I am using a Jenkins instance 2.375.2 and Conjur plugin 1.0.15 to run my multi-branch pipeline.
I am able to refresh credential store and see my secrets sync’d in the ‘credentials’ tab in Jenkins UI.
But when I try to fetch them using conjurSecretCredential in my Jenkinsfile, I get the following call stack:
java.lang.NullPointerException
at org.conjur.jenkins.conjursecrets.ConjurSecretCredentials.credentialWithID(ConjurSecretCredentials.java:185)
at org.conjur.jenkins.conjursecrets.ConjurSecretCredentialsBinding.getCredentialsFor(ConjurSecretCredentialsBinding.java:157)
at org.conjur.jenkins.conjursecrets.ConjurSecretCredentialsBinding.bind(ConjurSecretCredentialsBinding.java:90)
at org.jenkinsci.plugins.credentialsbinding.impl.BindingStep$Execution2.doStart(BindingStep.java:132)
at org.jenkinsci.plugins.workflow.steps.GeneralNonBlockingStepExecution.lambda$run$0(GeneralNonBlockingStepExecution.java:77)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
How do I get more logging? How do you suggest I proceed? Any tips are appreciated.
Setting variable to AWS_ACCESS_KEY_ID
Jun 23, 2023 1:55:00 AM FINE org.conjur.jenkins.conjursecrets.ConjurSecretCredentialsBinding
Setting variable to AWS_SECRET_ACCESS_KEY
Jun 23, 2023 1:55:00 AM FINE org.conjur.jenkins.conjursecrets.ConjurSecretCredentialsBinding
Setting variable to MY_USER
Jun 23, 2023 1:55:00 AM FINE org.conjur.jenkins.conjursecrets.ConjurSecretCredentialsBinding
Setting variable to MY_PASSWORD
Jun 23, 2023 1:55:00 AM FINE org.conjur.jenkins.conjursecrets.ConjurSecretCredentialsBinding
**** binding **** : mymulti-branch-pipeline/my-branch #2
USERNAME_MISSING failed to authenticate with authenticator authn-jwt service prod:webservice:conjur/authn-jwt/<our service ID>: CONJ00007E 'host/jenkins-projects/<multi-branch pipeline name>/<branch-name>’ not found
jenkins-projects/<multi-branch pipeline>: jenkins-projects/<multi-branch pipeline> successfully authenticated with authenticator authn-jwt service prod:webservice:conjur/authn-jwt/<service ID>
What does the policy look like under “jenkins-projects/” (please redact any customer/internal information), also, what does the policy look like for “authn-jwt/”?
Does the 'host/jenkins-projects/< multi-branch pipeline name>/< branch-name>’ exist in policy? If so, does it have read and authenticate permissions to the JWT Jenkins authenticator service ID? What about host permissions to the variables?
Does the Conjur server this is authenticating against, trust the Jenkins Certificate?
Does the 'host/jenkins-projects/< multi-branch pipeline name>/< branch-name>’ exist in policy? If so, does it have read and authenticate permissions to the JWT Jenkins authenticator service ID? What about host permissions to the variables?
– Pipeline name exists in policy and it has authentication permission to JWT authenticator and host has Read, write permissions to secrets
Setting store context
Jul 12, 2023 9:20:10 AM FINEST org.conjur.jenkins.conjursecrets.ConjurSecretCredentialsImpl
Setting store context
Jul 12, 2023 9:20:16 AM FINE org.conjur.jenkins.conjursecrets.ConjurSecretCredentialsBinding
Setting variable to AWS_ACCESS_KEY_ID
Jul 12, 2023 9:20:16 AM FINE org.conjur.jenkins.conjursecrets.ConjurSecretCredentialsBinding
Setting variable to AWS_SECRET_ACCESS_KEY
Jul 12, 2023 9:20:16 AM FINE org.conjur.jenkins.conjursecrets.ConjurSecretCredentialsBinding
**** binding **** : <multi-branch pipeline>/<branch> #6
Jul 12, 2023 9:20:16 AM FINE org.conjur.jenkins.conjursecrets.ConjurSecretCredentialsBinding
Store detailsorg.conjur.jenkins.credentials.ConjurCredentialStore@a7ecee0
Jul 12, 2023 9:20:17 AM FINE org.conjur.jenkins.conjursecrets.ConjurSecretCredentialsBinding
Calling getCredential For1<multi-branch pipeline> » <branch name> #6
Jul 12, 2023 9:20:17 AM FINE org.conjur.jenkins.conjursecrets.ConjurSecretCredentialsBinding
Item Name<multi-btranch pipeline>
Jul 12, 2023 9:20:17 AM FINE org.conjur.jenkins.conjursecrets.ConjurSecretCredentialsBinding
CredentialId after removing ${}<password path>
Jul 12, 2023 9:20:17 AM FINE org.conjur.jenkins.conjursecrets.ConjurSecretCredentials
* Context Id not null>>>:#6
Jul 12, 2023 9:20:17 AM FINE org.conjur.jenkins.conjursecrets.ConjurSecretCredentials
* Context Id >>>:hudson.model.Hudson@4a935369
Jul 12, 2023 9:20:17 AM FINE org.conjur.jenkins.conjursecrets.ConjurSecretCredentials
Get all jobs<multi-btranch pipeline>/<branch> #6
Jul 12, 2023 9:20:17 AM FINE org.conjur.jenkins.conjursecrets.ConjurSecretCredentials
Inside Conjur Credentials>>#6
Jul 12, 2023 9:20:17 AM FINE org.conjur.jenkins.conjursecrets.ConjurSecretCredentials
Child Folderorg.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject@60c8e572[<multi-btranch pipeline>]>>>>>>2
Jul 12, 2023 9:20:17 AM FINE org.conjur.jenkins.conjursecrets.ConjurSecretCredentials
From Binding Credential to Jenkins
Jul 12, 2023 9:20:17 AM FINE org.conjur.jenkins.conjursecrets.ConjurSecretCredentials
NOT FOUND at Jenkins Instance Level!
Jul 12, 2023 9:20:17 AM FINE org.conjur.jenkins.conjursecrets.ConjurSecretCredentials
Inside not Conjur Credentials>><multi-btranch pipeline>
Jul 12, 2023 9:20:17 AM FINE org.conjur.jenkins.conjursecrets.ConjurSecretCredentials
Inside not conjur credentials final foldernull
Jul 12, 2023 9:20:17 AM FINE org.conjur.jenkins.conjursecrets.ConjurSecretCredentials
Returning the Credentialsnull
Jul 12, 2023 9:20:17 AM FINE org.conjur.jenkins.conjursecrets.ConjurSecretCredentials
printing value
Jul 12, 2023 9:20:17 AM FINE org.conjur.jenkins.conjursecrets.ConjurSecretCredentials
From Binding Credentialnull
Jul 12, 2023 9:20:17 AM FINE org.conjur.jenkins.conjursecrets.ConjurSecretCredentials
Inside Credentials not null
Jul 12, 2023 9:20:17 AM FINE org.conjur.jenkins.conjursecrets.ConjurSecretCredentials
Back to the for loop tocheck for the parent level
Jul 12, 2023 9:20:17 AM FINE org.conjur.jenkins.conjursecrets.ConjurSecretCredentials
From Binding Credential to Jenkins
Jul 12, 2023 9:20:17 AM FINE org.conjur.jenkins.conjursecrets.ConjurSecretCredentials
Returning the Credentialsnull
Jul 12, 2023 9:20:17 AM FINE org.conjur.jenkins.conjursecrets.ConjurSecretCredentials
From Binding Credentialnull
Jul 12, 2023 9:20:17 AM FINE org.conjur.jenkins.conjursecrets.ConjurSecretCredentials
Inside Credentials not null