Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-68751

Cannot use non-global ssh key credential in pipline job configuration

    • Icon: Bug Bug
    • Resolution: Cannot Reproduce
    • Icon: Major Major
    • git-plugin

      When configuring a pipeline job, a non-global ssh key credential cannot be chosen when defining the git repository that contains the Jenkinsfile.

      Repro:

      • Go to "manage credentials"
      • Go to "Stores scoped to Jenkins" to get to the "system" scope
      • Create a new domain (or use an existing one)
      • Create a "ssh username with private key" credential
      • Create a new "Pipeline" job
      • Configure the job
      • Under "pipeline" -> "definition", choose "Pipeline script from SCM", then "Git", then fill in a git url in ssh format.
      • Click the "credentials" dropdown. Notice that the newly created ssh credential does not appear on the list.

      However, the ssh key actually does appear for a multi-branch pipeline job.

      Also, the ssh key actually does appear for a pipeline job if the credential is in the global scope. 

       

      I don't believe that this is just a UI problem. We had a pipeline job that had previously been working and had been configured with a system domain scope ssh key. At some point, it started failing with Permission denied (publickey) . Upon opening the job configuration, the UI showed that the credential was missing (not "None", but missing), even though the credential still existed. The credential no longer appeared on the list of credentials in the job config UI.

          [JENKINS-68751] Cannot use non-global ssh key credential in pipline job configuration

          Mark Waite added a comment -

          I can't duplicate the problem as described.  Steps that I took while trying to duplicate the problem:

          1.  Create a new credential domain "gitea-server.markwaite.net" under the "System" domain
          2. Configure the new credential domain to include "gitea-server.markwaite.net" and only support URI scheme "ssh"
          3. Add a new ED 25519 private key named "JENKINS-68751 exploratory ED 25519 private key"
          4. Create a new Pipeline job named "JENKINS-68751-non-global-ssh-key-credential-unavailable-to-pipeline"
          5. Define the Pipeline for that job to be read from git@gitea-server.markwaite.net:mwaite/bin.git using the credential "JENKINS-68751 exploratory ED 25519 private key"
          6. Confirm that the credential works as expected by running the Pipeline

          I've stored the results of those steps in my docker image so that I can refer to them in the future, but it shows me that the code is working as expected. Any suggestions what I'm doing differently compared to what you're doing? I'm using the latest plugin versions as described in my docker-lfs repository.

          I also confirmed that the credential I had defined was not visible when I attempted to use a repository with a different URL, like git@github.com:MarkEWaite/bin.git

          Mark Waite added a comment - I can't duplicate the problem as described.  Steps that I took while trying to duplicate the problem:  Create a new credential domain "gitea-server.markwaite.net" under the "System" domain Configure the new credential domain to include "gitea-server.markwaite.net" and only support URI scheme "ssh" Add a new ED 25519 private key named " JENKINS-68751 exploratory ED 25519 private key" Create a new Pipeline job named " JENKINS-68751 -non-global-ssh-key-credential-unavailable-to-pipeline" Define the Pipeline for that job to be read from git@gitea-server.markwaite.net:mwaite/bin.git using the credential " JENKINS-68751 exploratory ED 25519 private key" Confirm that the credential works as expected by running the Pipeline I've stored the results of those steps in my docker image so that I can refer to them in the future, but it shows me that the code is working as expected. Any suggestions what I'm doing differently compared to what you're doing? I'm using the latest plugin versions as described in my docker-lfs repository . I also confirmed that the credential I had defined was not visible when I attempted to use a repository with a different URL, like git@github.com:MarkEWaite/bin.git

          Mark Waite added a comment -

          Closing after a week with no response to my request for more details to duplicate the issue

          Mark Waite added a comment - Closing after a week with no response to my request for more details to duplicate the issue

            Unassigned Unassigned
            cowlinator p cowlinator
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: