search

SAP / jenkins-library

Jenkins shared library for Continuous Delivery pipelines.
https://www.project-piper.io
Apache License 2.0
781 stars 594 forks source link

cloudFoundryDeploy fails when SAP password contain special characters #4989

Open SayakMukhopadhyay opened 3 months ago

SayakMukhopadhyay commented 3 months ago

Hello

I am encountering an issue where the library step cloudFoundryDeploy fails if the password contains special characters. Below is a snippet of the relevant log with some data redacted

info  cloudFoundryDeploy - running command: cf version
info  cloudFoundryDeploy - cf version 8.7.10+5b7ce3c.2024-04-04
info  cloudFoundryDeploy - Logging in to Cloud Foundry
info  cloudFoundryDeploy - Logging into Cloud Foundry..
info  cloudFoundryDeploy - running command: cf login -a https://api.cf.us10-001.hana.ondemand.com/ -o redacted -s dev -u **** -p ****
info  cloudFoundryDeploy - API endpoint: https://api.cf.us10-001.hana.ondemand.com/
info  cloudFoundryDeploy - 
info  cloudFoundryDeploy - 
info  cloudFoundryDeploy - Authenticating...
info  cloudFoundryDeploy - 
info  cloudFoundryDeploy - Error Code: 401
info  cloudFoundryDeploy - Password: API endpoint:   https://api.cf.us10-001.hana.ondemand.com/
info  cloudFoundryDeploy - API version:    3.167.0
info  cloudFoundryDeploy - Raw Response: {"error":"invalid_client","error_description":"{\"error\":\"invalid_grant\",\"error_description\":\"User authentication failed: Unauthorized\"}"}
info  cloudFoundryDeploy - Not logged in. Use 'cf login' or 'cf login --sso' to log in.
info  cloudFoundryDeploy - Unable to authenticate.
info  cloudFoundryDeploy - FAILED

In fact, I checked how cf CLI would behave if I omit quoting my password in my local desktop and the logs are the same. Locally, quoting my password was enough to get things working. Moreover, when I changed my password to remove all special characters, this error didn't happen in Jenkins and the login was successful.

Related to #32.

anilkeshav27 commented 3 months ago

in which secret store do you store the password ?, is it jenkins / vault or something else

SayakMukhopadhyay commented 3 months ago

I am storing it in Jenkins' System store. I believe the issue lies in cloudfoundry/Authentication.go in the following lines https://github.com/SAP/jenkins-library/blob/70902974acdad159b5146125ccdfac918f248a2a/pkg/cloudfoundry/Authentication.go#L43-L50 As you can see, the password will be appended to -p verbatim. Thus is the password is abc$123, the appended string will become -p abc$123 which will be an issue in both linux and windows shells. Same is also true if the username contains a special character.

anilkeshav27 commented 3 months ago

thanks for pointing it out, will get to you

github-actions[bot] commented 1 month ago

Thank you for your contribution! This issue is stale because it has been open 60 days with no activity. In order to keep it open, please remove stale label or add a comment within the next 10 days. If you need a Piper team member to remove the stale label make sure to add @SAP/jenkins-library-team to your comment.

SayakMukhopadhyay commented 1 month ago

not stale @SAP/jenkins-library-team

agiguere commented 1 month ago

we are facing a similar issue, the SAP support told us it could be related to the technical user password, we removed any special characters but it does not work (CICD CF login via technical user with a custom IDP like IAS) ... however we can log in via the CLI without any problem with the same technical user