Reputation: 9799
How to use user-scoped credentials in an AWS credentials parameter in Jenkins pipeline?
I am trying to access AWS credentials provided via a parameter in my pipeline job.
I have a pipeline job where I am using an AWS credentials parameter defined like this:
credentials (
credentialType: 'com.cloudbees.jenkins.plugins.awscredentials.AWSCredentialsImpl',
defaultValue: 'jenkins-deploy-proj',
description: '''
My description
''',
name: 'AWS_ACCOUNT'
)
I got that via "Pipeline Syntax > Declarative Directive Generator > Parameters" in the Jenkins UI.
I need to access those credentials later in the in the job. From other discussions it seems to be that I should use a withCredentials block to access the credentials , so I tried this
script {
withCredentials([[
$class: 'AmazonWebServicesCredentialsBinding',
accessKeyVariable: 'AWS_ACCESS_KEY_ID',
secretKeyVariable: 'AWS_SECRET_ACCESS_KEY',
credentialsId: "${params.AWS_ACCOUNT}"
]]) {
sh 'bash myscript.sh'
}
}
I got that via "Pipeline Syntax > Snippet Generator > withCredentials" in the Jenkins UI.
The pipeline runs fine with the default credentials (which are accessible to all users) but when I attempt to use my personal credentials (still in the global domain) I get an error from Jenkins telling me that the credentials don't exist:
ERROR: Could not find credentials entry with ID '557ff283-70f3-402b-b065-fb4c9f28305e'
I can use those same credentials as a parameter in other (non-pipeline) Jenkins jobs configured like this, and they work fine:
I did make take an extra step to make sure the problem wasn't just with that one credential object by creating a new credential object, but I got the same Could not find credentials entry with ID error.
Upvotes: 2
Views: 3930
Answers (1)
Reputation: 9799
I was able to reach out to CloudBees support (they provide tools and services on top of Jenkins) who mentioned a change introduced in JENKINS-58170 which allows credentials to be accessed using the name of the credentials parameter as the id. This is the solution mentioned in this CloudBees article about using user scoped credentials in pipeline jobs. In this case the solution would have looked like:
script {
withCredentials([[
$class: 'AmazonWebServicesCredentialsBinding',
accessKeyVariable: 'AWS_ACCESS_KEY_ID',
secretKeyVariable: 'AWS_SECRET_ACCESS_KEY',
credentialsId: 'AWS_ACCOUNT'
]]) {
sh 'bash myscript.sh'
}
}
This will likely work for many Jenkins users.
These improvements, however, came in with version 2.3 of the credentials plugin. Since we were running an older version of the plugin, this capability was not available.
Instead, we had to use the "special syntax" mentioned on JENKINS-58170: credentialsId: '${credentialsParameterName}'. Note that the single quotes are important here! From the ticket:
user-scoped credentials are currently only looked up if the credential id is provided using the former template syntax
That is, the '{userScopedCredsParameterName}' syntax.
So final working pipeline definition looked like this:
script {
withCredentials([[
$class: 'AmazonWebServicesCredentialsBinding',
accessKeyVariable: 'AWS_ACCESS_KEY_ID',
secretKeyVariable: 'AWS_SECRET_ACCESS_KEY',
credentialsId: '${AWS_ACCOUNT}'
]]) {
sh 'bash myscript.sh'
}
}
Upvotes: 3
Related Questions
- Define credential parameter in parameters in Jenkins declarative pipeline?
- Accessing credentials in Jenkins with the Credentials Parameter plugin
- How to dynamically pass credentialsId to Jenkins pipeline
- Jenkinsfile access aws credentials
- How can I get User-Scoped Credentials (Personal Credentials) in withCredentials
- How to set AWS credentials as Environmental variable in Jenkins
- Jenkins pipeline store SSH credentials as parameter
- Using Jenkins global credentials in a pipeline (Jenkinsfile)
- How to invoke Jenkins credentials in a jenkins scripted pipeline (not declarative)
- How to get password from a credentials parameter in Jenkins pipeline job