Hi there, no worries on the delay. When you say `echo cksum $GOCD_ACCESS_TOKEN` it's probably not doing what you want. You’re literally echoing the work “cksum” followed by the access token. You probably don’t want the `echo` If your intent was to display the checksum of the secret. GoCD will print whatever is on stdout or stderr from `cksum` to the console.
Which brings me to my next point. GoCD masks secrets it knows about from the console. Meaning, if it finds some console text that matches a known secure environment variable, it replaces it with a series of asterisks of a fixed, arbitrary length. Thus, the fact that it masked the value that you echoed means it printed a secure variable. So I would conclude that your script is receiving the right value from the environment. So, I’d say that solves the problem you were facing? On Sun, Feb 21, 2021 at 2:54 AM Sriram Narayanan <[email protected]> wrote: > I the past, I've faced a similar issue where some special characters were > escaped (or should have been escaped) and I faced such a mismatch. > > My solution at that time was to change the passphrase and use other > special characters. > > Could you share the non-alphabetic non-numeric characters in the > GOCD_ACCESS_TOKEN? > > Since you mentioning these Windows-based text editors, I wonder if there's > some unicode related activity going on. > > Could you also try generating a new API token and using that instead? (You > could set up GoCD locally and try, too). > > -- Ram > > On Sun, Feb 21, 2021 at 6:40 PM Gabriel Callaghan < > [email protected]> wrote: > >> Hi, >> >> Thank you for your reply - sorry I got pulled away to another task. >> >> For the task config: >> >> Command: /bin/sh >> >> Arguments: ./{companyName}/game-deploy/checkToken.sh >> >> Inside the script: >> >> #! /bin/bash >> >> curl "https://{COMPANY NAME}/go/api/stages/testStage/Deploy/history" \ >> -H "Authorization: Bearer $GOCD_ACCESS_TOKEN" \ >> -H 'Accept: application/vnd.go.cd.v3+json' >> >> echo cksum $GOCD_ACCESS_TOKEN >> >> I have taken your suggestion of wrapping this in a script rather than >> having it as an argument. It now passes but in the console it shows "cksum >> *******". How would I be able to compare the cksum of the token if it is >> hidden from me? I already have the cksum from when I tested on VS Code, I >> am not sure how to proceed in GOCD. >> >> From some testing, I found that if I use my personal access token in this >> script on Notepad++, it will return an answer. If I use GOCD_ACCESS_TOKEN >> in Notepad, it will fail, telling me I am not authenticated. However it >> will pass in the same script in GOCD. >> >> If I am correct and that when "cksum ****" appears, that means I have >> passed the auth check, I am still not sure how I managed to fix the problem >> for when this happens in the future. >> >> What would your advice for my next steps be? >> >> Thank you, >> Gabes. >> >> On Fri, Feb 19, 2021 at 11:48 AM Marques Lee < >> [email protected]> wrote: >> >>> Can you post your task config? Just a guess before actually seeing your >>> config is that you might be putting ${GOCD_ACCESS_TOKEN} as a raw argument. >>> Since the arguments are effectively shell-escaped, `curl` might be sending >>> the literal text ${GOCD_ACCESS_TOKEN} instead of interpolating your secret >>> variable. >>> >>> The solution to that is to either: >>> >>> - Wrap your `curl` call with `bash -c`, or >>> - Wrap this in a script and call your script >>> >>> In either case above, curl will receive the interpolated value. >>> >>> But, let's take a look at your task config to confirm what's going on. >>> >>> Best, >>> >>> Marques >>> >>> On Thu, Feb 18, 2021 at 1:58 PM Gabriel Callaghan < >>> [email protected]> wrote: >>> >>>> Hi, >>>> >>>> I have a script which does an API call. To authenticate myself, I use a >>>> token. >>>> >>>> $ curl ' >>>> https://ci.example.com/go/api/stages/mypipeline/defaultStage/history' >>>> \ >>>> -H "Authorization: Bearer ${GOCD_ACCESS_TOKEN}" \ >>>> -H 'Accept: application/vnd.go.cd.v3+json' >>>> >>>> When I use this api, if in my script I use my personal access token >>>> generated by GOCD, the call works. However, if I have the same API call >>>> with the same token, but the token is inside the secure variable section of >>>> the pipeline, and called using ${GOCD_ACCESS_TOKEN}, I am unable to get >>>> authenticated. >>>> >>>> I have tried to hash the token to see if it matches. When doing cksum >>>> on my personal token inside my script, I get a different result from if I >>>> did cksum <<<${GOCD_ACCESS_TOKEN}. >>>> >>>> I am a junior, so I have much to learn and I would apperciate any help >>>> in understanding how to resolve this issue. >>>> >>>> Thank you :) >>>> Gabes. >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "go-cd" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/go-cd/2a219c35-6c78-4ae3-8070-1e2a54118638n%40googlegroups.com >>>> <https://groups.google.com/d/msgid/go-cd/2a219c35-6c78-4ae3-8070-1e2a54118638n%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "go-cd" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/go-cd/CAPKX9jZAnKGrupURs%3DrmR5FXceBowfG_WLQFUFdVPEYnqut70A%40mail.gmail.com >>> <https://groups.google.com/d/msgid/go-cd/CAPKX9jZAnKGrupURs%3DrmR5FXceBowfG_WLQFUFdVPEYnqut70A%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "go-cd" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/go-cd/CAKV4bkeVVUaObxjv1S-j478UzuTDjv1d8TEhRJ%3D1U%2BCkkX69cA%40mail.gmail.com >> <https://groups.google.com/d/msgid/go-cd/CAKV4bkeVVUaObxjv1S-j478UzuTDjv1d8TEhRJ%3D1U%2BCkkX69cA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- > You received this message because you are subscribed to the Google Groups > "go-cd" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/go-cd/CANiY96YQDRTgzpMPDiG6kMkNDU5kaN1MP9O2wiixm%2BKhzHKLpQ%40mail.gmail.com > <https://groups.google.com/d/msgid/go-cd/CANiY96YQDRTgzpMPDiG6kMkNDU5kaN1MP9O2wiixm%2BKhzHKLpQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "go-cd" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/CAPKX9jamvZ1Nw_Ly-Xgm7gZXr-zUPcVWNoZ1O900LHgj6MF--g%40mail.gmail.com.
