[JENKINS-62820] Ability to hide credential usage in job output

[bartdevriendt]

JENKINS-62820 - add ability to hide credenital use in job output

In our company we are using git plugin to checkout git repositories with centrally managed credentials. Pipeline users should not know which credentials are being used to not give them the opportunity to use this credentials in a withCredentials block and bypass certain 4-eyes principles that are in place. Therefore we would like to introduce the possibility to add a global option to hide the output of credential usage in the job log.

Checklist

• I have read the CONTRIBUTING doc
• I have referenced the Jira issue related to my changes in one or more commit messages
• I have added tests that verify my changes
• Unit tests pass locally with my changes
• I have added documentation as necessary
• No Javadoc warnings were introduced with my changes
• No spotbugs warnings were introduced with my changes
• I have interactively tested my changes

Types of changes

• New feature (non-breaking change which adds functionality)

Further comments

Not applicable

[bartdevriendt]

Build only fails on windows nodes, with I guess timeouts. Is there a way to trigger build again without pushing dummy commits to the branch ?

[bartdevriendt]

I cannot find the artifacts to download the hpi to test interactively ?

[MarkEWaite]

Would you consider the comments that I've added.

[MarkEWaite]

I cannot find the artifacts to download the hpi to test interactively ?

I can't find downloadable artifacts either. I'm confident they were available previously, but they may now be deployed as incremental builds to the artifact repository.

I don't see them in the incremental builds in the artifact repository either.

[MarkEWaite]

I'm surprised that this change is sufficient for your requirements. This change does not alter the git client plugin output which reports:

Using GIT_SSH to set credentials Description of my credential

Is it enough to hide only the credential ID or do you also want to hide the disagnostic message in the build log that shows the description of the credential?

[MarkEWaite]

Requesting changes to remind me not to merge until it is understood why it is enough to suppress the credentials ID but not necessary to suppress the credential description.

I confirmed with interactive testing that it behaves as expected.

[bartdevriendt]

Requesting changes to remind me not to merge until it is understood why it is enough to suppress the credentials ID but not necessary to suppress the credential description.

I confirmed with interactive testing that it behaves as expected.

For us it is not necessary to hide the description. The most important thing is users cannot get the credential id to further use it in withCredentials blocks.