Credential validity check does not work for credentials-admin

[rittneje]

Jenkins and plugins versions report

n/a

What Operating System are you using (both controller, and any agents involved in the problem)?

n/a

Reproduction steps

aws-credentials-plugin/src/main/java/com/cloudbees/jenkins/plugins/awscredentials/AWSCredentialsImpl.java

Lines 370 to 373 in 5aec8d3

	if (!Jenkins.get().hasPermission(Jenkins.ADMINISTER)) {
	// for security reasons, do not perform any check if the user is not an admin
	return FormValidation.ok();
	}

I have the credentials-admin role on our CloudBees controller. However, because of this overly restrictive check, I can no longer rely on this plugin to verify that the AWS credentials I am configuring are correct before saving them. This makes credential rotation risky.

Expected Results

Anyone who can set the credentials ought to be able to test their validity.

Actual Results

The check no longer happens for credentials-admin.

Anything else?

No response

Are you interested in contributing a fix?

No response

[olamy]

I have the credentials-admin role on our CloudBees controller.

If you are a CloubBees customer you should contact CloudBees support directly to have faster answer