Git Product home page Git Product logo

google-oauth-plugin's Introduction

Jenkins Google OAuth Credentials Plugin

The Google OAuth plugin provides a Google-specific implementation of the OAuth Credentials interfaces.

Documentation

Please see Google OAuth Plugin for complete documentation.

Installation

  1. Go to Manage Jenkins then Manage Plugins.
  2. (Optional) Make sure the plugin manager has updated data by clicking the Check now button.
  3. In the Plugin Manager, click the Available tab and look for the "Google OAuth Credentials".
  4. Check the box under the Install column and click the Install without restart button.
  5. If the plugin does not appear under Available, make sure it appears under Installed and is enabled.

Plugin Source Build Installation

See Plugin Source Build Installation to build and install from source.

Feature requests and bug reports

Please file feature requests and bug reports as GitHub Issues.

Community

The GCP Jenkins community uses the #gcp-jenkins slack channel on https://googlecloud-community.slack.com to ask questions and share feedback. Invitation link available here: gcp-slack.

License

See LICENSE

Contributing

See CONTRIBUTING.md

google-oauth-plugin's People

Contributors

abayer avatar alecharp avatar andreystroilov avatar arus2023 avatar ashutoshcp avatar basil avatar bvoss avatar bzzitsme avatar craigdbarber avatar davidhamm avatar dependabot[bot] avatar donmccasland avatar ikedam avatar jglick avatar jtnord avatar julieheard avatar linuxsuren avatar mattmoor avatar mikecirioli avatar notmyfault avatar olamy avatar oleg-nenashev avatar orrc avatar riliane avatar rsandell avatar sstncr avatar tcnghia avatar tequilarista avatar timja avatar tyron avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

evandbrown ixdy runt18 bvoss oleg-nenashev sortidocorps thaiphv heliosinteractive jglick wkok smanubot ikedam spushchin donmccasland craigdbarber linuxsuren admiralanarchist stephenashank lineuve jeffret-b timja tyron michealbenzel viyh tequilarista rmm-rafael jtnord fredyw mikecirioli car-roll rajesh2k3 orrc kvsuresh14 abayer afifceshter tcnghia 10088 sumank792 moderne-vulnerability-fixes-june2022 jlleitschuh bulksecuritygeneratorprojectv2 olamy basil notmyfault cathychan cplohitha jeromepochat riliane mia-li-z bzzitsme arus2023 caytec markewaite nagyo aneveux

google-oauth-plugin's Issues

Credential creation via the API

Would be (or is it already) possible to create Google OAuth credentials via the Credential API?

If this is possible, one could then use automation tools for provisioning jenkins and passing through the Google Cloud JSON key files

Supporting examples of people attempting to use the credentials REST API:

arangamani/jenkins_api_client#162

support private keys from new google developer console

The new Google Developer Console provides two kind of private keys.

the first one is a json file which contains all the information that is necessary to authenticate with a service account. this file gets downloaded when you create a new service account in the Google Developer Console.

it's structure is as follows:

{
  "private_key_id": "...",
  "private_key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n",
  "client_email": "[email protected]",
  "client_id": "...apps.googleusercontent.com",
  "type": "service_account"
}

the second type of private key is a .p12 file. it can be also downloaded in the Google Developer Console. this file is a PKCS12 keystore and contains a private key that can be used to authenticate a service account. the keystore password and key password is "notasecret". the key alias is "privatekey".

it would be nice to let the user choose between this two options when creating google oauth credentials in jenkins.

Installation of credentials via API

As per this example:

arangamani/jenkins_api_client#162

Is it possible to install Google Service account credentials (Google Service Account from JSON or P12) via an API request such as cURL ?

Reason for asking is this would then allow full scripting of the Jenkins job creation (config.xml) and credentials associated with a GCP Git Repository.

Migrate Issues and Docs to GitHub

Cannot write update to key file, due to permissions

Failed to write json key to file
java.io.IOException: Failed to update key file permissions
at com.google.jenkins.plugins.credentials.oauth.KeyUtils.updatePermissions(KeyUtils.java:74)
at com.google.jenkins.plugins.credentials.oauth.KeyUtils.createKeyFile(KeyUtils.java:52)
at com.google.jenkins.plugins.credentials.oauth.JsonServiceAccountConfig.writeJsonKeyToFile(JsonServiceAccountConfig.java:86)
at com.google.jenkins.plugins.credentials.oauth.JsonServiceAccountConfig.(JsonServiceAccountConfig.java:72)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at org.kohsuke.stapler.RequestImpl.invokeConstructor(RequestImpl.java:525)
at org.kohsuke.stapler.RequestImpl.instantiate(RequestImpl.java:777)
at org.kohsuke.stapler.RequestImpl.access$200(RequestImpl.java:83)
at org.kohsuke.stapler.RequestImpl$TypePair.convertJSON(RequestImpl.java:674)
at org.kohsuke.stapler.RequestImpl.bindJSON(RequestImpl.java:478)
at org.kohsuke.stapler.RequestImpl.instantiate(RequestImpl.java:771)
at org.kohsuke.stapler.RequestImpl.access$200(RequestImpl.java:83)
at org.kohsuke.stapler.RequestImpl$TypePair.convertJSON(RequestImpl.java:674)
at org.kohsuke.stapler.RequestImpl.bindJSON(RequestImpl.java:478)
at org.kohsuke.stapler.RequestImpl.bindJSON(RequestImpl.java:474)
at com.cloudbees.plugins.credentials.CredentialsStoreAction$DomainWrapper.doCreateCredentials(CredentialsStoreAction.java:777)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:324)
at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:52)
at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26)
at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:167)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:100)
at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:124)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:233)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:233)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
at org.kohsuke.stapler.MetaClass$11.dispatch(MetaClass.java:380)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649)
at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:135)
at com.smartcodeltd.jenkinsci.plugin.assetbundler.filters.LessCSS.doFilter(LessCSS.java:47)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:59)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:126)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:80)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:553)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
at org.eclipse.jetty.server.Server.handle(Server.java:499)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

Google OAuth plugin can't parse GCP credentials

Using the most recent google oauth plugin with the google storage plugin, I get this output when running a job that's configured to upload the build artifacts to GCS:

ERROR: Build step failed with exception
java.lang.IllegalStateException: An error occurred deducing a username from the provided credentials files.
at com.google.jenkins.plugins.credentials.oauth.GoogleRobotPrivateKeyCredentials.getUsername(GoogleRobotPrivateKeyCredentials.java:130)
at com.google.jenkins.plugins.credentials.oauth.RemotableGoogleCredentials.(RemotableGoogleCredentials.java:54)
at com.google.jenkins.plugins.credentials.oauth.GoogleRobotCredentials.forRemote(GoogleRobotCredentials.java:204)
at com.google.jenkins.plugins.storage.AbstractUpload.performUploads(AbstractUpload.java:413)
at com.google.jenkins.plugins.storage.AbstractUpload.access$000(AbstractUpload.java:101)
at com.google.jenkins.plugins.storage.AbstractUpload$1.call(AbstractUpload.java:367)
at com.google.jenkins.plugins.storage.AbstractUpload$1.call(AbstractUpload.java:364)
at hudson.FilePath.act(FilePath.java:1078)
at com.google.jenkins.plugins.storage.AbstractUpload.initiateUploadsAtWorkspace(AbstractUpload.java:363)
at com.google.jenkins.plugins.storage.AbstractUpload.perform(AbstractUpload.java:182)
at com.google.jenkins.plugins.storage.GoogleCloudStorageUploader.perform(GoogleCloudStorageUploader.java:109)
at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:779)
at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:726)
at hudson.model.Build$BuildExecution.post2(Build.java:185)
at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:671)
at hudson.model.Run.execute(Run.java:1766)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:98)
at hudson.model.Executor.run(Executor.java:381)
Caused by: java.security.GeneralSecurityException: An unknown problem occured while retrieving token
at com.google.jenkins.plugins.credentials.oauth.GoogleRobotPrivateKeyCredentials.getGoogleCredential(GoogleRobotPrivateKeyCredentials.java:196)
at com.google.jenkins.plugins.credentials.oauth.GoogleRobotPrivateKeyCredentials.getUsername(GoogleRobotPrivateKeyCredentials.java:118)
... 19 more
Caused by: java.io.FileNotFoundException: (No such file or directory)
at java.io.FileInputStream.open0(Native Method)
at java.io.FileInputStream.open(FileInputStream.java:195)
at java.io.FileInputStream.(FileInputStream.java:138)
at com.google.api.client.googleapis.auth.oauth2.GoogleCredential$Builder.setServiceAccountPrivateKeyFromP12File(GoogleCredential.java:504)
at com.google.jenkins.plugins.credentials.oauth.GoogleRobotPrivateKeyCredentials.getGoogleCredential(GoogleRobotPrivateKeyCredentials.java:188)
... 20 more
Build step 'Google Cloud Storage Uploader' marked build as failure
Finished: FAILURE

Cannot authenticate behind the proxy - connection refused

Hi All,

Recently we have installed Google Kubernetes Engine plugin into Jenkins which is using Google Oauth plugin for authentication against google. We are behind quite restrictive firewall and despite the fact we have whitelisted googleapis.com and accounts.google.com , we are getting connection refused in stack trace.

Is there any list of endpoints which should be whitelisted to access google services ?

Thank you
regards
Martin

Update to JDK 11

Updating plugin to jdk 11, which will unblock fixes for several issues.

Please provide option to add different keys for Same project.

My concern here is to add different authentication keys for the same Project. Because I had a situation where I am supposed to use one authentication key for uploading files to Google Cloud Storage which don't have access to other services apart from Google Cloud Storage. While on the other hand, I have another key for the same project which I should use for running GCloud commands in another job. But when I am uploading the key with same project name my second private key is not getting uploaded as it has the same project name. It will be a great help to me if I could get some option to upload multiple keys for the same project.

Store a stable unique ID for each credential

Currently the "project name" is the only way to refer to a credential, e.g. via GoogleRobotCredentials.getById(projectName);

However as this is a free text field, users can rename the credential, and jobs configured to use that credential (having stored the "project name" value, aka "id" in the job config) will no longer work.

Other credential types seem to use the id field to store a stable UUID value (which isn't shown to the user), e.g.
https://github.com/jenkinsci/credentials-plugin/blob/a6c40a1/src/main/java/com/cloudbees/plugins/credentials/impl/BaseStandardCredentials.java#L73

So it seems like id here should really be projectName — it would be nice if this plugin used the id field in the same way as other credential plugins.

Unrecognized SSL message after logging in through Google OAuth

I'm looking for some help because I'm using the Google OAuth to log into Jenkins but after submitting my credentials Jenkins fails.

It was working before but for a few days I'm trying to set up the Istio service mesh. It allows me to use the Istio Ingress controller to manage user requests from outside. To simplify, it's a bit like the nginx controller but Istio deploys an Envoy sidecar aside each of your microservices. It very interesting at some points like fully managing request networking in the cluster, retrying failed requests...

I'm able to reach Jenkins from outside, it redirects me to the Google login page, and after submitting, it redirects me back to Jenkins... but... I get the following error:

javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? at sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:710) at sun.security.ssl.InputRecord.read(InputRecord.java:527) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:983) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1334) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1309) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:259) at com.google.api.client.http.javanet.NetHttpRequest.execute(NetHttpRequest.java:77) at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:972) at com.google.api.client.auth.oauth2.TokenRequest.executeUnparsed(TokenRequest.java:283) at com.google.api.client.auth.openidconnect.IdTokenResponse.execute(IdTokenResponse.java:120) at org.jenkinsci.plugins.googlelogin.GoogleOAuth2SecurityRealm$2.onSuccess(GoogleOAuth2SecurityRealm.java:180) at org.jenkinsci.plugins.googlelogin.OAuthSession.doFinishLogin(OAuthSession.java:101) at org.jenkinsci.plugins.googlelogin.GoogleOAuth2SecurityRealm.doFinishLogin(GoogleOAuth2SecurityRealm.java:252) at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627) at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117) at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:129) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845) at org.kohsuke.stapler.MetaClass$3.doDispatch(MetaClass.java:209) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649) at org.kohsuke.stapler.Stapler.service(Stapler.java:238) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:841) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154) at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:225) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:61) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:64) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:190) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.Server.handle(Server.java:564) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:317) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110) at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124) at org.eclipse.jetty.util.thread.Invocable.invokePreferred(Invocable.java:128) at org.eclipse.jetty.util.thread.Invocable$InvocableExecutor.invoke(Invocable.java:222) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:294) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:199) at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)
According to the error message, it's about SSL (obvious ^^). But I don't understand why...

If you have any idea I would appreciate

NullPointerException com.google.jenkins.plugins.googlecontainerregistryauth.GoogleContainerRegistryTokenSource.convert

java.lang.NullPointerException
at com.google.jenkins.plugins.googlecontainerregistryauth.GoogleContainerRegistryTokenSource.convert(GoogleContainerRegistryTokenSource.java:48)
at com.google.jenkins.plugins.googlecontainerregistryauth.GoogleContainerRegistryTokenSource.convert(GoogleContainerRegistryTokenSource.java:32)
at jenkins.authentication.tokens.api.AuthenticationTokens.convert(AuthenticationTokens.java:148)
at jenkins.authentication.tokens.api.AuthenticationTokens.convert(AuthenticationTokens.java:110)
at org.jenkinsci.plugins.docker.commons.credentials.DockerRegistryEndpoint.getToken(DockerRegistryEndpoint.java:222)
at org.jenkinsci.plugins.docker.commons.credentials.DockerRegistryEndpoint.newKeyMaterialFactory(DockerRegistryEndpoint.java:295)
at org.jenkinsci.plugins.docker.workflow.RegistryEndpointStep$Execution2.newKeyMaterialFactory(RegistryEndpointStep.java:95)
at org.jenkinsci.plugins.docker.workflow.AbstractEndpointStepExecution2.doStart(AbstractEndpointStepExecution2.java:52)
at org.jenkinsci.plugins.workflow.steps.GeneralNonBlockingStepExecution.lambda$run$0(GeneralNonBlockingStepExecution.java:77)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Finished: FAILURE

Jenkins 2.0

I'm not able to get credentials options for p12 key in Jenkins 2.0 though it works fine with older one.

Usage in pipeline

Is it possible to use this plugin in a Jenkinsfile ?
If so, how ? can it work with withCredentials ?
My goal is to execute gsutil commands (in docker containers).
I found a workaround but took quite some time to found it, I'm doing this in my pipeline:

withCredentials([[$class: 'StringBinding', credentialsId: "google-cloud", variable: 'GCS_KEY']]) {
  docker.image('google/cloud-sdk').inside("-e GCS_KEY=${GCS_KEY} -e GCS_KEY_FILE=/tmp/google-key.json -u 0:0 -v ${pwd()}:/code"){
    sh 'echo $GCS_KEY |base64 -d > $GCS_KEY_FILE'
    sh 'gcloud auth activate-service-account --key-file=$GCS_KEY_FILE --project $project'
    sh 'gsutil cp -r $file  gs://$bucket/'
   }
}

The google-cloud credential is of type secret file and it's a base64 encoded json file.

Security Vulnerability.

Snapchat have experienced a security vulnerability relating to this plugin:

https://hackerone.com/reports/231460

I was alerted to this by a security researcher who was able to demonstrate to me that he was able to log in to our Jenkins instance.

I've removed this plugin for now, as we were not using it, but this should be fixed very soon - or at least removed from Jenkins' plugin database.

Unable to load google cloud credentials from json file

Hello,

It seems Jenkins is unable to load my credentials from the JSON credentials file generated from google cloud storage. I get an exception AccountIdNotSetException which apparently is supposed to be the "client_email" property in the JSON config file, however it's present and set, but the exception is still raised. I have attached screenshots detailing my scenario. I am using the Google Cloud Storage plugin.

Example for usage in pipeline

Can you please provide example or some documentation on how to use it declarative or scripted pipeline? I used as below,

#!groovy

node("master") {
    stage ("List GCP Projects"){
        withCredentials([[$class: 'FileBinding', credentialsId: 'my-project-id', variable: 'GOOGLE_APPLICATION_CREDENTIALS']]) {
        
            sh "gcloud projects list --sort-by=projectId --limit=5"
        }
    }
}

But it giving error like,

ERROR: Credentials 'my-project-id' is of type 'Google Service Account from private key' where 'org.jenkinsci.plugins.plaincredentials.FileCredentials' was expected

I also tried using as given in file https://github.com/jenkinsci/google-oauth-plugin/blob/develop/Jenkinsfile.google

withCredentials([[$class: 'StringBinding', credentialsId: 'my-project-id', variable: 'GOOGLE_CREDENTIALS']]) {
   sh "gcloud projects list --sort-by=projectId --limit=5"
}

But above gave me error like,

ERROR: Credentials 'my-project-id' is of type 'Google Service Account from private key' where 'org.jenkinsci.plugins.plaincredentials.StringCredentials' was expected

httpcomponents:httpclient dependency conflict with jenkins:git

When attempting to use the google-oauth-plugin:master-SNAPSHOT in a project with other deps that use httpcomponents:httpclient, an upper bound dependency error is generated from the maven-enforcer-plugin. These other deps include:org.jenkins-ci.plugins:git:3.9.1

Require upper bound dependencies error for org.apache.httpcomponents:httpclient:4.0.1 paths to dependency are:
+-org.jenkins-ci.plugins:google-kubernetes-engine:1.0-SNAPSHOT
+-com.github.jenkinsci:google-oauth-plugin:master-SNAPSHOT
+-com.google.http-client:google-http-client:1.22.0
+-org.apache.httpcomponents:httpclient:4.0.1
and
+-org.jenkins-ci.plugins:google-kubernetes-engine:1.0-SNAPSHOT
+-org.jenkins-ci.plugins:git:3.9.1
+-org.jenkins-ci.plugins:git-client:2.7.0
+-org.jenkins-ci.plugins:apache-httpcomponents-client-4-api:4.5.3-2.0
+-org.apache.httpcomponents:httpclient:4.5.3

jcasc with Jenkins on K8S, Jenkins fails to start

We have this entry in our code: (key removed)

  • googleRobotPrivateKey:
    projectId: "intoscp-003-m"
    serviceAccountConfig:
    json:
    filename: "key-file.json"
    secretJsonKey: "{base64-key}"

This causes Jenkins to fail to start with:

2020-10-01 16:58:27.865+0000 [id=26] SEVERE jenkins.InitReactorRunner$1#onTaskFailed: Failed ConfigurationAsCode.init
java.lang.IllegalArgumentException: Single entry map expected to configure a com.google.jenkins.plugins.credentials.oauth.ServiceAccountConfig
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.configureMapping(HeteroDescribableConfigurator.java:269)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.preConfigure(HeteroDescribableConfigurator.java:251)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.configure(HeteroDescribableConfigurator.java:83)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.configure(HeteroDescribableConfigurator.java:55)
at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.tryConstructor(DataBoundConfigurator.java:160)
at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.instance(DataBoundConfigurator.java:77)
at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:267)
at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.configure(DataBoundConfigurator.java:83)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$doConfigure$16668e2$1(HeteroDescribableConfigurator.java:277)
at io.vavr.CheckedFunction0.lambda$unchecked$52349c75$1(CheckedFunction0.java:247)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.doConfigure(HeteroDescribableConfigurator.java:277)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$null$2(HeteroDescribableConfigurator.java:86)
at io.vavr.control.Option.map(Option.java:392)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$configure$3(HeteroDescribableConfigurator.java:86)
at io.vavr.Tuple2.apply(Tuple2.java:238)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.configure(HeteroDescribableConfigurator.java:83)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.configure(HeteroDescribableConfigurator.java:55)
at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.tryConstructor(DataBoundConfigurator.java:152)
at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.instance(DataBoundConfigurator.java:77)
at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:267)
at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.check(DataBoundConfigurator.java:101)
at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:344)
at io.jenkins.plugins.casc.BaseConfigurator.check(BaseConfigurator.java:287)
at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:351)
at io.jenkins.plugins.casc.BaseConfigurator.check(BaseConfigurator.java:287)
at io.jenkins.plugins.casc.ConfigurationAsCode.lambda$checkWith$8(ConfigurationAsCode.java:755)
at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:691)
at io.jenkins.plugins.casc.ConfigurationAsCode.checkWith(ConfigurationAsCode.java:755)
at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:740)
at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:616)
at io.jenkins.plugins.casc.ConfigurationAsCode.configure(ConfigurationAsCode.java:298)
at io.jenkins.plugins.casc.ConfigurationAsCode.init(ConfigurationAsCode.java:290)
Caused: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:104)
Caused: java.lang.Error
at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:110)
at hudson.init.TaskMethodFinder$TaskImpl.run(TaskMethodFinder.java:175)
at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:296)
at jenkins.model.Jenkins$5.runTask(Jenkins.java:1131)
at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:214)
at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:117)
at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:59)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
2020-10-01 16:58:27.872+0000 [id=19] SEVERE hudson.util.BootFailure#publish: Failed to initialize Jenkins
java.lang.IllegalArgumentException: Single entry map expected to configure a com.google.jenkins.plugins.credentials.oauth.ServiceAccountConfig
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.configureMapping(HeteroDescribableConfigurator.java:269)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.preConfigure(HeteroDescribableConfigurator.java:251)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.configure(HeteroDescribableConfigurator.java:83)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.configure(HeteroDescribableConfigurator.java:55)
at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.tryConstructor(DataBoundConfigurator.java:160)
at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.instance(DataBoundConfigurator.java:77)
at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:267)
at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.configure(DataBoundConfigurator.java:83)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$doConfigure$16668e2$1(HeteroDescribableConfigurator.java:277)
at io.vavr.CheckedFunction0.lambda$unchecked$52349c75$1(CheckedFunction0.java:247)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.doConfigure(HeteroDescribableConfigurator.java:277)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$null$2(HeteroDescribableConfigurator.java:86)
at io.vavr.control.Option.map(Option.java:392)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$configure$3(HeteroDescribableConfigurator.java:86)
at io.vavr.Tuple2.apply(Tuple2.java:238)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.configure(HeteroDescribableConfigurator.java:83)
at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.configure(HeteroDescribableConfigurator.java:55)
at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.tryConstructor(DataBoundConfigurator.java:152)
at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.instance(DataBoundConfigurator.java:77)
at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:267)
at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.check(DataBoundConfigurator.java:101)
at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:344)
at io.jenkins.plugins.casc.BaseConfigurator.check(BaseConfigurator.java:287)
at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:351)
at io.jenkins.plugins.casc.BaseConfigurator.check(BaseConfigurator.java:287)
at io.jenkins.plugins.casc.ConfigurationAsCode.lambda$checkWith$8(ConfigurationAsCode.java:755)
at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:691)
at io.jenkins.plugins.casc.ConfigurationAsCode.checkWith(ConfigurationAsCode.java:755)
at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:740)
at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:616)
at io.jenkins.plugins.casc.ConfigurationAsCode.configure(ConfigurationAsCode.java:298)
at io.jenkins.plugins.casc.ConfigurationAsCode.init(ConfigurationAsCode.java:290)
Caused: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:104)
Caused: java.lang.Error
at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:110)
at hudson.init.TaskMethodFinder$TaskImpl.run(TaskMethodFinder.java:175)
at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:296)
at jenkins.model.Jenkins$5.runTask(Jenkins.java:1131)
at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:214)
at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:117)
at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:59)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused: org.jvnet.hudson.reactor.ReactorException
at org.jvnet.hudson.reactor.Reactor.execute(Reactor.java:282)
at jenkins.InitReactorRunner.run(InitReactorRunner.java:50)
at jenkins.model.Jenkins.executeReactor(Jenkins.java:1164)
at jenkins.model.Jenkins.(Jenkins.java:964)
at hudson.model.Hudson.(Hudson.java:85)
at hudson.model.Hudson.(Hudson.java:81)
at hudson.WebAppMain$3.run(WebAppMain.java:282)
Caused: hudson.util.HudsonFailedToLoad
at hudson.WebAppMain$3.run(WebAppMain.java:299)

Google SDK unable to read JSON key

I am trying to execute gcloud commands using GCloud sdk plugin. But I am getting an error ERROR: (gcloud.auth.activate-service-account) Could not read json file. Can someone help me out on this? Thanks in advance.

Google OAuth plugin should reaffirm auth on refresh

The access token provided by OAuth expires after a very short amount of time, but the acceptance is still cached, and simply clicking Login will reaffirm that acceptance and regenerate the auth token (and not present the full OAuth handshake). Rather than forcing the user to periodically click "Log In", the plugin should check that the access token is valid before the page render (and, if it already does that and is just reacting to short-lived access tokens, use a refresh token to acquire a new access token if the access token is no longer valid)

Jenkins plugin Json or P12 key are not found and saved empty

When I try to push a Docker image to GGloud i get this stacktrace

com.google.jenkins.plugins.credentials.oauth.GoogleRobotPrivateKeyCredentials$AccountIdNotSetException
	at com.google.jenkins.plugins.credentials.oauth.GoogleRobotPrivateKeyCredentials.getGoogleCredential(GoogleRobotPrivateKeyCredentials.java:181)
	at com.google.jenkins.plugins.credentials.oauth.GoogleRobotPrivateKeyCredentials.getGoogleCredential(GoogleRobotPrivateKeyCredentials.java:45)
	at com.google.jenkins.plugins.credentials.oauth.GoogleRobotCredentials.getAccessToken(GoogleRobotCredentials.java:101)
	at com.google.jenkins.plugins.googlecontainerregistryauth.GoogleContainerRegistryCredentialModule.getToken(GoogleContainerRegistryCredentialModule.java:73)

When I open my credentials the file is gone.

image

Key files are generated but not found. Also the files are empty

image

Jenkins for Windows ver. 2.73.3
Google OAuth Credentials plugin 0.5

Clarifying build instructions

Upon initial build of plugin maven build fails with:
"Error assembling hpi: ~/google-storage-plugin/target/classes isn't a directory."

The plugin seems incompatible with JCASC

Hi All,
I'm using jcasc to configure my jenkins at bootstrap.
In my scenario I have a pipeline that is building a code on Google CloudBuild so I need to use this plugin to set the google credentials in order to call the google API.
I'm able to install the google oauth plugin correctly from Jenkins Plugin Manager and I'm able to use it to build on the cloud when jenkins is up and running but my target is to have all configured as code.
So, the problem is that I cannot export the correct jcasc configuration of my google oauth plugin from jcasc because when I try to do it in the download configuration section I'm obtainig the issue:

googleRobotPrivateKey: module: |- FAILED TO EXPORT com.google.jenkins.plugins.credentials.oauth.GoogleRobotPrivateKeyCredentials#module: No configurator found for type class com.google.jenkins.plugins.credentials.oauth.GoogleRobotCredentialsModule

At the same time I'm not able to found the way to implement directly into jcasc yml the configuration of my google credentials as code because I'm not found a tutorial or guidilines that explains me the correct syntax to do that.

Can you help me on this please?
Otherwise can you address me on how to reach my target please?

Thanks in advance to all.

Directions for GCE service account no longer work.

The directions indicate to create a service account and use the "Download JSON" button for the service account, but that no longer exists. It only has "Generate new JSON key" and "Generate new P12 key".

Use standard databinding to retrieve the json key from user

Hi. I am using the "Jenkins Configuration as Code Plugin" to configure credentials into my jenkins.

However, I can't find a way to make it work with this plugin credential because it uses a FileStream as input:
=> #5 (comment)
=> jenkinsci/configuration-as-code-plugin#785

Weirdly enough, when I look at the API generated by the JCasC plugin, it looks like I have to send a string.
JCasC_API_doc

With all other credentials I used, it is possible to upload secrets as strings.
Would it be possible to fix this?

Thanks

Add Google Service Account from Private Key support on Kubernetes Credentials

Migrated from: https://issues.jenkins-ci.org/browse/JENKINS-53742
Author: seboudry

Add support for this credential added via Google OAuth Credentials plugin: Google Service Account from private key

I presume the Java backed class is GoogleRobotPrivateKeyCredentials

https://wiki.jenkins.io/display/JENKINS/Google+OAuth+Plugin

PS : I don't think we need and can have "Google Service Account from metadata" support on Kubernetes Credentials plugin.

Can't find Credential by ID at Folder level

Hello!

We've been testing the Android publishing plugin, built on top of this one, and we're experiencing problems because it's unable to find any Folder level Credential when using GoogleRobotCredentials's getByID.
This is because the Jenkins instance is being passed for the lookup in CredentialsProvider.lookupCredentials(GoogleRobotCredentials.class, Jenkins.get(), ACL.SYSTEM, Collections.emptyList()); which makes it only check on System credentials.

