-
Bug
-
Resolution: Fixed
-
Major
-
None
-
Jenkins: 2.204.1
aws-secrets-manager-credentials-provider: 0.1.2
-
-
0.1.3
When this plugin cannot contact AWS it breaks screens that list credentials.
Examples:
- Pipeline DSL snippet generator
- Global Configuration screen, when any credential consumer plugin e.g. docker-commons-plugin or cloudbees-bitbucket-branch-source-plugin is installed.
- Credentials list screen
This can easily reproduced by just installing the plugin on a local instance and not configuring anything more.
The exception looks like this:
com.amazonaws.SdkClientException: Unable to find a region via the region provider chain. Must provide an explicit region in the builder or setup environment to supply a region. at com.amazonaws.client.builder.AwsClientBuilder.setRegion(AwsClientBuilder.java:462) at com.amazonaws.client.builder.AwsClientBuilder.configureMutableProperties(AwsClientBuilder.java:424) at com.amazonaws.client.builder.AwsSyncClientBuilder.build(AwsSyncClientBuilder.java:46) at io.jenkins.plugins.credentials.secretsmanager.AwsCredentialsProvider.fetchCredentials(AwsCredentialsProvider.java:103) at com.google.common.base.Suppliers$ExpiringMemoizingSupplier.get(Suppliers.java:173) at io.jenkins.plugins.credentials.secretsmanager.AwsCredentialsProvider.getCredentials(AwsCredentialsProvider.java:61) at com.cloudbees.plugins.credentials.CredentialsProvider.getCredentials(CredentialsProvider.java:1147) at com.cloudbees.plugins.credentials.CredentialsProvider.getCredentials(CredentialsProvider.java:1222) at com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials(CredentialsProvider.java:549) at com.cloudbees.plugins.credentials.CredentialsProvider.findCredentialById(CredentialsProvider.java:906) at com.cloudbees.plugins.credentials.CredentialsProvider.findCredentialById(CredentialsProvider.java:850) at org.jenkinsci.plugins.credentialsbinding.MultiBinding.getCredentials(MultiBinding.java:144) at org.jenkinsci.plugins.credentialsbinding.impl.UsernamePasswordMultiBinding.bind(UsernamePasswordMultiBinding.java:75) at org.jenkinsci.plugins.credentialsbinding.impl.BindingStep$Execution2.doStart(BindingStep.java:135)
- relates to
-
JENKINS-59626 Global configuration page blocks may try to load credentials before credentials providers are ready
-
- Open
-
-
JENKINS-60791 Plugin can break other providers' credential bindings when it cannot contact AWS
-
- Closed
-
- links to
[JENKINS-60652] Plugin breaks credential list views when it cannot contact AWS
Summary | Original: plugin breaks most jenkins functionality without a connection to AWS | New: plugin breaks jenkins without a connection to AWS |
Description |
Original:
when ever this plugin does not have a connection to AWS it breaks many screens. e.g. every screen which wants to list some credentials in a dropdown will show an error message e.g. in [http://localhost:8080/configure] when the [docker-commons-plugin|https://plugins.jenkins.io/docker-commons] or [cloudbees-bitbucket-branch-source-plugin|https://plugins.jenkins.io/cloudbees-bitbucket-branch-source] is installed. Also all build accessing any credential will fail, even if the credentials requested by the build are provided by a different credentials-provider (e.g. default jenkins provider). This can easily reproduced by just installing the plugin on a local instance and not configuring anything more. |
New:
when ever this plugin does not have a connection to AWS it breaks many screens. e.g. every screen which wants to list some credentials in a dropdown will show an error message e.g. in [http://localhost:8080/configure] when the [docker-commons-plugin|https://plugins.jenkins.io/docker-commons] or [cloudbees-bitbucket-branch-source-plugin|https://plugins.jenkins.io/cloudbees-bitbucket-branch-source] is installed. Also all build accessing any credential will fail, even if the credentials requested by the build are provided by a different credentials-provider (e.g. default jenkins provider). This can easily reproduced by just installing the plugin on a local instance and not configuring anything more. The exception looks like this: {code:java} com.amazonaws.SdkClientException: Unable to find a region via the region provider chain. Must provide an explicit region in the builder or setup environment to supply a region. at com.amazonaws.client.builder.AwsClientBuilder.setRegion(AwsClientBuilder.java:462) at com.amazonaws.client.builder.AwsClientBuilder.configureMutableProperties(AwsClientBuilder.java:424) at com.amazonaws.client.builder.AwsSyncClientBuilder.build(AwsSyncClientBuilder.java:46) at io.jenkins.plugins.credentials.secretsmanager.AwsCredentialsProvider.fetchCredentials(AwsCredentialsProvider.java:103) at com.google.common.base.Suppliers$ExpiringMemoizingSupplier.get(Suppliers.java:173) at io.jenkins.plugins.credentials.secretsmanager.AwsCredentialsProvider.getCredentials(AwsCredentialsProvider.java:61) at com.cloudbees.plugins.credentials.CredentialsProvider.getCredentials(CredentialsProvider.java:1147) at com.cloudbees.plugins.credentials.CredentialsProvider.getCredentials(CredentialsProvider.java:1222) at com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials(CredentialsProvider.java:549) at com.cloudbees.plugins.credentials.CredentialsProvider.findCredentialById(CredentialsProvider.java:906) at com.cloudbees.plugins.credentials.CredentialsProvider.findCredentialById(CredentialsProvider.java:850) at org.jenkinsci.plugins.credentialsbinding.MultiBinding.getCredentials(MultiBinding.java:144) at org.jenkinsci.plugins.credentialsbinding.impl.UsernamePasswordMultiBinding.bind(UsernamePasswordMultiBinding.java:75) at org.jenkinsci.plugins.credentialsbinding.impl.BindingStep$Execution2.doStart(BindingStep.java:135) {code} |
Link | New: This issue relates to JENKINS-59626 [ JENKINS-59626 ] |
Summary | Original: plugin breaks jenkins without a connection to AWS | New: Plugin breaks credential list views when it cannot contact AWS |
You see this error on the global configuration page because it may attempt to use credential providers (not just this one, others too) before they are ready, where the mechanism for configuring the provider is also on the global configuration page. I reported this issue here.