Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-62180

Exception on reading the Jenkins settings for Bitbucket Cloud

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      I am getting an exception when I open Manage Jenkins -> Configuration after installing the newest version of Bitbucket Cloud 2.8.0.

       

      Error while serving https://system-dev-jenkins.build.mttnow.com/descriptorByName/com.cloudbees.jenkins.plugins.bitbucket.endpoints.BitbucketCloudEndpoint/fillCredentialsIdItems com.amazonaws.services.ecr.model.AmazonECRException: The security token included in the request is invalid (Service: AmazonECR; Status Code: 400; Error Code: UnrecognizedClientException; Request ID: bb63ccfc-1924-475f-bf3e-9d219f70d6ac) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1799) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleServiceErrorResponse(AmazonHttpClient.java:1383) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1359) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1139) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:796) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:764) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:738) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:698) at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:680) at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:544) at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:524) at com.amazonaws.services.ecr.AmazonECRClient.doInvoke(AmazonECRClient.java:2383) at com.amazonaws.services.ecr.AmazonECRClient.invoke(AmazonECRClient.java:2350) at com.amazonaws.services.ecr.AmazonECRClient.invoke(AmazonECRClient.java:2339) at com.amazonaws.services.ecr.AmazonECRClient.executeGetAuthorizationToken(AmazonECRClient.java:1166) at com.amazonaws.services.ecr.AmazonECRClient.getAuthorizationToken(AmazonECRClient.java:1136) at com.cloudbees.jenkins.plugins.amazonecr.AmazonECSRegistryCredential.getPassword(AmazonECSRegistryCredential.java:131) at com.cloudbees.jenkins.plugins.bitbucket.api.credentials.BitbucketOAuthCredentialMatcher.matches(BitbucketOAuthCredentialMatcher.java:25) at com.cloudbees.plugins.credentials.matchers.AnyOfMatcher.matches(AnyOfMatcher.java:67) at com.cloudbees.plugins.credentials.CredentialsProvider.getCredentialIds(CredentialsProvider.java:1196) at com.cloudbees.plugins.credentials.CredentialsProvider.listCredentials(CredentialsProvider.java:484) at com.cloudbees.plugins.credentials.common.AbstractIdCredentialsListBoxModel.includeMatchingAs(AbstractIdCredentialsListBoxModel.java:499) at com.cloudbees.jenkins.plugins.bitbucket.endpoints.AbstractBitbucketEndpointDescriptor.doFillCredentialsIdItems(AbstractBitbucketEndpointDescriptor.java:61) at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627) at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396) Caused: java.lang.reflect.InvocationTargetException at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:400)
      

      This is the screen shot:

      I believe it has something to do with a Amazon credentials provider and a few of the credentials I might have of that type, but not sure why this is happening.

      It is related to the new OAuth feature - as the exception happens on BitbucketOAuthCredentialMatcher.

      Thanks.

       

       

        Attachments

          Activity

          Show
          bitwiseman Liam Newman added a comment - https://github.com/jenkinsci/bitbucket-branch-source-plugin/releases/tag/cloudbees-bitbucket-branch-source-2.9.5 should fix this.
          Hide
          patriks Patrik Schalin added a comment -

          Patched the plugin and tried with my local .hpi.

           

          With below patch in the matcher method it is possible to open configuration pages and get the creds listcombobox populated without error.

          ...
          if(item.getClass().getName().equals("com.cloudbees.jenkins.plugins.amazonecr.AmazonECSRegistryCredential")) {
              return false;
          }
          ...
          Show
          patriks Patrik Schalin added a comment - Patched the plugin and tried with my local .hpi.   With below patch in the matcher method it is possible to open configuration pages and get the creds listcombobox populated without error. ... if (item.getClass().getName().equals( "com.cloudbees.jenkins.plugins.amazonecr.AmazonECSRegistryCredential" )) { return false ; } ...
          Hide
          patriks Patrik Schalin added a comment -

          Same here running Jenkins 2.260.

          Plugins:

          ace-editor........................:1.1
          antisamy-markup-formatter.........:2.1
          apache-httpcomponents-client-4-api:4.5.10-2.0
          authentication-tokens.............:1.4
          blueocean-autofavorite............:1.2.4
          blueocean-bitbucket-pipeline......:1.24.1
          blueocean-commons.................:1.24.1
          blueocean-config..................:1.24.1
          blueocean-core-js.................:1.24.1
          blueocean-dashboard...............:1.24.1
          blueocean-display-url.............:2.4.0
          blueocean-events..................:1.24.1
          blueocean-git-pipeline............:1.24.1
          blueocean-github-pipeline.........:1.24.1
          blueocean-i18n....................:1.24.1
          blueocean-jira....................:1.24.1
          blueocean-jwt.....................:1.24.1
          blueocean-personalization.........:1.24.1
          blueocean-pipeline-api-impl.......:1.24.1
          blueocean-pipeline-editor.........:1.24.1
          blueocean-pipeline-scm-api........:1.24.1
          blueocean-rest-impl...............:1.24.1
          blueocean-rest....................:1.24.1
          blueocean-web.....................:1.24.1
          blueocean.........................:1.24.1
          branch-api........................:2.6.0
          cloudbees-bitbucket-branch-source.:2.9.4
          cloudbees-folder..................:6.14
          favorite..........................:2.3.2
          credentials-binding...............:1.23
          credentials.......................:2.3.13
          display-url-api...................:2.3.3
          docker-commons....................:1.17
          docker-workflow...................:1.24
          durable-task......................:1.35
          git-client........................:3.5.1
          git-server........................:1.9
          git...............................:4.4.4
          github-api........................:1.116
          github-branch-source..............:2.9.1
          github............................:1.31.0
          handy-uri-templates-2-api.........:2.1.8-1.0
          htmlpublisher.....................:1.23
          jackson2-api......................:2.11.3
          jenkins-design-language...........:1.24.1
          jira..............................:3.1.1
          jquery-detached...................:1.2.1
          jsch..............................:0.1.55.2
          junit.............................:1.38
          mailer............................:1.32.1
          matrix-auth.......................:2.6.3
          matrix-project....................:1.18
          mercurial.........................:2.10
          pipeline-build-step...............:2.13
          pipeline-graph-analysis...........:1.10
          pipeline-input-step...............:2.12
          pipeline-milestone-step...........:1.3.1
          pipeline-model-api................:1.7.2
          pipeline-model-definition.........:1.7.2
          pubsub-light......................:1.13
          pipeline-model-extensions.........:1.7.2
          pipeline-stage-step...............:2.5
          pipeline-stage-tags-metadata......:1.7.2
          plain-credentials.................:1.7
          scm-api...........................:2.6.4
          script-security...................:1.75
          sse-gateway.......................:1.23
          ssh-credentials...................:1.18.1
          structs...........................:1.20
          token-macro.......................:2.12
          variant...........................:1.3
          workflow-api......................:2.40
          workflow-basic-steps..............:2.22
          workflow-cps-global-lib...........:2.17
          workflow-cps......................:2.83
          workflow-durable-task-step........:2.36
          workflow-job......................:2.40
          workflow-multibranch..............:2.22
          workflow-scm-step.................:2.11
          workflow-step-api.................:2.22
          workflow-support..................:3.5
          gradle............................:1.36
          command-launcher..................:1.4
          bouncycastle-api..................:2.18
          build-timeout.....................:1.20
          timestamper.......................:1.11.5
          resource-disposer.................:0.14
          azure-ad..........................:1.2.0
          ws-cleanup........................:0.38
          ant...............................:1.11
          pipeline-rest-api.................:2.17
          ssh-slaves........................:1.31.2
          handlebars........................:1.1.1
          jdk-tool..........................:1.4
          momentjs..........................:1.1.1
          pipeline-stage-view...............:2.17
          lockable-resources................:2.10
          workflow-aggregator...............:2.6
          pipeline-github-lib...............:1.0
          mapdb-api.........................:1.0.9.0
          subversion........................:2.13.1
          bitbucket.........................:1.1.27
          pam-auth..........................:1.6
          ldap..............................:1.26
          email-ext.........................:2.77
          aws-java-sdk......................:1.11.854
          aws-credentials...................:1.28
          pipeline-aws......................:1.42
          azure-commons.....................:1.0.4
          ssh-agent.........................:1.20
          popper-api........................:1.16.0-6
          analysis-model-api................:9.1.0
          echarts-api.......................:4.9.0-1
          atlassian-jira-software-cloud.....:1.1.0
          plugin-util-api...................:1.3.0
          jacoco............................:3.0.8
          data-tables-api...................:1.10.21-2
          font-awesome-api..................:5.14.0-1
          forensics-api.....................:0.7.0
          git-forensics.....................:0.7.0
          swarm.............................:3.23
          Office-365-Connector..............:4.13.2
          warnings-ng.......................:8.4.4
          ec2...............................:1.53
          jquery3-api.......................:3.5.1-1
          pipeline-utility-steps............:2.6.1
          trilead-api.......................:1.0.11
          bootstrap4-api....................:4.5.2-1
          config-file-provider..............:3.7.0
          configuration-as-code.............:1.44
          oauth-credentials.................:0.4
          google-play-android-publisher.....:4.0
          checks-api........................:1.0.2
          node-iterator-api.................:1.5.0
          gatling...........................:1.3.0
          amazon-ecr........................:1.6
          basic-branch-build-strategies.....:1.3.2
          configuration-as-code-groovy......:1.1
          google-oauth-plugin...............:1.0.2
          snakeyaml-api.....................:1.27.0
          ansicolor.........................:0.7.3
          okhttp-api........................:3.14.9
          build-monitor-plugin..............:1.12+build.201809061734
          jira-steps........................:1.6.0
          

