在 jenkins 管道中使用 varMaskRegexes (MaskPasswordsBuildWrapper) 时出错

Question

我正在从 api 调用生成一个令牌，我想屏蔽它的值以避免在 jenkins 控制台中显示。出于这个原因，我正在尝试使用

varMaskRegexes

，因为我得到了具有以下格式 azAz09-azAz09 的令牌。但是，我收到一个错误，因为在我看来我没有以正确的方式使用它。我无法将令牌值存储在 envar 中，因为它必须在执行作业时生成。

pipeline {
    agent any

    stages {
        stage('Secret-Masking') {
            steps {
                wrap([$class: 'MaskPasswordsBuildWrapper', varMaskRegexes: [[key:'token',value:'([A-Za-z0-9]{5}+-[A-Za-z0-9]{5})']]]) { 
                  sh '''
                    token =$(curl -X POST  https://secret.api/getToken)
                    curl -H "Authorization:$token" https://secret.api/getJobinfo
                    curl -H "Authorization:$token" https://secret.api/revokeToken
                    '''
                }
        
      }
    }
  }
}

我试图从正则表达式中删除引号，但没有用，所以我认为这就是问题所在。

我得到的错误如下：

[Pipeline] stage
[Pipeline] {Secret-Masking
[Pipeline] { 
[Pipeline] wrap

WARNING: Unknown parameter(s) found for class type 'com.michelin.cio.hudson.plugins.maskpasswords.MaskPasswordsConfig$VarMaskRegexEntry': name

java.lang.ClassCastException: com.michelin.cio.hudson.plugins.maskpasswords.MaskPasswordsConfig$VarMaskRegexEntry.value expects class java.lang.String but received class com.michelin.cio.hudson.plugins.maskpasswords.MaskPasswordsBuildWrapper$VarMaskRegex
    at org.jenkinsci.plugins.structs.describable.DescribableModel.coerce(DescribableModel.java:492)
    at org.jenkinsci.plugins.structs.describable.DescribableModel.buildArguments(DescribableModel.java:409)
    at org.jenkinsci.plugins.structs.describable.DescribableModel.instantiate(DescribableModel.java:329)
Caused: java.lang.IllegalArgumentException: Could not instantiate {name=null, value=([[A-Za-z0-9]{5}+-[A-Za-z0-9]{5})} for com.michelin.cio.hudson.plugins.maskpasswords.MaskPasswordsConfig$VarMaskRegexEntry
    at org.jenkinsci.plugins.structs.describable.DescribableModel.instantiate(DescribableModel.java:334)
    at org.jenkinsci.plugins.structs.describable.DescribableModel.coerce(DescribableModel.java:474)
    at org.jenkinsci.plugins.structs.describable.DescribableModel.coerceList(DescribableModel.java:585)
    at org.jenkinsci.plugins.structs.describable.DescribableModel.coerce(DescribableModel.java:458)
    at org.jenkinsci.plugins.structs.describable.DescribableModel.buildArguments(DescribableModel.java:409)
    at org.jenkinsci.plugins.structs.describable.DescribableModel.instantiate(DescribableModel.java:329)
Caused: java.lang.IllegalArgumentException: Could not instantiate {varPasswordPairs=[], varMaskRegexes=[{value=([[A-Za-z0-9]{5}+-[A-Za-z0-9]{5}), key=token}]} for com.michelin.cio.hudson.plugins.maskpasswords.MaskPasswordsBuildWrapper
    at org.jenkinsci.plugins.structs.describable.DescribableModel.instantiate(DescribableModel.java:334)
    at org.jenkinsci.plugins.structs.describable.DescribableModel.coerce(DescribableModel.java:474)
    at org.jenkinsci.plugins.structs.describable.DescribableModel.buildArguments(DescribableModel.java:409)
    at org.jenkinsci.plugins.structs.describable.DescribableModel.instantiate(DescribableModel.java:329)
    at org.jenkinsci.plugins.workflow.cps.DSL.invokeStep(DSL.java:305)
    at org.jenkinsci.plugins.workflow.cps.DSL.invokeMethod(DSL.java:196)
    at org.jenkinsci.plugins.workflow.cps.CpsScript.invokeMethod(CpsScript.java:124)
    at jdk.internal.reflect.GeneratedMethodAccessor3296.invoke(Unknown Source)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:98)
    at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325)
    at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1225)
    at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1034)
    at org.codehaus.groovy.runtime.callsite.PogoMetaClassSite.call(PogoMetaClassSite.java:41)
    at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:47)
    at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:116)
    at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:180)
    at org.kohsuke.groovy.sandbox.GroovyInterceptor.onMethodCall(GroovyInterceptor.java:23)
    at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:163)
    at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:178)
    at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:182)
    at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:152)
    at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.methodCall(SandboxInvoker.java:17)
Caused: java.lang.IllegalArgumentException: Could not instantiate {delegate={$class=MaskPasswordsBuildWrapper, varPasswordPairs=[], varMaskRegexes=[{value=([[A-Za-z0-9]{5}+-[A-Za-z0-9]{5}), key=token}]}} for org.jenkinsci.plugins.workflow.steps.CoreWrapperStep
    at org.jenkinsci.plugins.structs.describable.DescribableModel.instantiate(DescribableModel.java:334)
    at org.jenkinsci.plugins.workflow.cps.DSL.invokeStep(DSL.java:305)
    at org.jenkinsci.plugins.workflow.cps.DSL.invokeMethod(DSL.java:196)
    at org.jenkinsci.plugins.workflow.cps.CpsScript.invokeMethod(CpsScript.java:124)
    at jdk.internal.reflect.GeneratedMethodAccessor3296.invoke(Unknown Source)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:98)
    at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325)
    at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1225)
    at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1034)
    at org.codehaus.groovy.runtime.callsite.PogoMetaClassSite.call(PogoMetaClassSite.java:41)
    at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:47)
    at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:116)
    at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:180)
    at org.kohsuke.groovy.sandbox.GroovyInterceptor.onMethodCall(GroovyInterceptor.java:23)
    at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:163)
    at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:178)
    at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:182)
    at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:152)
    at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.methodCall(SandboxInvoker.java:17)
    at WorkflowScript.run(WorkflowScript:76)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.delegateAndExecute(ModelInterpreter.groovy:137)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.executeSingleStage(ModelInterpreter.groovy:666)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.catchRequiredContextForNode(ModelInterpreter.groovy:395)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.catchRequiredContextForNode(ModelInterpreter.groovy:393)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.executeSingleStage(ModelInterpreter.groovy:665)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.evaluateStage(ModelInterpreter.groovy:288)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.toolsBlock(ModelInterpreter.groovy:539)
    at ___cps.transform___(Native Method)
    at com.cloudbees.groovy.cps.impl.ContinuationGroup.methodCall(ContinuationGroup.java:90)
    at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.dispatchOrArg(FunctionCallBlock.java:116)
    at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.fixArg(FunctionCallBlock.java:85)
    at jdk.internal.reflect.GeneratedMethodAccessor278.invoke(Unknown Source)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72)
    at com.cloudbees.groovy.cps.impl.ClosureBlock.eval(ClosureBlock.java:46)
    at com.cloudbees.groovy.cps.Next.step(Next.java:83)
    at com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:152)
    at com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:146)
    at org.codehaus.groovy.runtime.GroovyCategorySupport$ThreadCategoryInfo.use(GroovyCategorySupport.java:136)
    at org.codehaus.groovy.runtime.GroovyCategorySupport.use(GroovyCategorySupport.java:275)
    at com.cloudbees.groovy.cps.Continuable.run0(Continuable.java:146)
    at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.access$001(SandboxContinuable.java:18)
    at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.run0(SandboxContinuable.java:51)
    at org.jenkinsci.plugins.workflow.cps.CpsThread.runNextChunk(CpsThread.java:187)
    at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.run(CpsThreadGroup.java:420)
    at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:330)
    at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:294)
    at org.jenkinsci.plugins.workflow.cps.CpsVmExecutorService$2.call(CpsVmExecutorService.java:67)
    at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
    at hudson.remoting.SingleLaneExecutorService$1.run(SingleLaneExecutorService.java:139)
    at jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28)
    at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:68)
    at jenkins.util.ErrorLoggingExecutorService.lambda$wrap$0(ErrorLoggingExecutorService.java:51)
    at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
    at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    at java.base/java.lang.Thread.run(Thread.java:829)
Finished: FAILURE

Answer 1

varMaskRegexes

是 Jenkins 中的一个配置选项，它允许您定义正则表达式以屏蔽控制台输出中的敏感信息（例如密码、访问令牌等）。

要使用此功能，您需要定义匹配敏感信息的正则表达式，然后将其添加到

varMaskRegexes

配置选项中。这是一个示例，说明如何使用它以您提到的格式屏蔽令牌

(azAz09-azAz09)

：

代码

def token = 'abc123-def456' // replace with your actual token value
def varMaskRegexes = '([a-zA-Z0-9]{8}-[a-zA-Z0-9]{6})'

echo "Token: ${token}" // will display the token value in the console

echo "Masked Token: ${token.replaceAll(varMaskRegexes, '********')}" // will display the masked token value in the console

在此示例中，正则表达式 ([a-zA-Z0-9]{8}-[a-zA-Z0-9]{6}) 匹配标记格式

azAz09-azAz09

。然后，使用

replaceAll

方法将匹配到的token替换为********，在控制台输出中屏蔽它。

您也可以根据需要将正则表达式添加到 Jenkinsfile 或 Jenkins 系统配置中的

varMaskRegexes

配置选项中

在 jenkins 管道中使用 varMaskRegexes (MaskPasswordsBuildWrapper) 时出错

问题描述投票：0回答：1

1个回答

最新问题

在 jenkins 管道中使用 varMaskRegexes (MaskPasswordsBuildWrapper) 时出错

问题描述 投票：0回答：1

1个回答

最新问题

问题描述投票：0回答：1