OpenShift plugin does not update secrets due to code bug

ExportXMLWordPrintable

    • Type: Bug
    • Resolution: Unresolved
    • Priority: Major
    • Component/s: openshift-sync-plugin
    • Environment:
      jenkins-rhel9:v4.16.0-1776944215
      jenkins-2.541.3
      OpenShift Sync plugin version 1.1.0.832.v96d61a_7e3647

      The OpenShift Sync plugin does not update any secrets due to requirements introduced in the code on what IDs should look like.

      The problem originates in the CredentialsUtils class. https://github.com/jenkinsci/openshift-sync-plugin/blob/master/src/main/java/io/fabric8/jenkins/openshiftsync/CredentialsUtils.java#L195

      Here, an id is determined on line 195, and an originalId is determined on line 200. However, the originalId seems to ignore any custom name that a secret might have. So it forces the originalId to be <namespace-name>-<metadata-secret-name>. The id on line 195 is equal to the custom name, which is determined by the annotation jenkins.openshift.io/secret.name if this annotation is set, which is also the name used by Jenkins. But this id is totally different.

      So if jenkins.openshift.io/secret.name does not start with the OpenShift namespace (<namespace-name>-<metadata-secret-name>) the check if originalId.equals(id) will always fail on line 205. So I am not sure what this code is supposed to check, but this causes none of our secrets to be updated after creation, since they do not start with the name of this namespace.

      So this check should be changed to not always be false and force users to let their secret name in Jenkins start with the name of the OpenShift namespace.

      I think checking if the credential exists with the specified ID from line 195 would be better than computing an originalId, but I am not sure if this will fix the problem.

      The error in our logs that occurs every few minutes:

      2026-06-19 16:12:11 INFO io.fabric8.jenkins.openshiftsync.CredentialsUtils getSourceSecretForBuildConfig Retrieving SourceSecret for BuildConfig job-generator in Namespace <namespace>
2026-06-19 16:12:11 WARNING io.fabric8.jenkins.openshiftsync.CredentialsUtils insertOrUpdateCredentialsFromSecret Setting secret failed for secret with new Id <secretname> from Secret null with revision: 470173184
2026-06-19 16:12:11 WARNING io.fabric8.jenkins.openshiftsync.CredentialsUtils insertOrUpdateCredentialsFromSecret Check if Id <secret> is not already used.
2026-06-19 16:12:11 INFO io.fabric8.jenkins.openshiftsync.CredentialsUtils updateSourceCredentials Linking sourceSecret bitbucket-service-account to Jenkins Credentials <secretname>

       

       

            Assignee:
            Prashant
            Reporter:
            Ruben
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: