Add secret variables expansion from CNode value

[ziouf]

I faced jCasC secrets variables expansion issue with jCasC-Groovy plugin.

So I made this PR to implement usage of jCasC secrets feature.

As an example, this allows to setup secret token in URL to authenticate remote server.

Before, the following example wasn't working.

groovy:
  - url: http://login:${SECRET_TOKEN}@my.web.site/path/to/groovy/script.groovy

Regards

[ziouf]

could you review my pull request please ?

[szandala]

Could You add an example to the demos directory, please?

[ziouf]

I added demo file, as requested.
Usage is very simple , as you can see

[danielraq]

When will you merge this and release a new version of the plugin? I really need this

[szandala]

OK, I will try today's evening. Honestly I am looking for a co-maintainer, because I heavily lack time pon., 12 paź 2020 o 11:30 danielraq <notifications@github.com> napisał(a):

…

When will you merge this and release a new version of the plugin? I really need this — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#3 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AC7SR3DBPZ4G4FAXLPOFMWDSKLEEJANCNFSM4JM4IHLQ> .

[danielraq]

THX

[jetersen]

@szandala I'll happily help get this over the line 👍

[jetersen]

Two minor nitpicks

[jetersen]

I suggest bumping to 1.42 as ordinal was fixed in 1.41 and secret resolver was improved in 1.42

Suggested change

	<version>1.32</version>
	<version>1.42</version>

Parent pom should be bumped as well

[jetersen]

Tried adding a simple test.

The test only seem to work from script console.

groovy:
    - script: |
        import jenkins.model.Jenkins;

        def systemMessage = "Hello World";
        def jenkins = Jenkins.get();
        jenkins.setSystemMessage(systemMessage);
        jenkins.save();

[jetersen]

@szandala @ziouf @danielraq perhaps one of you would be willing to test the HPI: https://ci.jenkins.io/blue/organizations/jenkins/Plugins%2Fconfiguration-as-code-groovy-plugin/detail/PR-3/15/artifacts

I would love to have test that actually works 😓

[per-bohlin]

I was in dire need of this functionality, so I tried to use this implementation, but sadly it is severely broken. It causes the entire CASC plugin to fail to load other configuration. I have not been able to determine the root cause yet, but I'm guessing it is the rewrite of the groovy code processing that causes it. So for now, I'll have to revert to the published version and use some other mechanisms to inject secrets. I will try to get more time to keep looking into what is causing the failure.

The scary thing is that it doesn't fail in a clear and obvious way. Instead jenkins starts, its just that some configuration will simply not have been loaded. Looking in the logs, I can see that the CASC plugin doesn't know how to dispatch the configuration that fails to load. Reverting back to the published version and everything works again.

[jetersen]

Ya, would be nice to add tests to see if this actually works. I tried adding tests but I think I ran into the same problem your describing.

[kylegibson]

Is there any work around for the lack of this functionality?

Update/edit

I'm using this as a work around:

import io.jenkins.plugins.casc.impl.secrets.PropertiesSecretSource
def pss = new PropertiesSecretSource()
secret.init()

def foo = secret.reveal('secret_var').get()