Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-42858

Credentials environment variable isn't evaluated/available in the environment directive

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Labels:
      None
    • Environment:
      Jenkins 2.32.3
      Pipeline Model Definition Plugin 1.1.1 (and associated/dependent plugins)
    • Similar Issues:

      Description

      We'd like to do:

      pipeline {
       // snip //
       environment {
        VARIABLES = credentials('MOZILLIANS_VARIABLES')
        SAUCELABS_API_KEY = credentials('SAUCELABS_API_KEY')
        PYTEST_ADDOPTS = "--color=yes --driver=SauceLabs --variables=capabilities.json --variables=${VARIABLES}"
       }
       // snip //
      }
      

      But we get:

      WorkflowScript: 25: ""--variables" is not a valid identifier and cannot be used for an environment variable. Identifiers must start with a letter or underscore and can contain only letters, numbers or underscores. @ line 25, column 7.
       "--variables=${VARIABLES}"
      

       The workaround is to currently do:

      pipeline {
       // snip //
       environment {
        VARIABLES = credentials('MOZILLIANS_VARIABLES')
        SAUCELABS_API_KEY = credentials('SAUCELABS_API_KEY')
       }
       stages {
        stage('Test') {
         environment {
          PYTEST_ADDOPTS = "--color=yes --driver=SauceLabs --variables=capabilities.json --variables=${VARIABLES}"
         }
        // snip //
      }

       

       

        Attachments

          Activity

          Hide
          abayer Andrew Bayer added a comment -

          So...while I can implement this, there's a good question of whether we should implement it. Credentials are supposed to be secrets, after all - adding them to other environment variables kinda breaks that expectation. rsandell, what are your thoughts?

          Show
          abayer Andrew Bayer added a comment - So...while I can implement this, there's a good question of whether we should implement it. Credentials are supposed to be secrets, after all - adding them to other environment variables kinda breaks that expectation. rsandell , what are your thoughts?
          Hide
          abayer Andrew Bayer added a comment -

          I take that back - the logic for hiding credentials in the console log is good enough to deal with this, and that's really the only potential problem. Woot.

          Show
          abayer Andrew Bayer added a comment - I take that back - the logic for hiding credentials in the console log is good enough to deal with this, and that's really the only potential problem. Woot.
          Hide
          abayer Andrew Bayer added a comment -
          Show
          abayer Andrew Bayer added a comment - And https://github.com/jenkinsci/pipeline-model-definition-plugin/pull/141  is now up fixing this.

            People

            • Assignee:
              abayer Andrew Bayer
              Reporter:
              stephendonner Stephen Donner
            • Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: