chris-adam-b12
commented
1 year ago I got the same error. The problem is that the plugin is using the controller instead of the agent to call the API. I installed op CLI on the controller but now I run into permission issues. I would rather wait until this is fixed before using this plugin.
It also means the documentation telling to install the op CLI in a declarative stage works only if we are using the built-in executor of the controller. It's a very bad practice as it can cause a pipeline to interfere with the health of the controller.
affix
Jenkins and plugins versions report
Jenkins: 2.387.3 OS: Linux - 5.15.0-27-generic Java: 11.0.19 - Ubuntu (OpenJDK 64-Bit Server VM)
ace-editor:1.1 active-directory:2.30 ansible:205.v4cb_c48657c21 ant:487.vd79d090d4ea_e antisamy-markup-formatter:159.v25bc67cd35fb apache-httpcomponents-client-4-api:4.5.14-150.v7a_b_9d17134a_5 apache-httpcomponents-client-5-api:5.2.1-1.0 authentication-tokens:1.53.v1c90fd9191ab aws-credentials:191.vcb_f183ce58b_9 aws-java-sdk:1.12.447-382.vda_68e2007233 aws-java-sdk-cloudformation:1.12.447-382.vda_68e2007233 aws-java-sdk-codebuild:1.12.447-382.vda_68e2007233 aws-java-sdk-ec2:1.12.447-382.vda_68e2007233 aws-java-sdk-ecr:1.12.447-382.vda_68e2007233 aws-java-sdk-ecs:1.12.447-382.vda_68e2007233 aws-java-sdk-efs:1.12.447-382.vda_68e2007233 aws-java-sdk-elasticbeanstalk:1.12.447-382.vda_68e2007233 aws-java-sdk-iam:1.12.447-382.vda_68e2007233 aws-java-sdk-kinesis:1.12.447-382.vda_68e2007233 aws-java-sdk-logs:1.12.447-382.vda_68e2007233 aws-java-sdk-minimal:1.12.447-382.vda_68e2007233 aws-java-sdk-sns:1.12.447-382.vda_68e2007233 aws-java-sdk-sqs:1.12.447-382.vda_68e2007233 aws-java-sdk-ssm:1.12.447-382.vda_68e2007233 blueocean:1.27.4 blueocean-bitbucket-pipeline:1.27.4 blueocean-commons:1.27.4 blueocean-config:1.27.4 blueocean-core-js:1.27.4 blueocean-dashboard:1.27.4 blueocean-display-url:2.4.2 blueocean-events:1.27.4 blueocean-git-pipeline:1.27.4 blueocean-github-pipeline:1.27.4 blueocean-i18n:1.27.4 blueocean-jwt:1.27.4 blueocean-personalization:1.27.4 blueocean-pipeline-api-impl:1.27.4 blueocean-pipeline-editor:1.27.4 blueocean-pipeline-scm-api:1.27.4 blueocean-rest:1.27.4 blueocean-rest-impl:1.27.4 blueocean-web:1.27.4 bootstrap4-api:4.6.0-6 bootstrap5-api:5.2.2-4 bouncycastle-api:2.28 branch-api:2.1092.vda_3c2a_a_f0c11 build-timeout:1.30 build-user-vars-plugin:1.9 caffeine-api:3.1.6-115.vb_8b_b_328e59d8 checks-api:2.0.0 cloudbees-bitbucket-branch-source:800.va_b_b_9a_a_5035c1 cloudbees-folder:6.815.v0dd5a_cb40e0e command-launcher:100.v2f6722292ee8 commons-lang3-api:3.12.0-36.vd97de6465d5b commons-text-api:1.10.0-36.vc008c8fcda7b config-file-provider:938.ve2b_8a_591c596 configuration-as-code:1625.v27444588cc3d credentials:1254.vb_96f366e7b_a_d credentials-binding:604.vb_64480bc56ca data-tables-api:1.13.3-4 display-url-api:2.3.7 docker-build-step:2.9 docker-commons:419.v8e3cd84ef49c docker-java-api:3.3.0-77.vd409a_cdc37d5 docker-plugin:1.3.1 docker-workflow:563.vd5d2e5c4007f durable-task:507.v050055d0cb_dd ec2:2.0.7 echarts-api:5.4.0-4 email-ext:2.97 emailext-template:1.5 favorite:2.4.2 favorite-view:5.v77a_37f62782d figlet-buildstep:0.2 font-awesome-api:6.3.0-2 gerrit-checks-api:63.v0e6a_eed4b_3a_7 git:5.0.2 git-client:4.2.0 git-server:99.va_0826a_b_cdfa_d github:1.37.1 github-api:1.314-431.v78d72a_3fe4c3 github-branch-pr-change-filter:1.2.4 github-branch-source:1703.vd5a_2b_29c6cdc github-pullrequest:0.5.0 google-chat-notification:1.6 gradle:2.7 handlebars:3.0.8 handy-uri-templates-2-api:2.1.8-22.v77d5b_75e6953 htmlpublisher:1.31 http_request:1.16 instance-identity:142.v04572ca_5b_265 ionicons-api:56.v1b_1c8c49374e jackson2-api:2.15.1-344.v6eb_55303dc3e jakarta-activation-api:2.0.1-3 jakarta-mail-api:2.0.1-3 javadoc:233.vdc1a_ec702cff javax-activation-api:1.2.0-6 javax-mail-api:1.6.2-9 jaxb:2.3.8-1 jdk-tool:66.vd8fa_64ee91b_d jenkins-design-language:1.27.4 jjwt-api:0.11.5-77.v646c772fddb_0 jquery3-api:3.7.0-1 jsch:0.2.8-65.v052c39de79b_2 junit:1202.v79a_986785076 ldap:682.v7b_544c9d1512 lockable-resources:1156.v5e9f897ece02 lucene-search:398.v3dfa_cb_223984 