If the item passed was the current execution context, it would look from Folder and up its parents. Is this something that's planned to be adapted? Otherwise it's impossible to use Folder-level credentials. In our systems most credentials are folder dependent (as there's many folders and stakeholders using the same central system).

p12 path not saving in credentials.xml

.p12 file not recordings in credentials.xml and empty(has size 0 bytes (placed in folder \gauth))

Steps to reproduce:

  1. install google-oauth-plugin
  2. go to Jenkins Dashboard
  3. login as Administrator
  4. go to Credentials
  5. Select "Global credentials (unrestricted)"
  6. Select "Add Credentials"
  7. Kind - Google Service account from private key
  8. Provide any "Project Name"
  9. Select option "P12 key"
  10. Fill "E-Mail Address"
  11. provide p12 key
  12. press "ok"
  13. Look into credentials.xml in Jenkins home folder

e-mail for project filled, but no path to p12 key
14) Check size of p12 key in folder "gauth"
size of p12 key is 0 bytes
On Jenkins installed in Debian 8 by deb file all works fine.

joda-time dependency conflict with jenkins:git and k8s java client

When attempting to use the google-oauth-plugin:0.6 in a project with other deps that use joda-time, an upper bound dependency error is generated from the maven-enforcer-plugin. These other deps include:
org.jenkins-ci.plugins:git:2.5.2
io.kubernetes:client-java:3.0.0

The error output from the maven-enforcer-plugin is below:

Require upper bound dependencies error for joda-time:joda-time:2.9.2 paths to dependency are:
+-org.jenkins-ci.plugins:google-kubernetes-engine:1.0-SNAPSHOT
+-org.jenkins-ci.plugins:git:2.5.2
+-joda-time:joda-time:2.9.2
and
+-org.jenkins-ci.plugins:google-kubernetes-engine:1.0-SNAPSHOT
+-org.jenkins-ci.plugins:google-oauth-plugin:0.6
+-joda-time:joda-time:1.5.1
and
+-org.jenkins-ci.plugins:google-kubernetes-engine:1.0-SNAPSHOT
+-io.kubernetes:client-java:3.0.0
+-io.kubernetes:client-java-api:3.0.0
+-joda-time:joda-time:2.9.3

Null pointer exception in Google OAuth

Getting Null pointer exception for some accounts trying to login through google OAuth.

Stack trace
java.lang.NullPointerException at org.jenkinsci.plugins.googlelogin.GoogleOAuth2SecurityRealm.doFinishLogin(GoogleOAuth2SecurityRealm.java:246) at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627) at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117) at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:129) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715) Caused: javax.servlet.ServletException at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:765) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845) at org.kohsuke.stapler.MetaClass$3.doDispatch(MetaClass.java:209) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649) at org.kohsuke.stapler.Stapler.service(Stapler.java:238) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:841) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:135) at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:59) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132) at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:232) at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:209) at net.bull.javamelody.PluginMonitoringFilter.doFilter(PluginMonitoringFilter.java:88) at org.jvnet.hudson.plugins.monitoring.HudsonMonitoringFilter.doFilter(HudsonMonitoringFilter.java:113) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:138) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:92) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:190) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.Server.handle(Server.java:564) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:317) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110) at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124) at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745)

Occasionally not able to authenticate on Jenkins start

We've been bit by this error a few times now:

java.lang.AssertionError: class com.google.jenkins.plugins.credentials.oauth.GoogleRobotMetadataCredentials is missing its descriptor at jenkins.model.Jenkins.getDescriptorOrDie(Jenkins.java:1570) at com.google.jenkins.plugins.credentials.oauth.GoogleRobotCredentials.getDescriptor(GoogleRobotCredentials.java:77)

When Jenkins starts up, occasionally it is not able to authenticate and jobs fail immediately with the error above.

Can't handle class com.google.jenkins.plugins.credentials.oauth.JsonServiceAccountConfig#jsonKeyFileUpload: type is abstract but not Describable.

Hello,
i'm having an issue with the JCASC plugin googleRobotPrivateKey. When jenkins is loading the key i got the error mentioned in the subject in jenkins logs.
If i add the key directly in the jenkins interface using this kind of key i don't have any error.
After adding the key directly into the jenkins interface, the code generated by JCASC for this key, is similar with the one i added in the jcasc manifest:

credentials:

  system:
    domainCredentials:
      - credentials:
          - googleRobotPrivateKey:
              projectId: "it-ops-staging"
              serviceAccountConfig:
                json:
                  filename: "gcr_admin.json"
                  secretJsonKey: "${GOOGLE_ROBOT_PRIV_KEY}"

The error generated running the job i got the error AccountIdNotSetException:

com.google.jenkins.plugins.credentials.oauth.GoogleRobotPrivateKeyCredentials$AccountIdNotSetException
at com.google.jenkins.plugins.credentials.oauth.GoogleRobotPrivateKeyCredentials.getGoogleCredential(GoogleRobotPrivateKeyCredentials.java:185)
at com.google.jenkins.plugins.credentials.oauth.GoogleRobotPrivateKeyCredentials.getGoogleCredential(GoogleRobotPrivateKeyCredentials.java:43)
at com.google.jenkins.plugins.credentials.oauth.GoogleRobotCredentials.getAccessToken(GoogleRobotCredentials.java:85)
at com.google.jenkins.plugins.googlecontainerregistryauth.GoogleContainerRegistryCredentialModule.getToken(GoogleContainerRegistryCredentialModule.java:73)
at com.google.jenkins.plugins.googlecontainerregistryauth.GoogleContainerRegistryCredential.getPassword(GoogleContainerRegistryCredential.java:224)
at com.google.jenkins.plugins.googlecontainerregistryauth.GoogleContainerRegistryTokenSource.convert(GoogleContainerRegistryTokenSource.java:48)
at com.google.jenkins.plugins.googlecontainerregistryauth.GoogleContainerRegistryTokenSource.convert(GoogleContainerRegistryTokenSource.java:32)
at jenkins.authentication.tokens.api.AuthenticationTokens.convert(AuthenticationTokens.java:148)
at jenkins.authentication.tokens.api.AuthenticationTokens.convert(AuthenticationTokens.java:110)
at org.jenkinsci.plugins.docker.commons.credentials.DockerRegistryEndpoint.getToken(DockerRegistryEndpoint.java:222)
at org.jenkinsci.plugins.docker.commons.credentials.DockerRegistryEndpoint.newKeyMaterialFactory(DockerRegistryEndpoint.java:295)
at org.jenkinsci.plugins.docker.workflow.RegistryEndpointStep$Execution2.newKeyMaterialFactory(RegistryEndpointStep.java:95)
at org.jenkinsci.plugins.docker.workflow.AbstractEndpointStepExecution2.doStart(AbstractEndpointStepExecution2.java:52)
at org.jenkinsci.plugins.workflow.steps.GeneralNonBlockingStepExecution.lambda$run$0(GeneralNonBlockingStepExecution.java:77)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)`

but there is no such parameter for this key:
image

the pipeline:
` stage("Push image") {

        steps {
            script {
                docker.withRegistry('https://gcr.io', 'gcr:iXXX') {
                        myapp.push("latest")
                        myapp.push("${env.BUILD_ID}")
                }
            }
        }
    }`

Can you please check and advice?
Thank you

adding new oauth crendentials result in unhandled exception

Jenkins and plugins versions report

Environment

Jenkins: 2.236
OS: Linux - 3.10.105

ace-editor:1.1
active-directory:2.23
analysis-core:1.96
ansicolor:0.7.4
ant:1.8
antisamy-markup-formatter:2.0
apache-httpcomponents-client-4-api:4.5.10-2.0
authentication-tokens:1.3
azure-ad:1.2.0
azure-commons:1.0.4
azure-container-agents:1.1.1
azure-credentials:4.0.2
azure-keyvault:2.0
azure-vm-agents:1.5.0
blueocean:1.23.2
blueocean-autofavorite:1.2.4
blueocean-bitbucket-pipeline:1.24.4
blueocean-commons:1.24.4
blueocean-config:1.24.4
blueocean-core-js:1.24.4
blueocean-dashboard:1.24.4
blueocean-display-url:2.3.1
blueocean-events:1.24.4
blueocean-git-pipeline:1.24.4
blueocean-github-pipeline:1.24.4
blueocean-i18n:1.24.4
blueocean-jira:1.24.4
blueocean-jwt:1.24.4
blueocean-personalization:1.24.4
blueocean-pipeline-api-impl:1.24.4
blueocean-pipeline-editor:1.24.4
blueocean-pipeline-scm-api:1.24.4
blueocean-rest:1.24.4
blueocean-rest-impl:1.24.4
blueocean-web:1.24.4
bouncycastle-api:2.18
branch-api:2.5.6
build-monitor-plugin:1.12+build.201809061734
build-name-setter:2.1.0
build-pipeline-plugin:1.5.8
build-timeout:1.19.1
built-on-column:1.1
caffeine-api:2.9.2-29.v717aac953ff3
cloud-stats:0.27
cloudbees-bitbucket-branch-source:2.8.0
cloudbees-folder:6.15
cocoapods-integration:0.2.0
command-launcher:1.4
conditional-buildstep:1.3.6
config-file-provider:3.6.3
copyartifact:1.44
credentials:2.6.1.1
credentials-binding:1.23
dashboard-view:2.12
delivery-pipeline-plugin:1.4.2
digitalocean-plugin:1.3.0
disk-usage:0.28
display-url-api:2.3.2
docker-commons:1.17
docker-java-api:3.1.5.2
docker-plugin:1.2.2
docker-slaves:1.0.7
docker-workflow:1.25
downstream-buildview:1.9
durable-task:1.34
dynamic_extended_choice_parameter:1.0.1
email-ext:2.69
emailext-template:1.1
envinject:2.3.0
envinject-api:1.7
extended-choice-parameter:0.78
extended-read-permission:3.2
external-monitor-job:1.7
favorite:2.3.2
git:4.2.2
git-client:3.2.1
git-server:1.9
github:1.30.0
github-api:1.122
github-branch-source:2.7.1
gradle:1.36
greenballs:1.15
handlebars:1.1.1
handy-uri-templates-2-api:2.1.8-1.0
htmlpublisher:1.22
hudson-wsclean-plugin:1.0.7
ios-device-connector:1.2
jackson2-api:2.12.1
javadoc:1.5
jdk-tool:1.4
jenkins-design-language:1.24.4
jenkins-multijob-plugin:1.33
jira:3.0.15
job-dsl:1.77
job-restrictions:0.8
jobConfigHistory:2.26
jquery:1.12.4-1
jquery-detached:1.2.1
jsch:0.1.55.2
junit:1.29
keycloak:2.3.0
label-verifier:1.4
ldap:1.24
lockable-resources:2.8
mailer:1.32
mapdb-api:1.0.9.0
matrix-auth:2.6.1
matrix-project:1.14
maven-plugin:3.6
mercurial:2.10
metrics:4.0.2.6
metrics-diskusage:3.0.0
modernstatus:1.2
momentjs:1.1.1
monitoring:1.83.0
msbuild:1.29
node-iterator-api:1.5.0
nodejs:1.3.5
nodelabelparameter:1.7.2
nunit:0.26
oauth-credentials:0.5
okhttp-api:3.14.9
pam-auth:1.6
parameterized-trigger:2.37
persistent-parameter:1.2
pipeline-build-step:2.12
pipeline-graph-analysis:1.10
pipeline-input-step:2.11
pipeline-milestone-step:1.3.1
pipeline-model-api:1.6.0
pipeline-model-declarative-agent:1.1.1
pipeline-model-definition:1.6.0
pipeline-model-extensions:1.6.0
pipeline-npm:0.9.2
pipeline-rest-api:2.13
pipeline-stage-step:2.3
pipeline-stage-tags-metadata:1.6.0
pipeline-stage-view:2.13
pipeline-utility-steps:2.5.0
plain-credentials:1.7
port-allocator:1.8
powershell:1.4
publish-over:0.22
publish-over-cifs:0.13
pubsub-light:1.13
resource-disposer:0.14
role-strategy:3.0
run-condition:1.3
scm-api:2.6.3
script-security:1.72
simple-theme-plugin:0.6
snakeyaml-api:1.30.1
sse-gateway:1.24
ssh:2.6.1
ssh-agent:1.20
ssh-credentials:1.18.1
ssh-slaves:1.31.2
ssh-steps:2.0.0
structs:308.v852b473a2b8c
subversion:2.13.1
test-results-analyzer:0.3.5
timestamper:1.11.3
token-macro:2.12
trilead-api:1.0.6
variant:1.3
vsphere-cloud:2.23
windows-azure-storage:1.1.5
windows-slaves:1.6
workflow-aggregator:2.6
workflow-api:2.40
workflow-basic-steps:2.20
workflow-cps:2.80
workflow-cps-global-lib:2.16
workflow-durable-task-step:2.35
workflow-job:2.39
workflow-multibranch:2.21
workflow-scm-step:2.11
workflow-step-api:2.23
workflow-support:3.4
ws-cleanup:0.38

