[JENKINS-64338] - mask credentials also outside of log

[scddev]

https://issues.jenkins.io/browse/JENKINS-64338

To have proper masking like in credential-plugin, a similar approach is chosen by using also a Step instead of the BuildWrapper.

• Make sure you are opening from a topic/feature/bugfix branch (right side) and not your master branch!
• Ensure that the pull request title represents the desired changelog entry
• Please describe what you did
• Link to relevant issues in GitHub or Jira
• Link to relevant pull requests, esp. upstream and downstream changes
• Ensure you have provided tests - that demonstrates feature works or fixes the issue

[jetersen]

Thanks for the contribution.

[jetersen]

Seems like the test are broken on Jenkins 2.277.1, JDK 8 and ubuntu-20.04

[jetersen]

Neat, I forgot that we actually do have non mock test for withVault

hashicorp-vault-plugin/src/test/resources/com/datapipe/jenkins/vault/util/pipeline.groovy

Line 12 in 2e2760b

withVault([vaultSecrets: secrets]) {

hashicorp-vault-plugin/src/test/java/com/datapipe/jenkins/vault/jcasc/secrets/VaultSecretSourceTest.java

Lines 280 to 292 in 2e2760b

	@Test
	@ConfiguredWithCode("vault.yml")
	@EnvsFromFile(value = {VAULT_AGENT_FILE, VAULT_APPROLE_FILE})
	public void vaultReturns404() throws Exception {
	WorkflowJob pipeline = j.createProject(WorkflowJob.class, "Pipeline");
	String pipelineText = IOUtils.toString(TestConstants.class.getResourceAsStream("pipeline.groovy"));
	pipeline.setDefinition(new CpsFlowDefinition(pipelineText, true));
	WorkflowRun build = pipeline.scheduleBuild2(0).get();
	j.assertBuildStatus(Result.FAILURE, build);
	j.assertLogContains("Vault credentials not found for '" + VAULT_PATH_KV1_1 + "'", build);
	}

hashicorp-vault-plugin/src/test/resources/com/datapipe/jenkins/vault/util/custom_credential.groovy

Line 28 in 5a1eeda

withVault([configuration: configuration, vaultSecrets: secrets]) {

hashicorp-vault-plugin/src/test/java/com/datapipe/jenkins/vault/it/buildwrapper/CustomCredentialTest.java

Lines 46 to 64 in 5a1eeda

	String pipelineText = IOUtils.toString(TestConstants.class.getResourceAsStream("custom_credential.groovy"));
	pipelineText = pipelineText.replaceAll("#VAULT_TOKEN#", container.getRootToken());
	pipeline.setDefinition(new CpsFlowDefinition(pipelineText, false));
	}
	@Test
	public void CustomCredentialTestOK() throws Exception {
	GlobalVaultConfiguration globalVaultConfiguration = GlobalVaultConfiguration.get();
	VaultConfiguration vaultConfiguration = new VaultConfiguration();
	vaultConfiguration.setVaultUrl(container.getAddress());
	vaultConfiguration.setTimeout(1);
	vaultConfiguration.setEngineVersion(1);
	vaultConfiguration.setSkipSslVerification(true);
	globalVaultConfiguration.setConfiguration(vaultConfiguration);
	WorkflowRun build = pipeline.scheduleBuild2(0).get();
	j.assertBuildStatus(Result.SUCCESS, build);
	j.assertLogContains("****", build);

[jetersen]

LGTM, is there anything missing on your end @scddev ?

[scddev]

Looks fine for me also.