mailer:448.v5b_97805e3767 matrix-auth:3.1.7 matrix-project:789.v57a_725b_63c79 maven-plugin:3.22 metrics:4.2.13-420.vea2f17932dd6 mina-sshd-api-common:2.10.0-69.v28e3e36d18eb mina-sshd-api-core:2.10.0-69.v28e3e36d18eb_ momentjs:1.1.1 multiple-scms:0.8 node-iterator-api:49.v58a_8b_35f8363 nodejs:1.6.0 okhttp-api:4.10.0-132.v7a_7b_91cef39c onepassword-secrets:1.0.0 pam-auth:1.10 parameter-separator:1.3 parameterized-scheduler:1.2 permissive-script-security:0.7 pipeline-aws:1.43 pipeline-build-step:491.v1fec530da_858 pipeline-github:2.8-147.3206e8179b1c pipeline-github-lib:42.v0739460cda_c4 pipeline-graph-analysis:202.va_d268e64deb_3 pipeline-graph-view:191.vc6da_9d3eb_70a pipeline-groovy-lib:656.va_a_ceeb_6ffb_f7 pipeline-input-notification:15.v175f12f20f9e pipeline-input-step:468.va_5db_051498a_4 pipeline-milestone-step:111.v449306f708b_7 pipeline-model-api:2.2131.vb_9788088fdb_5 pipeline-model-definition:2.2131.vb_9788088fdb_5 pipeline-model-extensions:2.2131.vb_9788088fdb_5 pipeline-rest-api:2.32 pipeline-restful-api:0.11 pipeline-stage-step:305.ve96d0205c1c6 pipeline-stage-tags-metadata:2.2131.vb_9788088fdb_5 pipeline-stage-view:2.32 pipeline-timeline:1.0.3 pipeline-utility-steps:2.15.3 plain-credentials:143.v1b_df8b_d3b_e48 plugin-util-api:3.2.1 popper-api:1.16.1-3 popper2-api:2.11.6-2 pubsub-light:1.17 resource-disposer:0.22 role-strategy:633.v836e5b_3e80a_5 scm-api:672.v64378a_b_20c60 script-security:1244.ve463715a_f89c scriptler:3.5 slack:664.vc9a_90f8bc24a snakeyaml-api:1.33-95.va_b_a_e3e47b_fa_4 sonar:2.15 sse-gateway:1.26 ssh:2.6.1 ssh-agent:333.v878b_53c89511 ssh-credentials:305.v8f4381501156 ssh-slaves:2.877.v365f5eb_a_b_eec ssh-steps:2.0.65.vd26b_5b_9b_de4d sshd:3.303.vefc7119b_ec23 structs:324.va_f5d6774f3a_d timestamper:1.25 token-macro:359.vb_cde11682e0c trilead-api:2.84.v72119de229b_7 uno-choice:2.6.5 variant:59.vf075fe829ccb windows-slaves:1.8.1 workflow-aggregator:596.v8c21c963d92d workflow-api:1213.v646def1087f9 workflow-basic-steps:1017.vb_45b302f0cea workflow-cps:3659.v582dc37621d8 workflow-cps-global-lib:609.vd95673f149b_b workflow-durable-task-step:1246.v5524618ea_097 workflow-job:1295.v395eb_7400005 workflow-multibranch:746.v05814d19c001 workflow-scm-step:408.v7d5b_135a_b_d49 workflow-step-api:639.v6eca_cd8c04aa workflow-support:839.v35e2736cfd5c ws-cleanup:0.45
What Operating System are you using (both controller, and any agents involved in the problem)?
controller - ubuntu 22.04 agent - ubuntu 22.04
Reproduction steps
1.Run jenkin job using below code which is using 1password service account: ` def config = [ serviceAccountCredentialId: '1password--id', ]
def secrets = [ [envVar: 'FED_PASSWORD', secretRef: 'op://dummy1/dummy2/password'] ]
pipeline { agent any options { buildDiscarder(logRotator(numToKeepStr: '10')) timeout(time: 1, unit: 'HOURS') timestamps() } stages { stage('Checkout') { steps { script { git branch: "*hidden for security purpose***" } } } stage('Install 1Password CLI') { steps { sh ''' curl -sSfLo op.zip https://cache.agilebits.com/dist/1P/op2/pkg/v2.18.0/op_linux_amd64_v2.18.0.zip unzip -o op.zip rm op.zip chmod +x op pwd ls -altr ''' } } stage('Run test') { steps { withSecrets(config: config, secrets: secrets) { sh 'run test' } } } } }`
Expected Results
The withSecrets block should be able to fetch the password successfully from 1password using the service account credential.
Actual Results
Getting no such file or directory error: `org.jenkinsci.plugins.workflow.actions.ErrorAction$ErrorId: 659ec6ad-0d34-46a4-a152-4798cafef90c com.onepassword.jenkins.plugins.exception.OnePasswordException: Error running command [/var/lib/jenkins/builddir/workspace/qa_pipelines/auto-bkp/op, read, op://dummy1/dummy2/password]: Cannot run program "/var/lib/jenkins/builddir/workspace/qa_pipelines/auto-bkp/op" (in directory "/var/lib/jenkins/builddir/workspace/qa_pipelines/auto-bkp"): error=2, No such file or directory
Finished: FAILURE `
If i list the files inside directory '/var/lib/jenkins/builddir/workspace/qa_pipelines/auto-bkp', then i can see the op executable is present.
Anything else?
No response