We have our company users list and with that users list we need to prepare a report that each user have access to which gerrit project.
So how to list the project(s) for particular user from gerrit?
Some direction to achieve this will be helpful. Thanks in advance.
You have two options to give a try:
Use the "gerrit ls-projects" SSH command
Using the "--has-acl-for GROUP" option, you can list projects on which access rights for this group are directly assigned. Note: projects which only inherit access rights for this group are not listed:
ssh -p 29418 USER#GERRIT-SERVER gerrit ls-projects --has-acl-for GROUP
See more details in Gerrit documentation here.
Use the "Check Access" project REST endpoint
Using this endpoint you can verify if a user has access to a repository. Note: this requires the View Access global capability:
curl --user USER:PASS --request GET "https://GERRIT-SERVER/a/projects/PROJECT/check.access?account=ACCOUNT-ID&ref=refs%2Fheads%2Fmaster"
This command checks if the user with the ACCOUNT-ID number has access to the branch "master" of the PROJECT. As you have noted, you need to know the user ACCOUNT-ID. You can find the user ACCOUNT-ID using REST too:
curl --user USER:PASS --request GET "https://GERRIT-SERVER/a/accounts/?q=username:USERNAME" | sed 1d | jq --raw-output .[]._account_id
See more details in Gerrit documentation here.
Related
I have a jenkins instance which contains multiple credentials in different scope.
How do I get the list of jenkins credentials using curl?
I did try to fetch them using
curl -u [USERNAME]:[PASSWORD] -X GET http://[JENKINS_URL]/credentials/store/system/domain/_/api/json
But I'm getting below output which doesn't contain creds IDs or names etc.
3326{"class":"com.cloudbees.plugins.credentials.CredentialsStoreAction$DomainWrapper","credentials":[{},{},{},{},{},{},{},{},{},{},{},{},{},{},{},{},{},{},{},{},{},{},{},{},{},{},{},{},{},{},{},{},{},{},{},{},{},{},{},{}],"description":"Credentials
that should be available irrespective of domain specification to
requirements matching.","displayName":"Global credentials
(unrestricted)","fullDisplayName":"System ยป Global credentials
(unrestricted)","fullName":"system/","global":true,"urlName":"_"}
How do I get the creds IDs and names which I see in Jenkins.
In Jenkins, I would like to execute my scriptler script via REST API from bash and curl. According to documentation it should work, but there isn't any working example.
I have created simple script testScr, which is just one liner: println "OK". I'm trying to execute it with curl:
curl -d '{}' --user <userid>:<Token> http://<jenkins_server>/scriptler/run/testScr > result.html
Resulting html says: "Oops! A problem occurred while processing the request."
How to do it correctly? Is even it working for somebody?
Yes that works for me.
Have you made sure that the user have the right permission and the token is corrct?
In my case I'm using Role-based Authorization Strategy
And you can execute it if you're admin
if you want another user different that admin execute it you can also grant permissions
I want to look up some review comments on Gerrit via the REST API.
I tried a few methods, including Gerrit's official documentation, and nothing changed the fact that I was an anonymous user. The authentication configuration in the gerrit.config is as follow:
[auth]
type = LDAP
gitBasicAuthPolicy = LDAP
I'm calling rest api by curl
$ curl --digest --user LDAP_user:LDAP_password \
https://gerrit.example.com/a/path/to/api
It does not work.
Digest authentication was removed from Gerrit in release 2.14. Remove the "--digest" parameter and the "curl" command will work.
More info in Gerrit 2.14 release notes here.
HTTP_PASSWORD maybe the answer which can be found in account settings.
And then
curl -u USR_NAME:HTTP_PASSWORD https://gerrit.XX.com/a/path/to/api
What's your Gerrit version?
2.14 and newer require basic auth, as already mentioned by Marcelo (maybe you have to explicitly give --basic ).
2.13 and older use digest; you will also be interested in this post if you are using versions that old.
I am trying to make a request to the Jenkins API. However, I always get a 401 unauthorized error. I have tried all permutations of requests using Curl - including sending the API token and Crumb. The Jenkins is hosted on a DEV server and not on my local. I have CSRF protection enabled on Jenkins. Could this be a CORS issue or something else?
Thanks
Trigger Jenkins build with parameters using API token
Variables
UserName is the user with permission to execute jobs
UserTokenValue is the token key assigned to UserName.
JobTokenValue is the token key assigned to the job to allow remote execution.
Create User Token - if jenkins instance requires authorization to execute jobs then user token will be required or the error "missing bread crumb trail" may appear.
Login to Jenkins
Click username in top right corner
Click configure
Click add token
Capture the UserTokenValue. Note:Token id will not be needed going forward.
Optional - verify token assigned to user.
Command curl -v -u <user>:<userTokenValue> <jenkins>/user/<user>/api/json
Example curl -v -u john:11bc70579c86512be9a4356127640abfda http://jenkins.dv.local:8080/user/john/api/json
Enable Jenkins Job to "Trigger builds remotely (e.g., from scripts)"
Locate Jenkins job and click Configure
Scroll to the "Build Triggers" section and enable the checkbox "Trigger builds remotely"
Enter a secret "Authentication Token" in the text box. The Token is required to execute this specific job remotely. Use "SuperSecret"
Because the Token is set in this one job configuration, that value will only allow this one job to execute remotely.
Use the same value for all jobs if you like but there is no way to manage the JobTokenValue Globally that I know of.
Execute job with parameters using Curl POST
Your values will vary...
JenkinsUrl : https://jenkins.dv.local:8080
UserName : john
UserTokenValue : 115e46b2109bda095cc070b6347dafe585
JobTokenValue : SuperSecret
Command
curl -X POST <JenkinsUrl>/job/test/build -user <UserName>:<UserTokenValue> --data token=<JobTokenValue> --data parm1Name=parm1Value --data parm2Name="Parm2Value with spaces"
Example
curl -X POST http://jenkins.dv.local:8080/job/MyRemoteJob/buildWithParameters --user john:115e46b2109bda095cc070b6347dafe585 --data token=SuperSecret --data TEST_PLAN_KEY=QTAK-1040 --data BROWSER="Chrome (headless)"
401 probably means your username/pass are incorrect.
This works for me:
curl -v -X GET "http://$JENKINS_URL/crumbIssuer/api/json" --user $USERNAME:$USERPASS
If there is a CORS issue, use https://plugins.jenkins.io/cors-filter/.
I couldn't find anything even remotely related in the documentation.
Using the Bitbucket website you can rename a repo as follows:
Go to the repo's overview page, usually https://bitbucket.org/username/oldname/overview
Click the settings cog on the far right end of the menu row !
Instead of 1. and 2. you can type 'r' then 'a' for administration.
Change the name in the Name field.
Click Save repository details.
Be advised that changing the name of the repo will change its URL access too. Previously the access was https://username#bitbucket.org/username/oldname.git Now, however, the repo's URL/Path will be https://username#bitbucket.org/username/newname.git
You can check this by going back to the Overview page, and hovering over the big blue HTTPS button. The bottom of your browser will show that it now points to https://username#bitbucket.org/username/newname.git
If you are using SourceTree you can update the remote's URL by highlighting the local repo in SourceTree and then
Click Repository
Click Repository Settings...
Highlight the row containing the remote branch. Usually origin https://username#bitbucket.org/username/oldname.git
Click Edit
Update the URL/Path field. Change 'oldname.git' to 'newname.git', leave the rest unchanged. So the full path should be https://username#bitbucket.org/username/newname.git
Click OK
For version 2.0 of the API:
According to https://developer.atlassian.com/cloud/bitbucket/rest/api-group-repositories/#api-repositories-workspace-repo-slug-put
PUT https://api.bitbucket.org/2.0/repositories/{workspace}/{repo_slug} --data "{\"name\": \"${new_name}\"}"
Using the PUT method allows renaming of a repository.
For version 1.0 of the API:
According to https://confluence.atlassian.com/display/BITBUCKET/repository+Resource+1.0:
PUT https://api.bitbucket.org/1.0/repositories/{accountname}/{repo_slug} --data "name=new name"
This allows to update the visible name of a repository.
In a unix shell you can use cURL;
curl https://api.bitbucket.org/1.0/repositories/{accountname}/{old_repo_name} --data "name=new_repo_name" -X PUT
Is it possible for a user to authenticate in private repositories, but still have only administrators able to execute:
curl https://USER:PASS#api.bitbucket.org/1.0/repositories/{accountname}/{old_repo_name} --data "name=new_repo_name" -X PUT
Just in case anyone hits this with looking for a solution to an old version of the bitbucket API (in my case 5.14.0) to say the documentation on this version is lacking is being quite polite.
curl --location --request PUT 'https://git.local.install/rest/api/1.0/projects/aa/repos/my-repo' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic .....' \
--data-raw '{"name":"my-new-name"}'
According to the lastest API here is the correct curl command:
curl -X PUT --user username:password https://bitbucket.org/api/1.0/repositories/{accountname}/{repo_slug} --data "name=newRepoName"
Note that the repo_slug is the repository name IN LOWER CASE. If you don't put it all in lower case you would get the not so expressive answer "Not Found".
If you are not sure what is the repository slug execute the following command, which shows you the user's information including current repositories, and look for the field "slug"
curl --user username:password https://bitbucket.org/api/1.0/user