I've a requirement to fetch the credentials from Vault in a keeper namespace and use withVault directive in Jenkins pipeline instead of withCredentials. I'm facing issues using withVault.
Below works fine using withCredentials directive in jenkins pipeline.
withCredentials([gitUsernamePassword(credentialsId: 'BITBUCKET_ACCESS_TOKEN_TDM', gitToolName: 'git')]) {
String tagName = "${branchName}/${params.RELEASE}-${env.BUILD_NUMBER}"
sh """
git tag ${tagName}
git push origin --tags
"""
}
Console Output:
12:54:23 + git tag gen_testing/8.4.1-246
12:54:23 + git push origin --tags
12:54:30 To https://bitbucket.company.com/bitbucket/scm/genpower/genpower-core.git
12:54:30 * [new tag] gen_testing/8.4.1-246 -> gen_testing/8.4.1-246
12:54:31 Everything up-to-date
Below is the config I used for withVault.
withVault(
configuration: [
timeout: 60,
vaultCredentialId: 'tdmapprole',
vaultNamespace: 'genpower/tdm',
vaultUrl: 'https://nat.keeper.company.com'
],
vaultSecrets: [
[
engineVersion: 2,
path: 'credentials/bitbucket_access_token',
secretValues: [
[
envVar: 'BITBUCKET_ACCESS_TOKEN_TDM',
vaultKey: 'tgen-tdm-tbs.gen'
]
]
]
]
) {
String tagName = "${branchName}/${params.RELEASE}-${env.BUILD_NUMBER}"
sh """
git tag ${tagName}
git remote set-url origin https://tgen-tdm-tbs.gen:${env.BITBUCKET_ACCESS_TOKEN_TDM}@bitbucket.company.com/bitbucket/scm/genpower/genpower-core.git
git push origin --tags
"""
}
}
And I get the below error.
09:57:54 + git push origin --tags
09:57:54 fatal: could not read Username for 'https://bitbucket.company.com': No such device or address
Please note that I'm using access tokens to push tags. The access token doesn't have any special characters other than /. The token retrieval from keeper namespace works fine.
Appreciate any inputs on this. Thanks!
The error is due to missing url-encoding. After adding that, it worked. Access token contained special characters due to which it failed with the errors. If the access token contains any of the special characters below, replace it with their url-encoded representation.
! # $ & ' ( ) * + , / : ; = ? @ [ ]
%21 %23 %24 %26 %27 %28 %29 %2A %2B %2C %2F %3A %3B %3D %3F %40 %5B %5D
So at first I changed the variable that holds the token from this ${BITBUCKET_ACCESS_TOKEN_TDM} to this ${BITBUCKET_ACCESS_TOKEN_TDM/"/"/"%2F"}.
But it can be a headache with escape sequences used to replace / with %2F. There is a much simpler solution to this.
{
env.URL_ENCODED_BITBUCKET_ACCESS_TOKEN_TDM=URLEncoder.encode(BITBUCKET_ACCESS_TOKEN_TDM, "UTF-8")
String tagName = "${branchName}/${params.RELEASE}-${env.BUILD_NUMBER}"
sh """
set +x
git tag ${tagName}
git remote set-url origin https://tgen-tdm-tbs.gen:${URL_ENCODED_BITBUCKET_ACCESS_TOKEN_TDM}@bitbucket.company.com/bitbucket/scm/genpower/genpower-core.git
git push origin --tags
set -x
"""
}
Please note, if you don't turn off bash (set +x) debugging, the credentials will be printed in the job console.