I have made a very simple scripted pipeline that basically does
- Configure an
- an Artifactory server reference, with a set of stored Jenkins credentials by referencing the credentialsId.
- A maven builder that doesn't automatically deploy artifacts when building them
- Builds a very simple java HelloWorld example
- Publishes the build information (this correctly uses the credentials referenced by the credentialsId
- Deploys the build artifacts using the buildInfo object
- This fails, as it is not using the referenced credentials, and thus uses the anonymous user which doesn't have access to deploy artifacts to the specified local repository in Artifactory.
- This is verified from the Artifactory access log, where the publishing of the buildInfo successfully has the service account user on the access line, however the deployment of the artifacts is rejects with "NA" as the user and then the IP of my Jenkins server.
This requires me to either
- Hardcore the username / password in my Jenkins file, which is really not ideal
- Allow anonymous deployments, again not really ideal
The used pipeline goes something like this:
After looking in the source code a bit I figured that
- The buildInfo is published by GenericBuildInfoDeployer.deploy()#L62 which uses the external build-info utility (org.jfrog.build.extractor.retention.Utils) for all the heavy lifting.
- Regarding artifact deployment, then i traced the issue to somewhere around Deployer.deployArtifacts()#L182. The credentials object obtained at L182 has an empty username and password set.
I have tried building my own plugin with some added debug information from the deployer CredentialsConfig object.
- Credentials.getUsername() and Credentials.getPassword() of the returned Credentials object of L182 returns the empty string.
- CredentialsConfig.isCredentialsProvided() is true
- CredentialsConfig.getCredentialsId() returns the credentials string that I supplied.
- CredentialsConfig.getUsername() and CredentialsConfig.getPassword() returns the empty string (obviously)
I will try and debug the PluginsUtils.credentialsLookup method tomorrow and see if this helps narrow down the issue.
Issue was found, see comment bellow. Just for reference, this is another great example of how notoriously bad Artifactory us at giving useful error messages and/or log messages at the server side.
The following is the error message you get when you try to publish build information, with insufficient permissions:
Whereas this is the error you get when trying to deploy, with insuficient permissions: