-
Bug
-
Resolution: Fixed
-
Major
-
Jenkins 2.263.1 -> 2.289.3,
Credentials Plugin 2.3.14 -> 2.6.1,
Kubernetes plugin 1.28.3 -> 1.30.2,
JClouds plugin 2.20 -> 2.25
-
-
1061.vb_1fceb_58fa_18
After upgrade Jenkins 2.263.1 -> 2.289.3, NullPointerException has been generated in pipelines which using withCredentials. Sample logs in attachments.
[JENKINS-67132] After upgrade Jenkins to 2.289.3 - withCredentials generate NullPointerException.
I was unable to duplicate the issue. I attempted to duplicate the issue by defining a Jenkins 2.263.4 installation with credentials plugin 2.4.1 (the most recent version that does not include isUsernameSecret). The list of precise plugin versions that I used are attached as plugins.txt
. The commands I used to create the running Jenkins were:
$ mkdir plugins
$ java -jar ../jenkins-plugin-manager-2.11.0.jar --jenkins-version 2.263.4 --latest false --plugin-download-directory plugins --plugin-file plugins.txt
$ JENKINS_HOME=. java -jar ../jenkins-2.263.4.war
I chose to install no other plugins through the installation wizard, then defined a username / password credential with id 'mwaite-not-a-valid-password'. I defined a declarative Pipeline like this:
pipeline {
agent any
stages {
stage('Hello with credentials';) {
steps {
withCredentials([usernamePassword(credentialsId: 'mwaite-not-a-valid-password',
passwordVariable: 'PASSWORD_VARIABLE',
usernameVariable: 'USERNAME_VARIABLE')]) {
echo 'Hello World from user name ' + USERNAME_VARIABLE + ' with password ' + PASSWORD_VARIABLE
}
}
}
}
}
I ran that job twice to confirm that the output displayed the redacted username as '****' and same for the password.
I stopped Jenkins 2.263.4 and ran Jenkins 2.319.1 in that same directory with the command:
$ JENKINS_HOME=. java -jar ../jenkins-2.319.1.war
Ran the job and saw the expected output. Modified the job configuration and ran the job again still seeing the expected output.
Updated to the most recent versions of all plugins, restarted Jenkins, ran the job, and saw the expected output.
That sequence of steps was not able to duplicate the bug. I'm not doubting it is a real bug, but I don't know the steps to duplicate it.
Same steps but running with Jenkins 2.289.2 in the final stage had the same results. Can't duplicate the bug from scratch with that path.
Same steps but starting with credentials plugin 2.3.14 as described in the list of installed plugins that are part of the original description of the issue, still unable to duplicate the problem.
marek_sadlowski can you provide more details so that others can duplicate the problem?
Is this https://github.com/jenkinsci/jep/tree/master/jep/228#inherited-private-serialization-methods ?
https://github.com/jenkinsci/credentials-plugin/blob/a1d8809f0708ff619d2e79754fdc4a79eaec8c4d/src/main/java/com/cloudbees/plugins/credentials/impl/UsernamePasswordCredentialsImpl.java#L80-L85 probably should not be private?
That would only need to be protected if someone were subclassing it, which you are not supposed to do. Hmm https://github.com/search?q=user%3Ajenkinsci+%22extends+UsernamePasswordCredentialsImpl%22&type=Code is the reporter using one of these plugins (and credentials types)? https://github.com/jenkinsci/kubernetes-credentials-plugin/blob/be230e03b7d10f2a6925b64b5fe5acf4069d6593/src/main/java/org/jenkinsci/plugins/kubernetes/credentials/OpenShiftBearerTokenCredentialImpl.java#L90-L93 is especially problematic.
is the reporter using one of these plugins (and credentials types)?
I didn't install kubernetes credentials plugin in my test (see plugins.txt for the plugins I installed). marek_sadlowski can you share your full list of installed plugins?
It would be not just about installing the plugin, but about using one of the affected credentials types, like an OpenShift bearer token.
Per first comment describing the workaround:
Edit all Openstack/Openshift credentials
WORKAROUND: