Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-45467

On upgrade to 2.2.x, if the username password used as checkout credentials then configuration is migrated to an empty SSH Checkout behaviour

    Details

    • Similar Issues:

      Description

      One of the quirks of the pre-2.2.0 UI was that the purpose of alternative checkout credentials was unclear.

      The chosen credentials need to be able to see all repositories and branches that they will check out.

      The scan credentials have to be username & password (though the password can be an application token/password) and will only find repositories and branches that the scan credentials can find. The permission models are such that if you can find repositories and query the existence of a Jenkinsfile in those repositories, you have to have permission to check out those repositories and branches.

      What use cases are there for specifying alternative checkout credentials? There was only one set of use cases that we could identify:

      • You want to checkout over SSH using a SSH key

      In every other use case, the scan credentials could be changed to the checkout credentials as username/password credentials valid for checking out will perform an equivalent scan / index.

      Thus, as part of JENKINS-43507 the behaviour is "Checkout over SSH" and the credentials available for selection are limited to the SSH key credential types.

      This gives rise to an issue:

      • If the user had configured separate username / password credentials to be used for checkout (because let's face it, the old UI was exceedingly confusing around the purpose of Checkout Credentials) then due to the migration logic being invoked prior to the ability to resolve credentials, we will be unable to determine if the credential is a SSH key credential or a username / password credential. As a result a "Checkout over SSH" behaviour will be added, but the credential drop-down will be empty.

       To mitigate, we should make the following changes:

      • If the checkout credentials have been specified and are exactly the same as the scan credentials, we can assume they are username/password credentials and not add the SSH Checkout behaviour
      • We should add form validation to catch where the configured credentials for SSH checkout are not SSH keys or cannot be found.

        Attachments

          Activity

          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Stephen Connolly
          Path:
          src/main/java/org/jenkinsci/plugin/gitea/SSHCheckoutTrait.java
          src/main/resources/org/jenkinsci/plugin/gitea/Messages.properties
          http://jenkins-ci.org/commit/gitea-plugin/bc64050fc8e56d3818b704731e8db852895d920b
          Log:
          [FIXED JENKINS-45467] Add form validation for SSHCheckoutTrait

          • Should be unnecessary here, but for consistency we will add it
          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: src/main/java/org/jenkinsci/plugin/gitea/SSHCheckoutTrait.java src/main/resources/org/jenkinsci/plugin/gitea/Messages.properties http://jenkins-ci.org/commit/gitea-plugin/bc64050fc8e56d3818b704731e8db852895d920b Log: [FIXED JENKINS-45467] Add form validation for SSHCheckoutTrait Should be unnecessary here, but for consistency we will add it
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Stephen Connolly
          Path:
          src/main/java/org/jenkinsci/plugin/gitea/SSHCheckoutTrait.java
          src/main/resources/org/jenkinsci/plugin/gitea/Messages.properties
          http://jenkins-ci.org/commit/gitea-plugin/40aec730a9239b02165a7d305a33d5fcb6d4f273
          Log:
          Merge pull request #3 from stephenc/jenkins-45467

          [FIXED JENKINS-45467] Add form validation for SSHCheckoutTrait

          Compare: https://github.com/jenkinsci/gitea-plugin/compare/da03e4335eb2...40aec730a923

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: src/main/java/org/jenkinsci/plugin/gitea/SSHCheckoutTrait.java src/main/resources/org/jenkinsci/plugin/gitea/Messages.properties http://jenkins-ci.org/commit/gitea-plugin/40aec730a9239b02165a7d305a33d5fcb6d4f273 Log: Merge pull request #3 from stephenc/jenkins-45467 [FIXED JENKINS-45467] Add form validation for SSHCheckoutTrait Compare: https://github.com/jenkinsci/gitea-plugin/compare/da03e4335eb2...40aec730a923
          Hide
          stephenconnolly Stephen Connolly added a comment -

          On analysis, the way the SSHCheckoutTrait is implemented, the invalid configuration will continue to function as well as it did before upgrade, but the issue is only when updating the configuration, so the fix here is certainly to add form validation warnings

          Show
          stephenconnolly Stephen Connolly added a comment - On analysis, the way the SSHCheckoutTrait is implemented, the invalid configuration will continue to function as well as it did before upgrade, but the issue is only when updating the configuration, so the fix here is certainly to add form validation warnings
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Stephen Connolly
          Path:
          pom.xml
          src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMNavigator.java
          src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMSource.java
          src/main/java/org/jenkinsci/plugins/github_branch_source/SSHCheckoutTrait.java
          src/main/resources/org/jenkinsci/plugins/github_branch_source/Messages.properties
          http://jenkins-ci.org/commit/github-branch-source-plugin/d8234e39bf8e28101d844ec1110372e28f834541
          Log:
          [FIXED JENKINS-45467] Fixes for GitHub

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: pom.xml src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMNavigator.java src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMSource.java src/main/java/org/jenkinsci/plugins/github_branch_source/SSHCheckoutTrait.java src/main/resources/org/jenkinsci/plugins/github_branch_source/Messages.properties http://jenkins-ci.org/commit/github-branch-source-plugin/d8234e39bf8e28101d844ec1110372e28f834541 Log: [FIXED JENKINS-45467] Fixes for GitHub

            People

            • Assignee:
              stephenconnolly Stephen Connolly
              Reporter:
              stephenconnolly Stephen Connolly
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: