Jenkins withCredentials secret 不使用共享库
Jenkins withCredentials secret not working with shared library
我开始为 jenkins 共享库开发解决方案,但在使用 withCredentials 插件获取秘密时出现奇怪的异常。在詹金斯管道中使用时,我对用户名密码或机密的凭据没有任何问题。但是在为共享库实施时,出现了我无法解决的错误。
代码
def scanProject(String[] inputs) {
script.echo "inside scanProject.."
try {
String version= ''
String projectName = ''
String environment = ''
this.script.withCredentials([string(credentialsId: 'sonarqube.test.service', variable: 'pass')]) {
this.script.sh "echo {this.script.env.pass}"
}
} catch(error) {
...
这篇sonarqube.test.service是密文
错误
inside constructor..
[Pipeline] echo
inside scanProject..
[Pipeline] echo
Exception happened during SonarQube scanning. Find the message below:
[Pipeline] echo
No signature of method: com.example.sonarqube.SonarQubeScan.string() is applicable for argument types: (java.util.LinkedHashMap) values: [[credentialsId:sonarqube.test.service, variable:pass]]
Possible solutions: toString(), toString(), print(java.io.PrintWriter), print(java.lang.Object), find(), sprintf(java.lang.String, java.lang.Object)
对我来说,下面的方法行得通
this.script.withCredentials([script.string(credentialsId: 'sonarqube.test.service', variable: 'pass')]) {
this.script.sh "/root/sonar-scanner-4.0.0.1744-linux/bin/sonar-scanner -Dsonar.login=${this.script.pass} -Dsonar.projectName="+projectName+" ..
}
这有效,我实际使用它。尽管如此,在这种情况下,如果我必须在 bat 或 sh 脚本中使用变量和凭据,我还没有找到解决安全问题的方法。请记住这一点。
A secret was passed to "sh" using Groovy String interpolation, which
is insecure. Affected argument(s) used the following variable(s):
[pass] See
https://jenkins.io/redirect/groovy-string-interpolation for details.
为了
version = '4.0.0.1744'
this.script.withCredentials([script.string(credentialsId: 'sonarqube.test.service', variable: 'pass')]) {
this.script.sh "/root/sonar-scanner-${version}-linux/bin/sonar-scanner -Dsonar.login=${this.script.pass} -Dsonar.projectName="+projectName+" ..
}
同样的问题会影响:
this.script.sh "/root/sonar-scanner-${version}-linux/bin/sonar-scanner -Dsonar.login=" + this.script.pass + " -Dsonar.projectName="+projectName+" ..
这些解决方法也不起作用:
this.script.sh "/root/sonar-scanner-${version}-linux/bin/sonar-scanner -Dsonar.login=${this.script.pass} -Dsonar.projectName="+projectName+" ..
this.script.sh "/root/sonar-scanner-${version}-linux/bin/sonar-scanner -Dsonar.login=$this.script.pass -Dsonar.projectName="+projectName+" ..
this.script.sh "/root/sonar-scanner-${version}-linux/bin/sonar-scanner -Dsonar.login=" + '${this.script.pass}' + " -Dsonar.projectName="+projectName+" ..
this.script.sh "/root/sonar-scanner-${version}-linux/bin/sonar-scanner -Dsonar.login=" + '$this.script.pass' + " -Dsonar.projectName="+projectName+" ..
在这种情况下,sh 脚本使用变量名 this.script.pass 而不是变量的值。
我开始为 jenkins 共享库开发解决方案,但在使用 withCredentials 插件获取秘密时出现奇怪的异常。在詹金斯管道中使用时,我对用户名密码或机密的凭据没有任何问题。但是在为共享库实施时,出现了我无法解决的错误。
代码
def scanProject(String[] inputs) {
script.echo "inside scanProject.."
try {
String version= ''
String projectName = ''
String environment = ''
this.script.withCredentials([string(credentialsId: 'sonarqube.test.service', variable: 'pass')]) {
this.script.sh "echo {this.script.env.pass}"
}
} catch(error) {
...
这篇sonarqube.test.service是密文
错误
inside constructor..
[Pipeline] echo
inside scanProject..
[Pipeline] echo
Exception happened during SonarQube scanning. Find the message below:
[Pipeline] echo
No signature of method: com.example.sonarqube.SonarQubeScan.string() is applicable for argument types: (java.util.LinkedHashMap) values: [[credentialsId:sonarqube.test.service, variable:pass]]
Possible solutions: toString(), toString(), print(java.io.PrintWriter), print(java.lang.Object), find(), sprintf(java.lang.String, java.lang.Object)
对我来说,下面的方法行得通
this.script.withCredentials([script.string(credentialsId: 'sonarqube.test.service', variable: 'pass')]) {
this.script.sh "/root/sonar-scanner-4.0.0.1744-linux/bin/sonar-scanner -Dsonar.login=${this.script.pass} -Dsonar.projectName="+projectName+" ..
}
这有效,我实际使用它。尽管如此,在这种情况下,如果我必须在 bat 或 sh 脚本中使用变量和凭据,我还没有找到解决安全问题的方法。请记住这一点。
A secret was passed to "sh" using Groovy String interpolation, which is insecure. Affected argument(s) used the following variable(s): [pass] See https://jenkins.io/redirect/groovy-string-interpolation for details.
为了
version = '4.0.0.1744'
this.script.withCredentials([script.string(credentialsId: 'sonarqube.test.service', variable: 'pass')]) {
this.script.sh "/root/sonar-scanner-${version}-linux/bin/sonar-scanner -Dsonar.login=${this.script.pass} -Dsonar.projectName="+projectName+" ..
}
同样的问题会影响:
this.script.sh "/root/sonar-scanner-${version}-linux/bin/sonar-scanner -Dsonar.login=" + this.script.pass + " -Dsonar.projectName="+projectName+" ..
这些解决方法也不起作用:
this.script.sh "/root/sonar-scanner-${version}-linux/bin/sonar-scanner -Dsonar.login=${this.script.pass} -Dsonar.projectName="+projectName+" ..
this.script.sh "/root/sonar-scanner-${version}-linux/bin/sonar-scanner -Dsonar.login=$this.script.pass -Dsonar.projectName="+projectName+" ..
this.script.sh "/root/sonar-scanner-${version}-linux/bin/sonar-scanner -Dsonar.login=" + '${this.script.pass}' + " -Dsonar.projectName="+projectName+" ..
this.script.sh "/root/sonar-scanner-${version}-linux/bin/sonar-scanner -Dsonar.login=" + '$this.script.pass' + " -Dsonar.projectName="+projectName+" ..
在这种情况下,sh 脚本使用变量名 this.script.pass 而不是变量的值。