Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-62811

p4.client.ConnectionHelper is not able to find proper credentials, hence P4Trigger.matchServer always fails

      Hello

      Already did quite debugging through our Jenkins instance script console.

      We are using Jenkins 2.235.1, P4 plugin 1.10.13. I have a Pipeline job with Jenkinsfile from SCM, manual run works, P4 triggers never actually run any job (logs are getting stopped at "Probe", never got to "Poke").

      Here are how our credentials currently look like (under folder, jenkins_url/job/my_folderA/credentials/):

      Sorry for that amount, but initially I was thinking it's about port string matching, tried everything (proxy, etc).

      This is the script with commands I used based on github repo with links attached.

      import org.jenkinsci.plugins.p4.trigger.P4Trigger
      import org.jenkinsci.plugins.p4.trigger.P4Hook
      import jenkins.triggers.SCMTriggerItem;
      import org.jenkinsci.plugins.p4.PerforceScm;
      import org.jenkinsci.plugins.p4.client.ConnectionHelper;
      import org.jenkinsci.plugins.p4.credentials.P4BaseCredentials;
      import hudson.security.ACL;
      import com.cloudbees.plugins.credentials.domains.DomainRequirement;
      import org.acegisecurity.Authentication;
      import com.cloudbees.plugins.credentials.CredentialsProvider;
      
      Jenkins.instance.getAllItems(AbstractItem.class).each {
      
        if(it.fullName.contains("test_p4_internal_tools_integration-dns")) {
          println(it.fullName)
          job = it
        }
      }
      
      println("mimicing p4 stuff about matching server")
      // https://github.com/jenkinsci/p4-plugin/blob/e48626f04ebc1ce7f7b3dcba8bcc3195800187cb/src/main/java/org/jenkinsci/plugins/p4/trigger/P4Trigger.java#L117
      SCMTriggerItem item = SCMTriggerItem.SCMTriggerItems.asSCMTriggerItem(job)
      println("item=" + item)
      
      scmTrigger = item.getSCMs()[0]
      println(scmTrigger)
      
      PerforceScm p4scm = PerforceScm.convertToPerforceScm(scmTrigger);
      println(p4scm)
      
      println()
      
      println("getting credentials from p4 scm")
      String id = p4scm.getCredential();
      println(id)
      println("these already are correct")
      println()
      
      println("getting credentials from connection helper")
      P4BaseCredentials credential = ConnectionHelper.findCredential(id);
      println(credential)
      println("these is null? investigating further")
      println()
      
      println("Mimicing Connection helper, which seems to be used in a deprecated way? ")
      // https://github.com/jenkinsci/p4-plugin/blob/e48626f04ebc1ce7f7b3dcba8bcc3195800187cb/src/main/java/org/jenkinsci/plugins/p4/trigger/P4Trigger.java#L125
      //	@Deprecated
      //	public static P4BaseCredentials findCredential(String id)
      //  Use {@link #findCredential(String, ItemGroup)} or {@link #findCredential(String, Item)}
      Class<P4BaseCredentials> type = P4BaseCredentials.class;
      Jenkins scope = Jenkins.getInstance();
      Authentication acl = ACL.SYSTEM;
      DomainRequirement domain = new DomainRequirement();
      
      List<P4BaseCredentials> list;
      list = CredentialsProvider.lookupCredentials(type, scope, acl, domain);
      
      println()
      println("Iterating over found ids in deprecated way")
      for (P4BaseCredentials c : list) {
        println(c)
        println(c.getId())
      }
      println("Done. Found only First Jenkins credential ??")
      
      
      println()
      println("Trying out proposed method from deprecation with a job as a item argument")
      P4BaseCredentials credential2 = ConnectionHelper.findCredential(id, job);
      println(credential2.id)
      println("success")

       

      And this is the output:

      mmatczak/my_job_name
      mimicing p4 stuff about matching server
      item=org.jenkinsci.plugins.workflow.job.WorkflowJob@f268a73[mmatczak/my_job_name]
      org.jenkinsci.plugins.p4.PerforceScm@74f88dbf
      org.jenkinsci.plugins.p4.PerforceScm@74f88dbf
      
      getting credentials from p4 scm
      11e31****************************
      these already are correct
      
      getting credentials from connection helper
      null
      these is null? investigating further
      
      Mimicing Connection helper, which seems to be used in a deprecated way? 
      
