Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-60329

Username/password credentials can not be used with git

    XMLWordPrintable

    Details

    • Similar Issues:
    • Released As:
      0.2.0

      Description

      I'm trying to use username/password credentials with git in a pipeline like this:

       

      pipeline {
        agent any
        stages {
          stage('Example') {
            steps {
              git credentialsId: 'git-creds', url:'https://github.com/jenkinsci/aws-secrets-manager-credentials-provider-plugin.git'
            }
          }
        }
      }

       

      The Git plugin will first test if the credentials are a ssh key, and then try to extract the key. Only if the credentials are not a ssh key will it test if it is a username/password.

      The issue is that 'AwsCredentials' are implementing both 'StandardUsernamePasswordCredentials' and 'SSHUserPrivateKey'.

      The solution would be (I think) to have different subclasses for each.

        Attachments

          Issue Links

            Activity

            Hide
            chriskilding Chris Kilding added a comment -

            Hi Peter, I have added a failing test that reproduces the issue in a GitHub PR to get us started.

            Show
            chriskilding Chris Kilding added a comment - Hi Peter, I have added a failing test that reproduces the issue in a GitHub PR to get us started.
            Hide
            chriskilding Chris Kilding added a comment -

            The options for fixing this appear (to me at least) to be:

            • Fix the naive credential type detection in the Git plugin.
            • Push type detection up the chain in the credentials provider, so that by the time we instantiate the primary credential object, we already know the exact type. This eliminates the multi-type object.
            • Decompose the multi-type object and return a single type object in the credential snapshot taker (this is a fragile solution: it would fix the Git plugin because it just so happens to snapshot credentials, but it doesn’t generalise to plugins that use credentials directly).
            Show
            chriskilding Chris Kilding added a comment - The options for fixing this appear (to me at least) to be: Fix the naive credential type detection in the Git plugin. Push type detection up the chain in the credentials provider, so that by the time we instantiate the primary credential object, we already know the exact type. This eliminates the multi-type object. Decompose the multi-type object and return a single type object in the credential snapshot taker (this is a fragile solution: it would fix the Git plugin because it just so happens to snapshot credentials, but it doesn’t generalise to plugins that use credentials directly).
            Hide
            chriskilding Chris Kilding added a comment -

            When I looked at option 3 - get creative with the credential snapshot taker - I found it has very strict type constraints, so I don’t think it is viable to change the returned credential type within the snapshot taker.

            Show
            chriskilding Chris Kilding added a comment - When I looked at option 3 - get creative with the credential snapshot taker - I found it has very strict type constraints, so I don’t think it is viable to change the returned credential type within the snapshot taker.
            Hide
            chriskilding Chris Kilding added a comment -

            A fix is ready to test (if you're willing to build the .hpi from source) in this pull request: https://github.com/jenkinsci/aws-secrets-manager-credentials-provider-plugin/pull/10 

             

            Note that you'll need to add the jenkins:credentials:type tag to your AWS secrets, per the README.

            Show
            chriskilding Chris Kilding added a comment - A fix is ready to test (if you're willing to build the .hpi from source) in this pull request: https://github.com/jenkinsci/aws-secrets-manager-credentials-provider-plugin/pull/10     Note that you'll need to add the jenkins:credentials:type tag to your AWS secrets, per the README .

              People

              Assignee:
              chriskilding Chris Kilding
              Reporter:
              peterfich Peter Fich
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: