search

jenkinsci / conjur-credentials-plugin

Conjur plugin for securely providing credentials to Jenkins jobs
https://plugins.jenkins.io/conjur-credentials/
Apache License 2.0
5 stars 15 forks source link

Remote call to dxxx-xxxxxxxxx6 .. Jenkins.instance is missing .. issue when using with git plugin from agent #32

Open thangarajks opened 12 months ago

thangarajks commented 12 months ago

Jenkins and plugins versions report

Environment ``` Jenkins: 2.346.4.1 OS: Linux - 4.18.0-477.15.1.el8_8.x86_64 Java: 11.0.16.1 - Eclipse Adoptium (OpenJDK 64-Bit Server VM) --- ace-editor:1.1 amazon-ecs:1.30 ant:475.vf34069fef73c antisamy-markup-formatter:2.7 apache-httpcomponents-client-4-api:4.5.13-1.0 artifactdeployer:0.33 artifactory:3.9.1 async-http-client:1.7.24.3 authentication-tokens:1.4 aws-credentials:191.vcb_f183ce58b_9 aws-java-sdk:1.12.163-315.v2b_716ec8e4df aws-java-sdk-cloudformation:1.12.163-315.v2b_716ec8e4df aws-java-sdk-codebuild:1.12.163-315.v2b_716ec8e4df aws-java-sdk-ec2:1.12.246-349.v96b_b_f7eb_a_c3c aws-java-sdk-ecr:1.12.163-315.v2b_716ec8e4df aws-java-sdk-ecs:1.12.163-315.v2b_716ec8e4df aws-java-sdk-elasticbeanstalk:1.12.246-349.v96b_b_f7eb_a_c3c aws-java-sdk-iam:1.12.163-315.v2b_716ec8e4df aws-java-sdk-logs:1.12.163-315.v2b_716ec8e4df aws-java-sdk-minimal:1.12.246-349.v96b_b_f7eb_a_c3c aws-java-sdk-ssm:1.12.163-315.v2b_716ec8e4df aws-lambda:0.5.10 blueocean:1.25.5 blueocean-autofavorite:1.2.5 blueocean-bitbucket-pipeline:1.25.5 blueocean-commons:1.25.5 blueocean-config:1.25.5 blueocean-core-js:1.25.5 blueocean-dashboard:1.25.5 blueocean-display-url:2.4.1 blueocean-events:1.25.5 blueocean-git-pipeline:1.25.5 blueocean-github-pipeline:1.25.5 blueocean-i18n:1.25.5 blueocean-jwt:1.25.5 blueocean-personalization:1.25.5 blueocean-pipeline-api-impl:1.25.5 blueocean-pipeline-editor:1.25.5 blueocean-pipeline-scm-api:1.25.5 blueocean-rest:1.25.5 blueocean-rest-impl:1.25.5 blueocean-web:1.25.5 bootstrap4-api:4.6.0-5 bootstrap5-api:5.1.3-7 bouncycastle-api:2.26 branch-api:2.1046.v0ca_37783ecc5 build-pipeline-plugin:1.5.8 build-user-vars-plugin:1.8 caffeine-api:2.9.3-65.v6a_47d0f4d1fe checks-api:1.7.4 cisco-kafka-build-log:1.2.4 cloudbees-administrative-monitors:1.0.4 cloudbees-analytics:1.42 cloudbees-assurance:2.276.0.23 cloudbees-bitbucket-branch-source:773.v4b_9b_005b_562b_ cloudbees-blueocean-default-theme:0.8 cloudbees-folder:6.740.ve4f4ffa_dea_54 cloudbees-folders-plus:3.28 cloudbees-license:9.68 cloudbees-platform-common:1.17 cloudbees-platform-data:1.27 cloudbees-plugin-usage:2.15 cloudbees-quiet-start:1.7 cloudbees-request-filter:1.7 cloudbees-uc-data-api:4.50 cloudbees-unified-ui:1.21 codedeploy:1.21 command-launcher:84.v4a_97f2027398 conditional-buildstep:1.4.2 config-file-provider:3.10.0 conjur-credentials:1.0.16 copyartifact:1.46.4 credentials:1129.vef26f5df883c credentials-binding:523.vd859a_4b_122e6 delivery-pipeline-plugin:1.4.2 display-url-api:2.3.6 docker-commons:1.19 docker-java-api:3.1.5.2 docker-plugin:1.2.0 docker-workflow:1.29 durable-task:496.va67c6f9eefa7 echarts-api:5.3.3-1 envinject:2.4.0 envinject-api:1.8 external-monitor-job:192.ve979ca_8b_3ccd favorite:2.4.1 font-awesome-api:6.1.1-1 git:4.11.5 git-client:3.11.1 git-server:1.11 git-validated-merge:3.34 github:1.34.5 github-api:1.303-400.v35c2d8258028 github-branch-source:1656.v77eddb_b_e95df github-pull-request-build:1.15 gradle:1.39.4 handlebars:3.0.8 handy-uri-templates-2-api:2.1.8-22.v77d5b_75e6953 htmlpublisher:1.30 ironfist:2.0.6 ivy:1.28 jackson2-api:2.13.4.20221013-295.v8e29ea_354141 jacoco:3.3.2 javadoc:217.v905b_86277a_2a_ javax-activation-api:1.2.0-4 javax-mail-api:1.6.2-6 jaxb:2.3.6-1 jdk-tool:1.5 jenkins-design-language:1.25.5 jenkins-usage-logger:4.1.0 jjwt-api:0.11.5-77.v646c772fddb_0 job-dsl:1.77 jobConfigHistory:2.31-rc1107.2354f08725a_8 jquery:1.12.4-1 jquery-detached:1.2.1 jquery3-api:3.6.0-4 jsch:0.1.55.2 junit:1119.1121.vc43d0fc45561 ldap:2.10 lockable-resources:2.8 logstash:2.5.0205.vd05825ed46bd mailer:414.vcc4c33714601 mapdb-api:1.0.9.0 matrix-auth:3.1.2 matrix-project:772.v494f19991984 maven-plugin:3.19 metrics:4.1.6.2 mina-sshd-api-common:2.9.1-44.v476733c11f82 mina-sshd-api-core:2.9.1-44.v476733c11f82 momentjs:1.1.1 monitoring:1.86.0 multibranch-scan-webhook-trigger:1.0.9 multiple-scms:0.8 nectar-license:8.41 nectar-rbac:5.75 nodejs:1.5.1 oidc-provider:47.v182a_02f5b_771 okhttp-api:4.9.2-20211102 operations-center-agent:2.346.0.2 operations-center-client:2.346.0.2 operations-center-context:2.346.0.8 pam-auth:1.8 parameterized-trigger:2.45 pipeline-build-step:2.18 pipeline-graph-analysis:195.v5812d95a_a_2f9 pipeline-groovy-lib:593.va_a_fc25d520e9 pipeline-input-step:449.v77f0e8b_845c4 pipeline-milestone-step:101.vd572fef9d926 pipeline-model-api:2.2114.v2654ca_721309 pipeline-model-definition:2.2114.v2654ca_721309 pipeline-model-extensions:2.2114.v2654ca_721309 pipeline-rest-api:2.24 pipeline-stage-step:293.v200037eefcd5 pipeline-stage-tags-metadata:2.2114.v2654ca_721309 pipeline-stage-view:2.24 pipeline-utility-steps:2.11.0 plain-credentials:1.8 plugin-util-api:2.17.0 popper-api:1.16.1-3 popper2-api:2.11.5-2 promoted-builds:878.v12d3f7937690 publish-over:0.22 publish-over-ssh:1.22 pubsub-light:1.16 remote-file:1.23 remoting-security-workaround:1.0 resource-disposer:0.17 robot:3.0.1 role-strategy:2.16 run-condition:1.5 s3:0.12.1 scm-api:608.vfa_f971c5a_a_e9 script-security:1175.v4b_d517d6db_f0 snakeyaml-api:1.30.2-76.vc104f7ce9870 sonar:2.14 sse-gateway:1.25 ssh-credentials:291.v8211e4f8efb_c ssh-slaves:1.821.vd834f8a_c390e sshd:3.242.va_db_9da_b_26a_c3 structs:318.va_f3ccb_729b_71 support-core:1201.v8d1f54a_6ec7c terraform:1.0.9 token-macro:293.v283932a_0a_b_49 tpsd-jenkins-plugin:3.0.9 trilead-api:1.67.vc3938a_35172f uno-choice:2.6.1 user-activity-monitoring:1.7 variant:1.4 versioncolumn:2.2 windows-slaves:1.8.1 workflow-aggregator:590.v6a_d052e5a_a_b_5 workflow-api:1188.v0016b_4f29881 workflow-basic-steps:969.vc4ec3e4854b_f workflow-cps:2746.v0da_83a_332669 workflow-cps-global-lib:588.v576c103a_ff86 workflow-durable-task-step:1190.vc93d7d457042 workflow-job:1207.ve6191ff089f8 workflow-multibranch:716.vc692a_e52371b_ workflow-scm-step:400.v6b_89a_1317c9a_ workflow-step-api:625.vd896b_f445a_f8 workflow-support:827.v7ef666c4d65c ws-cleanup:0.40 ```

What Operating System are you using (both controller, and any agents involved in the problem)?

Not sure about the controller as it is enterprise wide dedicated Jenkins. Agents info as below: LSB Version: :core-4.1-amd64:core-4.1-noarch Distributor ID: RedHatEnterprise Description: Red Hat Enterprise Linux release 8.7 (Ootpa) Release: 8.7 Codename: Ootpa

Reproduction steps

  1. Install Conjur plugin
  2. Configure secrets in Conjur
  3. Configure Conjur in Jenkins ( attached screen shot ) Screenshot 2023-11-14 at 6 19 39 PM
  4. Create a pipeline script as below pipeline{ agent { label "dxxxxx-xxxxx3" } stages { stage("checkout"){ steps{ script{ git credentialsId: 'conjur_git_credentials', url: '<REPO_URL>' ''' } } } } }
  5. Getting below exception when trying to checkout the code. However, pipeline is able to locate JenkinsFile and start pipeline with same Credentials from Conjur. Also: hudson.remoting.Channel$CallSiteStackTrace: Remote call to dxxxxxx-xxxxxx6 at hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1784) at hudson.remoting.UserRequest$ExceptionResponse.retrieve(UserRequest.java:356) at hudson.remoting.Channel.call(Channel.java:1000) at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.execute(RemoteGitImpl.java:143) at jdk.internal.reflect.GeneratedMethodAccessor715.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.invoke(RemoteGitImpl.java:129) at com.sun.proxy.$Proxy127.execute(Unknown Source) at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:1001) at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1244) at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1308) at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:129) at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:97) at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:84) at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:829) java.lang.IllegalStateException: Jenkins.instance is missing. Read the documentation of Jenkins.getInstanceOrNull to see what you are doing wrong. at jenkins.model.Jenkins.get(Jenkins.java:810) at org.conjur.jenkins.conjursecrets.ConjurSecretCredentials.credentialWithID(ConjurSecretCredentials.java:128) at org.conjur.jenkins.conjursecrets.ConjurSecretCredentials.getSecretFromCredentialIDWithConfigAndContext(ConjurSecretCredentials.java:216) at org.conjur.jenkins.conjursecrets.ConjurSecretUsernameCredentialsImpl.getPassword(ConjurSecretUsernameCredentialsImpl.java:135) at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.createPasswordFile(CliGitAPIImpl.java:2408) at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:2056) at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$500(CliGitAPIImpl.java:84) at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:618) at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$GitCommandMasterToSlaveCallable.call(RemoteGitImpl.java:158) at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$GitCommandMasterToSlaveCallable.call(RemoteGitImpl.java:151) at hudson.remoting.UserRequest.perform(UserRequest.java:211) at hudson.remoting.UserRequest.perform(UserRequest.java:54) at hudson.remoting.Request$2.run(Request.java:376) at hudson.remoting.InterceptingExecutorService.lambda$wrap$0(InterceptingExecutorService.java:78) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:829) Screenshot 2023-11-14 at 6 34 34 PM

Expected Results

To pick credentials from conjur when used with git plugin and checkout repository successfully

Actual Results

Failing on pulling credentials by git plugin from conjur when running on agents

Anything else?

No response

thangarajks commented 11 months ago

It looks like exactly same issue reported earlier https://github.com/cyberark/conjur-credentials-plugin/issues/26. However this issue has been closed with a fix, I'm facing same issue with very latest version of this plugin.

I'm not sure if somehow fix is not part of "conjur-credentials:1.0.16" or is there any specific kind of configuration to be done in master or slaves?

@hughsaunders