Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-38963

User-scoped credentials cannot be looked up in pipeline

    Details

    • Similar Issues:

      Description

      It's possible to look-up User-scoped credentials in Freestyle jobs with Bindings. The same seems not to work in pipeline jobs.

      node {
          withCredentials([[$class          : 'UsernamePasswordMultiBinding', credentialsId: 'bc047678-37b8-4747-95d8-c1a8b3df51a6',
                            usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD']]) {
              echo "${env.USERNAME}"
          }
      }
      
      org.jenkinsci.plugins.credentialsbinding.impl.CredentialNotFoundException: bc047678-37b8-4747-95d8-c1a8b3df51a6
      	at org.jenkinsci.plugins.credentialsbinding.MultiBinding.getCredentials(MultiBinding.java:124)
      	at org.jenkinsci.plugins.credentialsbinding.impl.UsernamePasswordMultiBinding.bind(UsernamePasswordMultiBinding.java:68)
      	at org.jenkinsci.plugins.credentialsbinding.impl.BindingStep$Execution.start(BindingStep.java:92)
      

      Plugin versions:
      credentials-binding: 1.9
      credentials: 2.1.5

        Attachments

          Issue Links

            Activity

            Hide
            b_dean Ben Dean added a comment -

            Stephen Connolly's method #2 does seem to work for me. Here's an example pipeline.

            properties([
                parameters([
                    credentials(name: 'creds_param', credentialType: 'org.jenkinsci.plugins.plaincredentials.impl.StringCredentialsImpl', required: true)
                ])
            ])
            
            
            stage('example'){
                node {
                    withCredentials([string(credentialsId: '${creds_param}', variable: 'SECRET')]) {
                        sh 'echo $SECRET'
                    }
                }
            }
            

            Note that the single quotes around '${creds_param}' is not a mistake. The CredentialsProvider.findCredentalById method specifically looks to see if the id starts with ${ and ends with }. See https://github.com/jenkinsci/credentials-plugin/blob/master/src/main/java/com/cloudbees/plugins/credentials/CredentialsProvider.java#L882

            This makes it so user creds selected as build params work in the withCredentials pipeline step. That's not really enough for my problems because I want to use parameters from an input step, but that's maybe a different issue. Thought I'd share this.

            Show
            b_dean Ben Dean added a comment - Stephen Connolly 's method #2 does seem to work for me. Here's an example pipeline. properties([ parameters([ credentials(name: 'creds_param' , credentialType: 'org.jenkinsci.plugins.plaincredentials.impl.StringCredentialsImpl' , required: true ) ]) ]) stage( 'example' ){ node { withCredentials([string(credentialsId: '${creds_param}' , variable: 'SECRET' )]) { sh 'echo $SECRET' } } } Note that the single quotes around '${creds_param}' is not a mistake. The CredentialsProvider.findCredentalById method specifically looks to see if the id starts with ${ and ends with } . See https://github.com/jenkinsci/credentials-plugin/blob/master/src/main/java/com/cloudbees/plugins/credentials/CredentialsProvider.java#L882 This makes it so user creds selected as build params work in the withCredentials pipeline step. That's not really enough for my problems because I want to use parameters from an input step, but that's maybe a different issue. Thought I'd share this.
            Hide
            jglick Jesse Glick added a comment -

            Well that is surprising, to say the least. Would need to be emphasized in inline help for the credentials parameter type.

            Show
            jglick Jesse Glick added a comment - Well that is surprising, to say the least. Would need to be emphasized in inline help for the credentials parameter type.
            Hide
            jvz Matt Sicker added a comment -

            This feature is improved in JENKINS-58170 and will also be supported by an upcoming release of pipeline-input-step to support user-scoped credentials prompted via an input step.

            Show
            jvz Matt Sicker added a comment - This feature is improved in JENKINS-58170 and will also be supported by an upcoming release of pipeline-input-step to support user-scoped credentials prompted via an input step.
            Hide
            jvz Matt Sicker added a comment -

            This was implemented in JENKINS-58170, though it requires the use of credentials build parameters. Alternatively, you can use authorize-project to automate the user who is bound to the build to access their credentials.

            Show
            jvz Matt Sicker added a comment - This was implemented in JENKINS-58170 , though it requires the use of credentials build parameters. Alternatively, you can use authorize-project to automate the user who is bound to the build to access their credentials.
            Hide
            vit_zikmund Vít Zikmund added a comment - - edited

            Hello there, Matt Sicker. If you suggest using the authorize-project plugin for this purpose, can you confirm it actually works? All my white-box attempts so far failed as those in JENKINS-44772.

            Show
            vit_zikmund Vít Zikmund added a comment - - edited Hello there, Matt Sicker . If you suggest using the authorize-project plugin for this purpose, can you confirm it actually works? All my white-box attempts so far failed as those in JENKINS-44772 .

              People

              • Assignee:
                Unassigned
                Reporter:
                vehovmar Martin Vehovsky
              • Votes:
                28 Vote for this issue
                Watchers:
                31 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: