-
Bug
-
Resolution: Fixed
-
Major
-
None
As in the PR https://github.com/jenkinsci/azure-commons-plugin/pull/4 , currently the SSH credentials in azure-commons calls Secret.fromString to store the intermediate secrets.
This may be called from the slave nodes, where the encryption / decryption may fail as there is no complete Jenkins instance in slave environment.
Steps to reproduce:
- Install the kubernetes-cd-plugin (version: 0.1.3)
- Create a username password credential. For the password, use base64 encoded string.
- Create a job with kubernetes deployment, select the SSH credentials type, and choose the credentials created above
- Schedule the job to a slave node and it will fail on NPE when it tries to decrypt the password in Secret
–
Fixing in progress.
[JENKINS-47766] Encryption / decryption of Secret causes NPE in slave nodes
Code changed in jenkins
User: Menghua Xiao
Path:
src/main/java/com/microsoft/jenkins/azurecommons/remote/SSHClient.java
src/main/java/com/microsoft/jenkins/azurecommons/remote/UsernameAuth.java
src/main/java/com/microsoft/jenkins/azurecommons/remote/UsernamePasswordAuth.java
src/main/java/com/microsoft/jenkins/azurecommons/remote/UsernamePrivateKeyAuth.java
http://jenkins-ci.org/commit/azure-commons-plugin/009b3908994f9ff72bfbd3b218bc2632df385082
Log:
Merge pull request #6 from ArieShout/pull_4
JENKINS-47766 Avoid Secret decryption when building SSH clients
Compare: https://github.com/jenkinsci/azure-commons-plugin/compare/f81627c29ba5...009b3908994f
Menghua Xiao
added a comment - Fixed in
azure-commons 0.1.5
kubernetes-cd 0.1.4 
Code changed in jenkins
User: Menghua Xiao
Path:
src/main/java/com/microsoft/jenkins/azurecommons/remote/SSHClient.java
src/main/java/com/microsoft/jenkins/azurecommons/remote/UsernameAuth.java
src/main/java/com/microsoft/jenkins/azurecommons/remote/UsernamePasswordAuth.java
src/main/java/com/microsoft/jenkins/azurecommons/remote/UsernamePrivateKeyAuth.java
http://jenkins-ci.org/commit/azure-commons-plugin/d65184aa13f067b3536893f11f4f3fc4564d19f6
Log:
JENKINS-47766Avoid Secret decryption when building SSH clients (#4)