Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cloudFoundryDeploy fails when SAP password contain special characters #4989

Open
SayakMukhopadhyay opened this issue Jul 19, 2024 · 7 comments

Comments

@SayakMukhopadhyay
Copy link

Hello

I am encountering an issue where the library step cloudFoundryDeploy fails if the password contains special characters. Below is a snippet of the relevant log with some data redacted

info  cloudFoundryDeploy - running command: cf version
info  cloudFoundryDeploy - cf version 8.7.10+5b7ce3c.2024-04-04
info  cloudFoundryDeploy - Logging in to Cloud Foundry
info  cloudFoundryDeploy - Logging into Cloud Foundry..
info  cloudFoundryDeploy - running command: cf login -a https://api.cf.us10-001.hana.ondemand.com/ -o redacted -s dev -u **** -p ****
info  cloudFoundryDeploy - API endpoint: https://api.cf.us10-001.hana.ondemand.com/
info  cloudFoundryDeploy - 
info  cloudFoundryDeploy - 
info  cloudFoundryDeploy - Authenticating...
info  cloudFoundryDeploy - 
info  cloudFoundryDeploy - Error Code: 401
info  cloudFoundryDeploy - Password: API endpoint:   https://api.cf.us10-001.hana.ondemand.com/
info  cloudFoundryDeploy - API version:    3.167.0
info  cloudFoundryDeploy - Raw Response: {"error":"invalid_client","error_description":"{\"error\":\"invalid_grant\",\"error_description\":\"User authentication failed: Unauthorized\"}"}
info  cloudFoundryDeploy - Not logged in. Use 'cf login' or 'cf login --sso' to log in.
info  cloudFoundryDeploy - Unable to authenticate.
info  cloudFoundryDeploy - FAILED

In fact, I checked how cf CLI would behave if I omit quoting my password in my local desktop and the logs are the same. Locally, quoting my password was enough to get things working. Moreover, when I changed my password to remove all special characters, this error didn't happen in Jenkins and the login was successful.

Related to #32.

@anilkeshav27
Copy link
Member

in which secret store do you store the password ?, is it jenkins / vault or something else

@SayakMukhopadhyay
Copy link
Author

I am storing it in Jenkins' System store. I believe the issue lies in cloudfoundry/Authentication.go in the following lines

var cfLoginScript = append([]string{
"login",
"-a", options.CfAPIEndpoint,
"-o", options.CfOrg,
"-s", options.CfSpace,
"-u", options.Username,
"-p", options.Password,
}, options.CfLoginOpts...)

As you can see, the password will be appended to -p verbatim. Thus is the password is abc$123, the appended string will become -p abc$123 which will be an issue in both linux and windows shells. Same is also true if the username contains a special character.

@anilkeshav27
Copy link
Member

thanks for pointing it out, will get to you

Copy link
Contributor

Thank you for your contribution! This issue is stale because it has been open 60 days with no activity. In order to keep it open, please remove stale label or add a comment within the next 10 days. If you need a Piper team member to remove the stale label make sure to add @SAP/jenkins-library-team to your comment.

@github-actions github-actions bot added the stale marks stale issues and pull requests label Sep 23, 2024
@SayakMukhopadhyay
Copy link
Author

SayakMukhopadhyay commented Sep 23, 2024

not stale @SAP/jenkins-library-team

@github-actions github-actions bot removed the stale marks stale issues and pull requests label Sep 24, 2024
@agiguere
Copy link

agiguere commented Sep 24, 2024

we are facing a similar issue, the SAP support told us it could be related to the technical user password, we removed any special characters but it does not work (CICD CF login via technical user with a custom IDP like IAS) ... however we can log in via the CLI without any problem with the same technical user

@p41l1
Copy link

p41l1 commented Nov 15, 2024

We are facing a similar issue. We had to remove special characters from the password. After that the login worked just fine again.

@SAP/jenkins-library-team

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants