cyrille Le Clerc added a comment - 2017-06-09 16:15 - edited FYI the reasoning why xjg6yzl feels it's a "blocker" are also detailed on https://issues.jenkins-ci.org/browse/JENKINS-44772?focusedCommentId=302524&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-302524 https://issues.jenkins-ci.org/browse/JENKINS-44773?focusedCommentId=302534&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-302534 xjg6yzl I changed the priority of this issue to "major" for the moment. I'll let the community discussion help us define how important it is. I share your opinion that it's a very important feature but I don't want to interfere with the thought process of the community

John Zerbe added a comment - 2017-06-12 12:01

cleclerc, Thank you for this change in in priority. To reiterate, we have auditing requirements to show exactly who did every single push to our git repositories. We currently do this via more traditional Jenkins maven type jobs and maven steps in freeform jobs where we use the maven release plugin combined with user scoped credentials to allow maven to create the tags and update the version via an individual's credentials picked at build time. We do set security at the folder level for teams, but using credentials at the folder scope does not meet our requirements.

John Zerbe added a comment - 2017-06-12 12:01 cleclerc , Thank you for this change in in priority. To reiterate, we have auditing requirements to show exactly who did every single push to our git repositories. We currently do this via more traditional Jenkins maven type jobs and maven steps in freeform jobs where we use the maven release plugin combined with user scoped credentials to allow maven to create the tags and update the version via an individual's credentials picked at build time. We do set security at the folder level for teams, but using credentials at the folder scope does not meet our requirements.

Cyrille Le Clerc added a comment - 2017-06-12 12:29

Thanks xjg6yzl for the details.

Cyrille Le Clerc added a comment - 2017-06-12 12:29 Thanks xjg6yzl for the details.

Jesse Glick added a comment - 2017-06-19 13:19

Ignoring

User scoped credentials don't appear in the drop down lists of credentials of the "Config File Provider Plugin"

which is not part of the steps to reproduce. Typo?

Jesse Glick added a comment - 2017-06-19 13:19 Ignoring User scoped credentials don't appear in the drop down lists of credentials of the "Config File Provider Plugin" which is not part of the steps to reproduce. Typo?

Jesse Glick made changes - 2017-06-19 13:19

Component/s		New: credentials-binding-plugin [ 18129 ]
Component/s	Original: credentials-plugin [ 16523 ]
Assignee	Original: Stephen Connolly [ stephenconnolly ]

Assignee:: Unassigned

Reporter:: Cyrille Le Clerc

Votes:: 5 Vote for this issue

Watchers:: 12 Start watching this issue

Created:: 2017-06-08 11:28

Updated:: 2019-08-26 19:28

Resolved:: 2019-08-26 19:28

Jenkins

User Scoped credentials don't appear in credentials drop down lists

Environment

Scenario to Use User Scoped Credentials in "withCredentials()"

Description

Reproduce

[JENKINS-44774] User Scoped credentials don't appear in credentials drop down lists

Jenkins

Details

Description

Environment

Scenario to Use User Scoped Credentials in "withCredentials()"

Description

Reproduce

Attachments

Attachments

Issue Links

Activity

[JENKINS-44774] User Scoped credentials don't appear in credentials drop down lists

Collapse comment: John Zerbe added a comment - 2017-06-09 16:06

Expand comment: John Zerbe added a comment - 2017-06-09 16:06

Collapse comment: Cyrille Le Clerc added a comment - 2017-06-09 16:15, Edited by Cyrille Le Clerc - 2017-06-09 16:16

Expand comment: Cyrille Le Clerc added a comment - 2017-06-09 16:15, Edited by Cyrille Le Clerc - 2017-06-09 16:16

Collapse comment: John Zerbe added a comment - 2017-06-12 12:01

Expand comment: John Zerbe added a comment - 2017-06-12 12:01

Collapse comment: Cyrille Le Clerc added a comment - 2017-06-12 12:29

Expand comment: Cyrille Le Clerc added a comment - 2017-06-12 12:29

Collapse comment: Jesse Glick added a comment - 2017-06-19 13:19

Expand comment: Jesse Glick added a comment - 2017-06-19 13:19

People

Dates