Passwords in AntRun vs GMaven
Issue #1
wontfix
Thanks for a great plugin!
I have a question about using the plugin with the AntRun and GMaven plugins. If I create a test POM that executes the decode-password-plugin during the initialize phase, during later phases (for example, the compile phase) the AntRun plugin does not seem to pick up a decoded property value, whereas the GMaven plugin does.
I've attached two files, test-security-settings.xml and test-pom-04.xml, that illustrate the issue. The test-security-settings.xml file should be installed into the $HOME/.m2 directory, and the test-pom-04.xml file should be used as follows:
mvn -f test-pom-04.xml compile
The output is attached below. The project executes the decode-password-plugin during the initialize phase, then executes the AntRun and GMaven plugins during the compile phase. Both the AntRun and the GMaven plugin simply echo the value of an encoded property named "encrypted.passphrase". The AntRun plugin echoes the encrypted value, whereas the GMaven plugin echoes the decrypted value. The AntRun behavior is unexpected (at least to me), whereas the GMaven behavior is what I need for my Maven builds.
So, I have three questions:
0) Is this the correct forum in which to raise this issue, or should I try another venue like StackOverflow?
1) Why does the AntRun plugin bind to the encrypted value of a property, as if the decode-password-plugin hasn't executed, whereas the GMaven plugin binds to the decrypted value?
2) Is it possible to configure the AntRun plugin to bind to the decrypted value?
Thanks in advance.
-- Rick Hall
[INFO] Scanning for projects...
[INFO]
[INFO] Using the builder org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder with a thread count of 1
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building test 0.0.0-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- decode-password-plugin:0.0.1:process (decode-passwords) @ test ---
[INFO] Starting to process project properties...
[INFO] Loading /Users/test/.m2/test-security-settings.xml
[INFO] Processing property with key [encrypted.passphrase]
[INFO] Finished processing project properties.
[INFO] Merging properties...
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ test ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory /Users/test/tmp/src/main/resources
[INFO]
[INFO] --- maven-compiler-plugin:2.5.1:compile (default-compile) @ test ---
[INFO] No sources to compile
[INFO]
[INFO] --- maven-antrun-plugin:1.7:run (test-antrun) @ test ---
[INFO] Executing tasks
main:
[echo] encrypted.passphrase: {oDKlevYkFQQHRbJFHY3mq+Hf0Af6j/nYau31JrQi1/g=}
[INFO] Executed tasks
[INFO]
[INFO] --- gmaven-plugin:1.3:execute (test-groovy) @ test ---
Start...
encrypted.passphrase: yada-yada
...Finished
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 3.490 s
[INFO] Finished at: 2014-04-10T09:52:50-05:00
[INFO] Final Memory: 16M/170M
[INFO] ------------------------------------------------------------------------
Comments (7)
-
repo owner
-
repo owner
Dear Rick, just to inform that after some debugging, I decided to open an issue for the Maven Antrun plugin:
https://jira.codehaus.org/browse/MANTRUN-184https://issues.apache.org/jira/browse/MANTRUN-184
Thanks.
-
Manuel --
I found a workaround to the problem of AntRun binding to encrypted property values. The trick is to define a new property in some plugin, like GMaven, that is based on the decrypted value of some other property.
This is a hack, but it works.
-- Rick
===== HACK =====
1) In the <properties> section of a pom.xml file, or in the <profile><properties> section of the settings.xml file, define some encrypted property value:
<properties> <encrypted.passphrase> {oDKlevYkFQQHRbJFHY3mq+Hf0Af6j/nYau31JrQi1/g=} </encrypted.passphrase> </properties>2) Decrypt the passphrase using decode-password-plugin
<plugin> <groupId>com.mcmartins.maven</groupId> <artifactId>decode-password-plugin</artifactId> <version>0.0.1</version> <executions> <execution> <id>decode-passwords</id> <phase>initialize</phase> <goals> <goal>process</goal> </goals> </execution> </executions> </plugin>3) Define a new property at build time using GMaven
<plugin> <groupId>org.codehaus.gmaven</groupId> <artifactId>gmaven-plugin</artifactId> <version>1.3</version> <executions> <execution> <id>test-groovy</id> <phase>compile</phase> <goals> <goal>execute</goal> </goals> <configuration> <source> project.properties.decrypted_passphrase = \ project.properties.getProperty('encrypted.passphrase'); </source> </configuration> </execution> </executions> </plugin>4) Use the new property in AntRun
<groupId>org.apache.maven.plugins</groupId> <artifactId>maven-antrun-plugin</artifactId> <version>1.7</version> <executions> <execution> <id>test-antrun</id> <phase>compile</phase> <goals> <goal>run</goal> </goals> <configuration> <target> <echo message="encrypted.passphrase: ${encrypted.passphrase}"/> <echo message="decrypted_passphrase: ${decrypted_passphrase}"/> </target> </configuration> </execution> </executions> </plugin> -
I have been unable to attach test-pom-05.xml, which illustrates the hack described above, so here's the content of the POM pasted into a comment.
<?xml version="1.0"?> <project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <modelVersion>4.0.0</modelVersion> <groupId>com.rphall.experimental</groupId> <artifactId>test</artifactId> <version>0.0.0-SNAPSHOT</version> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <encrypted.passphrase> {oDKlevYkFQQHRbJFHY3mq+Hf0Af6j/nYau31JrQi1/g=} </encrypted.passphrase> </properties> <build> <plugins> <plugin> <groupId>com.mcmartins.maven</groupId> <artifactId>decode-password-plugin</artifactId> <version>0.0.1</version> <executions> <execution> <id>decode-passwords</id> <phase>initialize</phase> <goals> <goal>process</goal> </goals> </execution> </executions> <configuration> <securitySettingsFileName> test-security-settings.xml </securitySettingsFileName> </configuration> </plugin> <plugin> <groupId>org.codehaus.gmaven</groupId> <artifactId>gmaven-plugin</artifactId> <version>1.3</version> <executions> <execution> <id>test-groovy</id> <phase>compile</phase> <goals> <goal>execute</goal> </goals> <configuration> <source> println "Start..." project.properties.decrypted_passphrase = \ project.properties.getProperty('encrypted.passphrase'); println "decrypted passphrase: " \ + project.properties.decrypted_passphrase println "...Finished" </source> </configuration> </execution> </executions> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-antrun-plugin</artifactId> <version>1.7</version> <executions> <execution> <id>test-antrun</id> <phase>compile</phase> <goals> <goal>run</goal> </goals> <configuration> <target> <echo message="encrypted.passphrase: ${encrypted.passphrase}"/> <echo message="decrypted_passphrase: ${decrypted_passphrase}"/> </target> </configuration> </execution> </executions> </plugin> </plugins> </build> </project> -
repo owner
Dear Rick, thanks for posting a workaround.
I will close the issue with a won't fix...I think this should be fixed in the Maven AntRun plugin.
Thanks.
Manuel
-
repo owner
- changed status to wontfix
-
Manuel --
Thanks for looking into this. I understand that the issue is caused by AntRun behavior. In a nutshell, it appears that the AntRun plugin binds to the first definition of a property value, rather than to a subsequent redefinition. I would expect behavior like this -- early, one-time binding of property values during initialization -- when Ant is run outside of Maven, but I am surprised that it occurs when Ant is invoked as a Maven plugin, because it seems to violate Maven's lifecycle model. Hopefully, the AntRun folks will respond to your posting in their JIRA forum. If they don't, I may try posting a query on StackOverflow.
Thanks again for a much needed, nicely designed and well written plugin.
Best regards.
-- Rick Hall
- Log in to comment
Hi Rick, I made some debugging and at first sight it looks like an antrun plugin bug.
Let me investigate it a bit more, I'll come to you as soon I have something.
Thanks. Manuel