Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-66991

Always getting "Masking supported pattern matches of" message in job log

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • Credentials Binding Plugin 1.27
      Jenkins 2.317

      I have a jenkins pipeline where I have something like this:

      withCredentials([sshUserPrivateKey(credentialsId: credentialsId, keyFileVariable: 'sshKeyFile' , usernameVariable: 'userName')]) {
               sshCommand remote: [ user: userName , identityFile: sshKeyFile ... ], command: "some cmd" 
      }
      

      For every execution of ssh command using sshCommand step I see in job log:
      Masking supported pattern matches of $sshKeyFile

      Would be nice to have option to suppress these messages as for many executions of sshCommand log looks ugly.

          [JENKINS-66991] Always getting "Masking supported pattern matches of" message in job log

          Is it even necessary to mask the file name at all? As opposed to the contents of the file.

          Kalle Niemitalo added a comment - Is it even necessary to mask the file name at all? As opposed to the contents of the file.

          Vlad Uros added a comment -

          I just don't see a purpose of message "Masking supported pattern matches of..."
          Is this some kind of warning or what?
          I found a ticket to add warning if masked variable is used inside double quotes, but I think that's different message.
          In my example I've tried something like
          sh 'echo $sshKeyFile'
          and it is properly masked, no warning but still I see "Masking supported pattern" message in job log.

          Vlad Uros added a comment - I just don't see a purpose of message "Masking supported pattern matches of..." Is this some kind of warning or what? I found a ticket to add warning if masked variable is used inside double quotes, but I think that's different message. In my example I've tried something like sh 'echo $sshKeyFile' and it is properly masked, no warning but still I see "Masking supported pattern" message in job log.

          The credentials masking message was added in PR #55 and PR #59 for JENKINS-42950, to make users aware that the plugin recognizes and masks only some variations of the credential; a carelessly implemented pipeline can log the credential in a format that the plugin does not recognize and passes straight through.

          I can imagine a few ways to change the plugin to allow suppressing these messages:

          • Don't log these messages at all if a specific system property is set.
          • Add an optional parameter to withCredentials.
          • Add an optional parameter to sshUserPrivateKey.
          • Remember which "Masking" messages have been output during the current run, and don't output identical ones again.
          • Never mask the file name of sshUserPrivateKey.

          Kalle Niemitalo added a comment - The credentials masking message was added in PR #55 and PR #59 for JENKINS-42950 , to make users aware that the plugin recognizes and masks only some variations of the credential; a carelessly implemented pipeline can log the credential in a format that the plugin does not recognize and passes straight through. I can imagine a few ways to change the plugin to allow suppressing these messages: Don't log these messages at all if a specific system property is set. Add an optional parameter to withCredentials. Add an optional parameter to sshUserPrivateKey. Remember which "Masking" messages have been output during the current run, and don't output identical ones again. Never mask the file name of sshUserPrivateKey.

          Vlad Uros added a comment -

          I am ok with those changes, users should be aware. But when you see that message, that makes you aware if you were not aware already, after that, no point in same message all over again. And I am ok with that as default behavior but it would be nice to add option not to log those messages.

          Vlad Uros added a comment - I am ok with those changes, users should be aware. But when you see that message, that makes you aware if you were not aware already, after that, no point in same message all over again. And I am ok with that as default behavior but it would be nice to add option not to log those messages.

          Carroll Chiou added a comment -

          bumping down priority as this is a feature request to quiet the log. Also unassigning myself as I don't have the time to do this work.

          Carroll Chiou added a comment - bumping down priority as this is a feature request to quiet the log. Also unassigning myself as I don't have the time to do this work.

            Unassigned Unassigned
            vladaurosh Vlad Uros
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: