@Test public void docker() throws Exception { StandardUsernamePasswordCredentials credentials = new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "ContainerExecDecoratorPipelineTest-docker", "bob", "username", "secret_password"); SystemCredentialsProvider.getInstance().getCredentials().add(credentials); WorkflowJob p = r.jenkins.createProject(WorkflowJob.class, "docker"); p.setDefinition(new CpsFlowDefinition(loadPipelineScript("docker.groovy"), true)); containerExecLogs.capture(1000); WorkflowRun b = p.scheduleBuild2(0).waitForStart(); assertNotNull(b); r.waitForCompletion(b); r.assertLogContains("Wrote authentication to /home/jenkins/.dockercfg", b); // check that we don't accidentally start exporting sensitive info to the build log r.assertLogNotContains("secret_password", b); // check that we don't accidentally start exporting sensitive info to the Jenkins log assertFalse("credential leaked to log", containerExecLogs.getMessages().stream().anyMatch(msg -> msg.contains("secret_password"))); } }
@Issue({ "JENKINS-47225", "JENKINS-42582" }) @Test public void sshagent() throws Exception { PrivateKeySource source = new BasicSSHUserPrivateKey.DirectEntryPrivateKeySource( new String(IOUtils.toByteArray(getClass().getResourceAsStream("id_rsa")))); BasicSSHUserPrivateKey credentials = new BasicSSHUserPrivateKey(CredentialsScope.GLOBAL, "ContainerExecDecoratorPipelineTest-sshagent", "bob", source, "secret_passphrase", "test credentials"); SystemCredentialsProvider.getInstance().getCredentials().add(credentials); WorkflowJob p = r.jenkins.createProject(WorkflowJob.class, "sshagent"); p.setDefinition(new CpsFlowDefinition(loadPipelineScript("sshagent.groovy"), true)); WorkflowRun b = p.scheduleBuild2(0).waitForStart(); assertNotNull(b); r.waitForCompletion(b); r.assertLogContains("Identity added:", b); //Assert that ssh-agent provided envVar is now properly contributed and set. r.assertLogContains("SSH_AGENT_PID=", b); //assert that our private key was loaded and is visible within the ssh-agent scope r.assertLogContains("ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDhvmTBXRnSbtpnkt/Ldw7ws4LFdoX9oI+5NexgpBC4Otqbn8+Ui6FGWeYflOQUcl3rgmBxsHIeFnPr9qSvgME1TWPIyHSQh2kPMd3NQgkEvioBxghnWRy7sal4KBr2P8m7Iusm8j0aCNLZ3nYjJSywWZxiqqrcpnhFuTD//FPIEhXOu2sk2FEP7YsA9TdL8mAruxy/6Ys2pRC2dQhBtmkEOyEGiBnk3ioT5iCw/Qqe+pU0yaYu69vPyAFCuazBMopPcOuRxFgKvrfCPVqcQb3HERJh5eiW5+5Vg3RwoByQUtQMK5PDBVWPo9srB0Q9Aw9DXmeJCgdtFJqhhh4SR+al /home/jenkins/workspace/sshagent@tmp/private_key",b); //check that we don't accidentally start exporting sensitive info to the log r.assertLogNotContains("secret_passphrase", b); }