Using withEnv with withCredentials

[kelvSYC]

Suppose I have a username and password credential that I use with a withCredentials step, and I wish to use it to construct a URL for use with the http_proxy environment variable. Currently I have this:

withCredentials([usernameColonPassword(credentialsId:’proxy-credentials’, variable: ‘PROXY_CREDENTIALS')]) {
def url = “https://${env.PROXY_CREDENTIALS}@proxy-endpoint.com:3128”
withEnv([“http_proxy=${url}”]) {
// Do something
}
}

This gets flagged as unsafe by Jenkins (likely rightly), so I’m wondering what safe way there is to do the same thing.

Something like the following doesn’t work for me:

withCredentials([usernameColonPassword(credentialsId:’proxy-credentials’, variable: ‘PROXY_CREDENTIALS')]) {
withEnv([‘http_proxy=https://${PROXY_CREDENTIALS}@proxy-endpoint.com:3128']) {
// Do something
}
}

All it does is that the http_proxy variable is populated with the literal ${PROXY_CREDENTIALS} string instead of the value therein.

Any assistance in this would be appreciated.

[Björn Pedersen]

Used : withEnv([‘http_proxy=https://${PROXY_CREDENTIALS}@proxy-endpoint.com:3128']) { 

Note the single quotes, this needs to be double-quoted for the replacement to happen.

Björn

[Reinhold Füreder]

Sorry, Björn, but I think I didn’t get it:

• Is your suggestion to use?

• withEnv([“http_proxy=https://${PROXY_CREDENTIALS}@proxy-endpoint.com:3128”]) { 

• But isn’t that what kelvSYC also tried and “gets flagged as unsafe by Jenkins”

• withCredentials([usernameColonPassword(credentialsId:’proxy-credentials’, variable: ‘PROXY_CREDENTIALS')]) {
  def url = “https://${env.PROXY_CREDENTIALS}@proxy-endpoint.com:3128”
  withEnv([“http_proxy=${url}”]) {
  
  

I think the (ugly) workaround would be (1) to not use “withEnv” step and (2) assemble the “http_proxy” env variable (=> shell variable) only later in the shell? Something like:

 

http_proxy=https://${env.PROXY_CREDENTIALS}@proxy-endpoint.com:3128 <some cmd that needs this ‘http_proxy’ variable>

 

☹

 

Cu Reinhold

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/2e09f1ff-d7d7-4ba3-a84d-2455dfe1d5acn%40googlegroups.com.

[Jheison Rodriguez]

Hi there

Does anyone know if there is any advantage between using Jenkins
pipeline Step 'readJSON' and 'JsonSlurper'. I'm asking because in best
practices page the suggestion is to avoid JsonSlurper but they don't
mention nothing about readJson step. I want to figure out what way
should I go forward with the last one or with the use of JQ?

https://www.jenkins.io/doc/book/pipeline/pipeline-best-practices/#avoiding-complex-groovy-code-in-pipelines