[JIRA] (JENKINS-57936) Parameters not expanded in username or password portion of https git URL

21 views
Skip to first unread message

mark.earl.waite@gmail.com (JIRA)

unread,
Jun 19, 2019, 1:17:05 PM6/19/19
to jenkinsc...@googlegroups.com
Mark Waite updated an issue
 
Jenkins / Bug JENKINS-57936
Parameters not expanded in username or password portion of https git URL
Change By: Mark Waite
Summary: Git plugin Parameters not expanded in username or password bug portion of https git URL
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

mark.earl.waite@gmail.com (JIRA)

unread,
Jun 19, 2019, 2:58:18 PM6/19/19
to jenkinsc...@googlegroups.com
Mark Waite updated an issue
When a parameterized job attempts to use the value of the parameter as the username or password of an https based git repository URL, the git client plugin

Dear Jenkins users,

I'm use Jenkins 2.164.3 and trying to clone a repository with Git Plugin I get the error " authentication failed", because for some reason git plugin add "%24" in front of my password read from password parameter. 

I read from ticket JENKINS-20533

It was an old bug of 5 years ago of very old git plugin, but now should be solved!

Could you help me? Thanks.

mark.earl.waite@gmail.com (JIRA)

unread,
Jun 19, 2019, 2:58:18 PM6/19/19
to jenkinsc...@googlegroups.com
Mark Waite updated an issue
Change By: Mark Waite
Component/s: git-client-plugin
Component/s: git-plugin

mark.earl.waite@gmail.com (JIRA)

unread,
Jun 19, 2019, 3:03:02 PM6/19/19
to jenkinsc...@googlegroups.com
Mark Waite updated an issue
When a parameterized job attempts to use the value of the parameter as the username or password of an https based git repository URL, the git client plugin
does not expand the parameter reference.  If a string parameter {{USERNAME}} and a password parameter {{PASSWORD}} are defined in either a Freestyle or a Pipeline job, references to those variables are not expanded in the username and password portion of the repository URL.

{noformat}
https://${USERNAME}:${PASSWORD}@github.com/${USERNAME}/secret-repo.git
{noformat}

becomes:

{noformat}
https://${USERNAME}:${PASSWORD}@github.com/MarkEWaite/secret-repo.git
{noformat}

Notice that the USERNAME parameter is replaced in some parts of the URL, but not in all parts of the URL.

----


Dear Jenkins users,

I'm use Jenkins 2.164.3 and trying to clone a repository with Git Plugin I get the error " authentication failed", because for some reason git plugin add "%24" in front of my password read from password parameter. 

I read from ticket JENKINS-20533

It was an old bug of 5 years ago of very old git plugin, but now should be solved!

Could you help me? Thanks.

piyush.sachdeva2000@Gmail.com (JIRA)

unread,
Sep 26, 2019, 11:43:02 AM9/26/19
to jenkinsc...@googlegroups.com
piyush sachdeva commented on Bug JENKINS-57936
 
Re: Parameters not expanded in username or password portion of https git URL

Hi,

I am facing the same issue, I generated a personal access token and using that as a credential parameter(secret text) in Git plugin like https://$TO...@github.com but its not able to resolve the variable and if I dont use the variable then it will appear in console output.

Do we have a possible solution yet?

 

Thanks,

Piyush
This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)
Atlassian logo

mark.earl.waite@gmail.com (JIRA)

unread,
Sep 26, 2019, 12:16:02 PM9/26/19
to jenkinsc...@googlegroups.com

piyush sachdeva there is already a solution for that case. Create a Jenkins username/password credential which contains the username and the personal access token. Use that credential in your operations. The value of the credential is not displayed when a credential is used in a Jenkins job. Refer to "Using Credentials" in the Jenkins Handbook for more information.

mark.earl.waite@gmail.com (JIRA)

unread,
Sep 26, 2019, 12:16:04 PM9/26/19
to jenkinsc...@googlegroups.com
Mark Waite edited a comment on Bug JENKINS-57936
[~piyush_devops] there is already a solution for that case.  Create a Jenkins username/password credential which contains the username and the personal access token.  Use that credential in your operations.  The value of the credential is not displayed when a credential is used in a Jenkins job.   

   Refer to "[Using Credentials|https://jenkins.io/doc/book/using/using-credentials/]" in the Jenkins Handbook for more information.

piyush.sachdeva2000@Gmail.com (JIRA)

unread,
Sep 26, 2019, 12:38:03 PM9/26/19
to jenkinsc...@googlegroups.com

Hi Mark,

Thanks for your reply however, I have tried the approach already but I am still getting the below error

fatal: could not read Username for 'https://github.xx.com': terminal prompts disabled.

PS: My Jenkins is running as a Docker container/

mark.earl.waite@gmail.com (JIRA)

unread,
Sep 26, 2019, 12:45:03 PM9/26/19
to jenkinsc...@googlegroups.com

piyush sachdeva please don't use a bug report as a place to request help with configuration issues. This bug report describes a failure to expand a parameter in a git URL that is provided to a Freestyle job.

Your issue is different and should be handled through the user mailing list or the chat system. Many, many users are successfully cloning repositories with GitHub personal access tokens. The most likely problem is a configuration error somewhere in your environment. That's not a bug, it is a configuration error.

piyush.sachdeva2000@Gmail.com (JIRA)

unread,
Sep 26, 2019, 1:47:03 PM9/26/19
to jenkinsc...@googlegroups.com

Mark Waite, the reason I am commenting on this thread is because the status of this bug is still unresolved and I am facing the exact same issue.

mark.earl.waite@gmail.com (JIRA)

unread,
Sep 26, 2019, 2:01:02 PM9/26/19
to jenkinsc...@googlegroups.com

piyush sachdeva if you are passing the GitHub personal access token as a parameter to a job, you're making a mistake. Don't do that.

Job parameters are visible from the "Parameters" link on the left-hand side of the individual job history. In my case, job #7 shows the parameters which were used to run that job. If a personal access token had been entered into a parameter field to run that job, the value of the personal access token would be visible from that page.

Please use Jenkins credentials. They are designed to store credentials. They work well with Jenkins plugins. Investigate why your credentials are not working. Don't pass sensitive text as a parameter to a Jenkins job.

piyush.sachdeva2000@Gmail.com (JIRA)

unread,
Sep 26, 2019, 2:05:05 PM9/26/19
to jenkinsc...@googlegroups.com

Mark Waite, yes that is why I was using Jenkins credential store along with the masked variable but it's not able to resolve the variable. I don't want it to print in Jenkins console output that is why I have posted in this thread(my first comment). I will keep digging into it. 

Thanks

mark.earl.waite@gmail.com (JIRA)

unread,
Sep 26, 2019, 2:05:06 PM9/26/19
to jenkinsc...@googlegroups.com
Mark Waite updated an issue
Change By: Mark Waite
Attachment: parameter-values-visible-in-build-detail.png

mark.earl.waite@gmail.com (JIRA)

unread,
Sep 26, 2019, 2:05:07 PM9/26/19
to jenkinsc...@googlegroups.com
Mark Waite edited a comment on Bug JENKINS-57936
 
Re: Parameters not expanded in username or password portion of https git URL
[~piyush_devops] if you are passing the GitHub personal access token as a parameter to a job, you're making a mistake.  Don't do that.


Job parameters are visible from the "Parameters" link on the left-hand side of the individual job history.  In my case, job #7 shows the parameters which were used to run that job.  If a personal access token had been entered into a parameter field to run that job, the value of the personal access token would be visible from that page.

!parameter-values-visible-in-build-detail.png|thumbnail!

Please use Jenkins credentials.  They are designed to store credentials.  They work well with Jenkins plugins.  Investigate why your credentials are not working.  Don't pass sensitive text as a parameter to a Jenkins job.
Reply all
Reply to author
Forward
0 new messages