Open tgooderham opened 4 months ago
For what it's worth, I noticed there is no Sid
on the relevant policy stanza that the Jenkins plugin would use, i.e. this bit
{
"Effect": "Allow",
"Action": [
"secretsmanager:GetSecretValue",
"secretsmanager:ListSecrets",
"secretsmanager:DescribeSecret"
],
"Resource": "*"
}
Just in case the absence of a Sid
causes that policy stanza to be read as invalid (and therefore ignored by IAM), could you try adding a Sid
to it, and re-running your test scenario to see if the error still happens?
Hey Chris, Yes.... I removed it to see if that might've been the cause. Seems not
On Thu, May 30, 2024 at 4:18 PM Chris Kilding @.***> wrote:
For what it's worth, I noticed there is no Sid on the relevant policy stanza that the Jenkins plugin would use, i.e. this bit
{ "Effect": "Allow", "Action": [ "secretsmanager:GetSecretValue", "secretsmanager:ListSecrets", "secretsmanager:DescribeSecret" ], "Resource": "*" }
Just in case the absence of a Sid causes that policy stanza to be read as invalid (and therefore ignored by IAM), could you try adding a Sid to it, and re-running your test scenario to see if the error still happens?
— Reply to this email directly, view it on GitHub https://github.com/jenkinsci/aws-secrets-manager-credentials-provider-plugin/issues/324#issuecomment-2140880808, or unsubscribe https://github.com/notifications/unsubscribe-auth/AANF2ZOQMWB4QMTXBMCUKW3ZE6JUBAVCNFSM6AAAAABIRBBKC6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNBQHA4DAOBQHA . You are receiving this because you authored the thread.Message ID: <jenkinsci/aws-secrets-manager-credentials-provider-plugin/issues/324/2140880808 @github.com>
Jenkins and plugins versions report
Environment
```text Paste the output here ```What Operating System are you using (both controller, and any agents involved in the problem)?
Jenkins controller 2.440.3.7 running on CentOS 7.8.2003 x86_64 AWS Secrets Manager Credentials Provider Version1.214.va_0a_d8268d068
Reproduction steps
Installed plugin: AWS Secrets Manager Credentials Provider Version1.214.va_0a_d8268d068
According to the docs, the default configuration should provide authentication to AWS via the instance profile if the server is within EC2 which it is.
The attached instance profile name is: role-deployment-automation-within-ec2
The policy on that profile is:
Expected Results
AWS Secrets appear in jenkins credential store
Actual Results
Repeated occurrances of:
May 30, 2024 8:42:40 AM WARNING io.jenkins.plugins.credentials.secretsmanager.AwsCredentialsProvider getCredentials Could not list credentials in Secrets Manager: message=[Unable to load AWS credentials from any provider in the chain: [EnvironmentVariableCredentialsProvider: Unable to load AWS credentials from environment variables (AWS_ACCESS_KEY_ID (or AWS_ACCESS_KEY) and AWS_SECRET_KEY (or AWS_SECRET_ACCESS_KEY)), SystemPropertiesCredentialsProvider: Unable to load AWS credentials from Java system properties (aws.accessKeyId and aws.secretKey), WebIdentityTokenCredentialsProvider: You must specify a value for roleArn and roleSessionName, com.amazonaws.auth.profile.ProfileCredentialsProvider@9279de4: profile file cannot be null, com.amazonaws.auth.EC2ContainerCredentialsProviderWrapper@22deced1: Unable to load credentials. Access key or secret key are null.]]
Anything else?
No response
Are you interested in contributing a fix?
No response