      Iterating over found ids in deprecated way
      org.jenkinsci.plugins.p4.credentials.P4PasswordImpl@e822e5d7
      8f66*****************************
      Done. Found only First Jenkins credential ??
      
      Trying out proposed method from deprecation with a job as a item argument
      11e31****************************
      success

       

      Short summary what I think is happening:

      https://github.com/jenkinsci/p4-plugin/blob/e48626f04ebc1ce7f7b3dcba8bcc3195800187cb/src/main/java/org/jenkinsci/plugins/p4/trigger/P4Trigger.java#L125

      uses deprecated method from ConnectionHelper as stated here (which returns null, so matchServer returns false): https://github.com/jenkinsci/p4-plugin/blob/e48626f04ebc1ce7f7b3dcba8bcc3195800187cb/src/main/java/org/jenkinsci/plugins/p4/client/ConnectionHelper.java#L839

      When I added my job as a second argument it was able to fetch correct credentials.

      If I missed any info needed - please let me know.

      Thanks!

      Maciej

          [JENKINS-62811] p4.client.ConnectionHelper is not able to find proper credentials, hence P4Trigger.matchServer always fails

          Karl Wirth added a comment -

          Hi mmatczak

          Thanks for the level of investigation here. When did it statrt failling. Did you upgrade from 1.10.12 or an earlier version?

          Also can you please show me an example of:

               When I added my job as a second argument it was able to fetch correct credentials.

          Thanks in advance,

          Karl

          Karl Wirth added a comment - Hi mmatczak Thanks for the level of investigation here. When did it statrt failling. Did you upgrade from 1.10.12 or an earlier version? Also can you please show me an example of:      When I added my job as a second argument it was able to fetch correct credentials. Thanks in advance, Karl

          Hi p4karl,

          I have no such data unfortunately, I either started from clean docker instance (and had problems with triggering - no debugging was performed then) or we tried updating quite older instance of Jenkins making quite a big jump. 1.10.12 was not working as well though.

          If you have some propositions over which versions to test, I can install it manually.

          Answering a second question - it's a last paragraph in code I attached, just using a findCredential(String credentialsId, Item item) method of ConnectionHelper. And job, was the job object I found in first lines of the script.

          Let me put emphasis on that fact: this job is placed inside a folder. I didn't try moving it to a root.

           

          Maciej Matczak added a comment - Hi p4karl , I have no such data unfortunately, I either started from clean docker instance (and had problems with triggering - no debugging was performed then) or we tried updating quite older instance of Jenkins making quite a big jump. 1.10.12 was not working as well though. If you have some propositions over which versions to test, I can install it manually. Answering a second question - it's a last paragraph in code I attached, just using a findCredential(String credentialsId, Item item) method of ConnectionHelper. And job, was the job object I found in first lines of the script. Let me put emphasis on that fact: this job is placed inside a folder. I didn't try moving it to a root.  

          Paul Allen added a comment -

          Hi Maciej,

          Thank you for the investigation.  You are correct in that the trigger code should not be using the deprecated credential method. Using 'job' as the Item should fetch the credentials when using Folders; I'll make the code change in main/master and send a link out for you to try.

          Kind regards,

          Paul

          Paul Allen added a comment - Hi Maciej, Thank you for the investigation.  You are correct in that the trigger code should not be using the deprecated credential method. Using 'job' as the Item should fetch the credentials when using Folders; I'll make the code change in main/master and send a link out for you to try. Kind regards, Paul

          Let me add more description.

          The 2nd credentials (11e3) are the one I have set in my pipeline job.

          ConnectionHelper.findCredential finds only first credentials (8f66).

          (because a way how it's invoked right now https://github.com/jenkinsci/p4-plugin/blob/e48626f04ebc1ce7f7b3dcba8bcc3195800187cb/src/main/java/org/jenkinsci/plugins/p4/trigger/P4Trigger.java#L125

          In the loop:

          https://github.com/jenkinsci/p4-plugin/blob/e48626f04ebc1ce7f7b3dcba8bcc3195800187cb/src/main/java/org/jenkinsci/plugins/p4/client/ConnectionHelper.java#L852

          8f66 != 11e3, the 8f66 is the only one iterated over, so last `return null` is invoked.

          Maciej Matczak added a comment - Let me add more description. The 2nd credentials (11e3) are the one I have set in my pipeline job. ConnectionHelper.findCredential finds  only first credentials (8f66). (because a way how it's invoked right now https://github.com/jenkinsci/p4-plugin/blob/e48626f04ebc1ce7f7b3dcba8bcc3195800187cb/src/main/java/org/jenkinsci/plugins/p4/trigger/P4Trigger.java#L125 )  In the loop: https://github.com/jenkinsci/p4-plugin/blob/e48626f04ebc1ce7f7b3dcba8bcc3195800187cb/src/main/java/org/jenkinsci/plugins/p4/client/ConnectionHelper.java#L852 8f66 != 11e3, the 8f66 is the only one iterated over, so last `return null` is invoked.

          Karl Wirth added a comment -

          Hi mmatczak

          p4paul has pushed a fix to the mainline that in my testing fixes the problem. Would you be able to test this HPI?

             https://ci.jenkins.io/job/Plugins/job/p4-plugin/job/master/455/

          If you confirm it works the fix will be pushed in the next Jenkins release.

          Regards,

          Karl

          Karl Wirth added a comment - Hi mmatczak p4paul has pushed a fix to the mainline that in my testing fixes the problem. Would you be able to test this HPI?    https://ci.jenkins.io/job/Plugins/job/p4-plugin/job/master/455/ If you confirm it works the fix will be pushed in the next Jenkins release. Regards, Karl

          Hi p4karl,

          Thanks p4paul! I tested the .hpi from this build and was able to successfully run my jobs from from in-Jenkins P4 trigger (web manual trigger), as well via curl.

          Works as expected!

          Thanks one more time, 

          Maciej

          Maciej Matczak added a comment - Hi p4karl , Thanks p4paul ! I tested the .hpi from this build and was able to successfully run my jobs from from in-Jenkins P4 trigger (web manual trigger), as well via curl. Works as expected! Thanks one more time,  Maciej

          Paul Allen added a comment -

          Hi Maciej,

          Thank you for testing the fix.  I have a P4Java update planned for the end of of July and will include this fix in the p4-plugin release.  If you need an official release sooner do let me know.

          Kind regards,

          Paul

          Paul Allen added a comment - Hi Maciej, Thank you for testing the fix.  I have a P4Java update planned for the end of of July and will include this fix in the p4-plugin release.  If you need an official release sooner do let me know. Kind regards, Paul

          Hi p4paul,

          Thanks as well.

          We are a bit locked from using P4 Trigger because of that bug and I would like to avoid installing "nightly" on our prod Jenkins instance. I would really appreciate having something quicker. 

          On the other side, we are slowly starting to incorporate that flow, we could prototype some flows first.

          That being said l - if you can cherry pick that one and make quick release, it would be awesome - in week/two it would be installed in our prod instance.

          Thanks,

          Maciej

          Maciej Matczak added a comment - Hi p4paul , Thanks as well. We are a bit locked from using P4 Trigger because of that bug and I would like to avoid installing "nightly" on our prod Jenkins instance. I would really appreciate having something quicker.  On the other side, we are slowly starting to incorporate that flow, we could prototype some flows first. That being said l - if you can cherry pick that one and make quick release, it would be awesome - in week/two it would be installed in our prod instance. Thanks, Maciej

          Paul Allen added a comment -

          Released in 1.10.14

          Paul Allen added a comment - Released in 1.10.14

            p4karl Karl Wirth
            mmatczak Maciej Matczak
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: