I can't figure out how I can tell gradle to take the credentials id from jenkins and apply them? I use such a construct in build.gradle:
repositories {
maven {
name ’test'
url «test.com"
credentials {
username = System.getenv("JENKINS_CREDENTIALS_ID")
password = System.getenv("JENKINS_CREDENTIALS_ID")
}
}
}
How do I transfer the account id from jenkins?
Related
I'm not creating a new job.
I want to access a Jenkins secret string binding from inside a job DSL script. I haven't been able to find examples of this.
If I have a secret string binding in Jenkins named "my-secret-string" how do I get the value of that in a DSL script? I want the DSL to make REST calls and other things using secrets I have securely stored in Jenkins.
I cant use credentials('<idCredentials>') because I'm not creating a new job or anything, I want to use those secret values in the DSL script itself.
I don't understand the scenario. You are not creating a new job but you are still inside a job? What does that mean? I understood that you defined a credential - secret text in Jenkinks and you want to access it from a job? This is a standard scenario:
withCredentials([string(credentialsId: 'my-secret-string', variable: 'mySecretStringVar')]){
println mySecretStringVar
}
From Jenkins Console or groovy script epending on where credentials are located:
def getFolderCredsScript(def pipelineFolder, def credId){
def credentialsStore =
jenkins.model.Jenkins.instance.getAllItems(com.cloudbees.hudson.plugins.folder.Folder.class).findAll{it.name.equals(pipelineFolder)}
.each{
com.cloudbees.hudson.plugins.folder.AbstractFolder<?> folderAbs = com.cloudbees.hudson.plugins.folder.AbstractFolder.class.cast(it)
com.cloudbees.hudson.plugins.folder.properties.FolderCredentialsProvider.FolderCredentialsProperty property = folderAbs.getProperties().get(com.cloudbees.hudson.plugins.folder.properties.FolderCredentialsProvider.FolderCredentialsProperty.class)
if(property != null){
for (cred in property.getCredentials()){
if ( cred.id == credId ) {
return "${cred.username}:${cred.password}"
}
}
}
}
}
def getGlobalCredsScript(def credId){
def creds = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials(com.cloudbees.plugins.credentials.common.StandardUsernameCredentials.class, Jenkins.instance, null, null);
for (cred in creds) {
if (cred.id == credId){
return "${cred.username}:${cred.password}"
}
}
}
I found this question when trying to figure out how to set authenticationToken in my jenkins DSL. You can't use withCredential or a credentials call since it only accepts a string. The answer I found is to wrap the build/seed file. It can use withCredential and you pass in the credential as a string like this:
Jenkinsfile.build
withCredentials([
string(credentialsId: 'deploy-trigger-token', variable: 'TRIGGER_TOKEN'),
]) {
jobDsl targets: ".jenkins/deploy_${env.INSTANCE}_svc.dsl",
ignoreMissingFiles: true,
additionalParameters: [
trigger_token: env.TRIGGER_TOKEN
]
}
Then in your dsl file:
pipelineJob("Deploy Service") {
...
authenticationToken (trigger_token)
...
}
So to answer your question, you are correct you can't directly access the credential in your dsl, instead you do it in the seed build file which passes it in as a additionalParameters variable.
In our company, all Jenkins jobs are only created via the Jenkins DSL. Our Jenkins permissions are controlled via LDAP. For this we use the Jenkins LDAP Plugin (https://wiki.jenkins.io/display/JENKINS/LDAP+Plugin) version 1.20.
Currently individual LDAP users are authorized:
freeStyleJob ('Jobname') {
[...]
authorization {
permission('hudson.model.Item.Build', 'User1')
permission('hudson.model.Item.Build', 'User2')
[...]
}
[...]
}
I would like to use LDAP groups instead of authorizing individual users:
freeStyleJob ('Jobname') {
[...]
authorization {
permission('hudson.model.Item.Build', 'LDAPROLE_BUILD')
}
[...]
}
How do I have to adjust my DSL files to use LDAP roles instead of single users?
That is exactly the way you have to do it:
freeStyleJob ('Jobname') {
[...]
authorization {
permission('hudson.model.Item.Build', 'LDAPROLE_BUILD')
}
[...]
}
If you want to give multiple LDAP Roles the rights to build you have to do it with an array:
freeStyleJob ('Jobname') {
[...]
authorization {
permission('hudson.model.Item.Build', ['LDAPROLE_BUILD1', 'LDAPROLE_BUILD2'])
}
[...]
}
It is also usefull to give the role that has rights to build also the rights to cancel a build hudson.model.Item.Cancel
To give a LDAP role only rights to 'read' a job you can use Read and Workspace:
hudson.model.Item.Read
hudson.model.Item.Workspace
I have a groovy script which will configure AWS ec2 plugin with required data. I am able to configure all other inputs. I need to give private key in same region, is there any way that i can generate and configure this key in grrovy script. followed below document and template.
https://gist.github.com/vrivellino/97954495938e38421ba4504049fd44ea
https://github.com/jenkinsci/ec2-plugin/blob/master/src/main/java/hudson/plugins/ec2/SlaveTemplate.java
This will help you to get Jenkins private keys:
EC2Cloud cloud = Jenkins.instance.clouds.find { it instanceof EC2Cloud }
KeyPair key_pair= cloud.getKeyPair()
private_key_text = key_pair.keyMaterial
def secret_key = hudson.util.Secret.decrypt(cloud.getSecretKey()).toString()
I am not sure if this is the right answer to your question, but this is where Google led me when I wanted to decipher the private key for the EC2 Jenkins plugin.
This worked for me with Jenkins 2.190.2.
import hudson.plugins.ec2.AmazonEC2Cloud
def cloud = Jenkins.instance.clouds.find { it instanceof AmazonEC2Cloud }
println cloud.getKeyPair().keyMaterial
I am creating a jobs for each application branches from github.
I am not sure how to pass the credentials to the repo link?
import groovy.json.*
def project = 'app-ras'
def branchApi = new URL("https://gitlab.etctcssd.com/sdadev/${project}/branches")
def branches = new JsonSlurper().parse(branchApi.newReader())
branches.each {
def branchName = it.name
def jobName = "${project}-${branchName}".replaceAll('/','-')
job(jobName) {
scm {
git("https://gitlab.etctcssd.com/sdadev/${project}.git", branchName)
}
}
}
Our project is secure project in gitlab, so how can I pass the credentials in this case?
I am sure it would redirect to login page. But I am not sure how to handle this. Any help would be greatly appreciated.
I hope it will work in the following way:
import groovy.json.JsonSlurper
def project = 'app-ras'
def branchApi = new URL("https://gitlab.etctcssd.com/sdadev/${project}/branches")
def branches = new JsonSlurper().parse(branchApi.newReader())
branches.each {
def branchName = it.name
String jobName = "${project}-${branchName}".replaceAll('/', '-')
job(jobName) {
scm {
git {
branch(branchName)
remote {
url("https://gitlab.etctcssd.com/sdadev/${project}.git")
credentials("HERE")
}
}
}
}
}
Try to substitute HERE with plain credentials (a kind of an access token) or with credential ID (of type Secret text) defined under Jenkins -> Credentials.
Also, are you using gitlab or github?
EDIT
So as far as I understood you have problems with fetching the branches names not with the Jenkins DSL. Here you can see how to fetch branches from gitlab. In groovy in can be done in the following way:
URLConnection connBranches = new URL("https://gitlab.etctcssd.com/sdadev/${project}/branches").openConnection()
connBranches.setRequestProperty("PRIVATE-TOKEN", "PASTE TOKEN VALUE HERE")
new JsonSlurper().parse(new BufferedReader(new InputStreamReader(connBranches.getInputStream())))
I have created a credential in Jenkins called AZURE_CLIENT_ID. I have the "Credentials Binding Plugin" installed.
If I create a Job manually in the UI I am able to select the Binding I would like for the Environment and select my Secret Text type.
I want to replicate this in my Jobs DSL script. I have found the following snippet which is very close to what I want to do:
job('example-2') {
wrappers {
credentialsBinding {
usernamePassword('PASSWORD', 'jarsign-keystore')
}
}
}
However the credential I want to inject is Secret Text and I cannot find what the function to it with is, e.g. instead of usernamePassword. Does anyone know what this should be please?
'Secret text' kind credentials are retrieved as 'string()' in the credentialBinding context.
For example:
job('example') {
wrappers {
credentialsBinding {
string('SECRETWORD', 'name_of_credential')
}
}
}
Documentation at: https://jenkinsci.github.io/job-dsl-plugin/#method/javaposse.jobdsl.dsl.helpers.wrapper.WrapperContext.credentialsBinding