          It seems to be the `amazon-ecr` plugin and the credentials type it brings that causes the problem. If I disable the plugin I can open the job configuration page as expected. The Bitbucket credentials matcher triggers `com.cloudbees.jenkins.plugins.amazonecr.AmazonECSRegistryCredential.getPassword` which triggers communication with AWS.

          The AmazonECSRegistryCredential implements StandardUsernamePasswordCredentials which explains why it is in the loop.

          Show
          patriks Patrik Schalin added a comment - Same here running Jenkins 2.260. Plugins: ace-editor........................:1.1 antisamy-markup-formatter.........:2.1 apache-httpcomponents-client-4-api:4.5.10-2.0 authentication-tokens.............:1.4 blueocean-autofavorite............:1.2.4 blueocean-bitbucket-pipeline......:1.24.1 blueocean-commons.................:1.24.1 blueocean-config..................:1.24.1 blueocean-core-js.................:1.24.1 blueocean-dashboard...............:1.24.1 blueocean-display-url.............:2.4.0 blueocean-events..................:1.24.1 blueocean-git-pipeline............:1.24.1 blueocean-github-pipeline.........:1.24.1 blueocean-i18n....................:1.24.1 blueocean-jira....................:1.24.1 blueocean-jwt.....................:1.24.1 blueocean-personalization.........:1.24.1 blueocean-pipeline-api-impl.......:1.24.1 blueocean-pipeline-editor.........:1.24.1 blueocean-pipeline-scm-api........:1.24.1 blueocean- rest -impl...............:1.24.1 blueocean- rest ....................:1.24.1 blueocean-web.....................:1.24.1 blueocean.........................:1.24.1 branch-api........................:2.6.0 cloudbees-bitbucket-branch-source.:2.9.4 cloudbees-folder..................:6.14 favorite..........................:2.3.2 credentials-binding...............:1.23 credentials.......................:2.3.13 display-url-api...................:2.3.3 docker-commons....................:1.17 docker-workflow...................:1.24 durable-task......................:1.35 git-client........................:3.5.1 git-server........................:1.9 git...............................:4.4.4 github-api........................:1.116 github-branch-source..............:2.9.1 github............................:1.31.0 handy-uri-templates-2-api.........:2.1.8-1.0 htmlpublisher.....................:1.23 jackson2-api......................:2.11.3 jenkins-design-language...........:1.24.1 jira..............................:3.1.1 jquery-detached...................:1.2.1 jsch..............................:0.1.55.2 junit.............................:1.38 mailer............................:1.32.1 matrix-auth.......................:2.6.3 matrix-project....................:1.18 mercurial.........................:2.10 pipeline-build-step...............:2.13 pipeline-graph-analysis...........:1.10 pipeline-input-step...............:2.12 pipeline-milestone-step...........:1.3.1 pipeline-model-api................:1.7.2 pipeline-model-definition.........:1.7.2 pubsub-light......................:1.13 pipeline-model-extensions.........:1.7.2 pipeline-stage-step...............:2.5 pipeline-stage-tags-metadata......:1.7.2 plain-credentials.................:1.7 scm-api...........................:2.6.4 script-security...................:1.75 sse-gateway.......................:1.23 ssh-credentials...................:1.18.1 structs...........................:1.20 token-macro.......................:2.12 variant...........................:1.3 workflow-api......................:2.40 workflow-basic-steps..............:2.22 workflow-cps-global-lib...........:2.17 workflow-cps......................:2.83 workflow-durable-task-step........:2.36 workflow-job......................:2.40 workflow-multibranch..............:2.22 workflow-scm-step.................:2.11 workflow-step-api.................:2.22 workflow-support..................:3.5 gradle............................:1.36 command-launcher..................:1.4 bouncycastle-api..................:2.18 build-timeout.....................:1.20 timestamper.......................:1.11.5 resource-disposer.................:0.14 azure-ad..........................:1.2.0 ws-cleanup........................:0.38 ant...............................:1.11 pipeline- rest -api.................:2.17 ssh-slaves........................:1.31.2 handlebars........................:1.1.1 jdk-tool..........................:1.4 momentjs..........................:1.1.1 pipeline-stage-view...............:2.17 lockable-resources................:2.10 workflow-aggregator...............:2.6 pipeline-github-lib...............:1.0 mapdb-api.........................:1.0.9.0 subversion........................:2.13.1 bitbucket.........................:1.1.27 pam-auth..........................:1.6 ldap..............................:1.26 email-ext.........................:2.77 aws-java-sdk......................:1.11.854 aws-credentials...................:1.28 pipeline-aws......................:1.42 azure-commons.....................:1.0.4 ssh-agent.........................:1.20 popper-api........................:1.16.0-6 analysis-model-api................:9.1.0 echarts-api.......................:4.9.0-1 atlassian-jira-software-cloud.....:1.1.0 plugin-util-api...................:1.3.0 jacoco............................:3.0.8 data-tables-api...................:1.10.21-2 font-awesome-api..................:5.14.0-1 forensics-api.....................:0.7.0 git-forensics.....................:0.7.0 swarm.............................:3.23 Office-365-Connector..............:4.13.2 warnings-ng.......................:8.4.4 ec2...............................:1.53 jquery3-api.......................:3.5.1-1 pipeline-utility-steps............:2.6.1 trilead-api.......................:1.0.11 bootstrap4-api....................:4.5.2-1 config-file-provider..............:3.7.0 configuration-as-code.............:1.44 oauth-credentials.................:0.4 google-play-android-publisher.....:4.0 checks-api........................:1.0.2 node-iterator-api.................:1.5.0 gatling...........................:1.3.0 amazon-ecr........................:1.6 basic-branch-build-strategies.....:1.3.2 configuration-as-code-groovy......:1.1 google-oauth-plugin...............:1.0.2 snakeyaml-api.....................:1.27.0 ansicolor.........................:0.7.3 okhttp-api........................:3.14.9 build-monitor-plugin..............:1.12+build.201809061734 jira-steps........................:1.6.0 It seems to be the `amazon-ecr` plugin and the credentials type it brings that causes the problem. If I disable the plugin I can open the job configuration page as expected. The Bitbucket credentials matcher triggers `com.cloudbees.jenkins.plugins.amazonecr.AmazonECSRegistryCredential.getPassword` which triggers communication with AWS. The AmazonECSRegistryCredential implements StandardUsernamePasswordCredentials which explains why it is in the loop.
          Hide
          michelzanini Michel Zanini added a comment -

          I duplicated this on https://github.com/jenkinsci/bitbucket-branch-source-plugin/issues/311 as I don't know which bug system is being looked at.

          Show
          michelzanini Michel Zanini added a comment - I duplicated this on  https://github.com/jenkinsci/bitbucket-branch-source-plugin/issues/311  as I don't know which bug system is being looked at.
          Hide
          maksym_bordun Maksym Bordun added a comment -

          Jenkins 2.222.3 is also affected.

          Show
          maksym_bordun Maksym Bordun added a comment - Jenkins 2.222.3 is also affected.
          Hide
          roberd Roberto Devesa added a comment - - edited

          Same here. The credentials dropdown also doesn't work for existing Bitbucket branch sources but it does work when adding a fresh Bitbucket source on a project.

          Show
          roberd Roberto Devesa added a comment - - edited Same here. The credentials dropdown also doesn't work for existing Bitbucket branch sources but it does work when adding a fresh Bitbucket source on a project.

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            michelzanini Michel Zanini
            Votes:
            3 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: