2

I have a scripted pipeline that requests the user's password using the input function and compares it with the user's saved credentials passphrase. If the user input is a type string then it works. However, when I changed the input type to password (so it isn't visible on the screen when the user types it), it fails with an assert error.

I made sure to enter the password that matches the one in the credentials file.

I am using Jenkins 2.83 with latest Credentials Plugin and Credentials Binding Plugin.

Script:

node 
{
    stage ("Collect User Input")
    {
        userInput = input(  id: 'Input-username', 
                            message: 'Select username', 
                            ok: 'Continue', 
                            parameters: [choice(choices: 'user1\nuser2\nuser3', description: '', name: 'username'),
                                         password(defaultValue: '', description: 'Enter your private key passphrase ', name: 'password')
                                         ], 
                            submitterParameter: 'approver')


        println("User Input is: " + userInput)

        withCredentials(bindings: [sshUserPrivateKey(credentialsId: 'my-test-key', 
                                                   keyFileVariable: 'cred_keyfile',
                                                passphraseVariable: 'cred_passphrase',
                                                  usernameVariable: 'cred_username' )])
        {
            assert userInput.password==cred_passphrase
        }
    }
}

I get the error:

hudson.remoting.ProxyException: Assertion failed: 

assert userInput.password==cred_passphrase

    at org.codehaus.groovy.runtime.InvokerHelper.assertFailed(InvokerHelper.java:404)
    at org.codehaus.groovy.runtime.ScriptBytecodeAdapter.assertFailed(ScriptBytecodeAdapter.java:650)
    at com.cloudbees.groovy.cps.impl.AssertBlock$ContinuationImpl.fail(AssertBlock.java:47)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72)
    at com.cloudbees.groovy.cps.impl.ConstantBlock.eval(ConstantBlock.java:21)
    at com.cloudbees.groovy.cps.Next.step(Next.java:83)
    at com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:174)
    at com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:163)
    at org.codehaus.groovy.runtime.GroovyCategorySupport$ThreadCategoryInfo.use(GroovyCategorySupport.java:122)
    at org.codehaus.groovy.runtime.GroovyCategorySupport.use(GroovyCategorySupport.java:261)
    at com.cloudbees.groovy.cps.Continuable.run0(Continuable.java:163)
    at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.access$101(SandboxContinuable.java:34)
    at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.lambda$run0$0(SandboxContinuable.java:59)
    at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovySandbox.runInSandbox(GroovySandbox.java:108)
    at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.run0(SandboxContinuable.java:58)
    at org.jenkinsci.plugins.workflow.cps.CpsThread.runNextChunk(CpsThread.java:174)
    at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.run(CpsThreadGroup.java:332)
    at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.access$200(CpsThreadGroup.java:83)
    at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:244)
    at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:232)
    at org.jenkinsci.plugins.workflow.cps.CpsVmExecutorService$2.call(CpsVmExecutorService.java:64)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at hudson.remoting.SingleLaneExecutorService$1.run(SingleLaneExecutorService.java:112)
    at jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:748)
Finished: FAILURE

However, if I change the password input parameter to string, it works:

string(defaultValue: '', description: 'Enter your private key passphrase here', name: 'password')

So my question is, how am I supposed to access/handle the input paramter password variable/name?

Frak
  • 832
  • 1
  • 11
  • 32

1 Answers1

4

Your assertions fails, because input type password returns not a String, but hudson.util.Secret object. If you want to compare input password with cred_passphrase you should do something like this:

hudson.util.Secret.fromString(cred_passphrase) == userInput.password

It's important to convert cred_passphrase with Secret.fromString(data) to a hudson.util.Secret object, because variable cred_passphrase holds your passphrase as a plain text in a String.

Below you can find a full example.

node {
    stage ("Collect User Input") {
        userInput = input(  id: 'Input-username', 
                            message: 'Select username', 
                            ok: 'Continue', 
                            parameters: [choice(choices: 'user1\nuser2\nuser3', description: '', name: 'username'),
                                         password(defaultValue: '', description: 'Enter your private key passphrase ', name: 'password')
                                         ], 
                            submitterParameter: 'approver')


        println("User Input is: " + userInput)

        withCredentials(bindings: [sshUserPrivateKey(credentialsId: 'my-test-key', 
                                                   keyFileVariable: 'cred_keyfile',
                                                passphraseVariable: 'cred_passphrase',
                                                  usernameVariable: 'cred_username' )])
        {
            assert hudson.util.Secret.fromString(cred_passphrase) == userInput.password
        }
    }
}
Szymon Stepniak
  • 40,216
  • 10
  • 104
  • 131