more meaningful description of a step

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

more meaningful description of a step

Jakub Pawlinski
Hi, 

Recently https://issues.jenkins-ci.org/browse/JENKINS-37324 was solved. 

In sprint review Sam Van Oort demonstrated the foundation for this https://www.youtube.com/watch?v=HhiUY70RVJY&t=510 

He mentions there possibility of having custom caption but I have found no way to actually achieve it.

Maybe you know how I could make a custom description of step in declarative pipeline, far too simple example:

stages {
  stage('A') { 
    steps {
      bat "@echo Hello World"

        }
    }
}


How can I make it appear as "Hello World Step — Windows Batch Script" instead of "@echo Hello World — Windows Batch Script" that I'm getting now.


Thanks

Jakub


--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/bb2c89c5-4971-432d-b442-885b34951139%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: more meaningful description of a step

Samuel Van Oort
Hi Jakub, 
Custom captions (or more accurately, custom step argument descriptions) are supported on a per-Step type basis, so if your plugin is defining a new Step type, you can define how to display its inputs. There isn't anything coming immediately to allow you to customize captions individually -- though there is a future enhancement to allow attaching metadata to a step that might be displayed in some fashion.  But I assume that would be in addition to the caption, not in place of it.  Apologies for any confusion from the demos.

Cheers, 
Sam

On Tuesday, July 11, 2017 at 3:51:55 AM UTC-4, Jakub Pawlinski wrote:
Hi, 

Recently <a href="https://issues.jenkins-ci.org/browse/JENKINS-37324" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fissues.jenkins-ci.org%2Fbrowse%2FJENKINS-37324\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFW8g3AP-OaNwWPMKbW7kEgx7ApAA&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fissues.jenkins-ci.org%2Fbrowse%2FJENKINS-37324\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFW8g3AP-OaNwWPMKbW7kEgx7ApAA&#39;;return true;">https://issues.jenkins-ci.org/browse/JENKINS-37324 was solved. 

In sprint review <a href="https://issues.jenkins-ci.org/secure/ViewProfile.jspa?name=svanoort" rel="nofollow" style="font-family:Arial,sans-serif;font-size:14px;color:rgb(59,115,175)" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fissues.jenkins-ci.org%2Fsecure%2FViewProfile.jspa%3Fname%3Dsvanoort\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFYO9DHBhPszWl1jS5ZrhNUsu932w&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fissues.jenkins-ci.org%2Fsecure%2FViewProfile.jspa%3Fname%3Dsvanoort\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFYO9DHBhPszWl1jS5ZrhNUsu932w&#39;;return true;">Sam Van Oort demonstrated the foundation for this <a href="https://www.youtube.com/watch?v=HhiUY70RVJY&amp;t=510" rel="nofollow" style="font-family:Arial,sans-serif;font-size:14px;color:rgb(59,115,175)" target="_blank" onmousedown="this.href=&#39;https://www.youtube.com/watch?v\x3dHhiUY70RVJY\x26t\x3d510&#39;;return true;" onclick="this.href=&#39;https://www.youtube.com/watch?v\x3dHhiUY70RVJY\x26t\x3d510&#39;;return true;">https://www.youtube.com/watch?v=HhiUY70RVJY&t=510 

He mentions there possibility of having custom caption but I have found no way to actually achieve it.

Maybe you know how I could make a custom description of step in declarative pipeline, far too simple example:

stages {
  stage('A') { 
    steps {
      bat "@echo Hello World"

        }
    }
}


How can I make it appear as "Hello World Step — Windows Batch Script" instead of "@echo Hello World — Windows Batch Script" that I'm getting now.


Thanks

Jakub


--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/e3a99fdb-d38b-4140-b035-c85a97a7b217%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: more meaningful description of a step

Torsten Gippert
In reply to this post by Jakub Pawlinski

Hello,

I am a bit confused how to handle sensitive information when using a shell script:

In https://issues.jenkins-ci.org/browse/JENKINS-37324 Sam Van Oort wrote ( "Lots of discussion about how to separate sensitive and nonsensitive environment variable content (markers for data, whitelist/blacklist, or custom information in their EnvVars definitions) – Jesse Glick has suggested a clever approach:

to play with a different way of detecting secrets you would patch `BindingStep` and `MaskPasswordsBuildWrapper` to, say, not just set `PASSWORD=s3cr3t` but also `PASSWORD+SECRET=true`, and then document this somewhere like in `EnvironmentExpander`"


The question is, how do I hide sensitive information that DO NOT come from credential binding in the shell script header? 

Example:

String userAndPwd = "test:123" // this comes from an manual input step
def userAndPwdSECRET = true // Doesn't do anything ?! (`PASSWORD+SECRET=true)

sh """
   set +x
   curl -u ${userAndPwd} https://www.google.com
"""  

In Blue Ocean I see "set +x curl -u test:123 https://www.google.com - Shell Script"

How can I mask out test:123 (=${userAndPwd})  in the shell script description header in Blue Ocean?

Many thanks to any answer in advance :-)






 



Am Dienstag, 11. Juli 2017 09:51:55 UTC+2 schrieb Jakub Pawlinski:

Hi, 

Recently <a onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fissues.jenkins-ci.org%2Fbrowse%2FJENKINS-37324\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFW8g3AP-OaNwWPMKbW7kEgx7ApAA&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fissues.jenkins-ci.org%2Fbrowse%2FJENKINS-37324\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFW8g3AP-OaNwWPMKbW7kEgx7ApAA&#39;;return true;" href="https://issues.jenkins-ci.org/browse/JENKINS-37324" target="_blank" rel="nofollow">https://issues.jenkins-ci.org/browse/JENKINS-37324 was solved. 

In sprint review <a style="color: rgb(59, 115, 175); font-family: Arial,sans-serif; font-size: 14px;" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fissues.jenkins-ci.org%2Fsecure%2FViewProfile.jspa%3Fname%3Dsvanoort\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFYO9DHBhPszWl1jS5ZrhNUsu932w&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fissues.jenkins-ci.org%2Fsecure%2FViewProfile.jspa%3Fname%3Dsvanoort\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFYO9DHBhPszWl1jS5ZrhNUsu932w&#39;;return true;" href="https://issues.jenkins-ci.org/secure/ViewProfile.jspa?name=svanoort" target="_blank" rel="nofollow">Sam Van Oort demonstrated the foundation for this <a style="color: rgb(59, 115, 175); font-family: Arial,sans-serif; font-size: 14px;" onmousedown="this.href=&#39;https://www.youtube.com/watch?v\x3dHhiUY70RVJY\x26t\x3d510&#39;;return true;" onclick="this.href=&#39;https://www.youtube.com/watch?v\x3dHhiUY70RVJY\x26t\x3d510&#39;;return true;" href="https://www.youtube.com/watch?v=HhiUY70RVJY&amp;t=510" target="_blank" rel="nofollow">https://www.youtube.com/watch?v=HhiUY70RVJY&t=510 

He mentions there possibility of having custom caption but I have found no way to actually achieve it.

Maybe you know how I could make a custom description of step in declarative pipeline, far too simple example:

stages {
  stage('A') { 
    steps {
      bat "@echo Hello World"

        }
    }
}


How can I make it appear as "Hello World Step — Windows Batch Script" instead of "@echo Hello World — Windows Batch Script" that I'm getting now.


Thanks

Jakub


--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/8358edbf-5979-4b57-9055-a8bad0d4e2bc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: more meaningful description of a step

Samuel Van Oort
Torsten, 

> how do I hide sensitive information that DO NOT come from credential binding in the shell script header?

First, I would strongly discourage this approach in general.  Credentials and credentials-binding exist specifically to provide a secure mechanism for build secrets (with several levels of security around them), and if you break from that it's very easy to shoot yourself in the foot and leak something sensitive.

A better approach would be to select from a list of credential ids.  

Second, as a workaround, if you have one of the cases where you can't do that, if you bind the secret to an actual environment variable (rather than a pipeline variable) it will currently be masked automatically by the implementation.  However I cannot guarantee the implementation will not become more specific about what it masks in the future (as described in the ticket above), ergo why I strongly encourage appropriate use of credentials.

Note that for purposes of step description, masking means that *all* of the string is removed, rather than just masking out part with asterisks.  This is to make one class of dictionary password attack harder to conduct, by not revealing what part of the input is sensitive.

Regards,
Sam Van Oort

On Wednesday, July 12, 2017 at 4:34:48 AM UTC-4, Torsten Gippert wrote:

Hello,

I am a bit confused how to handle sensitive information when using a shell script:

