[JIRA] (JENKINS-61824) Git plugin credential lookup uses too low level API
Title: Message Title Matt Sicker commented on JENKINS-61824 Re: Git plugin credential lookup uses too low level API I came across a similar issue today in the slack plugin which uses even lower level APIs: https://github.com/jenkinsci/slack-plugin/blob/master/src/main/java/jenkins/plugins/slack/CredentialsObtainer.java Seems like there's too much choice! Add Comment This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.205677.1586203717000.20026.1588262580120%40Atlassian.JIRA.
[JIRA] (JENKINS-61824) Git plugin credential lookup uses too low level API
Title: Message Title Matt Sicker commented on JENKINS-61824 Re: Git plugin credential lookup uses too low level API Likely related! I started looking at patching this yesterday, though since the affected code seemed to be a little fancier than expected, I think I may need to take a step back to examine credentials-plugin and see if there's any more APIs that needed to be updated in it to properly integrate the fancier credential resolution. This API has clearly evolved over a long period of time, so not every plugin seems to be using the most effective APIs. Add Comment This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.205677.1586203717000.7646.1586274660547%40Atlassian.JIRA.
[JIRA] (JENKINS-61824) Git plugin credential lookup uses too low level API
Title: Message Title Mark Waite assigned an issue to Unassigned Jenkins / JENKINS-61824 Git plugin credential lookup uses too low level API Change By: Mark Waite Assignee: Mark Waite Add Comment This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.205677.1586203717000.7325.1586232720154%40Atlassian.JIRA.
[JIRA] (JENKINS-61824) Git plugin credential lookup uses too low level API
Title: Message Title Mark Waite commented on JENKINS-61824 Re: Git plugin credential lookup uses too low level API Matt Sicker pull requests are welcomed to adapt the plugin to the new APIs. May be related to JENKINS-58902 and JENKINS-44773 Add Comment This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.205677.1586203717000.7270.1586217480143%40Atlassian.JIRA.
[JIRA] (JENKINS-61824) Git plugin credential lookup uses too low level API
Title: Message Title Matt Sicker edited a comment on JENKINS-61824 Re: Git plugin credential lookup uses too low level API One other note: the low level API for interacting with credential parameters on builds is via https://github.com/jenkinsci/credentials-plugin/blob/master/docs/consumer.adoc#binding-user-supplied-credentials-parameters-to-builds Edit: more relevant would be https://github.com/jenkinsci/credentials-plugin/blob/master/docs/consumer.adoc#retrieve-a-previously-selected-credentials-instance Add Comment This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.205677.1586203717000.7265.1586215680126%40Atlassian.JIRA.
[JIRA] (JENKINS-61824) Git plugin credential lookup uses too low level API
Title: Message Title Matt Sicker commented on JENKINS-61824 Re: Git plugin credential lookup uses too low level API One other note: the low level API for interacting with credential parameters on builds is via https://github.com/jenkinsci/credentials-plugin/blob/master/docs/consumer.adoc#binding-user-supplied-credentials-parameters-to-builds Add Comment This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.205677.1586203717000.7263.1586215560129%40Atlassian.JIRA.
[JIRA] (JENKINS-61824) Git plugin credential lookup uses too low level API
Title: Message Title Matt Sicker commented on JENKINS-61824 Re: Git plugin credential lookup uses too low level API Yes, the shadowing is from 2018 or 2019, and the user scoped credentials are just poorly supported in general. Seems like this is less a bug and more so an improvement. I'm able to work around this by using git credentialsId: params.foo instead of git credentialsId: 'foo', but that will only work for global scoped credentials. If I wanted to use credentials from my account to, say, tag a sensitive git repo interactively, it wouldn't work without a lookup attempt using findCredentialsById. Add Comment This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.205677.1586203717000.7259.1586215440393%40Atlassian.JIRA.
[JIRA] (JENKINS-61824) Git plugin credential lookup uses too low level API
Title: Message Title Matt Sicker updated an issue Jenkins / JENKINS-61824 Git plugin credential lookup uses too low level API Change By: Matt Sicker Issue Type: Bug Improvement Add Comment This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.205677.1586203717000.7261.1586215440424%40Atlassian.JIRA.
[JIRA] (JENKINS-61824) Git plugin credential lookup uses too low level API
Title: Message Title Mark Waite commented on JENKINS-61824 Re: Git plugin credential lookup uses too low level API Thanks for the report Matt Sicker. Since GitSCMFileSystem.build() was implemented by Stephen Connolly in 2016, I assume that the credentials API support for user-scoped credentials, authorize project scoped credentials, other credentials, and the credential shadowing feature were added to the credentials API after 2016. Can you confirm my assumption? If my assumption is correct, then I assume all uses of credentials in the git plugin and the git client plugin should probably be visited to assure they are using the correct and current credential APIs. If those features were not added to the credentials API after 2016, then I assume there was a compelling reason that they were not used in that implementation. Add Comment This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.205677.1586203717000.7257.1586214180184%40Atlassian.JIRA.
[JIRA] (JENKINS-61824) Git plugin credential lookup uses too low level API
Title: Message Title Matt Sicker commented on JENKINS-61824 Re: Git plugin credential lookup uses too low level API I'm also open to updating the credentials plugin API if there's a limitation here I missed back when I first updated that. Add Comment This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.205677.1586203717000.7211.1586204340140%40Atlassian.JIRA.
[JIRA] (JENKINS-61824) Git plugin credential lookup uses too low level API
Title: Message Title Matt Sicker updated an issue Jenkins / JENKINS-61824 Git plugin credential lookup uses too low level API Change By: Matt Sicker In {{ UserRemoteConfig GitSCMFileSystem . DescriptorImpl.lookupCredentials build ()}}, this bypasses several features provided natively by the credentials plugin including user-scoped credentials, authorize project scoped credentials, other sources, and the credential parameter shadowing feature. This should instead use {{CredentialsProvider.findCredentialsById()}} with the listed domain requirements and the associated run. Add Comment This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.205677.1586203717000.7209.1586204220148
[JIRA] (JENKINS-61824) Git plugin credential lookup uses too low level API
Title: Message Title Matt Sicker created an issue Jenkins / JENKINS-61824 Git plugin credential lookup uses too low level API Issue Type: Bug Assignee: Mark Waite Components: git-plugin Created: 2020-04-06 20:08 Priority: Minor Reporter: Matt Sicker In UserRemoteConfig.DescriptorImpl.lookupCredentials(), this bypasses several features provided natively by the credentials plugin including user-scoped credentials, authorize project scoped credentials, other sources, and the credential parameter shadowing feature. This should instead use CredentialsProvider.findCredentialsById() with the listed domain requirements and the associated run. Add Comment