Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-66118

HTTP Request Plugin may fail with remote credentials providers

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • http-request-plugin
    • None

      The HTTP request plugin appears not to snapshot credentials before use. This means that credential lookups for the HTTP request plugin may fail in the following conditions:

      • Jenkins is run in distributed mode (builds on different nodes from the controller)
      • A remote credential provider is used to provide credentials to an HTTP request
      • The remote provider uses live lookups of secret values, rather than caching secret values by default. (Note: live lookups are recommended practice to avoid unnecessarily storing the secret in memory.)

      If correct, the immediate fix would be to have the plugin snapshot credentials before use.

      There is also a wider view to take here. Consumer plugins don't generally know that they should snapshot credentials before use to make distributed setups work, because there's nothing in the credentials API that suggests you need to do this. So it shouldn't really be the responsibility of individual consumer plugins to take snapshots. Perhaps there needs to be some intermediate credentials API proxy class that transparently snapshots credentials upon access, which is loaded when Jenkins runs in distributed mode.

          [JENKINS-66118] HTTP Request Plugin may fail with remote credentials providers

          Chris Kilding added a comment -

          An example of the HTTP Request Plugin failing with a remote credentials provider is here: https://github.com/jenkinsci/aws-secrets-manager-credentials-provider-plugin/issues/103 

          Chris Kilding added a comment - An example of the HTTP Request Plugin failing with a remote credentials provider is here: https://github.com/jenkinsci/aws-secrets-manager-credentials-provider-plugin/issues/103  

          Will Ton added a comment - - edited

          I started to notice this after upgrading to latest version of Jenkins.  I rolled back to 2.293 and not seeing this issue.

          Will Ton added a comment - - edited I started to notice this after upgrading to latest version of Jenkins.  I rolled back to 2.293 and not seeing this issue.

          Kyle Cronin added a comment -

          Resolved in related issue

          Kyle Cronin added a comment - Resolved in related issue

            janario Janario Oliveira
            chriskilding Chris Kilding
            Votes:
            2 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated: