在jenkins管道中使用varMaskRegexes(MaskPasswordsBuildWrapper)时出错

mklgxw1f  于 2023-04-19  发布在  Jenkins
关注(0)|答案(1)|浏览(238)

我从一个API调用生成一个令牌,我想屏蔽它的值,以避免在jenkins控制台中显示。出于这个原因,我尝试使用varMaskRegexes,因为我得到了一个具有以下格式的令牌azAz 09-azAz 09。然而,我得到一个错误,因为在我看来,我没有以正确的方式使用它。我不能将令牌值存储在envar中,因为它必须生成,当作业被执行时。

pipeline {
    agent any

    stages {
        stage('Secret-Masking') {
            steps {
                wrap([$class: 'MaskPasswordsBuildWrapper', varMaskRegexes: [[key:'token',value:'([A-Za-z0-9]{5}+-[A-Za-z0-9]{5})']]]) { 
                  sh '''
                    token =$(curl -X POST  https://secret.api/getToken)
                    curl -H "Authorization:$token" https://secret.api/getJobinfo
                    curl -H "Authorization:$token" https://secret.api/revokeToken
                    '''
                }
        
      }
    }
  }
}

我试图从正则表达式中删除引号,但它不起作用,所以我认为这就是问题所在。
我得到的错误如下:

[Pipeline] stage
[Pipeline] {Secret-Masking
[Pipeline] { 
[Pipeline] wrap

WARNING: Unknown parameter(s) found for class type 'com.michelin.cio.hudson.plugins.maskpasswords.MaskPasswordsConfig$VarMaskRegexEntry': name

java.lang.ClassCastException: com.michelin.cio.hudson.plugins.maskpasswords.MaskPasswordsConfig$VarMaskRegexEntry.value expects class java.lang.String but received class com.michelin.cio.hudson.plugins.maskpasswords.MaskPasswordsBuildWrapper$VarMaskRegex
    at org.jenkinsci.plugins.structs.describable.DescribableModel.coerce(DescribableModel.java:492)
    at org.jenkinsci.plugins.structs.describable.DescribableModel.buildArguments(DescribableModel.java:409)
    at org.jenkinsci.plugins.structs.describable.DescribableModel.instantiate(DescribableModel.java:329)
Caused: java.lang.IllegalArgumentException: Could not instantiate {name=null, value=([[A-Za-z0-9]{5}+-[A-Za-z0-9]{5})} for com.michelin.cio.hudson.plugins.maskpasswords.MaskPasswordsConfig$VarMaskRegexEntry
    at org.jenkinsci.plugins.structs.describable.DescribableModel.instantiate(DescribableModel.java:334)
    at org.jenkinsci.plugins.structs.describable.DescribableModel.coerce(DescribableModel.java:474)
    at org.jenkinsci.plugins.structs.describable.DescribableModel.coerceList(DescribableModel.java:585)
    at org.jenkinsci.plugins.structs.describable.DescribableModel.coerce(DescribableModel.java:458)
    at org.jenkinsci.plugins.structs.describable.DescribableModel.buildArguments(DescribableModel.java:409)
    at org.jenkinsci.plugins.structs.describable.DescribableModel.instantiate(DescribableModel.java:329)
Caused: java.lang.IllegalArgumentException: Could not instantiate {varPasswordPairs=[], varMaskRegexes=[{value=([[A-Za-z0-9]{5}+-[A-Za-z0-9]{5}), key=token}]} for com.michelin.cio.hudson.plugins.maskpasswords.MaskPasswordsBuildWrapper
    at org.jenkinsci.plugins.structs.describable.DescribableModel.instantiate(DescribableModel.java:334)
    at org.jenkinsci.plugins.structs.describable.DescribableModel.coerce(DescribableModel.java:474)
    at org.jenkinsci.plugins.structs.describable.DescribableModel.buildArguments(DescribableModel.java:409)
    at org.jenkinsci.plugins.structs.describable.DescribableModel.instantiate(DescribableModel.java:329)
    at org.jenkinsci.plugins.workflow.cps.DSL.invokeStep(DSL.java:305)
    at org.jenkinsci.plugins.workflow.cps.DSL.invokeMethod(DSL.java:196)
    at org.jenkinsci.plugins.workflow.cps.CpsScript.invokeMethod(CpsScript.java:124)
    at jdk.internal.reflect.GeneratedMethodAccessor3296.invoke(Unknown Source)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:98)
    at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325)
    at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1225)
    at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1034)
    at org.codehaus.groovy.runtime.callsite.PogoMetaClassSite.call(PogoMetaClassSite.java:41)
    at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:47)
    at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:116)
    at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:180)
    at org.kohsuke.groovy.sandbox.GroovyInterceptor.onMethodCall(GroovyInterceptor.java:23)
    at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:163)
    at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:178)
    at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:182)
    at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:152)
    at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.methodCall(SandboxInvoker.java:17)
Caused: java.lang.IllegalArgumentException: Could not instantiate {delegate={$class=MaskPasswordsBuildWrapper, varPasswordPairs=[], varMaskRegexes=[{value=([[A-Za-z0-9]{5}+-[A-Za-z0-9]{5}), key=token}]}} for org.jenkinsci.plugins.workflow.steps.CoreWrapperStep
    at org.jenkinsci.plugins.structs.describable.DescribableModel.instantiate(DescribableModel.java:334)
    at org.jenkinsci.plugins.workflow.cps.DSL.invokeStep(DSL.java:305)
    at org.jenkinsci.plugins.workflow.cps.DSL.invokeMethod(DSL.java:196)
    at org.jenkinsci.plugins.workflow.cps.CpsScript.invokeMethod(CpsScript.java:124)
    at jdk.internal.reflect.GeneratedMethodAccessor3296.invoke(Unknown Source)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:98)
    at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325)
    at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1225)
    at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1034)
    at org.codehaus.groovy.runtime.callsite.PogoMetaClassSite.call(PogoMetaClassSite.java:41)
    at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:47)
    at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:116)
    at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:180)
    at org.kohsuke.groovy.sandbox.GroovyInterceptor.onMethodCall(GroovyInterceptor.java:23)
    at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:163)
    at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:178)
    at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:182)
    at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:152)
    at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.methodCall(SandboxInvoker.java:17)
    at WorkflowScript.run(WorkflowScript:76)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.delegateAndExecute(ModelInterpreter.groovy:137)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.executeSingleStage(ModelInterpreter.groovy:666)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.catchRequiredContextForNode(ModelInterpreter.groovy:395)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.catchRequiredContextForNode(ModelInterpreter.groovy:393)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.executeSingleStage(ModelInterpreter.groovy:665)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.evaluateStage(ModelInterpreter.groovy:288)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.toolsBlock(ModelInterpreter.groovy:539)
    at ___cps.transform___(Native Method)
    at com.cloudbees.groovy.cps.impl.ContinuationGroup.methodCall(ContinuationGroup.java:90)
    at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.dispatchOrArg(FunctionCallBlock.java:116)
    at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.fixArg(FunctionCallBlock.java:85)
    at jdk.internal.reflect.GeneratedMethodAccessor278.invoke(Unknown Source)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72)
    at com.cloudbees.groovy.cps.impl.ClosureBlock.eval(ClosureBlock.java:46)
    at com.cloudbees.groovy.cps.Next.step(Next.java:83)
    at com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:152)
    at com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:146)
    at org.codehaus.groovy.runtime.GroovyCategorySupport$ThreadCategoryInfo.use(GroovyCategorySupport.java:136)
    at org.codehaus.groovy.runtime.GroovyCategorySupport.use(GroovyCategorySupport.java:275)
    at com.cloudbees.groovy.cps.Continuable.run0(Continuable.java:146)
    at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.access$001(SandboxContinuable.java:18)
    at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.run0(SandboxContinuable.java:51)
    at org.jenkinsci.plugins.workflow.cps.CpsThread.runNextChunk(CpsThread.java:187)
    at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.run(CpsThreadGroup.java:420)
    at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:330)
    at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:294)
    at org.jenkinsci.plugins.workflow.cps.CpsVmExecutorService$2.call(CpsVmExecutorService.java:67)
    at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
    at hudson.remoting.SingleLaneExecutorService$1.run(SingleLaneExecutorService.java:139)
    at jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28)
    at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:68)
    at jenkins.util.ErrorLoggingExecutorService.lambda$wrap$0(ErrorLoggingExecutorService.java:51)
    at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
    at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    at java.base/java.lang.Thread.run(Thread.java:829)
Finished: FAILURE
mjqavswn

mjqavswn1#

varMaskRegexes是Jenkins中的一个配置选项,允许您定义正则表达式来屏蔽控制台输出中的敏感信息(例如密码,访问令牌等)。
要使用此功能,您需要定义匹配敏感信息的正则表达式,然后将其添加到varMaskRegexes配置选项中。下面是一个如何使用它来屏蔽具有您提到的格式(azAz 09-azAz 09)的令牌的示例:
//代码

def token = 'abc123-def456' // replace with your actual token value
def varMaskRegexes = '([a-zA-Z0-9]{8}-[a-zA-Z0-9]{6})'

echo "Token: ${token}" // will display the token value in the console

echo“屏蔽令牌:${token.replaceAll(varMaskRegexes,'***')}”//将在控制台中显示被屏蔽的token值在本例中,正则表达式([a-zA-Z 0 -9]{8}-[a-zA-Z 0 -9]{6})匹配token格式azAz 09-azAz 09。然后,使用replaceAll方法将匹配的token替换为***,在控制台输出中屏蔽它。
您还可以根据需要将正则表达式添加到Jenkinsfile或Jenkins系统配置中的varMaskRegexes配置选项中。

相关问题