Credentials "secret text" -> bash -> expect ?

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Credentials "secret text" -> bash -> expect ?

b o b i
Im using expect to inject a password into an openssl command called from a make file (and spawned by expect).

However, Im not able to pass the secret. Any suggestions on why this is happening?

makeFileWith.mk contains an openssl command requiring a secret

stage ('Deploy') {
   withCredentials([string(credentialsId: 'secretText', variable: 'varSecretText')]) {

        sh """#!/usr/bin/expect

        puts "SECRET $varSecretText"

        exp_internal 1
        spawn make -f makeFileWith.mk
        
        expect "Enter Password:" {
           send \"${varSecretText}\n\"
        }
        """
   }
}

Output is
SECRET ****
...
expect: does "" (spawn_id exp3) match glob pattern "Enter Password:"? no

Is this Jenkins Bug or do I need something more / another approach ?


--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/12a74c78-9731-4980-b24d-ecd2c66b7b18%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Credentials "secret text" -> bash -> expect ?

Ivan Fernandez Calvo
If your secret is multiline, the secret text does not work as expected, you could store the one line base64 value of your secret and decode it before send it, it could work

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/43156be6-2d24-42fe-8725-2916e6ca783b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Credentials "secret text" -> bash -> expect ?

b o b i
It is a single line secret, but it wont work :|

On Wednesday, May 15, 2019 at 7:31:27 PM UTC+2, Ivan Fernandez Calvo wrote:
If your secret is multiline, the secret text does not work as expected, you could store the one line base64 value of your secret and decode it before send it, it could work

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/85dc81a4-6206-4286-9578-42f1bec2fcfb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Credentials "secret text" -> bash -> expect ?

Mark Waite-2
I'm accustomed to seeing variable references in groovy strings as "${variablename}", while it seemed in your example you were referencing it as "$variablename".  Is that an intentional difference, or accidental?

On Wed, May 15, 2019 at 9:14 PM b o b i <[hidden email]> wrote:
It is a single line secret, but it wont work :|

On Wednesday, May 15, 2019 at 7:31:27 PM UTC+2, Ivan Fernandez Calvo wrote:
If your secret is multiline, the secret text does not work as expected, you could store the one line base64 value of your secret and decode it before send it, it could work

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/85dc81a4-6206-4286-9578-42f1bec2fcfb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


--
Thanks!
Mark Waite

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAO49JtHicbtPTDKPBWyMBcgjcXj%2BNNRqNJv3CpvrGj5AwCm1%2Bg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Credentials "secret text" -> bash -> expect ?

b o b i
Do you mean ?
send \"${varSecretText}\n\"

-->  it has {}

or do you mean

puts "SECRET $varSecretText"

--> it worked
SECRET ****

On Thursday, May 16, 2019 at 6:19:57 AM UTC+2, Mark Waite wrote:
I'm accustomed to seeing variable references in groovy strings as "${variablename}", while it seemed in your example you were referencing it as "$variablename".  Is that an intentional difference, or accidental?

On Wed, May 15, 2019 at 9:14 PM b o b i <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="z3cA8CsiBAAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">bobis...@...> wrote:
It is a single line secret, but it wont work :|

On Wednesday, May 15, 2019 at 7:31:27 PM UTC+2, Ivan Fernandez Calvo wrote:
If your secret is multiline, the secret text does not work as expected, you could store the one line base64 value of your secret and decode it before send it, it could work

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to <a href="javascript:" target="_blank" gdf-obfuscated-mailto="z3cA8CsiBAAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">jenkins...@googlegroups.com.
To view this discussion on the web visit <a href="https://groups.google.com/d/msgid/jenkinsci-users/85dc81a4-6206-4286-9578-42f1bec2fcfb%40googlegroups.com?utm_medium=email&amp;utm_source=footer" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://groups.google.com/d/msgid/jenkinsci-users/85dc81a4-6206-4286-9578-42f1bec2fcfb%40googlegroups.com?utm_medium\x3demail\x26utm_source\x3dfooter&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/d/msgid/jenkinsci-users/85dc81a4-6206-4286-9578-42f1bec2fcfb%40googlegroups.com?utm_medium\x3demail\x26utm_source\x3dfooter&#39;;return true;">https://groups.google.com/d/msgid/jenkinsci-users/85dc81a4-6206-4286-9578-42f1bec2fcfb%40googlegroups.com.
For more options, visit <a href="https://groups.google.com/d/optout" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://groups.google.com/d/optout&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/d/optout&#39;;return true;">https://groups.google.com/d/optout.


--
Thanks!
Mark Waite

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/927f796d-71ea-421c-b4e0-d7f541b6eaed%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Credentials "secret text" -> bash -> expect ?

b o b i
Please disregard the question, and sorry for bothering.

It truned out, it is not a jenkins problem, rather a problem with timing of the expect script

so putting sleep 2 before and after send solved the problem

On Thursday, May 16, 2019 at 7:19:02 AM UTC+2, b o b i wrote:
Do you mean ?
send \"${varSecretText}\n\"

-->  it has {}

or do you mean

puts "SECRET $varSecretText"

--> it worked
SECRET ****

On Thursday, May 16, 2019 at 6:19:57 AM UTC+2, Mark Waite wrote:
I'm accustomed to seeing variable references in groovy strings as "${variablename}", while it seemed in your example you were referencing it as "$variablename".  Is that an intentional difference, or accidental?

On Wed, May 15, 2019 at 9:14 PM b o b i <[hidden email]> wrote:
It is a single line secret, but it wont work :|

On Wednesday, May 15, 2019 at 7:31:27 PM UTC+2, Ivan Fernandez Calvo wrote:
If your secret is multiline, the secret text does not work as expected, you could store the one line base64 value of your secret and decode it before send it, it could work

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit <a href="https://groups.google.com/d/msgid/jenkinsci-users/85dc81a4-6206-4286-9578-42f1bec2fcfb%40googlegroups.com?utm_medium=email&amp;utm_source=footer" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://groups.google.com/d/msgid/jenkinsci-users/85dc81a4-6206-4286-9578-42f1bec2fcfb%40googlegroups.com?utm_medium\x3demail\x26utm_source\x3dfooter&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/d/msgid/jenkinsci-users/85dc81a4-6206-4286-9578-42f1bec2fcfb%40googlegroups.com?utm_medium\x3demail\x26utm_source\x3dfooter&#39;;return true;">https://groups.google.com/d/msgid/jenkinsci-users/85dc81a4-6206-4286-9578-42f1bec2fcfb%40googlegroups.com.
For more options, visit <a href="https://groups.google.com/d/optout" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://groups.google.com/d/optout&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/d/optout&#39;;return true;">https://groups.google.com/d/optout.


--
Thanks!
Mark Waite

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/9648b63e-d51c-4459-ab10-c8c74e446339%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.