Mask credentials in Jenkins script shell - jenkins

I added credentials in Credentials Binding Plugin in Jenkins.
Then I send this credentials as text to company's chat in Execute shell section using curl with data parameter:
curl --silent $url -d "{ \"text\": \"$credentials\" }" -H "X-Auth-Token: $auth_token" -H "X-User-Id: $user_id" -H "Content-type:application/json"
And I receive unmasked credentials in chat. How can I mask credentials or modify Binding plugin which will mask secret text same as echo output

Related

Masking Basic Auth header when using CURL to trigger remote jenkins job

I want to trigger remote Jenkins job from my container(k8s).
Currently, I'm using:
curl -k -X POST -u $USER:$JENKINS_TOKEN "${JENKINS_URL}/job/{$JOB_NAME}/buildWithParameters?token=12345"
But this information($USER,$JENKINS_TOKEN) is displayed in ArgoUI, is there any secure/other way to save credentials for remote trigger?
You can try one of the following.
Save the password in a file called password-file and read from that
curl -k -X POST -u $USER:$(cat .password-file)"${JENKINS_URL}/job/{$JOB_NAME}/buildWithParameters?token=12345"
Accept credentials from the STDIN.
curl -k -X POST "${JENKINS_URL}/job/{$JOB_NAME}/buildWithParameters?token=12345" -K- <<< "--user $USER:$JENKINS_TOKEN"
You can also try using --netrc-file option with curl where you can store the username and password in a file itself.
file
machine JENKINS_HOST login USERNAME password PASSWORD
Curl Command
curl -k -X POST --netrc-file my-password-file "${JENKINS_URL}/job/{$JOB_NAME}/buildWithParameters?token=12345"

How to Get All Tags from Docker Hub (Private Repositories) as Shell Script

I have one shell script when i execute it showing only 64 tags from 300 tags docker hub.
Here is the below command which i'm executing in shell script through curl.
IMAGE_TAGS=$(curl -s -H "Authorization: JWT ${HUB_TOKEN} https://hub.docker.com/v2/repositories/$username/issues/tags/?page_size=300" | jq --raw-output '.results[] | .name')
Even after giving page_size also it is not showing my all tags
Note :- Tags using for Private Repositories
Please help me how can i solve it
Try API version 1 which help me to get all the tags
https://registry.hub.docker.com/v1/repositories/mysql/tags open in browser and you can modify it as per your need
Or have a look to Github https://gist.github.com/robv8r/fa66f5e0fdf001f425fe9facf2db6d49 This is exactly what you want
UPDATE
Add this in a shell script file
#!/usr/bin/env bash
docker-tags() {
arr=("$#")
for item in "${arr[#]}";
do
tokenUri="https://auth.docker.io/token"
data=("service=registry.docker.io" "scope=repository:$item:pull")
token="$(curl --silent --get --data-urlencode ${data[0]} --data-urlencode ${data[1]} $tokenUri | jq --raw-output '.token')"
listUri="https://registry-1.docker.io/v2/$item/tags/list"
authz="Authorization: Bearer $token"
result="$(curl --silent --get -H "Accept: application/json" -H "Authorization: Bearer $token" $listUri | jq --raw-output '.')"
echo $result
done
}
docker-tags "<YOUR_DOCKER_IMAGE_NAME>"
Replace <YOUR_DOCKER_IMAGE_NAME> with your docker image.
have a look to this for more info Listing the tags of a Docker image on a Docker hub through the HTTP API

display sh script output in confluence using jenkins

I would like to publish the output of bash script in confluence using jenkins, and everytime the page in confluence opened will the output updated. Is there any possibility to do that? thx
You can use Confluence Rest Api.
You can try this https://developer.atlassian.com/server/confluence/confluence-rest-api-examples/
Example:
curl -u jira_username_login:jira_password -X POST -H 'Content-Type: application/json' -d '{"type":"page","title":"new page",
"space":{"key":"TST"},"body":{"storage":{"value":"<p>This is <br/> a new page</p>","representation":
"storage"}}}' http://localhost:8080/confluence/rest/api/content/ | python -mjson.tool
To get bash output:
How to set a variable to the output of a command in Bash?

Gerrit Authentication required

I'm working on some automation for Gerrit. I have used following API to check access
curl -X POST --digest -k --user username:password https://gitAccess/access/
But returns authentication required. Can you please help me
3 things to note as I was also getting an "unauthorized" when trying to access Gerrit APIs
Make sure you have your HTTP password. This is different from the
password you use to login to Gerrit. To get it, go to gerrit ->
click on your username -> Settings -> HTTP Password -> Click on
generate password. Use this password when making HTTP requests
Prefix /a to the endpoint URL as mentioned here. For example /changes becomes /a/changes when using authentication
Use the --digest option if you are using curl as mentioned here
Example
curl --digest -u <USERNAME> -i -H "Accept: application/json" "https://<GERRIT SERVER>/a/changes"
# curl will prompt you for the password. You can also do it as below
curl --digest --user <USERNAME:PASSWORD> -i -H "Accept: application/json" "https://<GERRIT SERVER>/a/changes"

Trigger jenkins job with parameters from shell

I am trying to trigger a trigger jenkins job from shell but as of now no sucess.I tried both these methods
curl -u ceadmin:ceadmin -X POST http://abc-lnx:8080/job/ci_demo/build --data token=ci_build -data-urlencode json='{"parameter": [{"name":"Branch", "value":"master"}, {"name":"verbosity", "value":"high"}]}'
curl -X POST http://abc-lnx:8080/job/ci_demo/buildWithParameters?token=ci_build&Branch=master
I have defined ce_admin as token in my job. also ce_admin is a admin user in Jenkins.Anonymous user do not have any permission other then read on jobs and views.
What am i missing?
This works for me:
#parameters:
username=user
password=password
jenkins_url=example.com/build
some_token=hi
job_name=dostuff
curl -u $username:$password -X POST https://$jenkins_url/job/$job_name/build\?token\=$some_token
So this should work for your example (I escaped "?", and "&"):
curl -u ceadmin:ceadmin -X POST http://abc-lnx:8080/job/ci_demo/buildWithParameters\?token=ci_build\&Branch=master

Resources