Multibranch not able to use existing credential, or create a new one

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

Multibranch not able to use existing credential, or create a new one

itchymuzzle

Jenkins v2.79 AWS EC2 Linux instances for both master and node, Bitbucket for Git


This is really strange.  I have a credential which is working fine for a “regular” pipeline.  The credential contains a private ssh key and Bitbucket app password. 


When I create the multibranch job it is 

  • not able to find/see that existing credential, and 
  • is not able to create a new one using that same private ssh key, and a new Bitbucket app password. 


Been going around in circles for hours now, doesn’t make any sense.  Any idea what I am not understanding here?


Thanks.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/0c73ff95-27ad-43c8-bcd6-444252d86850%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Multibranch not able to use existing credential, or create a new one

Mark Waite-2


On Tue, Nov 7, 2017 at 10:53 AM itchymuzzle <[hidden email]> wrote:

Jenkins v2.79 AWS EC2 Linux instances for both master and node, Bitbucket for Git


This is really strange.  I have a credential which is working fine for a “regular” pipeline.  The credential contains a private ssh key and Bitbucket app password. 


When I create the multibranch job it is 

  • not able to find/see that existing credential, and 
  • is not able to create a new one using that same private ssh key, and a new Bitbucket app password. 


Been going around in circles for hours now, doesn’t make any sense.  Any idea what I am not understanding here?



I don't understand your reference to a credential which "contains a private ssh key and Bitbucket app password".  That's not a credential type I recognize.

I'm accustomed to credentials which contain a private key, and I can envision a credential which includes a Bitbucket app password.  I've never seen a credential which combines those two things into a single credential.

Can you explain further how that credential is created?

As far as I know, the git plugin can use private key based credentials with ssh protocol repositories (like ssh://hostname/path/to/repo.git and user@hostname:path/to/repo.git) and it can use username / password credentials with http and https repositories (like http://hostname/path/to/repo and https://hostname/path/to/repo).  

Is your working case a use of the git plugin, or is it using some other source control access method?

Mark Waite
 

Thanks.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/0c73ff95-27ad-43c8-bcd6-444252d86850%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAO49JtEEw55tpnPvME87GGa%3DnZUQNoRHug7h2G74R4-okFiS0g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Multibranch not able to use existing credential, or create a new one

itchymuzzle
Do these screen shots help?

Credential which works


The bitbucket app passwords (just showing label column)




--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/27efbee6-3343-463f-86fe-fa2d3cb7e035%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Multibranch not able to use existing credential, or create a new one

itchymuzzle
I have tried creating the credential without the app password, and that doesn't seem to work. 

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/97f7d627-a8ba-4274-89a9-d41444344749%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Multibranch not able to use existing credential, or create a new one

Mark Waite-2
In reply to this post by itchymuzzle


On Tue, Nov 7, 2017 at 12:23 PM itchymuzzle <[hidden email]> wrote:
Do these screen shots help?

Credential which works



That looks like a private key based credential.  As far as I've seen with that type of credential, there is no location to insert an app password.  

A separate credential can be created which uses an app password, but there is no location to enter the Bitbucket app password in the private key credential.

 
The bitbucket app passwords (just showing label column)



That looks like a bitbucket user interface.  Do you copy the resulting Bitbucket app password into a separate Jenkins credential, or do you pass that information to Jenkins in some other way?

Mark Waite
 


--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/27efbee6-3343-463f-86fe-fa2d3cb7e035%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAO49JtEU5PWnwC0kkj%3DgwYVbXOrFSJww4eaoyOV%2BVWw6Y4b%2BeQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Multibranch not able to use existing credential, or create a new one

itchymuzzle
> resulting Bitbucket app password 

It is the value in the ID field, in the first screen shot.


--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/15f37ec5-87ea-454b-8d96-59ef38844766%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Multibranch not able to use existing credential, or create a new one

Mark Waite-2


On Tue, Nov 7, 2017 at 12:38 PM itchymuzzle <[hidden email]> wrote:
> resulting Bitbucket app password 

It is the value in the ID field, in the first screen shot.


Ah, that clarifies it.  The value in the ID field is only used inside Jenkins.  It is never transmitted as part of any credential.

Unfortunately, that doesn't solve your problem.  You're using a private key credential which is working in one location and not working in another location.  The app password you entered is a nicely creative, random identifier for the private key credential, but it is only an internally used identifier, not something that is passed as a credential value.

I don't know why private key credentials would behave differently in those two scenarios.  

Is the credential attached to the folder which contains the working job, but not visible from the folder of the non-working job?  Folder scoped credentials are a great way to limit who can use specific credentials.

Mark Waite
 

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/15f37ec5-87ea-454b-8d96-59ef38844766%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAO49JtGd8g1igekmyq2PC6-4HhWWVbj07cmSkMNfdbmjv%2BpwRg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Multibranch not able to use existing credential, or create a new one

itchymuzzle
In reply to this post by itchymuzzle
Looking back at my notes I am not using bitbucket App password, that item must have been left over from my very first attempts.  So my bad on that item.

But I still have the original issue, that when I am creating a new multibranch job I am not able to select/find/see my existing credentials.  Which sets me off in the loop of trying to create a new one.    

(screen shot) The first drop-down only has a selection of None, while the second drop-down has selections of "Multibranch_test_02" and "Jenkins", both forcing me to create new ones.

Why I can't I use/find/see/select the credential I already have for bitbucket, which works.


--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/d8ba7267-f4b8-4a17-afdc-430fe8c3ce77%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Multibranch not able to use existing credential, or create a new one

itchymuzzle
In reply to this post by Mark Waite-2
> Is the credential attached to the folder which contains the working job, but not visible from the folder of the non-working job?  Folder scoped credentials are a great way to limit who can use specific credentials.

It says global, is that not the case?

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/9d93de02-81be-4e29-91eb-b3d8f077f2ad%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Multibranch not able to use existing credential, or create a new one

stephenconnolly
In reply to this post by itchymuzzle

On Tue 7 Nov 2017 at 20:01, itchymuzzle <[hidden email]> wrote:
Looking back at my notes I am not using bitbucket App password, that item must have been left over from my very first attempts.  So my bad on that item.

But I still have the original issue, that when I am creating a new multibranch job I am not able to select/find/see my existing credentials.  Which sets me off in the loop of trying to create a new one.    

(screen shot) The first drop-down only has a selection of None, while the second drop-down has selections of "Multibranch_test_02" and "Jenkins", both forcing me to create new ones.

Why I can't I use/find/see/select the credential I already have for bitbucket, which works.


This only accepts username/password credentials as it accesses the Bitbucket api (which is https and http doesn’t understand ash keys)

The password doesn’t have to be a password, it can be an api token... but the credentials must be of type username password

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/d8ba7267-f4b8-4a17-afdc-430fe8c3ce77%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Sent from my phone

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CA%2BnPnMwXX9Gk%3DMP%2BiXN2D1%3D0gLgjgPrbWcjrAtphZa56NEK8YQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Multibranch not able to use existing credential, or create a new one

itchymuzzle
> This only accepts username/password credentials

Ok, but ...

Bitbucket has my public key, and the Jenkins credential has my private key.


--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/8cd604a8-73ef-4141-8b98-a96e2d823704%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Multibranch not able to use existing credential, or create a new one

stephenconnolly


On 7 November 2017 at 13:32, itchymuzzle <[hidden email]> wrote:
> This only accepts username/password credentials

Ok, but ...

Bitbucket has my public key, and the Jenkins credential has my private key.

And accessing the Bitbucket REST API only works over http (because it's REST)... so having the key is fine... but doesn't work for the REST API shortcuts that this dedicated Branch Source uses... if you want to use the private key then use a plain Git Source and specify the ssh: url  


--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/8cd604a8-73ef-4141-8b98-a96e2d823704%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CA%2BnPnMy53SP68jLGT%2BjLgYj8Yax9uuhMYSjyeyh%2BAjvhyKJJ3A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.