configuration-as-code-plugin icon indicating copy to clipboard operation
configuration-as-code-plugin copied to clipboard
verified publisher icon jenkinsci

Passphrase loaded from file should be trimmed

Open proski opened this issue 3 years ago • 2 comments

Jenkins and plugins versions report

Environment 
Jenkins: 2.328
OS: Linux - 5.4.0-92-generic
---
ace-editor:1.1
apache-httpcomponents-client-4-api:4.5.13-1.0
authentication-tokens:1.4
blueocean:1.25.2
blueocean-autofavorite:1.2.4
blueocean-bitbucket-pipeline:1.25.2
blueocean-commons:1.25.2
blueocean-config:1.25.2
blueocean-core-js:1.25.2
blueocean-dashboard:1.25.2
blueocean-display-url:2.4.1
blueocean-events:1.25.2
blueocean-git-pipeline:1.25.2
blueocean-github-pipeline:1.25.2
blueocean-i18n:1.25.2
blueocean-jwt:1.25.2
blueocean-personalization:1.25.2
blueocean-pipeline-api-impl:1.25.2
blueocean-pipeline-editor:1.25.2
blueocean-pipeline-scm-api:1.25.2
blueocean-rest:1.25.2
blueocean-rest-impl:1.25.2
blueocean-web:1.25.2
bootstrap4-api:4.6.0-3
bootstrap5-api:5.1.3-4
bouncycastle-api:2.25
branch-api:2.7.0
caffeine-api:2.9.2-29.v717aac953ff3
checks-api:1.7.2
cloudbees-bitbucket-branch-source:737.vdf9dc06105be
cloudbees-folder:6.17
cobertura:1.17
code-coverage-api:2.0.4
command-launcher:1.6
configuration-as-code:1.55
credentials:1061.vb_1fceb_58fa_18
credentials-binding:1.27
data-tables-api:1.11.3-6
display-url-api:2.3.5
durable-task:493.v195aefbb0ff2
echarts-api:5.2.2-2
email-ext:2.86
favorite:2.3.3
font-awesome-api:5.15.4-5
forensics-api:1.7.0
git:4.10.1
git-client:3.11.0
git-server:1.10
github:1.34.1
github-api:1.301-378.v9807bd746da5
github-branch-source:2.11.4
handlebars:3.0.8
handy-uri-templates-2-api:2.1.8-1.0
htmlpublisher:1.28
jackson2-api:2.13.1-246.va8a9f3eaf46a
jaxb:2.3.0.1
jdk-tool:1.5
jenkins-design-language:1.25.2
jjwt-api:0.11.2-9.c8b45b8bb173
job-dsl:1.78.3
jquery3-api:3.6.0-2
jsch:0.1.55.2
junit:1.53
lockable-resources:2.13
mailer:391.ve4a_38c1b_cf4b_
matrix-project:1.19
momentjs:1.1.1
okhttp-api:4.9.3-105.vb96869f8ac3a
pam-auth:1.6.1
pipeline-build-step:2.15
pipeline-graph-analysis:188.v3a01e7973f2c
pipeline-input-step:427.va6441fa17010
pipeline-milestone-step:1.3.2
pipeline-model-api:1.9.3
pipeline-model-definition:1.9.3
pipeline-model-extensions:1.9.3
pipeline-rest-api:2.20
pipeline-stage-step:291.vf0a8a7aeeb50
pipeline-stage-tags-metadata:1.9.3
pipeline-stage-view:2.20
plain-credentials:1.7
plugin-util-api:2.12.0
popper-api:1.16.1-2
popper2-api:2.11.0-1
pubsub-light:1.16
scm-api:595.vd5a_df5eb_0e39
script-security:1131.v8b_b_5eda_c328e
snakeyaml-api:1.29.1
sse-gateway:1.24
ssh-credentials:1.19
ssh-slaves:1.33.0
sshd:3.1.0
structs:308.v852b473a2b8c
timestamper:1.15
token-macro:267.vcdaea6462991
trilead-api:1.0.13
variant:1.4
workflow-aggregator:2.6
workflow-api:1108.v57edf648f5d4
workflow-basic-steps:2.24
workflow-cps:2648.va9433432b33c
workflow-cps-global-lib:552.vd9cc05b8a2e1
workflow-durable-task-step:1112.vda00e6febcc1
workflow-job:1145.v7f2433caa07f
workflow-multibranch:704.v8f039a_e2e8cf
workflow-scm-step:2.13
workflow-step-api:622.vb_8e7c15b_c95a_
workflow-support:804.vba10a18a1476

What Operating System are you using (both controller, and any agents involved in the problem)?

Controller: Ubuntu 20.04 Agents: Ubuntu 18.04

Reproduction steps

Load passphrase from a file:

credentials:
  system:
    domainCredentials:
    - credentials:
      - basicSSHUserPrivateKey:
          description: "XXjenkins SSH key to run agents on nodes"
          id: "XX-jenkins-key"
          passphrase: "${readFile:${HOME}/private/XX_jenkins_key.pph}"
          privateKeySource:
            directEntry:
              privateKey: "${readFile:${HOME}/private/XX_jenkins_key}"
          scope: GLOBAL
          username: "XXjenkins"

Expected Results

Agents are started on the nodes even if the passphrase file ends with a newline.

Actual Results

Authentication fails. It took me a lot of time to figure it out.

Anything else?

Developers may think it's a feature request, but from the user perspective, it's a bug. Things don't work as they should. When ssh asks the passphrase, I type it in and press Enter, and it works.

Possible solutions:

  • Add a new keyword readFileTrim, mention it in the documentation, add an example where it's used for a passphrase.
  • Add a new keyword trim, use it around readFile, document it.
  • Document some other way to trim the passphrase.
  • Trim specifically the passphrase - user friendly but perhaps against the CASC "hands off" approach to the configuration.

proski avatar Jan 08 '22 01:01 proski

I can confirm this experience. --env some_key="$(<file_with_value.txt)" \ works, while "${readFile: file_with_value.txt} does not.

bondpp7-2 avatar Feb 17 '22 17:02 bondpp7-2

I'm having the same issue, any help would be appreciated.

maozturk avatar Apr 18 '23 12:04 maozturk