Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-62305

Error "hudson.model.PasswordParameterValue.value expects class hudson.util.Secret" since 2.236

    XMLWordPrintable

Details

    • pipeline-build-step 2.13

    Description

      Hello,

      since Jenkins 2.236 I get the following error when trying to start a job from a job:

      org.jenkinsci.plugins.workflow.support.steps.build.BuildTriggerStep: java.lang.IllegalArgumentException: Could not instantiate {name=SERVER_SSH_PASSWORD, value=XXXXX} for hudson.model.PasswordParameterValue: java.lang.ClassCastException: hudson.model.PasswordParameterValue.value expects class hudson.util.Secret but received class java.lang.String
      

      The pipeline look like the following (shortened):

      pipeline {
          agent {
              label 'linux'
          }
          // options, environment
      
          stages {
              stage('Deploy Production') {
                  when {
                      anyOf {
                          buildingTag()
                      }
                  }
      
                  steps {
                      script {
                          if (env.TAG_NAME) {
                              dockerTag = "${env.TAG_NAME}"
                          } else {
                              dockerTag = "dev-${env.BRANCH_NAME}"
                          }
      
                          withCredentials([
                              usernamePassword(credentialsId: 'centos-root', usernameVariable: 'SERVER_SSH_USER', passwordVariable: 'SERVER_SSH_PASSWORD'),
                              usernamePassword(credentialsId: 'database-maintenance', usernameVariable: 'LIQUIBASE_USERNAME', passwordVariable: 'LIQUIBASE_PASSWORD')
                          ]) {
                              build job: 'otherproject/otherjob/master', parameters: [
                                  string(name: 'PROJECT_VERSION', value: "${dockerTag}"),
                                  string(name: 'PROJECT_ENVIRONMENT', value: 'production'),
                                  string(name: 'LISTEN_IP_NGINX', value: "172.21.240.14"),
                                  string(name: 'COMPOSE_ARGS', value: '-f docker-compose.yml'),
                                  string(name: 'SERVER_HOST', value: "${env.SERVER_HOST}"),
                                  string(name: 'SERVER_IP', value: "${env.SERVER_IP}"),
                                  string(name: 'DEPLOY_USER', value: "${env.DEPLOY_USER}"),
                                  string(name: 'DOCKER_IMAGE', value: "${env.DOCKER_IMAGE}"),
                                  string(name: 'SERVER_SSH_USER', value: "${SERVER_SSH_USER}"),
                                  string(name: 'WEB_CONTAINER_NAME', value: 'api'),
                                  string(name: 'PHP_CONTAINER_NAME', value: 'api-php'),
                                  password(name: 'SERVER_SSH_PASSWORD', value: "${SERVER_SSH_PASSWORD}"),
                                  text(name: 'EXTRA_ENVIRONMENT_VARIABLES', value: environmentVariablesProduction()),
                                  text(name: 'COMPOSE_FILE', value: readFile("docker-compose.server.yml")),
                                  booleanParam(name: 'LIQUIBASE_UPDATE', value: true),
                                  string(name: 'LIQUIBASE_USERNAME', value: "${LIQUIBASE_USERNAME}"),
                                  password(name: 'LIQUIBASE_PASSWORD', value: "${LIQUIBASE_PASSWORD}"),
                                  string(name: 'LIQUIBASE_CHANGELOG_PATH', value: '/var/www/html/data/database/basedata'),
                                  string(name: 'LIQUIBASE_URL', value: 'someJDBCUri),
                                  booleanParam(name: 'CLEANUP_MEMCACHED', value: true)
                              ]
                          }
                      }
                  }
              }
          }
      
          // post
      }
      

      Downgrading to 2.235 helped.

      Attachments

        Issue Links

          Activity

            zlj lzhan lzhan added a comment -

            Hi danielbeck oleg_nenashev ,

            Any update? what we can do now is keeping on version 2.235....the neweset one is 2.244. 

            Thanks 

            zlj lzhan lzhan added a comment - Hi danielbeck oleg_nenashev  , Any update? what we can do now is keeping on version 2.235....the neweset one is 2.244.  Thanks 
            marty30 M W added a comment -

            This seems fixed in the sense that I can pass in a string to a password parameter. But I had a Secret from my input parameters, so I had to convert my secret to a string first by using "${params.password}".

            marty30 M W added a comment - This seems fixed in the sense that I can pass in a string to a password parameter. But I had a Secret from my input parameters, so I had to convert my secret to a string first by using "${params.password}".
            dnusbaum Devin Nusbaum added a comment -

            I filed a draft PR to fix the immediate compatibility issues: https://github.com/jenkinsci/pipeline-build-step-plugin/pull/46. . Notably, from some discussion with jglick, it seems that password parameters were never really intended to be used with the build step, even though they happen to work. The recommended approach is to use credentials parameters instead, and only bind the credentials in the job that actually uses them. For example, in the Pipeline in the description of this issue, instead of binding the "database-maintenance" credential to "LIQUIBASE_PASSWORD" in the upstream job and then passing the password to as a parameter to the downstream job, you would pass "database-maintenance" as a credential parameter and then bind "LIQUIBASE_PASSWORD" in the downstream job when it is used. I am working on adding documentation to the plugin to make this recommendation explicit.

            dnusbaum Devin Nusbaum added a comment - I filed a draft PR to fix the immediate compatibility issues: https://github.com/jenkinsci/pipeline-build-step-plugin/pull/46.  . Notably, from some discussion with jglick , it seems that password parameters were never really intended to be used with the build step, even though they happen to work. The recommended approach is to use credentials parameters instead, and only bind the credentials in the job that actually uses them. For example, in the Pipeline in the description of this issue, instead of binding the "database-maintenance" credential to "LIQUIBASE_PASSWORD" in the upstream job and then passing the password to as a parameter to the downstream job, you would pass "database-maintenance" as a credential parameter and then bind "LIQUIBASE_PASSWORD" in the downstream job when it is used. I am working on adding documentation to the plugin to make this recommendation explicit.

            dnusbaum Thanks for making this clear. I've many broken projects now, but you're right it's better to only pass the credentials id to the jobs instead of the username/password directly. This also has the advantage of masking the username/password correctly in the jobs.

            fabiang Fabian Grutschus added a comment - dnusbaum Thanks for making this clear. I've many broken projects now, but you're right it's better to only pass the credentials id to the jobs instead of the username/password directly. This also has the advantage of masking the username/password correctly in the jobs.
            dnusbaum Devin Nusbaum added a comment -

            Pipeline: Build Step plugin version 2.13 was just released with a fix that should restore compatibility for password parameters when used with the build step.

            dnusbaum Devin Nusbaum added a comment - Pipeline: Build Step plugin version 2.13 was just released with a fix that should restore compatibility for password parameters when used with the build step.

            People

              dnusbaum Devin Nusbaum
              fabiang Fabian Grutschus
              Votes:
              6 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: