Details
-
Bug
-
Status: Resolved (View Workflow)
-
Minor
-
Resolution: Fixed
-
None
-
Jenkins 2.235
Bitbucket Cloud 2.8.0
Description
I am getting an exception when I open Manage Jenkins -> Configuration after installing the newest version of Bitbucket Cloud 2.8.0.
Error while serving https://system-dev-jenkins.build.mttnow.com/descriptorByName/com.cloudbees.jenkins.plugins.bitbucket.endpoints.BitbucketCloudEndpoint/fillCredentialsIdItems com.amazonaws.services.ecr.model.AmazonECRException: The security token included in the request is invalid (Service: AmazonECR; Status Code: 400; Error Code: UnrecognizedClientException; Request ID: bb63ccfc-1924-475f-bf3e-9d219f70d6ac) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1799) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleServiceErrorResponse(AmazonHttpClient.java:1383) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1359) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1139) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:796) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:764) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:738) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:698) at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:680) at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:544) at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:524) at com.amazonaws.services.ecr.AmazonECRClient.doInvoke(AmazonECRClient.java:2383) at com.amazonaws.services.ecr.AmazonECRClient.invoke(AmazonECRClient.java:2350) at com.amazonaws.services.ecr.AmazonECRClient.invoke(AmazonECRClient.java:2339) at com.amazonaws.services.ecr.AmazonECRClient.executeGetAuthorizationToken(AmazonECRClient.java:1166) at com.amazonaws.services.ecr.AmazonECRClient.getAuthorizationToken(AmazonECRClient.java:1136) at com.cloudbees.jenkins.plugins.amazonecr.AmazonECSRegistryCredential.getPassword(AmazonECSRegistryCredential.java:131) at com.cloudbees.jenkins.plugins.bitbucket.api.credentials.BitbucketOAuthCredentialMatcher.matches(BitbucketOAuthCredentialMatcher.java:25) at com.cloudbees.plugins.credentials.matchers.AnyOfMatcher.matches(AnyOfMatcher.java:67) at com.cloudbees.plugins.credentials.CredentialsProvider.getCredentialIds(CredentialsProvider.java:1196) at com.cloudbees.plugins.credentials.CredentialsProvider.listCredentials(CredentialsProvider.java:484) at com.cloudbees.plugins.credentials.common.AbstractIdCredentialsListBoxModel.includeMatchingAs(AbstractIdCredentialsListBoxModel.java:499) at com.cloudbees.jenkins.plugins.bitbucket.endpoints.AbstractBitbucketEndpointDescriptor.doFillCredentialsIdItems(AbstractBitbucketEndpointDescriptor.java:61) at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627) at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396) Caused: java.lang.reflect.InvocationTargetException at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:400)
This is the screen shot: 
I believe it has something to do with a Amazon credentials provider and a few of the credentials I might have of that type, but not sure why this is happening.
It is related to the new OAuth feature - as the exception happens on BitbucketOAuthCredentialMatcher.
Thanks.
Attachments
Activity
Patched the plugin and tried with my local .hpi.
With below patch in the matcher method it is possible to open configuration pages and get the creds listcombobox populated without error.
... if(item.getClass().getName().equals("com.cloudbees.jenkins.plugins.amazonecr.AmazonECSRegistryCredential")) { return false; } ...
Same here running Jenkins 2.260.
Plugins:
ace-editor........................:1.1 antisamy-markup-formatter.........:2.1 apache-httpcomponents-client-4-api:4.5.10-2.0 authentication-tokens.............:1.4 blueocean-autofavorite............:1.2.4 blueocean-bitbucket-pipeline......:1.24.1 blueocean-commons.................:1.24.1 blueocean-config..................:1.24.1 blueocean-core-js.................:1.24.1 blueocean-dashboard...............:1.24.1 blueocean-display-url.............:2.4.0 blueocean-events..................:1.24.1 blueocean-git-pipeline............:1.24.1 blueocean-github-pipeline.........:1.24.1 blueocean-i18n....................:1.24.1 blueocean-jira....................:1.24.1 blueocean-jwt.....................:1.24.1 blueocean-personalization.........:1.24.1 blueocean-pipeline-api-impl.......:1.24.1 blueocean-pipeline-editor.........:1.24.1 blueocean-pipeline-scm-api........:1.24.1 blueocean-rest-impl...............:1.24.1 blueocean-rest....................:1.24.1 blueocean-web.....................:1.24.1 blueocean.........................:1.24.1 branch-api........................:2.6.0 cloudbees-bitbucket-branch-source.:2.9.4 cloudbees-folder..................:6.14 favorite..........................:2.3.2 credentials-binding...............:1.23 credentials.......................:2.3.13 display-url-api...................:2.3.3 docker-commons....................:1.17 docker-workflow...................:1.24 durable-task......................:1.35 git-client........................:3.5.1 git-server........................:1.9 git...............................:4.4.4 github-api........................:1.116 github-branch-source..............:2.9.1 github............................:1.31.0 handy-uri-templates-2-api.........:2.1.8-1.0 htmlpublisher.....................:1.23 jackson2-api......................:2.11.3 jenkins-design-language...........:1.24.1 jira..............................:3.1.1 jquery-detached...................:1.2.1 jsch..............................:0.1.55.2 junit.............................:1.38 mailer............................:1.32.1 matrix-auth.......................:2.6.3 matrix-project....................:1.18 mercurial.........................:2.10 pipeline-build-step...............:2.13 pipeline-graph-analysis...........:1.10 pipeline-input-step...............:2.12 pipeline-milestone-step...........:1.3.1 pipeline-model-api................:1.7.2 pipeline-model-definition.........:1.7.2 pubsub-light......................:1.13 pipeline-model-extensions.........:1.7.2 pipeline-stage-step...............:2.5 pipeline-stage-tags-metadata......:1.7.2 plain-credentials.................:1.7 scm-api...........................:2.6.4 script-security...................:1.75 sse-gateway.......................:1.23 ssh-credentials...................:1.18.1 structs...........................:1.20 token-macro.......................:2.12 variant...........................:1.3 workflow-api......................:2.40 workflow-basic-steps..............:2.22 workflow-cps-global-lib...........:2.17 workflow-cps......................:2.83 workflow-durable-task-step........:2.36 workflow-job......................:2.40 workflow-multibranch..............:2.22 workflow-scm-step.................:2.11 workflow-step-api.................:2.22 workflow-support..................:3.5 gradle............................:1.36 command-launcher..................:1.4 bouncycastle-api..................:2.18 build-timeout.....................:1.20 timestamper.......................:1.11.5 resource-disposer.................:0.14 azure-ad..........................:1.2.0 ws-cleanup........................:0.38 ant...............................:1.11 pipeline-rest-api.................:2.17 ssh-slaves........................:1.31.2 handlebars........................:1.1.1 jdk-tool..........................:1.4 momentjs..........................:1.1.1 pipeline-stage-view...............:2.17 lockable-resources................:2.10 workflow-aggregator...............:2.6 pipeline-github-lib...............:1.0 mapdb-api.........................:1.0.9.0 subversion........................:2.13.1 bitbucket.........................:1.1.27 pam-auth..........................:1.6 ldap..............................:1.26 email-ext.........................:2.77 aws-java-sdk......................:1.11.854 aws-credentials...................:1.28 pipeline-aws......................:1.42 azure-commons.....................:1.0.4 ssh-agent.........................:1.20 popper-api........................:1.16.0-6 analysis-model-api................:9.1.0 echarts-api.......................:4.9.0-1 atlassian-jira-software-cloud.....:1.1.0 plugin-util-api...................:1.3.0 jacoco............................:3.0.8 data-tables-api...................:1.10.21-2 font-awesome-api..................:5.14.0-1 forensics-api.....................:0.7.0 git-forensics.....................:0.7.0 swarm.............................:3.23 Office-365-Connector..............:4.13.2 warnings-ng.......................:8.4.4 ec2...............................:1.53 jquery3-api.......................:3.5.1-1 pipeline-utility-steps............:2.6.1 trilead-api.......................:1.0.11 bootstrap4-api....................:4.5.2-1 config-file-provider..............:3.7.0 configuration-as-code.............:1.44 oauth-credentials.................:0.4 google-play-android-publisher.....:4.0 checks-api........................:1.0.2 node-iterator-api.................:1.5.0 gatling...........................:1.3.0 amazon-ecr........................:1.6 basic-branch-build-strategies.....:1.3.2 configuration-as-code-groovy......:1.1 google-oauth-plugin...............:1.0.2 snakeyaml-api.....................:1.27.0 ansicolor.........................:0.7.3 okhttp-api........................:3.14.9 build-monitor-plugin..............:1.12+build.201809061734 jira-steps........................:1.6.0
It seems to be the `amazon-ecr` plugin and the credentials type it brings that causes the problem. If I disable the plugin I can open the job configuration page as expected. The Bitbucket credentials matcher triggers `com.cloudbees.jenkins.plugins.amazonecr.AmazonECSRegistryCredential.getPassword` which triggers communication with AWS.
The AmazonECSRegistryCredential implements StandardUsernamePasswordCredentials which explains why it is in the loop.
I duplicated this on https://github.com/jenkinsci/bitbucket-branch-source-plugin/issues/311 as I don't know which bug system is being looked at.
Maksym Bordun
added a comment - Jenkins 2.222.3 is also affected. Same here. The credentials dropdown also doesn't work for existing Bitbucket branch sources but it does work when adding a fresh Bitbucket source on a project.
Roberto Devesa
added a comment - - edited Same here. The credentials dropdown also doesn't work for existing Bitbucket branch sources but it does work when adding a fresh Bitbucket source on a project.
https://github.com/jenkinsci/bitbucket-branch-source-plugin/releases/tag/cloudbees-bitbucket-branch-source-2.9.5 should fix this.