Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-45807

Error when validating CloudFormation with a `/` in roleSessionName

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • pipeline-aws-plugin
    • None

      When validating CloudFormation with a `/` in the branch name, it fails with the following error:

      com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException: 1 validation error detected: Value 'Jenkins-********-feature%2F********' at 'roleSessionName' failed to satisfy constraint: Member must satisfy regular expression pattern: [\w+=,.@-]* (Service: AWSSecurityTokenService; Status Code: 400; Error Code: ValidationError; Request ID: ********)

      The `/` is encoded as `%2F` which doesn't seem to be valid in `roleSessionName`

      We use pipeline-aws-plugin 1.12 on Jenkins 2.65

          [JENKINS-45807] Error when validating CloudFormation with a `/` in roleSessionName

          Roch Devost added a comment -

          Release 1.14 doesn't seem to have been published

          Roch Devost added a comment - Release 1.14 doesn't seem to have been published

          Thorsten Hoeger added a comment -

          Sorry for the confusion.

          It is implemented but 1.14 is the current master and not yet released.

          Will do another release this week.

          Thorsten Hoeger added a comment - Sorry for the confusion. It is implemented but 1.14 is the current master and not yet released. Will do another release this week.

          Roch Devost added a comment -

          hoegertn Did you have time to make a 1.14 release?

          Roch Devost added a comment - hoegertn Did you have time to make a 1.14 release?

          Thorsten Hoeger added a comment -

          rochdev  can you try if it is fixed in 1.13 and can you try the 1.14 build? It may already be fixed in 1.13. I think I got very confused about some pull requests.

          Thorsten Hoeger added a comment - rochdev  can you try if it is fixed in 1.13 and can you try the 1.14 build? It may already be fixed in 1.13. I think I got very confused about some pull requests.

          Roch Devost added a comment -

          hoegertn The issue is still present in 1.15

          We haven't had the chance to try with 1.16 yet but from the changelog and commits it doesn't seem to have been addressed.

          Roch Devost added a comment - hoegertn The issue is still present in 1.15 We haven't had the chance to try with 1.16 yet but from the changelog and commits it doesn't seem to have been addressed.

          Thorsten Hoeger added a comment -

          I really do not understand this, as it was fixed in https://github.com/jenkinsci/pipeline-aws-plugin/commit/710420561f706af83288a1dd4f164dbf2fb90d3a which was part of 1.11 and then extracted to the RoleSessionNameBuilder

           

          Can you provide bigger parts of the log and parts of the Jenkinsfile?

          Thorsten Hoeger added a comment - I really do not understand this, as it was fixed in https://github.com/jenkinsci/pipeline-aws-plugin/commit/710420561f706af83288a1dd4f164dbf2fb90d3a  which was part of 1.11 and then extracted to the RoleSessionNameBuilder   Can you provide bigger parts of the log and parts of the Jenkinsfile?

          Felipe Rotilho added a comment -

          This issue still happen

          com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException: 1 validation error detected: Value 'Jenkins-relocation-tool-relocation-tool-admin-bugfix%2Ffix-ima-1' at 'roleSessionName' failed to satisfy constraint: Member must satisfy regular expression pattern: [\w+=,.@-]* (Service: AWSSecurityTokenService; Status Code: 400; Error Code: ValidationError; Request ID: 6c42dbda-faa8-11e7-91c3-17d6d34748a5)

          Version 1.20

          Felipe Rotilho added a comment - This issue still happen com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException: 1 validation error detected: Value 'Jenkins-relocation-tool-relocation-tool-admin-bugfix%2Ffix-ima-1' at 'roleSessionName' failed to satisfy constraint: Member must satisfy regular expression pattern: [\w+=,.@-] * (Service: AWSSecurityTokenService; Status Code: 400; Error Code: ValidationError; Request ID: 6c42dbda-faa8-11e7-91c3-17d6d34748a5) Version 1.20

          SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Thorsten Hoeger
          Path:
          README.md
          src/main/java/de/taimos/pipeline/aws/RoleSessionNameBuilder.java
          src/test/java/de/taimos/pipeline/aws/RoleSessionNameBuilderTest.java
          http://jenkins-ci.org/commit/pipeline-aws-plugin/cf5142c806f8e72b57e5edd082cecb27b93d1e82
          Log:
          JENKINS-45807 Fix RoleSessionName when build number contains '/'

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Thorsten Hoeger Path: README.md src/main/java/de/taimos/pipeline/aws/RoleSessionNameBuilder.java src/test/java/de/taimos/pipeline/aws/RoleSessionNameBuilderTest.java http://jenkins-ci.org/commit/pipeline-aws-plugin/cf5142c806f8e72b57e5edd082cecb27b93d1e82 Log: JENKINS-45807 Fix RoleSessionName when build number contains '/'

          Thorsten Hoeger added a comment -

          I tried another fix as I now assume the '/' is part of the build number and not of the job name. Can someone verify this build?

          Thorsten Hoeger added a comment - I tried another fix as I now assume the '/' is part of the build number and not of the job name. Can someone verify this build?

            hoegertn Thorsten Hoeger
            rochdev Roch Devost
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: