configuration-as-code-groovy-plugin
configuration-as-code-groovy-plugin copied to clipboard
jenkinsci
Add secret variables expansion from CNode value
I faced jCasC secrets variables expansion issue with jCasC-Groovy plugin.
So I made this PR to implement usage of jCasC secrets feature.
As an example, this allows to setup secret token in URL to authenticate remote server.
Before, the following example wasn't working.
groovy:
- url: http://login:${SECRET_TOKEN}@my.web.site/path/to/groovy/script.groovy
Regards
When will you merge this and release a new version of the plugin? I really need this
OK, I will try today's evening. Honestly I am looking for a co-maintainer, because I heavily lack time
pon., 12 paź 2020 o 11:30 danielraq [email protected] napisał(a):
When will you merge this and release a new version of the plugin? I really need this
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/jenkinsci/configuration-as-code-groovy-plugin/pull/3#issuecomment-707002547, or unsubscribe https://github.com/notifications/unsubscribe-auth/AC7SR3DBPZ4G4FAXLPOFMWDSKLEEJANCNFSM4JM4IHLQ .
Tried adding a simple test.
The test only seem to work from script console.
groovy:
- script: |
import jenkins.model.Jenkins;
def systemMessage = "Hello World";
def jenkins = Jenkins.get();
jenkins.setSystemMessage(systemMessage);
jenkins.save();
@szandala @ziouf @danielraq perhaps one of you would be willing to test the HPI: https://ci.jenkins.io/blue/organizations/jenkins/Plugins%2Fconfiguration-as-code-groovy-plugin/detail/PR-3/15/artifacts
I would love to have test that actually works 😓
I was in dire need of this functionality, so I tried to use this implementation, but sadly it is severely broken. It causes the entire CASC plugin to fail to load other configuration. I have not been able to determine the root cause yet, but I'm guessing it is the rewrite of the groovy code processing that causes it. So for now, I'll have to revert to the published version and use some other mechanisms to inject secrets. I will try to get more time to keep looking into what is causing the failure.
The scary thing is that it doesn't fail in a clear and obvious way. Instead jenkins starts, its just that some configuration will simply not have been loaded. Looking in the logs, I can see that the CASC plugin doesn't know how to dispatch the configuration that fails to load. Reverting back to the published version and everything works again.
Ya, would be nice to add tests to see if this actually works. I tried adding tests but I think I ran into the same problem your describing.
Is there any work around for the lack of this functionality?
Update/edit
I'm using this as a work around:
import io.jenkins.plugins.casc.impl.secrets.PropertiesSecretSource
def secretSource = new PropertiesSecretSource()
secretSource.init()
def foo = secretSource.reveal('secret_var').get()
@kylegibson , where does secret come from in your code snipped?
Btw. this functionality would still be nice, five years later. Appreciated if you could make time for it.
@kylegibson , where does
secretcome from in your code snipped?Btw. this functionality would still be nice, five years later. Appreciated if you could make time for it.
@bn-jbischko I corrected the code snippet to address your question. Hopefully it makes sense now.