Your browser was unable to load all of the resources. They may have been blocked by your firewall, proxy or browser configuration.
Press Ctrl+F5 or Ctrl+Shift+R to have your browser try again.

secret value not working with python argparse #3898

HealingQuickly ·

Hello

I just encountered an issue with the secret value feature. We use secret value for username and password of subversion. And I tried to pass the username and password to a Python script that receives argparse arguments. The resulted password is somehow just two letters: "OK". (However, the log shows the username is still *******, which seems normal)

I tried using the username and password directly when calling the python script, instead of using ${vars.getValue('svnxxx')}, and it works.
I've used regular sys.arg with secret value, and it works as well.

What could be the cause of this? How can I solve this using argparse with the Python script?

Thank you!

  • replies 8
  • views 408
  • stars 0
HealingQuickly ·

Update

Linux has this issue; but I tested on Windows agent, it successfully ran and passed.

robinshen ADMIN ·

I am not familiar with Python. Can you print value of the secret variable in your Python script? If yes, I guess there is nothing wrong at QB side.

HealingQuickly ·

the outputs are shown via quickbuild, so the secret values are still "******".

Here is what happened. I did some tests using a simple Python script, which only prints out the arguments given.

import sys
print(sys.argv)

And the arguments I pass in are svn username and password, which are both secret value. This is the shell/batch command line

python abtest.py ${vars.getValue('svnUser')} ${vars.getValue('svnPassword')}

and if I use a windows agent, the output is normal

['abtest.py', '*****', '*****']

But in a Linux environment, the output somehow becomes this

['abtest.py', '*****', '0K']

The python version is 3+ for both agents.

What could be the issue?

Thank you

robinshen ADMIN ·

This is odd. I created a test configuration running your simple python script on Windows, and it prints the same as on Windows. This is what I am doing:

  1. create a test configuration with QB installed on Linux
  2. define variable "svnUser" with secret value "someuser", and variable "svnPassword" with secret value "somepassword"
  3. create /home/robin/temp/abtest.py with same content as you suggested
  4. create a step in test configuration to run command:
python /home/robin/temp/abtest.py ${vars.getValue("svnUser")} ${vars.getValue("svnPassword")}
  1. run the test configuration, and in the log I gets:
['/home/robin/temp/abtest.py', '*****', '*****']

I am running latest QB version 7.0.31

HealingQuickly ·

Thanks for your reply

Our QB version is 7.0.23 right now.
What could be different with your linux agent? My agent has python 3.4.3, a bit old but I don't think this could be the issue. The password secret value is converted to "OK" for some reason. This is indeed very odd.
What's the step you use to run it, shell/batch?

Thanks!

robinshen ADMIN ·

I am using the step "Shell/Batch" command. Can you please start with a blank QB installation on your Linux agent, and follow exactly the same steps as mine to see if it still prints "OK"?

mart ·

Out of curiosity, shouldn't the python script print the secret values text plain?

mart ·

No worries, just answered my question myself. I think QB is parsing the logs and whenever it sees the encrypted password it automatically masks it.