Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-41004

Credentials Binding does not guarantee folder credential with a given ID will be returned over global credential with same ID

    Details

    • Similar Issues:

      Description

      So starting with credentials 1.28 and https://github.com/jenkinsci/credentials-plugin/commit/68dc8c9607ec66f474824ec0489a38c205bfdd18, the list of credentials returned by CredentialsProvider.lookupCredentials is now sorted alphabetically. That means that if you've got multiple providers supplying different credentials for the same ID, CredentialsProvider.findCredentialsById will return the first of those in alphabetical order. The result of this is that you don't necessarily get, say, the folder credential instead of the global credential, if the names are different. This...seems wrong to me.

        Attachments

          Activity

          Hide
          danielbeck Daniel Beck added a comment -

          multiple providers supplying different credentials for the same ID

          Is that even a supported use case?

          Show
          danielbeck Daniel Beck added a comment - multiple providers supplying different credentials for the same ID Is that even a supported use case?
          Hide
          cleclerc Cyrille Le Clerc added a comment -

          Daniel Beck I think so: credentials defined at the top level could be overwritten at the folder level.

          Show
          cleclerc Cyrille Le Clerc added a comment - Daniel Beck I think so: credentials defined at the top level could be overwritten at the folder level.
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Stephen Connolly
          Path:
          src/main/java/com/cloudbees/plugins/credentials/CredentialsProvider.java
          http://jenkins-ci.org/commit/credentials-plugin/d163e79f6d8041acda1733a786e7b5584068b3a1
          Log:
          JENKINS-41004 When duplicate credentials have the same ID, the first one wins

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: src/main/java/com/cloudbees/plugins/credentials/CredentialsProvider.java http://jenkins-ci.org/commit/credentials-plugin/d163e79f6d8041acda1733a786e7b5584068b3a1 Log: JENKINS-41004 When duplicate credentials have the same ID, the first one wins
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Stephen Connolly
          Path:
          src/main/java/com/cloudbees/plugins/credentials/CredentialsProvider.java
          http://jenkins-ci.org/commit/credentials-plugin/e0a54165338fbb901fbfca2dc6aa429899ccae74
          Log:
          Merge pull request #77 from stephenc/jenkins-41004

          JENKINS-41004 When duplicate credentials have the same ID, the first one wins

          Compare: https://github.com/jenkinsci/credentials-plugin/compare/92db855166e8...e0a54165338f

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: src/main/java/com/cloudbees/plugins/credentials/CredentialsProvider.java http://jenkins-ci.org/commit/credentials-plugin/e0a54165338fbb901fbfca2dc6aa429899ccae74 Log: Merge pull request #77 from stephenc/jenkins-41004 JENKINS-41004 When duplicate credentials have the same ID, the first one wins Compare: https://github.com/jenkinsci/credentials-plugin/compare/92db855166e8...e0a54165338f
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Stephen Connolly
          Path:
          src/main/java/com/cloudbees/hudson/plugins/folder/properties/FolderCredentialsProvider.java
          http://jenkins-ci.org/commit/cloudbees-folder-plugin/6beb07a18ba92c0ec07ba7092e0cb02e3da1f263
          Log:
          JENKINS-41004 Do not report credentials with IDs masked by nearer folders

          • Also fix a permission but where folder credentials were only available to SYSTEM and not available to authentications with USE_ITEM permission
          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: src/main/java/com/cloudbees/hudson/plugins/folder/properties/FolderCredentialsProvider.java http://jenkins-ci.org/commit/cloudbees-folder-plugin/6beb07a18ba92c0ec07ba7092e0cb02e3da1f263 Log: JENKINS-41004 Do not report credentials with IDs masked by nearer folders Also fix a permission but where folder credentials were only available to SYSTEM and not available to authentications with USE_ITEM permission
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Stephen Connolly
          Path:
          src/main/java/com/cloudbees/hudson/plugins/folder/properties/FolderCredentialsProvider.java
          src/test/java/com/cloudbees/hudson/plugins/folder/properties/FolderCredentialsProviderTest.java
          http://jenkins-ci.org/commit/cloudbees-folder-plugin/2a4e8cc96ee7cc6c27125eb52c8e7c8547291308
          Log:
          JENKINS-41004 Revert the 'also fix' from 6beb07a

          • Added tests that show it was unnecessary, so reverting back to original behaviour as that matches more closely the System store in credentials plugin
          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: src/main/java/com/cloudbees/hudson/plugins/folder/properties/FolderCredentialsProvider.java src/test/java/com/cloudbees/hudson/plugins/folder/properties/FolderCredentialsProviderTest.java http://jenkins-ci.org/commit/cloudbees-folder-plugin/2a4e8cc96ee7cc6c27125eb52c8e7c8547291308 Log: JENKINS-41004 Revert the 'also fix' from 6beb07a Added tests that show it was unnecessary, so reverting back to original behaviour as that matches more closely the System store in credentials plugin
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Stephen Connolly
          Path:
          src/main/java/com/cloudbees/hudson/plugins/folder/properties/FolderCredentialsProvider.java
          http://jenkins-ci.org/commit/cloudbees-folder-plugin/1b1ddb6c248e19ee4db275292fd59a4cbac4942d
          Log:
          JENKINS-41004 Remove effectively duplicate code check

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: src/main/java/com/cloudbees/hudson/plugins/folder/properties/FolderCredentialsProvider.java http://jenkins-ci.org/commit/cloudbees-folder-plugin/1b1ddb6c248e19ee4db275292fd59a4cbac4942d Log: JENKINS-41004 Remove effectively duplicate code check
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Stephen Connolly
          Path:
          src/main/java/com/cloudbees/hudson/plugins/folder/properties/FolderCredentialsProvider.java
          http://jenkins-ci.org/commit/cloudbees-folder-plugin/4d936139c54bdc66fd5b0ad3600f64fa502c9fca
          Log:
          JENKINS-41004 Remove effectively duplicate code

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: src/main/java/com/cloudbees/hudson/plugins/folder/properties/FolderCredentialsProvider.java http://jenkins-ci.org/commit/cloudbees-folder-plugin/4d936139c54bdc66fd5b0ad3600f64fa502c9fca Log: JENKINS-41004 Remove effectively duplicate code
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Stephen Connolly
          Path:
          pom.xml
          src/test/java/com/cloudbees/hudson/plugins/folder/properties/FolderCredentialsProviderTest.java
          http://jenkins-ci.org/commit/cloudbees-folder-plugin/244d3a5ab4d9702614076b21d7b8a142fd50f2b3
          Log:
          JENKINS-41004 Add tests that verify correct sequencing of resolution

          • Also need to bump credentials plugin to 2.1.11 to ensure that the stores are identified in the correct sequence
          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: pom.xml src/test/java/com/cloudbees/hudson/plugins/folder/properties/FolderCredentialsProviderTest.java http://jenkins-ci.org/commit/cloudbees-folder-plugin/244d3a5ab4d9702614076b21d7b8a142fd50f2b3 Log: JENKINS-41004 Add tests that verify correct sequencing of resolution Also need to bump credentials plugin to 2.1.11 to ensure that the stores are identified in the correct sequence
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Stephen Connolly
          Path:
          src/main/java/com/cloudbees/hudson/plugins/folder/properties/FolderCredentialsProvider.java
          http://jenkins-ci.org/commit/cloudbees-folder-plugin/ae55e47f3a5ca8e5bd0f5dc6871d1507b6b8049f
          Log:
          JENKINS-41004 Code review comments

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: src/main/java/com/cloudbees/hudson/plugins/folder/properties/FolderCredentialsProvider.java http://jenkins-ci.org/commit/cloudbees-folder-plugin/ae55e47f3a5ca8e5bd0f5dc6871d1507b6b8049f Log: JENKINS-41004 Code review comments
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Stephen Connolly
          Path:
          pom.xml
          src/main/java/com/cloudbees/hudson/plugins/folder/properties/FolderCredentialsProvider.java
          src/test/java/com/cloudbees/hudson/plugins/folder/properties/FolderCredentialsProviderTest.java
          http://jenkins-ci.org/commit/cloudbees-folder-plugin/ff0c53014c346dac3d891b150b0234c9c4c29c53
          Log:
          Merge pull request #83 from stephenc/jenkins-41004

          JENKINS-41004 Do not report credentials with IDs masked by nearer folders

          Compare: https://github.com/jenkinsci/cloudbees-folder-plugin/compare/0776cd4b2960...ff0c53014c34

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: pom.xml src/main/java/com/cloudbees/hudson/plugins/folder/properties/FolderCredentialsProvider.java src/test/java/com/cloudbees/hudson/plugins/folder/properties/FolderCredentialsProviderTest.java http://jenkins-ci.org/commit/cloudbees-folder-plugin/ff0c53014c346dac3d891b150b0234c9c4c29c53 Log: Merge pull request #83 from stephenc/jenkins-41004 JENKINS-41004 Do not report credentials with IDs masked by nearer folders Compare: https://github.com/jenkinsci/cloudbees-folder-plugin/compare/0776cd4b2960...ff0c53014c34

            People

            • Assignee:
              stephenconnolly Stephen Connolly
              Reporter:
              abayer Andrew Bayer
            • Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: