-
Bug
-
Resolution: Unresolved
-
Major
-
VM host: Windows 10 1909 running Docker Desktop Community 19.03.5
Jenkins master: Docker image jenkins/jenkins:latest
Jenkins agent: Docker image openjdk:8-stretch + Swarm-Client 3.17 plugin
Hashicorp Vault: Docker image vault:latest
My Jenkins master is running Debian 9 with Jenkins 2.208, Git-plugin 4.0.0 and Hashicorp-vault-plugin 3.0.0. My Jenkins agent is running Debian 9 with Swarm-client plugin 3.17. My master is set to 0 executors so that all jobs run on the agent. I have my Bitbucket credentials saved in Jenkins 3 times - "Username with password", "Vault Username-Password Credential" with K/V engine 1 and "Vault Username-Password Credential" with K/V engine 2.
I have a test freestyle job that does nothing except fetch a Git repository from https://bitbucket.org/... If set the job's Git credentials to use the "Username with password" credentials then the agent successfully fetches the repository. If I use either of the "Vault Username-Password Credential" credentials then the agent fails on the command "git fetch --tags --progress ..." with "remote: Invalid username or password"
In a pipeline job with script from SCM, the master is able to fetch the repository with all 3 credential types but the agent can only fetch when using "Username with password" credentials - it is unable to fetch with "Vault Username-Password Credential" credentials.
Bitbucket usernames are email addresses so they contain "@" special character. In Vault I have tried URL encoding the username to "user%40domain.com" but this causes the master to also fail with invalid username.
- is related to
-
JENKINS-59085 Ability use vault plugin in combination with other plugins that require credentials
-
- Open
-
-
JENKINS-59830 Support google cloud source repos with git client plugin
-
- Open
-
-
JENKINS-39374 Add ability to get SCM authentication tokens from Vault
-
- Open
-
Submitter notes that an @ sign embedded in the username will cause authentication failures in the git client plugin. Also an issue for the google code repositories since their user names include an @ sign as well.
I was not aware of Bitbucket Cloud supporting a username which includes an @ character. My Bitbucket Cloud account username (used to perform the clone) does not contain an embedded @ character.
I assume the use of an embedded @ character in the username is used on Bitbucket Server and Bitbucket Data Center. I use markewaite as my Bitbucket Cloud username. Bitbucket Cloud knows my google e-mail address and has connected my google e-mail address to my Bitbucket Cloud account.
Can you define a username in Bitbucket server that does not include the @ character in the username?
Are you able to define an app password in Bitbucket Cloud, store that app password in Hashicorp Vault, and use that app password as part of a Vault username / password credential?