-
Bug
-
Resolution: Won't Fix
-
Minor
-
None
-
OS X + Docker
When I run a Jenkinsfile that uses withCredentials, the credentials are not found, even though they exist.
Command:
docker run --rm -v $(pwd):/workspace -v /tmp/jenkins:/app/jenkins -v /tmp/jenkins_home/plugins:/usr/share/jenkins/ref/plugins jenkinsfile-runner
Output:
15.130 [id=1] WARNING j.branch.WorkspaceLocatorImpl#getWorkspaceRoot: JENKINS-2111 path sanitization ineffective when using legacy Workspace Root Directory ‘/build’; switch to ‘${JENKINS_HOME}/workspace/${ITEM_FULL_NAME}’ as in JENKINS-8446 / JENKINS-21942
Started
Running in Durability level: PERFORMANCE_OPTIMIZED
[Pipeline] Start of Pipeline
[Pipeline] node
Running on Jenkins in /build
[Pipeline]
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: Could not find credentials entry with ID 'trose'
Jenkinsfile:
node {
withCredentials([ usernamePassword(credentialsId: 'trose', usernameVariable: 'user',
passwordVariable: 'pass') ])
}
From <JENKINS_HOME>/credentials.xml:
<com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl>
<scope>GLOBAL</scope>
<id>trose</id>
<description></description>
<username>trose</username>
<password>{AQAAABAAAAAQ25ldSmp9SUMhWS7u0mODZvmd+lh3ubJx0V7XCSxolTU=} </password>
</com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl>
[JENKINS-56816] Credentials not found by withCredentials
I have tried withCredentials with the standalone runner (./app/target/appassembler/bin/jenkinsfile-runner ... – not in a Docker image), and it won't find credentials either. Is withCredentials just not supported? If not, how can it be added?
Thornton Rose
added a comment - - edited I have tried withCredentials with the standalone runner (./app/target/appassembler/bin/jenkinsfile-runner ... – not in a Docker image), and it won't find credentials either. Is withCredentials just not supported? If not, how can it be added? Thornton Rose
added a comment - egutierrez , I configured the credentials through the UI. bigtrose As I tried to clarify in my previous message, Jenkinsfile Runner is not intended to re-use a previously provided JENKINS_HOME. You need to think of it as a fresh Jenkins installation and in case you want some credentials to be setup, use the Configuration As Code plugin.
Thornton Rose
added a comment - I find this behavior (and constraint) to be very odd. I ran jenkins.war to create the credentials. The XML file showed up in JENKINS_HOME. Why would it not be visible to jenkinsfile-runner if it is pointed to the same dir for JENKINS_HOME?
If I understand what you are saying, anytime I want to run a Jenkinsfile that uses withCredentials, I have to configure the credentials at the start of the run. Is there not any way to make them persistent from one run to the next?
Thornton Rose
added a comment - I find this behavior (and constraint) to be very odd. I ran jenkins.war to create the credentials. The XML file showed up in JENKINS_HOME. Why would it not be visible to jenkinsfile-runner if it is pointed to the same dir for JENKINS_HOME?
If I understand what you are saying, anytime I want to run a Jenkinsfile that uses withCredentials, I have to configure the credentials at the start of the run. Is there not any way to make them persistent from one run to the next? You don't have to configure them on each run. You can create a new Docker image with Custom WAR packager and have the credentials configured there. See the link to the demo in my first comment.
Hi bigtrose! Thanks for using Jenkinsfile Runner.
If I am understanding correctly your reproduction steps, you are trying to provide an existing JENKINS_HOME to the Jenkinsfile Runner image so that you can use a previously configured state from the Jenkinsfile. That is not a use case that Jenkinsfile Runner is intended to be used to. However you could use the configuration-as-code plugin to automatically setup the credentials in the Jenkinsfile Runner image and be able to use them. Please check this demo for an example on how to do it.
I am closing the issue. Please feel free to reopen if you consider it necessary. Thanks!