Using withEnv with withCredentials

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Using withEnv with withCredentials

kelvSYC
Suppose I have a username and password credential that I use with a withCredentials step, and I wish to use it to construct a URL for use with the http_proxy environment variable. Currently I have this:

withCredentials([usernameColonPassword(credentialsId:’proxy-credentials’, variable: ‘PROXY_CREDENTIALS')]) {
 def url = “https://${env.PROXY_CREDENTIALS}@proxy-endpoint.com:3128”
 withEnv([“http_proxy=${url}”]) {
   // Do something
 }
}

This gets flagged as unsafe by Jenkins (likely rightly), so I’m wondering what safe way there is to do the same thing.

Something like the following doesn’t work for me:

withCredentials([usernameColonPassword(credentialsId:’proxy-credentials’, variable: ‘PROXY_CREDENTIALS')]) {
 withEnv([‘http_proxy=https://${PROXY_CREDENTIALS}@proxy-endpoint.com:3128']) {
   // Do something
 }
}

All it does is that the http_proxy variable is populated with the literal ${PROXY_CREDENTIALS} string instead of the value therein.

Any assistance in this would be appreciated.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/063E3DB9-0446-472A-B26C-9356C13C9C71%40gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: Using withEnv with withCredentials

Björn Pedersen
Used : withEnv([‘http_proxy=https://${PROXY_CREDENTIALS}@proxy-endpoint.com:3128']) { 

Note the single quotes, this needs to be double-quoted for the replacement to happen.

Björn



kelvSYC schrieb am Montag, 8. März 2021 um 22:29:00 UTC+1:
Suppose I have a username and password credential that I use with a withCredentials step, and I wish to use it to construct a URL for use with the http_proxy environment variable. Currently I have this:

withCredentials([usernameColonPassword(credentialsId:’proxy-credentials’, variable: ‘PROXY_CREDENTIALS')]) {
def url = “https://${env.PROXY_CREDENTIALS}@proxy-endpoint.com:3128”
withEnv([“http_proxy=${url}”]) {
// Do something
}
}

This gets flagged as unsafe by Jenkins (likely rightly), so I’m wondering what safe way there is to do the same thing.

Something like the following doesn’t work for me:

withCredentials([usernameColonPassword(credentialsId:’proxy-credentials’, variable: ‘PROXY_CREDENTIALS')]) {
withEnv([‘http_proxy=https://${PROXY_CREDENTIALS}@proxy-endpoint.com:3128']) {
// Do something
}
}

All it does is that the http_proxy variable is populated with the literal ${PROXY_CREDENTIALS} string instead of the value therein.

Any assistance in this would be appreciated.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/2e09f1ff-d7d7-4ba3-a84d-2455dfe1d5acn%40googlegroups.com.
Reply | Threaded
Open this post in threaded view
|

RE: Using withEnv with withCredentials

Reinhold Füreder

Sorry, Björn, but I think I didn’t get it:

  • Is your suggestion to use?
    • withEnv([“http_proxy=https://${PROXY_CREDENTIALS}@proxy-endpoint.com:3128”]) { 
  • But isn’t that what kelvSYC also tried and “gets flagged as unsafe by Jenkins

I think the (ugly) workaround would be (1) to not use “withEnv” step and (2) assemble the “http_proxy” env variable (=> shell variable) only later in the shell? Something like:

 

http_proxy=https://${env.PROXY_CREDENTIALS}@proxy-endpoint.com:3128 <some cmd that needs this ‘http_proxy’ variable>

 

 

Cu Reinhold

 

 

From: 'Björn Pedersen' via Jenkins Users <[hidden email]>
Sent: Dienstag, 9. März 2021 08:10
To: Jenkins Users <[hidden email]>
Subject: Re: Using withEnv with withCredentials

 

Used : withEnv([‘http_proxy=https://${PROXY_CREDENTIALS}@proxy-endpoint.com:3128']) { 

 

Note the single quotes, this needs to be double-quoted for the replacement to happen.

 

Björn

 

 

kelvSYC schrieb am Montag, 8. März 2021 um 22:29:00 UTC+1:

Suppose I have a username and password credential that I use with a withCredentials step, and I wish to use it to construct a URL for use with the http_proxy environment variable. Currently I have this:

withCredentials([usernameColonPassword(credentialsId:’proxy-credentials’, variable: ‘PROXY_CREDENTIALS')]) {
def url = “https://${env.PROXY_CREDENTIALS}@proxy-endpoint.com:3128
withEnv([“http_proxy=${url}”]) {
// Do something
}
}

This gets flagged as unsafe by Jenkins (likely rightly), so I’m wondering what safe way there is to do the same thing.

Something like the following doesn’t work for me:

withCredentials([usernameColonPassword(credentialsId:’proxy-credentials’, variable: ‘PROXY_CREDENTIALS')]) {
withEnv([‘http_proxy=https://${PROXY_CREDENTIALS}@proxy-endpoint.com:3128']) {
// Do something
}
}

All it does is that the http_proxy variable is populated with the literal ${PROXY_CREDENTIALS} string instead of the value therein.

Any assistance in this would be appreciated.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/2e09f1ff-d7d7-4ba3-a84d-2455dfe1d5acn%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/VI1PR01MB66388D2B93134A56C68D6331F7929%40VI1PR01MB6638.eurprd01.prod.exchangelabs.com.
Reply | Threaded
Open this post in threaded view
|

readJson, JsonSlurper or JQ

Jheison Rodriguez
In reply to this post by Björn Pedersen
Hi there

Does anyone know if there is any advantage between using Jenkins
pipeline Step 'readJSON' and 'JsonSlurper'. I'm asking because in best
practices page the suggestion is to avoid JsonSlurper but they don't
mention nothing about readJson step. I want to figure out what way
should I go forward with the last one or with the use of JQ?

https://www.jenkins.io/doc/book/pipeline/pipeline-best-practices/#avoiding-complex-groovy-code-in-pipelines

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/fdf045c3-865e-c748-f2ad-09ee632efcbb%40gmail.com.