Sensitive variable of project variable not sensitive when set with Octopus.Client

boppel · 19 August 2019 12:40

Hi y’all!

I got the following project template variable (sensitive/password box):

If I set the value with powershell (using Octopus.Client.dll), the value is displayed in the UI and I get this weird behaviour (empty lines?):

powershell:

...
$endpoint = New-Object Octopus.Client.OctopusServerEndpoint $octopusURI,$apiKey
$repository = New-Object Octopus.Client.OctopusRepository $endpoint
$tenantEditor = $repository.Tenants.CreateOrModify($TenantName)

$vars = $tenantEditor.Variables.Instance.ProjectVariables
$varSet = $vars.'Projects-2' #affected project template

$varTemplate = $varSet.Templates | Where-Object -Property Name -eq "Tenant.Database.Pwd"

$projectVars = $varSet.Variables.'Environments-6'
$projectVars[$varTemplate.Id] = 'i like cheese!'

$tenantEditor.Save()

What am I doing wrong?

EDIT: I just had a look at the variables listed after calling /api/tenantvariables/all and compared the values of an automated created tenanted and a manually created tenant:

# manually created
...
"Variables": {
"Environments-6": {
       ...
       # guid == Tenant.Database.Pwd for this tenant
       "03359b9e-121d-4664-8810-8960c7c8d274": {
              "HasValue": true,
              "NewValue": null
            },
   }
   ...
}

# automatically created
"Variables": {
          "Environments-6": {
             ...
            "03359b9e-121d-4664-8810-8960c7c8d274": "i like cheese",
            ...
          }
    ...
}

So I guess this explains why the password is not presented as sensitive - so… how would I fix this :D?

Dalmiro · 19 August 2019 23:44

Hi @boppel,

Thanks for reaching out!

After this line

$projectVars[$varTemplate.Id] = 'i like cheese!'

Add this other line

$projectVars[$varTemplate.Id].IsSensitive = $true

Give that a go and let me know if it works for you

Thanks,
Dalmiro

boppel · 20 August 2019 12:16

Hi @Dalmiro,

I’m afraid this doesn’t work:

…
$projectVars[$varTemplate.Id] = ‘i like cheese!’
$projectVars[$varTemplate.Id].IsSensitive = $true
…

Result:
“IsSensitive” is a readonly property

PS:
I’m already using .IsSensitive=$true - but for variables of a variable set. Works like a charm with those variables, however not for project template variables.

Robert.Davis.SG · 4 September 2019 16:30

I am experiencing this same issue @Dalmiro - can you provide any guidance on how to make this happen? I am also using Octopus.Client with PowerShell.

EDIT:
I ended up doing the following (which appears to work). Let me know if this approach is suitable…

 # save the key pair to the tenant variable
 $tenantEditor = $repository.Tenants.CreateOrModify($TenantName)
 $tenantVars = $tenantEditor.Variables.Instance.LibraryVariables
 $varSet = $tenantVars.$AwsLibraryVariableSetName
 $varTemplate = $varSet.Templates | Where-Object -Property Name -eq $AwsLibraryVariableSetPrivateKeyVariableName

 $makeSensitive = $true
 $updatedPem = New-Object Octopus.Client.Model.PropertyValueResource $keyPair.KeyMaterial, $makeSensitive
    
 # this conditional is necessary because on the first pass, the variable 
 # doesn't exist for the tenant (because it is assigned the default value)
 if($varSet.Variables.ContainsKey($varTemplate.Id)) {
    $varSet.Variables[$varTemplate.Id] = $updatedPem
  }
  else {
     $varSet.Variables.Add($varTemplate.Id, $updatedPem)
  }

$tenantEditor.Save()

boppel · 10 September 2019 11:13

Hi @Robert.Davis.SG,

**thank you so much for your input! It works **

I didn’t encounter any problems with the default value as my project variable template does not define a default value. So if you use a default value, use the condition.

Here’s my working solution:

$endpoint = New-Object Octopus.Client.OctopusServerEndpoint $octopusURI,$apiKey
$repository = New-Object Octopus.Client.OctopusRepository $endpoint
$tenantEditor = $repository.Tenants.CreateOrModify($TenantName)

$vars = $tenantEditor.Variables.Instance.ProjectVariables
$varSet = $vars.'Projects-2' #affected project template

$varTemplate = $varSet.Templates | Where-Object -Property Name -eq "Tenant.Database.Pwd"

$pwd = 'i like cheese'

$makeSensitive = $true
$sensitivePwd = New-Object Octopus.Client.Model.PropertyValueResource $pwd, $makeSensitive

$projectVars = $varSet.Variables.'Environments-6'
$projectVars[$varTemplate.Id] = $sensitivePwd

$tenantEditor.Save()

system · 10 October 2019 11:13

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.