1

I created a powershell script to run DB2 queries in Jenkins

withCredentials([usernamePassword(credentialsId: 'cred-id', usernameVariable: 'ID', passwordVariable: 'PASSWORD')]) {
    $cn = new-object system.data.OleDb.OleDbConnection("Server=Server; Provider=IBMDADB2;DSN=DBName;User Id=$ID;Password=$PASSWORD");
    $ds = new-object "System.Data.DataSet" "ds"
    $q = "myQuery"
    $da = new-object "System.Data.OleDb.OleDbDataAdapter" ($q, $cn)
    $da.Fill($ds) 
    $cn.close()
}

If I run the script and hard code my credentials, it run fine.

With withCredentials(), I am getting the following error: Security processing failed with reason "15" ("PROCESSING FAILURE")

From some research, the error seems to be because DB2 can't handle encrypted data. Is there a way to overcome this error?

EDIT: I tried to add

$SecurePassword = ConvertTo-SecureString $PASSWORD -AsPlainText -Force
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword)
$UnsecurePassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)

at the beginning of my powershell script, but it still throws the same error even though the credential work fine if used in plain text

DevOps QA
  • 59
  • 8
  • As an aside: It's best to pseudo method syntax: Instead of `New-Object SomeType(arg1, ...)`, use `New-Object SomeType [-ArgumentList] arg1, ...` - PowerShell cmdlets, scripts and functions are invoked like _shell commands_, not like _methods_. That is, no parentheses around the argument list, and _whitespace_-separated arguments (`,` constructs an _array_ as a _single argument_, as needed for `-ArgumentList`). However, method syntax _is_ required if you use the PSv5+ `[SomeType]::new()` constructor-call method. See [this answer](https://stackoverflow.com/a/50636061/45375) – mklement0 Mar 14 '22 at 22:05

1 Answers1

1

If I understand the docs for the Credentials Binding Jenkins plugin correctly, the variables designated in the withCredentials() call become environment variables, so as to enable their use across process boundaries.
Note that the values of these environment variables are not encrypted, so no extra (decryption) effort is required on the part of the target process.

Therefore, you need to use $env:[1] instead of just $ to refer to these variables in PowerShell:

$cn = new-object system.data.OleDb.OleDbConnection "Server=Server; Provider=IBMDADB2;DSN=DBName;User Id=$env:ID;Password=$env:PASSWORD"

[1] See the conceptual about_Environment_Variables help topic.

mklement0
  • 382,024
  • 64
  • 607
  • 775