What Operating System are you using (both controller, and any agents involved in the problem)?
Jenkins: Rocky Linux 8
Reproduction steps
Create an Ansible playbook to show passwords:
- hosts: all
tasks:
- name: show the current user
ansible.builtin.debug:
msg: "Current user is {{ ansible_user }}"
- name: show the current user password
ansible.builtin.debug:
msg: "Current user is {{ ansible_ssh_passowrd }}"
Create a username/password credential in Jenkins with the details: ansible4/pa$$word
However the fix in PR: https://github.com/jenkinsci/ansible-plugin/pull/85/files breaks passing passwords to sshpass. This is because $$ is escaped by Groovy. The PR is incorrectly escaping all special characters. The original issue was with passwords that contain $$ and has nothing to do with escaping any other special character. The PR should be reverted so passwords container special character combinations other than $$ continue to work.
I have found no way to parse $$ correctly, it would be better to document this as there are two issues:
$$ = pid in bash
$ is an escape character in Groovy.
In a situation outside of this plugin if I had a Jenkins username/password credential with a password containing $$ e.g. abc$$123 I would enter it as abc$$$$123 so I could get the correct value passed to the shell.
Jenkins and plugins versions report
Environment
Jenkins: 2.401.2 OS: Linux - 4.18.0-477.15.1.el8_8.x86_64 Java: 11.0.19 - Red Hat, Inc. (OpenJDK 64-Bit Server VM) --- ace-editor:1.1 ansible:240.vc26740a_625c0 ansicolor:1.0.2 antisamy-markup-formatter:159.v25b_c67cd35fb_ apache-httpcomponents-client-4-api:4.5.14-150.v7a_b_9d17134a_5 bootstrap4-api:4.6.0-6 bootstrap5-api:5.3.0-1 bouncycastle-api:2.29 branch-api:2.1122.v09cb_8ea_8a_724 build-timeout:1.31 caffeine-api:3.1.6-115.vb_8b_b_328e59d8 checks-api:2.0.0 cloudbees-folder:6.815.v0dd5a_cb_40e0e command-launcher:100.v2f6722292ee8 commons-lang3-api:3.12.0-36.vd97de6465d5b_ commons-text-api:1.10.0-36.vc008c8fcda_7b_ credentials:1271.v54b_1c2c6388a_ credentials-binding:631.v861c06d062b_4 dashboard-view:2.487.vcf0ff9008a_c0 data-tables-api:1.13.5-1 display-url-api:2.3.7 durable-task:513.vc48a_a_075a_d93 echarts-api:5.4.0-5 email-ext:2.100 font-awesome-api:6.4.0-2 git:5.2.0 git-client:4.4.0 git-server:99.va_0826a_b_cdfa_d github:1.37.1 github-api:1.314-431.v78d72a_3fe4c3 github-branch-source:1728.v859147241f49 handlebars:3.0.8 instance-identity:173.va_37c494ec4e5 ionicons-api:56.v1b_1c8c49374e jackson2-api:2.15.2-350.v0c2f3f8fc595 jakarta-activation-api:2.0.1-3 jakarta-mail-api:2.0.1-3 javax-activation-api:1.2.0-6 javax-mail-api:1.6.2-9 jaxb:2.3.8-1 jdk-tool:66.vd8fa_64ee91b_d jjwt-api:0.11.5-77.v646c772fddb_0 jquery3-api:3.7.0-1 jsch:0.2.8-65.v052c39de79b_2 junit:1217.v4297208a_a_b_ce lockable-resources:1172.v4b_8fc8eed570 mailer:457.v3f72cb_e015e5 matrix-auth:3.1.10 matrix-project:789.v57a_725b_63c79 mina-sshd-api-common:2.10.0-69.v28e3e36d18eb_ mina-sshd-api-core:2.10.0-69.v28e3e36d18eb_ momentjs:1.1.1 okhttp-api:4.11.0-145.vcb_8de402ef81 pam-auth:1.10 pipeline-build-step:505.v5f0844d8d126 pipeline-github-lib:42.v0739460cda_c4 pipeline-graph-analysis:202.va_d268e64deb_3 pipeline-groovy-lib:656.va_a_ceeb_6ffb_f7 pipeline-input-step:468.va_5db_051498a_4 pipeline-milestone-step:111.v449306f708b_7 pipeline-model-api:2.2144.v077a_d1928a_40 pipeline-model-definition:2.2144.v077a_d1928a_40 pipeline-model-extensions:2.2144.v077a_d1928a_40 pipeline-rest-api:2.33 pipeline-stage-step:305.ve96d0205c1c6 pipeline-stage-tags-metadata:2.2144.v077a_d1928a_40 pipeline-stage-view:2.33 plain-credentials:143.v1b_df8b_d3b_e48 plugin-util-api:3.3.0 popper-api:1.16.1-3 popper2-api:2.11.6-2 python:1.3 resource-disposer:0.22 scm-api:676.v886669a_199a_a_ script-security:1251.vfe552ed55f8d snakeyaml-api:1.33-95.va_b_a_e3e47b_fa_4 ssh-credentials:305.v8f4381501156 sshd:3.303.vefc7119b_ec23 structs:324.va_f5d6774f3a_d timestamper:1.25 token-macro:359.vb_cde11682e0c trilead-api:2.84.v72119de229b_7 variant:59.vf075fe829ccb workflow-aggregator:596.v8c21c963d92d workflow-api:1248.v4b_91043341d2 workflow-basic-steps:1017.vb_45b_302f0cea_ workflow-cps:3726.v83f8cff396c9 workflow-cps-global-lib:609.vd95673f149b_b workflow-durable-task-step:1247.v7f9dfea_b_4fd0 workflow-job:1316.vd2290d3341a_f workflow-multibranch:756.v891d88f2cd46 workflow-scm-step:415.v434365564324 workflow-step-api:639.v6eca_cd8c04a_a_ workflow-support:848.v5a_383b_d14921 ws-cleanup:0.45 ```What Operating System are you using (both controller, and any agents involved in the problem)?
Jenkins: Rocky Linux 8
Reproduction steps
Create an Ansible playbook to show passwords:
Create a username/password credential in Jenkins with the details: ansible4/pa$$word
Create a Jenkins pipeline to the ansible plugin:
Expected Results
To show password is: pa$$word
Actual Results
Anything else?
The issue reported in: https://github.com/jenkinsci/ansible-plugin/pull/83 is the same issue I have described above.
However the fix in PR: https://github.com/jenkinsci/ansible-plugin/pull/85/files breaks passing passwords to sshpass. This is because $$ is escaped by Groovy. The PR is incorrectly escaping all special characters. The original issue was with passwords that contain $$ and has nothing to do with escaping any other special character. The PR should be reverted so passwords container special character combinations other than $$ continue to work.
I have found no way to parse $$ correctly, it would be better to document this as there are two issues:
In a situation outside of this plugin if I had a Jenkins username/password credential with a password containing $$ e.g. abc$$123 I would enter it as abc$$$$123 so I could get the correct value passed to the shell.