Skip to content

Allow decodeBase64 to work with nested variables #2777

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
somiljain2006 wants to merge 3 commits into
base: master
Choose a base branch
from
+46 −1
Draft

Allow decodeBase64 to work with nested variables #2777

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
311be20
Fix recursive decodeBase64 resolution for SSH credentials in JCasC
somiljain2006 Feb 1, 2026
15f1c7e
Fixed newline error
somiljain2006 Feb 1, 2026
2af2f6c
Fixed some sematics issues
somiljain2006 Feb 1, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions integrations/src/test/java/io/jenkins/plugins/casc/SSHCredentialsTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -118,4 +118,15 @@ public Optional<String> reveal(String secret) {
return Optional.empty();
}
}

@Test
@ConfiguredWithCode("SSHCredentialsTest_Recursive_Key.yml")
@Issue("https://github.com/jenkinsci/configuration-as-code-plugin/issues/2488")
void shouldSupportRecursiveBase64Certificates(JenkinsConfiguredWithCodeRule j) {
BasicSSHUserPrivateKey certKey = getCredentials(BasicSSHUserPrivateKey.class);
assertThat(
"Private key roundtrip failed",
certKey.getPrivateKeys().get(0).trim().replace("\r\n", "\n"),
equalTo(MySSHKeySecretSource.PRIVATE_SSH_KEY));
}
}
14 changes: 14 additions & 0 deletions integrations/src/test/resources/io/jenkins/plugins/casc/SSHCredentialsTest_Recursive_Key.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
jenkins:
systemMessage: Jenkins with SSH Credentials for JCasC test

credentials:
system:
domainCredentials:
- credentials:
- basicSSHUserPrivateKey:
scope: SYSTEM
id: "userid_recursive"
username: "recursive-user"
privateKeySource:
directEntry:
privateKey: ${decodeBase64:${SSH_AGENT_PRIVATE_KEY_BASE64}}
27 changes: 26 additions & 1 deletion plugin/src/main/java/io/jenkins/plugins/casc/SecretSourceResolver.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -201,7 +201,32 @@ static class DecodeBase64Lookup implements StringLookup {

@Override
public String lookup(@NonNull final String key) {
return new String(Base64.getDecoder().decode(key.getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8);
if (StringUtils.isBlank(key)) {
Comment thread
somiljain2006 marked this conversation as resolved.
Outdated
return "";
}

final String value = key.trim();

if (value.startsWith("-----BEGIN ")) {
Comment thread
somiljain2006 marked this conversation as resolved.
Outdated
return value;
}

String compact = value.replaceAll("\\s+", "");
Comment thread
somiljain2006 marked this conversation as resolved.
Outdated

try {
return new String(Base64.getDecoder().decode(compact), StandardCharsets.UTF_8);
} catch (IllegalArgumentException e) {
try {
return new String(Base64.getUrlDecoder().decode(compact), StandardCharsets.UTF_8);
} catch (IllegalArgumentException e2) {
LOGGER.log(
Level.WARNING,
"Configuration import: Failed to decode base64 secret. "
+ "The value might not be resolved yet or is invalid base64. Defaulting to empty string.",
e2);
return "";
}
}
}
}

Expand Down
Loading