Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-60975

A ‘Google Service account from private key’ credential cannot be accessed if it is scoped to a folder

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • google-oauth-plugin
    • None
    • Jenkins Version 2.204.2
      Credentials Plugin 2.3.1
      Folder Plugin 6.11.1
      Google OAuth Credentials 1.0.0

      OpenJDK 1.8.0_242

      If you create a ‘Google Service account from private key’ inside a folder it cannot be accessed. This means that to restrict access to service account credentials within Jenkins the service account key must be stored as a 'Secret File' credential which cannot be used with the Docker workflow docker.withRegistry().

      Steps to reproduce:
      Create Folder.
      Within the Folder, Add a "Google Service Account from private key" credential.
      In the "Configure" view of the Folder, under "Pipeline Model Definition", "Registry Credentials" you can see the following stack trace appear automatically:

      java.lang.UnsupportedOperationException
          at com.google.jenkins.plugins.googlecontainerregistryauth.GoogleContainerRegistryCredential.getDescriptor(GoogleContainerRegistryCredential.java:179)
          at com.google.jenkins.plugins.googlecontainerregistryauth.GoogleContainerRegistryCredential.getDescriptor(GoogleContainerRegistryCredential.java:66)
          at com.cloudbees.plugins.credentials.CredentialsNameProvider.name(CredentialsNameProvider.java:79)
          at com.cloudbees.plugins.credentials.CredentialsNameComparator.compare(CredentialsNameComparator.java:103)
          at com.cloudbees.plugins.credentials.CredentialsNameComparator.compare(CredentialsNameComparator.java:40)
          at java.util.TimSort.countRunAndMakeAscending(TimSort.java:360)
          at java.util.TimSort.sort(TimSort.java:234)
          at java.util.Arrays.sort(Arrays.java:1512)
          at java.util.ArrayList.sort(ArrayList.java:1462)
          at java.util.Collections.sort(Collections.java:177)
          at com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials(CredentialsProvider.java:424)
          at com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials(CredentialsProvider.java:529)
          at org.jenkinsci.plugins.docker.commons.credentials.DockerRegistryEndpoint$DescriptorImpl.doFillCredentialsIdItems(DockerRegistryEndpoint.java:376)
          at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
          at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396)
          at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408)
          at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212)
          at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145)
          at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:535)
          at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
          at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747)
      Caused: javax.servlet.ServletException
          at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:797)
          at org.kohsuke.stapler.Stapler.invoke(Stapler.java:878)
          at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:280)
          at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
          at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747)
          at org.kohsuke.stapler.Stapler.invoke(Stapler.java:878)
          at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:280)
          at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
          at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747)
          at org.kohsuke.stapler.Stapler.invoke(Stapler.java:878)
          at org.kohsuke.stapler.Stapler.invoke(Stapler.java:676)
          at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
          at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:873)
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1623)
          at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
          at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:246)
          at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
          at jenkins.security.ResourceDomainFilter.doFilter(ResourceDomainFilter.java:76)
          at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
          at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134)
          at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
          at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:61)
          at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
          at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:59)
          at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
          at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
          at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
          at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:128)
          at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
          at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157)
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
          at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:99)
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
          at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:118)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
          at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
          at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90)
          at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
          at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
          at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
          at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
          at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:540)
          at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146)
          at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)
          at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
          at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257)
          at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1700)
          at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
          at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1345)
          at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
          at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:480)
          at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1667)
          at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
          at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1247)
          at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
          at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
          at org.eclipse.jetty.server.Server.handle(Server.java:505)
          at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370)
          at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267)
          at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305)
          at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
          at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:427)
          at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:321)
          at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:159)
          at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
          at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
          at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
          at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
          at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
          at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)
          at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366)
          at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:698)
          at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:804)
          at java.lang.Thread.run(Thread.java:748) 
       
      

            astroilov Andrey Stroilov
            organised_chaos James Robson
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: