Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-75225

When configure job the list of credentials returns HTTP 504

    • 934.4.2

      Related to https://issues.jenkins.io/browse/JENKINS-75184

      I am still unable to list credentials when creating or updating a Jenkins multibranch pipeline using Bitbucket Branch Source Plugin. I have this issue since version 933.0.1, so the last valid version was 932.vff504b_2003fe. There is no error log in system logs. On the other hand, we lost the build notifications in the PRs, this feature was fixed on 933.2.1 but we can't upgrade to that version because of the problem described in this ticket.

      As you can see in the following image, the credentials' dropdown keeps waiting

      Until I get a 504 Gateway timeout.

          [JENKINS-75225] When configure job the list of credentials returns HTTP 504

          Nikolas Falco added a comment -

          Workaround is move any bitbuket credentials under a specific domain (*bitbucket.org) so than any AmazonECR credentials are excluded by the host filter

          Nikolas Falco added a comment - Workaround is move any bitbuket credentials under a specific domain (*bitbucket.org) so than any AmazonECR credentials are excluded by the host filter

          Nikolas Falco added a comment - Incremental build available https://repo.jenkins-ci.org/incrementals/org/jenkins-ci/plugins/cloudbees-bitbucket-branch-source/934.4.21001.v8351205fe227/cloudbees-bitbucket-branch-source-934.4.21001.v8351205fe227.hpi

          Daniel added a comment -

          Thank you Nikolas! Is the workaround something that we can test with the old and 'failing' version, or is what you included in the incremental version?

          I will update and test tomorrow morning

          Daniel added a comment - Thank you Nikolas! Is the workaround something that we can test with the old and 'failing' version, or is what you included in the incremental version? I will update and test tomorrow morning

          Nikolas Falco added a comment - - edited

          Is the workaround something that we can test with the old and 'failing' version

          Yes of course, we use to limite the credentials list to avoid show credentials related to other kind of software.

          EDIT: I test the workaround and amazon ECR token should be moved in a specific domain because credentials are listed looking into each domain that matches the host list so if ECR credentials are in global domain o in a domain for which include or exclude list matches bitbucket.org than you have the issue.

          Nikolas Falco added a comment - - edited Is the workaround something that we can test with the old and 'failing' version Yes of course, we use to limite the credentials list to avoid show credentials related to other kind of software. EDIT: I test the workaround and amazon ECR token should be moved in a specific domain because credentials are listed looking into each domain that matches the host list so if ECR credentials are in global domain o in a domain for which include or exclude list matches bitbucket.org than you have the issue.

          Daniel added a comment - - edited

          Hi Nikolas! I installed the incremental version, and it's working now. I had to move all the AWS credentials to a new subdomain and I excluded the bitbucket.org as you said.

          One question, how the plugin differentiates an AWS and ECR credentials, they are just IAM access keys with some policies. I ask you that because from now on we have to be careful to save all the AWS credentials in the new subdomain. Could this happen with other kind of credentials?

          EDIT: Once I moved the ECR credentials to its own domain, I couldn't retrieve them with `withRegistry` in the pipelines, so I had to move back the credentials to the global scope. I don't know if it's something generic to Jenkins or specific to ECR plugin

          Daniel added a comment - - edited Hi Nikolas! I installed the incremental version, and it's working now. I had to move all the AWS credentials to a new subdomain and I excluded the bitbucket.org as you said. One question, how the plugin differentiates an AWS and ECR credentials, they are just IAM access keys with some policies. I ask you that because from now on we have to be careful to save all the AWS credentials in the new subdomain. Could this happen with other kind of credentials? EDIT: Once I moved the ECR credentials to its own domain, I couldn't retrieve them with `withRegistry` in the pipelines, so I had to move back the credentials to the global scope. I don't know if it's something generic to Jenkins or specific to ECR plugin

          Nikolas Falco added a comment -

          Domain are usefull to limit the list of credentials based on some rule (hostname, port, URI path, .....). This is useful to avoid user can choose wrong credentials when setup Bitbucket or other services from which an host/url has been provided. In this plugin the server url is used as host.

          If you ask for credentials without any filter (I mean plugin side) than you get all saved credentials regardless in which domain they are.

          Since you confirmed the incremental build works I will proceed with merge. Anyway domain a good practices

          Nikolas Falco added a comment - Domain are usefull to limit the list of credentials based on some rule (hostname, port, URI path, .....). This is useful to avoid user can choose wrong credentials when setup Bitbucket or other services from which an host/url has been provided. In this plugin the server url is used as host. If you ask for credentials without any filter (I mean plugin side) than you get all saved credentials regardless in which domain they are. Since you confirmed the incremental build works I will proceed with merge. Anyway domain a good practices

            nfalco Nikolas Falco
            daniel_gomez Daniel
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: