You are 100% correct, i was confused about what was actually happening here 
( so may layers of parsing!).

So thanks to this SO answer 
<https://stackoverflow.com/questions/48778678/in-credentials-binding-sh-escaping-madness-for-declarative-pipelines>
 
I can see there are two ways to handle this:
environment{
    CRED = credentials('mycreds')
}
steps {
    sh "some command blahb blah blah" +
        //This works, because i guess bash is smart enough to escape $ in 
environment variables?
        '--username ${CRED_USR} --password  ${CRED_PSW}' 

    // ====== OR ======

    sh "some command blahb blah blah" +
        //Passing in the var directly, like you said, requires I tell bash 
this is a literal string
        "--username '${CRED_USR}' --password  '${CRED_PSW}'" 

Also, just an aside, I saw nowhere in the docs that usernamePassword 
binding was supported in environment{} or how it worked. That should be in 
the docs somewhere if it isn't.


On Tuesday, February 13, 2018 at 11:50:53 PM UTC-5, Mark Waite wrote:
>
> Are you sure that's really a bug?
>
> If the value of mypass is 'ASD123$567' and that is passed as an 
> environment variable to the shell, won't the shell see the '$567' and 
> attempt to expand an environment variable named '567'?  The expansion of 
> $567 is probably the empty string.
>
> If '$' and other special characters are embedded in the password, aren't 
> surrounding quotes needed around the expanded result to assure it is not 
> interpreted by the shell?
>
> Mark Waite
>
>
>
> On Tue, Feb 13, 2018 at 7:36 PM Slide <slide...@gmail.com <javascript:>> 
> wrote:
>
>> Can you file an issue in JIRA?
>>
>> On Tue, Feb 13, 2018 at 7:10 PM red 888 <fakemai...@gmail.com 
>> <javascript:>> wrote:
>>
>>> This is my password: "ASD123$567"
>>>
>>> This doesn't work
>>>
>>> withCredentials([usernamePassword(credentialsId: 'creds',
>>>     usernameVariable: 'myuser', passwordVariable: 'mypass')]) {
>>>     sh "some command --username ${svnuser} --password ${mypass}"
>>> }
>>>
>>>
>>> What i see in the output is mypass is not obfuscated and most 
>>> importantly it looks like its getting cut off after the "$" so its only 
>>> showing ASD123
>>>
>>> -- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "Jenkins Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to jenkinsci-use...@googlegroups.com <javascript:>.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/jenkinsci-users/16bfd2b1-ad71-4326-ac3c-7693b9c71331%40googlegroups.com
>>>  
>>> <https://groups.google.com/d/msgid/jenkinsci-users/16bfd2b1-ad71-4326-ac3c-7693b9c71331%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Jenkins Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to jenkinsci-use...@googlegroups.com <javascript:>.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/jenkinsci-users/CAPiUgVf9g8GN2BPSGdt9jSR1t%2Bj7%2BzoC%2B711cPQzOO1duu6WYQ%40mail.gmail.com
>>  
>> <https://groups.google.com/d/msgid/jenkinsci-users/CAPiUgVf9g8GN2BPSGdt9jSR1t%2Bj7%2BzoC%2B711cPQzOO1duu6WYQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/e6bf4041-65d5-4e22-94c5-b24494a6e93a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to