In <a href="https://issues.jenkins-ci.org/browse/JENKINS-37324" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fissues.jenkins-ci.org%2Fbrowse%2FJENKINS-37324\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFW8g3AP-OaNwWPMKbW7kEgx7ApAA&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fissues.jenkins-ci.org%2Fbrowse%2FJENKINS-37324\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFW8g3AP-OaNwWPMKbW7kEgx7ApAA&#39;;return true;">https://issues.jenkins-ci.org/browse/JENKINS-37324 Sam Van Oort wrote (2017-01-11 23:37):
 "Lots of discussion about how to separate sensitive and nonsensitive environment variable content (markers for data, whitelist/blacklist, or custom information in their EnvVars definitions) – <a href="https://issues.jenkins-ci.org/secure/ViewProfile.jspa?name=jglick" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fissues.jenkins-ci.org%2Fsecure%2FViewProfile.jspa%3Fname%3Djglick\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEi44ONb66-sJTdpWOABsqkvzeYbA&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fissues.jenkins-ci.org%2Fsecure%2FViewProfile.jspa%3Fname%3Djglick\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEi44ONb66-sJTdpWOABsqkvzeYbA&#39;;return true;">Jesse Glick has suggested a clever approach:

to play with a different way of detecting secrets you would patch `BindingStep` and `MaskPasswordsBuildWrapper` to, say, not just set `PASSWORD=s3cr3t` but also `PASSWORD+SECRET=true`, and then document this somewhere like in `EnvironmentExpander`"


The question is, how do I hide sensitive information that DO NOT come from credential binding in the shell script header? 

Example:

String userAndPwd = "test:123" // this comes from an manual input step
def userAndPwdSECRET = true // Doesn't do anything ?! (`PASSWORD+SECRET=true)

sh """
   set +x
   curl -u ${userAndPwd} <a href="https://www.google.com" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com&#39;;return true;" onclick="this.href=&#39;https://www.google.com&#39;;return true;">https://www.google.com
"""  

In Blue Ocean I see "set +x curl -u test:123 <a href="https://www.google.com" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com&#39;;return true;" onclick="this.href=&#39;https://www.google.com&#39;;return true;">https://www.google.com - Shell Script"

How can I mask out test:123 (=${userAndPwd})  in the shell script description header in Blue Ocean?

Many thanks to any answer in advance :-)






 



Am Dienstag, 11. Juli 2017 09:51:55 UTC+2 schrieb Jakub Pawlinski:

Hi, 

Recently <a href="https://issues.jenkins-ci.org/browse/JENKINS-37324" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fissues.jenkins-ci.org%2Fbrowse%2FJENKINS-37324\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFW8g3AP-OaNwWPMKbW7kEgx7ApAA&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fissues.jenkins-ci.org%2Fbrowse%2FJENKINS-37324\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFW8g3AP-OaNwWPMKbW7kEgx7ApAA&#39;;return true;">https://issues.jenkins-ci.org/browse/JENKINS-37324 was solved. 

In sprint review <a style="color:rgb(59,115,175);font-family:Arial,sans-serif;font-size:14px" href="https://issues.jenkins-ci.org/secure/ViewProfile.jspa?name=svanoort" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fissues.jenkins-ci.org%2Fsecure%2FViewProfile.jspa%3Fname%3Dsvanoort\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFYO9DHBhPszWl1jS5ZrhNUsu932w&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fissues.jenkins-ci.org%2Fsecure%2FViewProfile.jspa%3Fname%3Dsvanoort\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFYO9DHBhPszWl1jS5ZrhNUsu932w&#39;;return true;">Sam Van Oort demonstrated the foundation for this <a style="color:rgb(59,115,175);font-family:Arial,sans-serif;font-size:14px" href="https://www.youtube.com/watch?v=HhiUY70RVJY&amp;t=510" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.youtube.com/watch?v\x3dHhiUY70RVJY\x26t\x3d510&#39;;return true;" onclick="this.href=&#39;https://www.youtube.com/watch?v\x3dHhiUY70RVJY\x26t\x3d510&#39;;return true;">https://www.youtube.com/watch?v=HhiUY70RVJY&t=510 

He mentions there possibility of having custom caption but I have found no way to actually achieve it.

Maybe you know how I could make a custom description of step in declarative pipeline, far too simple example:

stages {
  stage('A') { 
    steps {
      bat "@echo Hello World"

        }
    }
}


How can I make it appear as "Hello World Step — Windows Batch Script" instead of "@echo Hello World — Windows Batch Script" that I'm getting now.


Thanks

Jakub


--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/8877cf0a-1408-4115-b41f-c3ab91c0ceba%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: more meaningful description of a step

Jesse Glick-4
On Monday, July 17, 2017 at 2:15:59 PM UTC-4, Samuel Van Oort wrote:
A better approach would be to select from a list of credential ids.  

Specifically you can either keep credentials associated with the build; or request user-scoped credentials as a build parameter.

Failing that, you could also use the Mask Passwords wrapper step to mask uses of a string within a block.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/3bda2214-2580-46c9-add1-7b54df3e5151%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Loading...