blog.plee.me About software, technology and random things

23Jun/190

Missing Credentials in Dropdown for Jenkins Build Configuration

Hello!

Recently I updated my Jenkins installation including all of the plugins. One of them must have brought somewhat breaking changes because when I tried to create a new build configuration for a new old project of mine, I could not select the proper credentials in the dropdown. I only had the option to add new ones even though I had added the corresponding credentials in the global scope (as per usual), so they must have been visible across the entire Jenkins instance. None of them were showing up. And even when I tried adding new ones through the build configuration page, they ended up not being active / selected either.

When I went back to check with an existing build configuration I had configured over a year before, I could confirm the same behavior. For build parameters the credentials dropdowns were empty and for the VCS credentials it said

Cannot find any credentials with id <ID>

I spent a couple of hours looking for solutions and I did find some cases that popped up around 1 or 2 years ago, but nothing that fit this exact scenario. My suspicion was that this might be a bug, so I tried rolling back the SSH credentials and credentials plugins to the previous versions, but that did not fix anything.

I decided to wait for a week in the hopes of potential bug fix releases to come out for either some of the plugins or Jenkins itself, but a week later in spite of a couple of updates here and there, nothing about the problem had changed.

And then I found a comment in the discussion thread of a GitHub issue of the "GitHub Pull Request Builder Plugin" (which I am not even using). In it, the following solution was proposed:

  1. Navigate to "Jenkins" (main menu) => "Manage Jenkins" => "Configure Global Security"
  2. Go to the "Access Controls for Builds" section
  3. Under "Project default Build Authorization" check if the "Strategy" is set to "Run as anonymous" (which was the case for me)
  4. If yes, try changing it to "Run as User who Triggered Build" (it might also work with another setting if that suits you better)
  5. Save and reload the build configuration settings

That was it! The credentials showed up again and I could execute the build successfully.

I know this seems to be a niche problem and there might only be a handful of people that have encountered the same issue, but I hope it was helpful nonetheless.

Thank you for reading!

2Jul/130

Access Control via Hybrid .htaccess for Both Apache HTTPd 2.2 and 2.4

Hi!

If you're running the Apache HTTPd in the versions 2.2 and 2.4 in different environments but would like to control access to certain directories (include, lib, ...) via Apache, chances are that you don't want to use one 2.2 specific file and a different one for 2.4, especially if you keep transferring and synchronizing the files between those different setups.

Between versions 2.2 and 2.4 a couple of things have changed. The perhaps most prominent change would be the one that comes with the new mod_authz_host module and deals with authorization / access control. Instead of using Order, Allow, Deny and/or Satisfy you are now advised to use the new Require directive.

So what do you do if you cannot switch every .htaccess over to the new format for reasons like the one mentioned in the beginning?

You could in fact enable the mod_access_compat module and keep rolling with the old configuration. But that would only mean procrastinating until you would finally have to deal with it anyway.

The better solution is to use configurations that are not even necessarily dependent on your Apache version (remember, you could just load the legacy compatibility module in 2.4), but in fact check for the correct module to work with. The key element to work with here is the IfModule directive.

# Apache 2.4
<IfModule mod_authz_core.c>
    Require all denied
</IfModule>

# Apache 2.2
<IfModule !mod_authz_core.c>
    Order Allow,Deny
    Deny from all
</IfModule>

As you can see, there are two checks that basically work as an "if ... else" selection. The rest should be self-explanatory.

For more information about the new way of handling access with the Apache HTTPd 2.4, please refer to the official documentation.

I hope this was of any help to you.

Thanks for reading.