Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-47766

Encryption / decryption of Secret causes NPE in slave nodes

XMLWordPrintable

      As in the PR https://github.com/jenkinsci/azure-commons-plugin/pull/4 , currently the SSH credentials in azure-commons calls Secret.fromString to store the intermediate secrets.

      This may be called from the slave nodes, where the encryption / decryption may fail as there is no complete Jenkins instance in slave environment.

      Steps to reproduce:

      1. Install the kubernetes-cd-plugin (version: 0.1.3)
      2. Create a username password credential. For the password, use base64 encoded string.
      3. Create a job with kubernetes deployment, select the SSH credentials type, and choose the credentials created above
      4. Schedule the job to a slave node and it will fail on NPE when it tries to decrypt the password in Secret

      Fixing in progress.

          [JENKINS-47766] Encryption / decryption of Secret causes NPE in slave nodes

          Menghua Xiao created issue -
          Menghua Xiao made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          Menghua Xiao made changes -
          Description Original: As in the PR [https://github.com/jenkinsci/azure-commons-plugin/pull/4|https://github.com/jenkinsci/azure-commons-plugin/pull/4,] , currently the SSH credentials in {{azure-commons}} calls {{Secret.fromString}} to store the intermediate secrets.

          This may be called from the slave nodes, where the encryption / decryption may fail as there is no complete Jenkins instance in slave environment.

           

          --

          Fixing in progress.           		New: As in the PR [https://github.com/jenkinsci/azure-commons-plugin/pull/4|https://github.com/jenkinsci/azure-commons-plugin/pull/4,] , currently the SSH credentials in {{azure-commons}} calls {{Secret.fromString}} to store the intermediate secrets.

          This may be called from the slave nodes, where the encryption / decryption may fail as there is no complete Jenkins instance in slave environment.

           Steps to reproduce:
           # install the kubernetes-cd-plugin (version:



          Fixing in progress.
          Menghua Xiao made changes -
          Description Original: As in the PR [https://github.com/jenkinsci/azure-commons-plugin/pull/4|https://github.com/jenkinsci/azure-commons-plugin/pull/4,] , currently the SSH credentials in {{azure-commons}} calls {{Secret.fromString}} to store the intermediate secrets.

          This may be called from the slave nodes, where the encryption / decryption may fail as there is no complete Jenkins instance in slave environment.

           Steps to reproduce:
           # install the kubernetes-cd-plugin (version:



          Fixing in progress.           		New: As in the PR [https://github.com/jenkinsci/azure-commons-plugin/pull/4|https://github.com/jenkinsci/azure-commons-plugin/pull/4,] , currently the SSH credentials in {{azure-commons}} calls {{Secret.fromString}} to store the intermediate secrets.

          This may be called from the slave nodes, where the encryption / decryption may fail as there is no complete Jenkins instance in slave environment.

          Steps to reproduce:
          # Install the kubernetes-cd-plugin (version: 0.1.3)
          # Create a username password credential. For the password, use base64 encoded string.
          # Create a job with kubernetes deployment, select the SSH credentials type, and choose the credentials created above
          # Schedule the job to a slave node and it will fail on NPE when it tries to decrypt the password in {{Secret}}



          Fixing in progress.

          SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Menghua Xiao
          Path:
          src/main/java/com/microsoft/jenkins/azurecommons/remote/SSHClient.java
          src/main/java/com/microsoft/jenkins/azurecommons/remote/UsernameAuth.java
          src/main/java/com/microsoft/jenkins/azurecommons/remote/UsernamePasswordAuth.java
          src/main/java/com/microsoft/jenkins/azurecommons/remote/UsernamePrivateKeyAuth.java
          http://jenkins-ci.org/commit/azure-commons-plugin/d65184aa13f067b3536893f11f4f3fc4564d19f6
          Log:
          JENKINS-47766 Avoid Secret decryption when building SSH clients (#4)

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Menghua Xiao Path: src/main/java/com/microsoft/jenkins/azurecommons/remote/SSHClient.java src/main/java/com/microsoft/jenkins/azurecommons/remote/UsernameAuth.java src/main/java/com/microsoft/jenkins/azurecommons/remote/UsernamePasswordAuth.java src/main/java/com/microsoft/jenkins/azurecommons/remote/UsernamePrivateKeyAuth.java http://jenkins-ci.org/commit/azure-commons-plugin/d65184aa13f067b3536893f11f4f3fc4564d19f6 Log: JENKINS-47766 Avoid Secret decryption when building SSH clients (#4)

          SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Menghua Xiao
          Path:
          src/main/java/com/microsoft/jenkins/azurecommons/remote/SSHClient.java
          src/main/java/com/microsoft/jenkins/azurecommons/remote/UsernameAuth.java
          src/main/java/com/microsoft/jenkins/azurecommons/remote/UsernamePasswordAuth.java
          src/main/java/com/microsoft/jenkins/azurecommons/remote/UsernamePrivateKeyAuth.java
          http://jenkins-ci.org/commit/azure-commons-plugin/009b3908994f9ff72bfbd3b218bc2632df385082
          Log:
          Merge pull request #6 from ArieShout/pull_4

          JENKINS-47766 Avoid Secret decryption when building SSH clients

          Compare: https://github.com/jenkinsci/azure-commons-plugin/compare/f81627c29ba5...009b3908994f

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Menghua Xiao Path: src/main/java/com/microsoft/jenkins/azurecommons/remote/SSHClient.java src/main/java/com/microsoft/jenkins/azurecommons/remote/UsernameAuth.java src/main/java/com/microsoft/jenkins/azurecommons/remote/UsernamePasswordAuth.java src/main/java/com/microsoft/jenkins/azurecommons/remote/UsernamePrivateKeyAuth.java http://jenkins-ci.org/commit/azure-commons-plugin/009b3908994f9ff72bfbd3b218bc2632df385082 Log: Merge pull request #6 from ArieShout/pull_4 JENKINS-47766 Avoid Secret decryption when building SSH clients Compare: https://github.com/jenkinsci/azure-commons-plugin/compare/f81627c29ba5...009b3908994f

          Menghua Xiao added a comment -

          Fixed in
          azure-commons 0.1.5
          kubernetes-cd 0.1.4

          Menghua Xiao added a comment - Fixed in azure-commons 0.1.5 kubernetes-cd 0.1.4
          Menghua Xiao made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: In Progress [ 3 ] New: Resolved [ 5 ]
          Menghua Xiao made changes -
          Status Original: Resolved [ 5 ] New: Closed [ 6 ]
          Jenkins IRC Bot made changes -
          Component/s New: _unsorted [ 19622 ]
          Component/s Original: azure-commons-plugin [ 23148 ]

            arieshout Menghua Xiao
            arieshout Menghua Xiao
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: