I am attempting to retrieve the credentials for Perforce in my Jenkinsfile. The p4 credentials are saved using the standard Jenkins credentials store. I need the credentials to be in scope so that I can call a utility that will invoke p4 operations from a utility. The utility expects the P4PORT environment variable to be set.
I am aware of withCredentials, however, I am not sure how to leverage this to retrieve the P4Port property saved on the credential.
The closest credentials binding I've found is usernamePassword(), however that doesn't seem to be able to give me access to the P4Port property.
The error I am experiencing is:
Credentials 'my-credentials-id' is of type 'Perforce Password Credential'...
Is there a binding that is intended to be used with 'Perforce Password Credential'?
The binding to a variable is handled by https://plugins.jenkins.io/credentials-binding/
It only supports specific types of credentials, see
https://javadoc.jenkins.io/plugin/credentials/com/cloudbees/plugins/credentials/common/package-summary.html
So the credentials plugin would have to have a credential Interface that allows access to additional information, specifically your P4PORT. Then the p4 plugin could implement it.
The p4 plugin supports the username/password (StandardUsernamePasswordCredentials) with the perforce password credential.
Related
For Xray on Jira server/datacenter ... Need authentication token to push the results from jenkins pipeline ... How to generate the token or if there is any other way to authenticate and push the test results
In Jira server/datacenter, usually the authentication is done using a Jira's user credentials (i.e., username and password). It's also possible to use Personal Access Tokens (in Jira datacenter only), but this is not that common; besides, these Personal Access tokens are totally unrelated with the authentication tokens used in Xray cloud in case you've seen that.
So, and first of all, you need to install the Xray Jenkins connector/plugin.
Then you need to configure a Xray instance, where you specify the server URL and the credentials (i.e., Jira username + password).
Then you can either use the UI to setup your build , on a freestyle project for example, and use the task "Xray: Results Import Task" as a build step.
If you're using declarative pipelines, on a pipeline type of project, then you can generate the pipeline syntax as follows:
Access Jenkins' Snippet Generator to faciliate the process of generating the pipeline script code.
You may access it, from the pipeline syntax link available from within your project.
Then select "step: General build step", "Xray: Results Import Task" and fill out the values you want.. it will then allow you to generate the script that you can include in your pipeline.
If you don't want to use the Xray Jenkins connector/plugin, you could also invoke the Xray REST API directly and perform a HTTP POST request to submit the test report, using the Jira user credentials and basic authentication. This could be achieved by invoking, for example, "curl" utility as a build step.
In TFS 2015 we used Machine groups and weren't required to enter a Admin Login and Password for the "Powershell on Target Machines" task.
We are now using tfs 2017 and do not want to define the Admin Login and Password in every build definition since we have numerous. How can you overcome this? I was thinking about using a txt file with a SecureString password and in the build definition read it in, decrypt it and assign it to the Build definition variable
Use variable groups. Create a variable group for your shared secrets, then link the variable group to any build or release definitions that need access to the secrets. Going a step further, you could store the secrets in Azure KeyVault to provide a single source of truth for secrets.
Storing secrets in source control using reversible encryption is just obfuscation, and from a security standpoint is only slightly better than storing it in plaintext.
My aim:
To use a password in jenkins which is masked after input and runtime.
I only need it for my job.
I can use it in my java code to login to a website.
Areas I have looked at:
The credentials plugin - this looks like the right area (but I'll need to get the sysadmins to add me as its locked down).
Also I can't find out how you can access the output?
Have a look into the EnvInject plugin, there you can define password parameters that are masked in console output and job configuration, they can be used like normal parameters.
The screenshot shows the configuration in the job to use a local password.
The shell script build step I used is
echo "myPassword = $myPassword"
The resulting console output is:
+ echo 'myPassword = [*******]'
myPassword = [*******]
To pass it to Java you can use it like any other parameter from the job configuration. The value itself is encrypted, so checking the job configuration as XML will not reveal the password either.
You can use the jenkins credentials binding plugin.
After installing the Credentials Bindings plugin, the Build Environment section of your build job Configuration page will include a new option:
Use secret text(s) or file(s)
Enabling this option allows you add credential bindings where the Variable value will be used as the name of the environment variable that your build can use to access the value of the credential.
See the full description of all steps here:
https://support.cloudbees.com/hc/en-us/articles/203802500-Injecting-Secrets-into-Jenkins-Build-Jobs
I want to verify and validate credentials (user and password) by using Credentials-plugin for Jenkins. I added Credentials-plugin in my POM file. But I don't know how to verify access to my domain name.
Do you have any idea how I can verify credentials for a domain name (aa.example.com) by using credentials-plugin through java.
Thanks
Jenkins 'credential' plugin is to facilitate keeping passwords(user/pwd or any other form) safe outside of code. So you can only use those wherever you want in code by using the variable names you have created in configuration. Jenkins will get this password to you wherever you ask but it will not use those for any authentication. It is up to us to get the values through system vairables and use them to authenticate for given domain name. Refer below to see if that is helping you.
Inject passwords to the build as environment variables
Is there a way to use the credential store with the CVS plugin to access a CVS repository? Looking for a way to store credential once and have one place to change it, despite many jobs making use of it.
The CVS plugin doesn't use the credentials store directly (although there are potential plans to move to this in a future overhaul of the plugin), but it does have a concept of global credentials which should provide what you need. The reason for having something separate from global credentials was that CVS introduced this prior to the credentials plugin being available and the steps have never been taken to try and perform a migration.
To use this credential feature, ensure you have version 2.4 or above of the CVS plugin, goto your 'Manage Configuration' screen, scroll down to the CVS section and click the 'Add' button next to the 'Authentication' option. Once you've added any credentials in here, go back to the jobs you're wanting to use the global credentials on, check the CVS root matches what you put in the authentication section and that it doesn't contain a username and then run your job. When running, the console should then show 'Using globally configured credentials for...' when trying to connect to CVS.