Loading...

XML

Word

Printable

Type: Bug
Resolution: Not A Defect
Priority: Major
Component/s: credentials-binding-plugin, credentials-plugin, mask-passwords-plugin
Labels:
None
Environment:

Hide
Jenkins ver. 2.150.3
Credentials Plugin 2.1.18
Credentials Binding Plugin 1.18
Masked Passwords Plugin 2.12.0
OS Linux
Linux 3.10.0-957.5.1.el7.x86_64 #1 SMP Fri Feb 1 14:54:57 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

Java
openjdk version "1.8.0_191"
OpenJDK Runtime Environment (build 1.8.0_191-b12)
OpenJDK 64-Bit Server VM (build 25.191-b12, mixed mode)

Jenkins installed via
sudo -E wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo
sudo -E rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key
sudo -E yum install jenkins

Web Browser
FireFox 52.6.0 (32-bit)

Show
Jenkins ver. 2.150.3 Credentials Plugin 2.1.18 Credentials Binding Plugin 1.18 Masked Passwords Plugin 2.12.0 OS Linux Linux 3.10.0-957.5.1.el7.x86_64 #1 SMP Fri Feb 1 14:54:57 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux Java openjdk version "1.8.0_191" OpenJDK Runtime Environment (build 1.8.0_191-b12) OpenJDK 64-Bit Server VM (build 25.191-b12, mixed mode) Jenkins installed via sudo -E wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo sudo -E rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key sudo -E yum install jenkins Web Browser FireFox 52.6.0 (32-bit)

Using the latest released components user can show password details in output using dsl pipeline job. Fragments can be used to construct password from output using unorthodox job method below.

How to reproduce

1. Create credential username pass with id cred_user_id
e.g.
store (Jenkins) --> Domain (DevOps) --> Id cred_user_id
Username: cred_user
Password: userxPass~3&XX?yy%9

2. Create DSL pipeline job per below

Pipeline Code
======================

pipeline

{ agent \{ label 'master' }

environment

{ MY_CREDENTIAL = credentials('cred_user_id') }

stages
{
stage('Do: Something')
{
steps
{
sh "echo ${MY_CREDENTIAL}"
sh "echo ${MY_CREDENTIAL_USR}:${MY_CREDENTIAL_PSW}"
}
}
}
}

3. Run, output (below) has masked username and unmasked password details showing

[Pipeline] sh
+ 'XX?yy%9'
+ echo ****:userxPass~3
****:userxPass~3
/var/lib/jenkins/jobs/NRP/jobs/9-DevOps-Support/jobs/jenkins_bug/workspace@tmp/durable-865f9359/script.sh: line 1: XX?yy%9: command not found

Log Output
===========================================
Started by user Jim Zarakis
Running in Durability level: MAX_SURVIVABILITY
[Pipeline] Start of Pipeline

[Pipeline] node
Running on Jenkins in /var/lib/jenkins/jobs/NRP/jobs/9-DevOps-Support/jobs/jenkins_bug/workspace
[Pipeline] {
[Pipeline] withCredentials
Masking only exact matches of $MY_CREDENTIAL or $MY_CREDENTIAL_USR or $MY_CREDENTIAL_PSW
[Pipeline] {
[Pipeline] stage
[Pipeline]

{ (Do: Something) [Pipeline] sh + 'XX?yy%9' + echo ****:userxPass~3 ****:userxPass~3 /var/lib/jenkins/jobs/NRP/jobs/9-DevOps-Support/jobs/jenkins_bug/workspace@tmp/durable-865f9359/script.sh: line 1: XX?yy%9: command not found [Pipeline] }

[Pipeline] // stage
[Pipeline] }
[Pipeline] // withCredentials
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code 127
Finished: FAILURE

Assignee:: Unassigned
Reporter:: Jim Zarakis
Votes:: 1 Vote for this issue
Watchers:: 2 Start watching this issue

Created:: 2019-03-25 01:22
Updated:: 2019-03-27 14:53
Resolved:: 2019-03-27 14:53

Details

Description

Attachments

Activity

People

Dates