Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-65213

the global-scoped credentials cannot be read

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Critical Critical
    • credentials-plugin
    • None
    • Jenkins 2.263.4
      authorize-project:1.4.0
      role-strategy:3.1.1

      The plugin's strategy has been enabled with Run as anonymous, As well as its permissions have already contained the Credentials/View by role-strategy plugin, However, The build output prints out the message: ERROR: Could not find credentials matching MY-PWD, Therefore, I assume that the plugin doesn't have this covered? Which I decided to restore my settings back by not using it even if there's a warning saying about strongly recommending using this plugin from Manage Jenkins page.

          [JENKINS-65213] the global-scoped credentials cannot be read

          github.com/caryyu created issue -
          github.com/caryyu made changes -
          Description Original: the plugin's strategy has been enabled with +Run as anonymous+, as well as its permissions have already contained the +Credentials/View+ by role-strategy plugin, however, the build output prints out the message: +ERROR: Could not find credentials matching MY-PWD+, therefore, I assume that the plugin doesn't have this covered? which I restored back by not using it even if there's a warning saying about strongly recommending using this plugin at Manage Jenkins page. New: The plugin's strategy has been enabled with +Run as anonymous+, As well as its permissions have already contained the +Credentials/View+ by role-strategy plugin, However, The build output prints out the message: +ERROR: Could not find credentials matching MY-PWD+, Therefore, I assume that the plugin doesn't have this covered? Which I decided to restore my settings back by not using it even if there's a warning saying about strongly recommending using this plugin at Manage Jenkins page.
          github.com/caryyu made changes -
          Description Original: The plugin's strategy has been enabled with +Run as anonymous+, As well as its permissions have already contained the +Credentials/View+ by role-strategy plugin, However, The build output prints out the message: +ERROR: Could not find credentials matching MY-PWD+, Therefore, I assume that the plugin doesn't have this covered? Which I decided to restore my settings back by not using it even if there's a warning saying about strongly recommending using this plugin at Manage Jenkins page. New: The plugin's strategy has been enabled with +Run as anonymous+, As well as its permissions have already contained the +Credentials/View+ by role-strategy plugin, However, The build output prints out the message: +ERROR: Could not find credentials matching MY-PWD+, Therefore, I assume that the plugin doesn't have this covered? Which I decided to restore my settings back by not using it even if there's a warning saying about strongly recommending using this plugin from Manage Jenkins page.

          ikedam added a comment -

          It looks an issue of credentials plugin.
          Job/Read and Job/Configure permissions are required to use credentials.
          I'm not sure this is an expected behavior, updated component/s and reassign this issue.

          I tested with the following pipeline:

          pipeline {
    agent any;
    environment {
        TEST_VALUE = credentials('test-credentials')
    }
    stages {
        stage('print credentials') {
            steps {
                echo env.TEST_VALUE
            }
        }
    }
}
          • No Job/Read permission for anonymous caused NPE 
            java.lang.NullPointerException
	at java.util.Objects.requireNonNull(Objects.java:203)
	at com.cloudbees.plugins.credentials.CredentialsProvider.findCredentialById(CredentialsProvider.java:886)
	at com.cloudbees.plugins.credentials.CredentialsProvider.findCredentialById(CredentialsProvider.java:862)
	at org.jenkinsci.plugins.pipeline.modeldefinition.model.CredentialsBindingHandler.forId(CredentialsBindingHandler.java:101)
	at org.jenkinsci.plugins.pipeline.modeldefinition.model.CredentialsBindingHandler$forId.call(Unknown Source)
	at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
	at com.cloudbees.groovy.cps.sandbox.DefaultInvoker.methodCall(DefaultInvoker.java:20)
	at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.withCredentialsBlock(ModelInterpreter.groovy:463)
	at com.cloudbees.groovy.cps.CpsDefaultGroovyMethods.callClosureForMapEntry(CpsDefaultGroovyMethods:5226)
	at com.cloudbees.groovy.cps.CpsDefaultGroovyMethods.each(CpsDefaultGroovyMethods:2107)
	at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.withCredentialsBlock(ModelInterpreter.groovy:461)
          • No Job/Configure permission for anonymous caused ERROR: test-credentials. 
            Started by user admin
Running as anonymous
Running in Durability level: MAX_SURVIVABILITY
[Pipeline] Start of Pipeline
[Pipeline] node
Running on Jenkins in /var/jenkins_home/workspace/test
[Pipeline] {
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: test-credentials
Finished: FAILURE

          ikedam added a comment - It looks an issue of credentials plugin. Job/Read and Job/Configure permissions are required to use credentials. I'm not sure this is an expected behavior, updated component/s and reassign this issue. I tested with the following pipeline: pipeline { agent any; environment { TEST_VALUE = credentials( 'test-credentials' ) } stages { stage( 'print credentials' ) { steps { echo env.TEST_VALUE } } } } No Job/Read permission for anonymous caused NPE java.lang.NullPointerException at java.util.Objects.requireNonNull(Objects.java:203) at com.cloudbees.plugins.credentials.CredentialsProvider.findCredentialById(CredentialsProvider.java:886) at com.cloudbees.plugins.credentials.CredentialsProvider.findCredentialById(CredentialsProvider.java:862) at org.jenkinsci.plugins.pipeline.modeldefinition.model.CredentialsBindingHandler.forId(CredentialsBindingHandler.java:101) at org.jenkinsci.plugins.pipeline.modeldefinition.model.CredentialsBindingHandler$forId.call(Unknown Source) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113) at com.cloudbees.groovy.cps.sandbox.DefaultInvoker.methodCall(DefaultInvoker.java:20) at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.withCredentialsBlock(ModelInterpreter.groovy:463) at com.cloudbees.groovy.cps.CpsDefaultGroovyMethods.callClosureForMapEntry(CpsDefaultGroovyMethods:5226) at com.cloudbees.groovy.cps.CpsDefaultGroovyMethods.each(CpsDefaultGroovyMethods:2107) at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.withCredentialsBlock(ModelInterpreter.groovy:461) No Job/Configure permission for anonymous caused ERROR: test-credentials . Started by user admin Running as anonymous Running in Durability level: MAX_SURVIVABILITY [Pipeline] Start of Pipeline [Pipeline] node Running on Jenkins in / var /jenkins_home/workspace/test [Pipeline] { [Pipeline] } [Pipeline] // node [Pipeline] End of Pipeline ERROR: test-credentials Finished: FAILURE
          ikedam made changes -
          Component/s New: credentials-plugin [ 16523 ]
          Component/s Original: authorize-project-plugin [ 18155 ]
          Assignee Original: ikedam [ ikedam ]

            Unassigned Unassigned
            caryyu github.com/caryyu
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: