Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-32943

withCredentials(FileBinding){} ignored when executed in docker.image().inside{...}

    Details

    • Similar Issues:

      Description

      withCredentials(FileBinding){...} is ignored in docker.image('cloudbees:java-build-tools').inside{...}. The same withCredentials step works in 'standard' linux node.

      See logs below.

      It seems to be because FileBinding#secretsDir() creates a "secretFiles" directory under "node.getRootPath()" that is not 'mounted' in the docker container.

      withCredentials(FileBinding){...} ignored in docker.image(...).inside{...} 
      docker.image('busybox').inside{
          withCredentials([[$class: 'FileBinding', credentialsId: 'secret-file', variable: 'SECRET_FILE']]) {
              sh 'ls -al $SECRET_FILE'
          }
      }
      
      Started by user Cyrille Le Clerc
      [Pipeline] Allocate node : Start
      Running on vagrant in /home/vagrant/jenkins/workspace/test-credentials-binding
      [Pipeline] node {
      [Pipeline] sh
      [test-credentials-binding] Running shell script
      + docker inspect -f . busybox
      .
      [Pipeline] Run build steps inside a Docker container : Start
      $ docker run -t -d -u 1000:1000 -w /home/vagrant/jenkins/workspace/test-credentials-binding -v /home/vagrant/jenkins/workspace/test-credentials-binding:/home/vagrant/jenkins/workspace/test-credentials-binding:rw -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** busybox cat
      [Pipeline] withDockerContainer {
      [Pipeline] Bind credentials to variables : Start
      [Pipeline] withCredentials {
      [Pipeline] sh
      [test-credentials-binding] Running shell script
      + ls -al ****
      ls: ****: No such file or directory
      

        Attachments

          Issue Links

            Activity

            cleclerc Cyrille Le Clerc created issue -
            cleclerc Cyrille Le Clerc made changes -
            Field Original Value New Value
            Link This issue depends on JENKINS-27152 [ JENKINS-27152 ]
            cleclerc Cyrille Le Clerc made changes -
            Component/s credentials-binding-plugin [ 18129 ]
            Component/s ssh-agent-plugin [ 17509 ]
            Description {{sshagent('my-ssh-key')\{...\}}} is ignored in {{docker.image('cloudbees:java-build-tools').inside\{...\}}}. The same sshagent step works in 'standard' linux node.

            See attached logs

            {code:title=sshagent()\{...\} ignored in docker.image(...).inside\{...\} }
            docker.image ('cloudbees/java-build-tools:0.0.7.1').inside {
                sh 'ls -al ~/.ssh/ || true'
                sshagent(['aws-cleclerc-ssh-key-ubuntu-cleclerc']) {
                   sh 'echo SSH_AUTH_SOCK=$SSH_AUTH_SOCK'
                   sh 'ls -al $SSH_AUTH_SOCK || true'
                   sh "ssh -vvv -o StrictHostKeyChecking=no ubuntu@docker-agent.beesshop.org uname -a"
                }
            }
            {code}

            {code:title=sshagent()\{...\} WORKS in node\{...\} }
            node {
                sh 'ls -al ~/.ssh/ || true'
                sshagent(['aws-cleclerc-ssh-key-ubuntu-cleclerc']) {
                   sh 'echo SSH_AUTH_SOCK=$SSH_AUTH_SOCK'
                   sh 'ls -al $SSH_AUTH_SOCK || true'
                   sh "ssh -vvv -o StrictHostKeyChecking=no ubuntu@docker-agent.beesshop.org uname -a"
                }
            }
            {code}
            {{withCredentials(FileBinding)\{...\}}} is ignored in {{docker.image('cloudbees:java-build-tools').inside\{...\}}}. The same withCredentials step works in 'standard' linux node.

            See logs below.

            It seems to be because [FileBinding#secretsDir()|https://github.com/jenkinsci/credentials-binding-plugin/blob/689655d67923955358572b37155c26cea4de04be/src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/FileBinding.java#L88] creates a "secretFiles" directory under "node.getRootPath()" that is not 'mounted' in the docker container.

            {code:title=withCredentials(FileBinding)\{...\} ignored in docker.image(...).inside\{...\} }
            docker.image('busybox').inside{
                withCredentials([[$class: 'FileBinding', credentialsId: 'secret-file', variable: 'SECRET_FILE']]) {
                    sh 'ls -al $SECRET_FILE'
                }
            }
            {code}

            {noformat}
            Started by user Cyrille Le Clerc
            [Pipeline] Allocate node : Start
            Running on vagrant in /home/vagrant/jenkins/workspace/test-credentials-binding
            [Pipeline] node {
            [Pipeline] sh
            [test-credentials-binding] Running shell script
            + docker inspect -f . busybox
            .
            [Pipeline] Run build steps inside a Docker container : Start
            $ docker run -t -d -u 1000:1000 -w /home/vagrant/jenkins/workspace/test-credentials-binding -v /home/vagrant/jenkins/workspace/test-credentials-binding:/home/vagrant/jenkins/workspace/test-credentials-binding:rw -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** busybox cat
            [Pipeline] withDockerContainer {
            [Pipeline] Bind credentials to variables : Start
            [Pipeline] withCredentials {
            [Pipeline] sh
            [test-credentials-binding] Running shell script
            + ls -al ****
            ls: ****: No such file or directory
            {noformat}
            jglick Jesse Glick made changes -
            Link This issue duplicates JENKINS-27152 [ JENKINS-27152 ]
            jglick Jesse Glick made changes -
            Status Open [ 1 ] Resolved [ 5 ]
            Resolution Duplicate [ 3 ]
            jglick Jesse Glick made changes -
            Link This issue depends on JENKINS-27152 [ JENKINS-27152 ]
            rtyler R. Tyler Croy made changes -
            Workflow JNJira [ 168662 ] JNJira + In-Review [ 198455 ]

              People

              • Assignee:
                jglick Jesse Glick
                Reporter:
                cleclerc Cyrille Le Clerc
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: