From f129719f180209a4e34e64836631a05cc3a10ca2 Mon Sep 17 00:00:00 2001 From: Niels de Vos Date: Thu, 15 Jul 2021 10:29:27 +0200 Subject: [PATCH] ci: quote username for podman_login() Jenkins does not like the passing of the username as variable to the podman_login() function. Calling the function results in an error like Warning: A secret was passed to "sh" using Groovy String interpolation, which is insecure. Affected argument(s) used the following variable(s): [CREDS_USER] See https://jenkins.io/redirect/groovy-string-interpolation for details. + ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@n7.pufty.ci.centos.org 'podman login --authfile=~/.podman-auth.json --username=$CREDS_USER --password=**** registry-****.apps.ocp.ci.centos.org' Username: Error: error getting username and password: error reading username: EOF By single quoting the username, just like the password, it may work better. Fixes: aca3745e2 ("ci: do not use Groovy string interpolation for credentials") Signed-off-by: Niels de Vos --- ci-job-validation.groovy | 2 +- containerized-tests.groovy | 2 +- k8s-e2e-external-storage.groovy | 2 +- mini-e2e-helm.groovy | 2 +- mini-e2e.groovy | 2 +- upgrade-tests.groovy | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/ci-job-validation.groovy b/ci-job-validation.groovy index f4ca0d8be..890701251 100644 --- a/ci-job-validation.groovy +++ b/ci-job-validation.groovy @@ -17,7 +17,7 @@ def ssh(cmd) { } def podman_login(registry, username, passwd) { - ssh "podman login --authfile=~/.podman-auth.json --username=${username} --password='${passwd}' ${registry}" + ssh "podman login --authfile=~/.podman-auth.json --username='${username}' --password='${passwd}' ${registry}" } // podman_pull pulls image from the source (CI internal) registry, and tags it diff --git a/containerized-tests.groovy b/containerized-tests.groovy index 059bc5568..dbeb02db2 100644 --- a/containerized-tests.groovy +++ b/containerized-tests.groovy @@ -18,7 +18,7 @@ def ssh(cmd) { } def podman_login(registry, username, passwd) { - ssh "podman login --authfile=~/.podman-auth.json --username=${username} --password='${passwd}' ${registry}" + ssh "podman login --authfile=~/.podman-auth.json --username='${username}' --password='${passwd}' ${registry}" } // podman_pull pulls image from the source (CI internal) registry, and tags it diff --git a/k8s-e2e-external-storage.groovy b/k8s-e2e-external-storage.groovy index b10ce4d54..acf34ad1d 100644 --- a/k8s-e2e-external-storage.groovy +++ b/k8s-e2e-external-storage.groovy @@ -17,7 +17,7 @@ def ssh(cmd) { } def podman_login(registry, username, passwd) { - ssh "podman login --authfile=~/.podman-auth.json --username=${username} --password='${passwd}' ${registry}" + ssh "podman login --authfile=~/.podman-auth.json --username='${username}' --password='${passwd}' ${registry}" } // podman_pull pulls image from the source (CI internal) registry, and tags it diff --git a/mini-e2e-helm.groovy b/mini-e2e-helm.groovy index 0ae8a2acf..a660d69b2 100644 --- a/mini-e2e-helm.groovy +++ b/mini-e2e-helm.groovy @@ -19,7 +19,7 @@ def ssh(cmd) { } def podman_login(registry, username, passwd) { - ssh "podman login --authfile=~/.podman-auth.json --username=${username} --password='${passwd}' ${registry}" + ssh "podman login --authfile=~/.podman-auth.json --username='${username}' --password='${passwd}' ${registry}" } // podman_pull pulls image from the source (CI internal) registry, and tags it diff --git a/mini-e2e.groovy b/mini-e2e.groovy index 8b6396689..61455bdf9 100644 --- a/mini-e2e.groovy +++ b/mini-e2e.groovy @@ -16,7 +16,7 @@ def ssh(cmd) { } def podman_login(registry, username, passwd) { - ssh "podman login --authfile=~/.podman-auth.json --username=${username} --password='${passwd}' ${registry}" + ssh "podman login --authfile=~/.podman-auth.json --username='${username}' --password='${passwd}' ${registry}" } // podman_pull pulls image from the source (CI internal) registry, and tags it diff --git a/upgrade-tests.groovy b/upgrade-tests.groovy index c1dffab53..781a0845b 100644 --- a/upgrade-tests.groovy +++ b/upgrade-tests.groovy @@ -16,7 +16,7 @@ def ssh(cmd) { } def podman_login(registry, username, passwd) { - ssh "podman login --authfile=~/.podman-auth.json --username=${username} --password='${passwd}' ${registry}" + ssh "podman login --authfile=~/.podman-auth.json --username='${username}' --password='${passwd}' ${registry}" } // podman_pull pulls image from the source (CI internal) registry, and tags it