Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-66991

Always getting "Masking supported pattern matches of" message in job log

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Labels:
      None
    • Environment:
      Credentials Binding Plugin 1.27
      Jenkins 2.317
    • Similar Issues:

      Description

      I have a jenkins pipeline where I have something like this:

      withCredentials([sshUserPrivateKey(credentialsId: credentialsId, keyFileVariable: 'sshKeyFile' , usernameVariable: 'userName')]) {
               sshCommand remote: [ user: userName , identityFile: sshKeyFile ... ], command: "some cmd" 
      }
      

      For every execution of ssh command using sshCommand step I see in job log:
      Masking supported pattern matches of $sshKeyFile

      Would be nice to have option to suppress these messages as for many executions of sshCommand log looks ugly.

        Attachments

          Activity

          Hide
          kon Kalle Niemitalo added a comment -

          Is it even necessary to mask the file name at all? As opposed to the contents of the file.

          Show
          kon Kalle Niemitalo added a comment - Is it even necessary to mask the file name at all? As opposed to the contents of the file.
          Hide
          vladaurosh Vlad Uros added a comment -

          I just don't see a purpose of message "Masking supported pattern matches of..."
          Is this some kind of warning or what?
          I found a ticket to add warning if masked variable is used inside double quotes, but I think that's different message.
          In my example I've tried something like
          sh 'echo $sshKeyFile'
          and it is properly masked, no warning but still I see "Masking supported pattern" message in job log.

          Show
          vladaurosh Vlad Uros added a comment - I just don't see a purpose of message "Masking supported pattern matches of..." Is this some kind of warning or what? I found a ticket to add warning if masked variable is used inside double quotes, but I think that's different message. In my example I've tried something like sh 'echo $sshKeyFile' and it is properly masked, no warning but still I see "Masking supported pattern" message in job log.
          Hide
          kon Kalle Niemitalo added a comment -

          The credentials masking message was added in PR #55 and PR #59 for JENKINS-42950, to make users aware that the plugin recognizes and masks only some variations of the credential; a carelessly implemented pipeline can log the credential in a format that the plugin does not recognize and passes straight through.

          I can imagine a few ways to change the plugin to allow suppressing these messages:

          • Don't log these messages at all if a specific system property is set.
          • Add an optional parameter to withCredentials.
          • Add an optional parameter to sshUserPrivateKey.
          • Remember which "Masking" messages have been output during the current run, and don't output identical ones again.
          • Never mask the file name of sshUserPrivateKey.
          Show
          kon Kalle Niemitalo added a comment - The credentials masking message was added in PR #55 and PR #59 for JENKINS-42950 , to make users aware that the plugin recognizes and masks only some variations of the credential; a carelessly implemented pipeline can log the credential in a format that the plugin does not recognize and passes straight through. I can imagine a few ways to change the plugin to allow suppressing these messages: Don't log these messages at all if a specific system property is set. Add an optional parameter to withCredentials. Add an optional parameter to sshUserPrivateKey. Remember which "Masking" messages have been output during the current run, and don't output identical ones again. Never mask the file name of sshUserPrivateKey.
          Hide
          vladaurosh Vlad Uros added a comment -

          I am ok with those changes, users should be aware. But when you see that message, that makes you aware if you were not aware already, after that, no point in same message all over again. And I am ok with that as default behavior but it would be nice to add option not to log those messages.

          Show
          vladaurosh Vlad Uros added a comment - I am ok with those changes, users should be aware. But when you see that message, that makes you aware if you were not aware already, after that, no point in same message all over again. And I am ok with that as default behavior but it would be nice to add option not to log those messages.
          Hide
          carroll Carroll Chiou added a comment -

          bumping down priority as this is a feature request to quiet the log. Also unassigning myself as I don't have the time to do this work.

          Show
          carroll Carroll Chiou added a comment - bumping down priority as this is a feature request to quiet the log. Also unassigning myself as I don't have the time to do this work.

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            vladaurosh Vlad Uros
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated: