-
Bug
-
Resolution: Not A Defect
-
Critical
-
Jenkins version 2.21
Ansible not resolving parameters that set globally by the Mask Passwords Plugin. When I set such parameters as extra param instead of resolving the parameter to value the parameter name is passed to the Ansible playbook.
Steps to reproduce:
As example I'm passing AWS_KEY And AWS_SECRET parameters that set globally by the Mask Passwords Plugin, when using this parameters in shell step before the Invoke Ansible Playbook step is running such as below everythong works file
echo ${AWS_KEY} > /tmp/test.txt
echo ${AWS_SECRET} >> /tmp/test.txt
The parameters been resolved properly, and I get the proper values in /tmp/test.txt
Next I'm adding to the Ansible playbook the following debug print:
- name: Print debug
debug: msg="KEY - {{ AWS_KEY }} SECRET - {{ AWS_SECRET }}"
Next I'm configuring 2 extra parameters in Invoke Ansible Playbook (build step)
KEY: AWS_KEY
VALUE: ${AWS_KEY}
KEY: AWS_SECRET
VALUE: ${AWS_SECRET}
Running the job, and the output you get from the execution is:
TASK [Print debug] *************************************************************
ok: [qa3-exs] => {
"msg": "KEY - ${AWS_KEY} SECRET - ${AWS_SECRET}"
}
Jenkins and jenkins plugins variables are injected as environment variables inside the ansible process. To access these variables from the playbook you need to use this kind of expression
- name: Print debug debug: msg="KEY - {{ lookup('env','AWS_KEY') }} SECRET - {{ lookup('env','AWS_SECRET') }}"I've updated the documentation to better explain how to use injected variables.