Credentials "secret text" -> bash -> expect ?
17 views
Skip to first unread message
b o b i
May 15, 2019, 9:47:28 AM5/15/19
to Jenkins Users
Im using expect to inject a password into an openssl command called from a make file (and spawned by expect).
However, Im not able to pass the secret. Any suggestions on why this is happening?
makeFileWith.mk contains an openssl command requiring a secret
stage ('Deploy') {
withCredentials([string(credentialsId: 'secretText', variable: 'varSecretText')]) {
sh """#!/usr/bin/expect
puts "SECRET $varSecretText"
exp_internal 1
spawn make -f makeFileWith.mk
expect "Enter Password:" {
send \"${varSecretText}\n\"
}
spawn make -f makeFileWith.mk
expect "Enter Password:" {
send \"${varSecretText}\n\"
}
"""
}
}
}
Output is
SECRET ****
...expect: does "" (spawn_id exp3) match glob pattern "Enter Password:"? no
Is this Jenkins Bug or do I need something more / another approach ?
Ivan Fernandez Calvo
May 15, 2019, 1:31:27 PM5/15/19
to Jenkins Users
If your secret is multiline, the secret text does not work as expected, you could store the one line base64 value of your secret and decode it before send it, it could work
b o b i
May 16, 2019, 12:13:58 AM5/16/19
to Jenkins Users
It is a single line secret, but it wont work :|
Mark Waite
May 16, 2019, 12:19:57 AM5/16/19
to Jenkins Users
I'm accustomed to seeing variable references in groovy strings as "${variablename}", while it seemed in your example you were referencing it as "$variablename". Is that an intentional difference, or accidental?
--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/85dc81a4-6206-4286-9578-42f1bec2fcfb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Thanks!
Mark Waite
b o b i
May 16, 2019, 1:19:02 AM5/16/19
to Jenkins Users
Do you mean ?
send \"${varSecretText}\n\"
--> it has {}
or do you mean
puts "SECRET $varSecretText"
--> it worked
SECRET ****
On Thursday, May 16, 2019 at 6:19:57 AM UTC+2, Mark Waite wrote:
I'm accustomed to seeing variable references in groovy strings as "${variablename}", while it seemed in your example you were referencing it as "$variablename". Is that an intentional difference, or accidental?
On Wed, May 15, 2019 at 9:14 PM b o b i <bobis...@gmail.com> wrote:
It is a single line secret, but it wont work :|--
On Wednesday, May 15, 2019 at 7:31:27 PM UTC+2, Ivan Fernandez Calvo wrote:If your secret is multiline, the secret text does not work as expected, you could store the one line base64 value of your secret and decode it before send it, it could work
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkins...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/85dc81a4-6206-4286-9578-42f1bec2fcfb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--Thanks!Mark Waite
b o b i
May 16, 2019, 2:31:05 AM5/16/19
to Jenkins Users
Please disregard the question, and sorry for bothering.
It truned out, it is not a jenkins problem, rather a problem with timing of the expect script
so putting sleep 2 before and after send solved the problem
Reply all
Reply to author
Forward
0 new messages