What Operating System are you using (both controller, and any agents involved in the problem)?

windows over Edge

Reproduction steps

go in credentials
add new credential type of oAuth

Expected Results

able to add one credential to be modified

Actual Results

The interface talk about A problem occurred while processing the request.

when I look at the logs I can see this

May 25, 2022 1:14:18 AM WARNING org.eclipse.jetty.server.handler.ContextHandler$Context log
Error while serving https://****/credentials/store/system/domain/_/createCredentials
org.kohsuke.stapler.NoStaplerConstructorException: There's no @DataBoundConstructor on any constructor of interface com.google.jenkins.plugins.credentials.oauth.OAuth2Credentials
	at org.kohsuke.stapler.ClassDescriptor.loadConstructorParamNames(ClassDescriptor.java:265)
	at org.kohsuke.stapler.RequestImpl.instantiate(RequestImpl.java:765)
	at org.kohsuke.stapler.RequestImpl.access$200(RequestImpl.java:83)
	at org.kohsuke.stapler.RequestImpl$TypePair.convertJSON(RequestImpl.java:678)
Caused: java.lang.IllegalArgumentException: Failed to instantiate interface com.cloudbees.plugins.credentials.Credentials from {"stapler-class":"com.google.jenkins.plugins.credentials.oauth.OAuth2Credentials","$class":"com.google.jenkins.plugins.credentials.oauth.OAuth2Credentials"}
	at org.kohsuke.stapler.RequestImpl$TypePair.convertJSON(RequestImpl.java:681)
	at org.kohsuke.stapler.RequestImpl.bindJSON(RequestImpl.java:478)
	at org.kohsuke.stapler.RequestImpl.bindJSON(RequestImpl.java:474)
	at com.cloudbees.plugins.credentials.CredentialsStoreAction$DomainWrapper.doCreateCredentials(CredentialsStoreAction.java:824)
	at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
	at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396)
Caused: java.lang.reflect.InvocationTargetException
	at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:400)
	at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408)
	at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:77)
	at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26)
	at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212)
	at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145)
	at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:535)
	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747)
	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:878)
	at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:280)
	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747)
	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:878)
	at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:280)
	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747)
	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:878)
	at org.kohsuke.stapler.MetaClass$9.dispatch(MetaClass.java:456)
	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747)
	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:878)
	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:676)
	at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:755)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1617)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
	at jenkins.security.ResourceDomainFilter.doFilter(ResourceDomainFilter.java:76)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:248)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:60)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at com.smartcodeltd.jenkinsci.plugin.assetbundler.filters.LessCSS.doFilter(LessCSS.java:47)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:239)
	at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:215)
	at net.bull.javamelody.PluginMonitoringFilter.doFilter(PluginMonitoringFilter.java:88)
	at org.jvnet.hudson.plugins.monitoring.HudsonMonitoringFilter.doFilter(HudsonMonitoringFilter.java:114)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at org.jenkinsci.plugins.modernstatus.ModernStatusFilter.doFilter(ModernStatusFilter.java:52)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:59)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:128)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
	at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604)
	at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:153)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
	at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
	at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90)
	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604)
	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604)
	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604)
	at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604)
	at jenkins.security.SuspiciousRequestFilter.doFilter(SuspiciousRequestFilter.java:36)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:545)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:566)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1610)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1300)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1580)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1215)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
	at org.eclipse.jetty.server.Server.handle(Server.java:500)
	at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383)
	at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:547)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
	at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938)
	at java.lang.Thread.run(Thread.java:748)

Anything else?

No response

Plugin usage

Hi,
Can this plugin can be used for authentication to the jenkins interface, or is it only for jobs?

Only compatible with legacy access scopes management and not IAM roles?

I am using a GKE cluster without the legacy access scopes but using a custom service account (as documented here: https://cloud.google.com/kubernetes-engine/docs/how-to/access-scopes)

When using this plugin I am trying to create a "Google Service Account from metadata", it says that I have only access to the 2 following scopes:

Then I'm trying to use the Google Container registry auth plugin (see https://wiki.jenkins.io/display/JENKINS/Google+Container+Registry+Auth+Plugin) and I think this is not going to work because of the missing "https://www.googleapis.com/auth/devstorage.read_write" scope in the above list, right?

And then more specifically I am trying to use it from the Docker pipeline plugin (see https://jenkins.io/doc/book/pipeline/docker/) to push an image to gcr.io and this is not working (while I bet it should since people created a PR on it to document it, see jenkinsci/google-container-registry-auth-plugin#2) because it tells me that the credentials are not available. I bet this is all about the missing scopes above (i.e. scope missing, so GCR auth plugin cannot do its work and have credentials available for docker pipeline plugin), right?

If all the above is right, any plan to get it work with IAM roles?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.