How to Set multiple credentials using withcredentials in jenkins pipeline groovy file - jenkins

I need to set two or more credentials to a job, my plan is to use it separately like below, so that it can be used in multiple jobs
static void _artifactoryCredentialBinding(Job job) {
job.with {
wrappers {
credentialsBinding {
usernamePassword('USERNAME', 'PASSWORD', 'xxxxx')
}
}
}
}
static void _jasyptCredentialBinding(Job job) {
return job.with {
wrappers {
credentialsBinding {
usernamePassword('', 'PASSWORD', 'jasypt-credentials')
}
}
}
}
When I do this the first credential is getting over ridden by the second credential.
I will be calling these two methods as a helper method in where ever necessary in my groovy file.
I would require to add multiple credentials in few jobs and only one credential in a job.
Adding the credentials under one wrapper will work - multiple-credentials, but I will not be able to reuse if I add multiple under the same.
I tried returning the Job in the above methods and used the same methods to set the creds but getting the error while building -
ERROR: (CredentialBindingUtil.groovy, line 28) No signature of method: xxxx.CredentialBindingUtil$__pfJasyptCredentialBinding_closure3.wrappers() is applicable for argument types: (xxx.CredentialBindingUtil$__pfJasyptCredentialBinding_closure3$_closure9) values: [xxxx.CredentialBindingUtil$__pfJasyptCredentialBinding_closure3$_closure9#11b4d391]
[Office365connector] No webhooks to notify
How do I make the credentials to be appended with the existing ones ?

As discussed in the comments, it's possible to achieve this through the Configure Block.
static void _artifactoryCredentialBinding(def job) {
job.with {
configure { node ->
node / 'buildWrappers' / 'org.jenkinsci.plugins.credentialsbinding.impl.SecretBuildWrapper' / 'bindings' << 'org.jenkinsci.plugins.credentialsbinding.impl.UsernamePasswordMultiBinding' {
usernameVariable 'some-credential-id'
credentialsId PASS1
passwordVariable USER1
}
}
}
}
static void _jasyptCredentialBinding(def job) {
job.with {
configure { node ->
node / 'buildWrappers' / 'org.jenkinsci.plugins.credentialsbinding.impl.SecretBuildWrapper' / 'bindings' << 'org.jenkinsci.plugins.credentialsbinding.impl.UsernamePasswordMultiBinding' {
usernameVariable 'some-credential-id'
credentialsId PASS2
passwordVariable USER2
}
}
}
}
def a_job = job('a-temporaryjob')
_artifactoryCredentialBinding(a_job)
_jasyptCredentialBinding(a_job)
To understand how the Configure Block works I highly suggest reading the wiki page and an older blog post which explains step by step how to configure an unsupported plugin.

Related

JobDSL triggers deprecated, pipelineTriggers closure problem

I'm using jobdsl 1.76 and trying to migrate to 1.77: from triggers to pipelineTriggers:
pipelineJob('testPipelineTriggers'){
properties {
pipelineTriggers {
triggers {
cron{
spec("* * * * *")
}
}
}
}
}
This simple code giving me below error which I couldnt understand:
No signature of method: javaposse.jobdsl.dsl.helpers.properties.PropertiesContext.pipelineTriggers() is applicable for argument types: (XXX$__clinit__closure1$_closure2$_closure7$_closure9) values: [XXX$__clinit__closure1$_closure2$_closure7$_closure9#3c818ac4]
note: I replaced our groovy filename with 'XXX'

Jenkins Job DSL: unknown return statement

some days ago I bumped into a code snippet used to override the default configuration of the Jenkins plugin "GitHub SCM Source" (unknown author):
Closure configOverride(String repo, int id, String cred) {
return {
it / sources / 'data' / 'jenkins.branch.BranchSource' << {
source(class: 'org.jenkinsci.plugins.github_branch_source.GitHubSCMSource') {
id(id)
scanCredentialsId(cred)
checkoutCredentialsId('SAME')
repoOwner('owner')
repository(repo)
includes('*')
buildOriginBranch('true')
buildOriginBranchWithPR('true')
buildOriginPRMerge('false')
buildOriginPRHead('false')
buildForkPRMerge('true')
buildForkPRHead('false')
}
}
}
}
All it's good except that I can't understand the following line:
it / sources / 'data' / 'jenkins.branch.BranchSource' << { ... }
I tried to find some explanation about the use of '/' in groovy but no luck. Maybe I don't know what exactly to search.
Could someone help me please with a link to the docs or a short explanation.
This is overloading of
operators
Groovy allows you to overload the various operators so that they can be used with your own classes. Consider this simple class:
class Bucket {
int size
Bucket(int size) { this.size = size }
Bucket plus(Bucket other) {
return new Bucket(this.size + other.size)
}
}
Just by implementing the plus() method, the Bucket class can now be used with the + operator like so:
def b1 = new Bucket(4)
def b2 = new Bucket(11)
assert (b1 + b2).size == 15
For / one would override T div(T x)
This code snippet is used in Jenkins DSL for the "multibranchPipelineJob". The closure configOverride is used to generate an XML object which replace the default configuration in config.xml on the following path "sources/data/jenkins.branch.BranchSource".

Jenkins timeout/abort exception

We have a Jenkins pipeline script that requests approval from the user after all the preparatory steps are complete, before it actually applies the changes.
We want to add a timeout to this step, so that if there is no input from the user then the build is aborted, and are currently working on using this kind of method:
try {
timeout(time: 30, unit: 'SECONDS') {
userInput = input("Apply changes?")
}
} catch(err) {
def user = err.getCauses()[0].getUser()
if (user.toString == 'SYSTEM') { // if it's system it's a timeout
didTimeout = true
echo "Build timed out at approval step"
} else if (userInput == false) { // if not and input is false it's the user
echo "Build aborted by: [${user}]"
}
}
This code is based on examples found here: https://support.cloudbees.com/hc/en-us/articles/226554067-Pipeline-How-to-add-an-input-step-with-timeout-that-continues-if-timeout-is-reached-using-a-default-value and other places online, but I really dislike catching all errors then working out what's caused the exception using err.getCauses()[0].getUser(). I'd rather explicitly catch(TimeoutException) or something like that.
So my question is, what are the actual exceptions that would be thrown by either the approval step timing out or the userInput being false? I haven't been able to find anything in the docs or Jenkins codebase so far about this.
The exception class they are referring to is org.jenkinsci.plugins.workflow.steps.FlowInterruptedException.
Cannot believe that this is an example provided by CloudBeeds.
Most (or probably all?) other exceptions won't even have the getCauses() method which of course would throw another exception then from within the catch block.
Furthermore as you already mentioned it is not a good idea to just catch all exceptions.
Edit:
By the way: Scrolling further down that post - in the comments - there you'll find an example catching a FlowInterruptedException.
Rather old topic, but it helped me, and I've done some more research on it.
As I figured out, FlowInterruptedException's getCauses()[0] has .getUser() only when class of getCauses()[0] is org.jenkinsci.plugins.workflow.support.steps.input.Rejection. It is so only when timeout occured while input was active. But, if timeout occured not in input, getCause()[0] will contain object of another class: org.jenkinsci.plugins.workflow.steps.TimeoutStepExecution$ExceededTimeout (directly mentioning timeout).
So, I end up with this:
def is_interrupted_by_timeout(org.jenkinsci.plugins.workflow.steps.FlowInterruptedException e, Boolean throw_again=true) {
// if cause is not determined, re-throw exception
try {
def cause = e.getCauses()[0]
def cause_class = cause.getClass()
//echo("cause ${cause} class: ${cause_class}")
if( cause_class == org.jenkinsci.plugins.workflow.steps.TimeoutStepExecution$ExceededTimeout ) {
// strong detection
return true
} else if( cause_class == org.jenkinsci.plugins.workflow.support.steps.input.Rejection ) {
// indirect detection
def user = cause.getUser()
if( user.toString().equals('SYSTEM') ) {
return true
} else {
return false
}
}
} catch(org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException e_access) {
// here, we may deal with situation when restricted methods are not approved:
// show message and Jengins' admin will copy/paste and execute them only once per Jenkins installation.
error('''
To run this job, Jenkins admin needs to approve some Java methods.
There are two possible ways to do this:
1. (better) run this code in Jenkins Console (URL: /script):
import org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval;
def scriptApproval = ScriptApproval.get()
scriptApproval.approveSignature('method org.jenkinsci.plugins.workflow.steps.FlowInterruptedException getCauses')
scriptApproval.approveSignature('method org.jenkinsci.plugins.workflow.support.steps.input.Rejection getUser')
scriptApproval.save()
'''.stripIndent())
return null
}
if( throw_again ) {
throw e
} else {
return null
}
}
And now, you may catch it with something like this:
try {
...
} catch (org.jenkinsci.plugins.workflow.steps.FlowInterruptedException err) {
if( is_interrupted_by_timeout(err) ) {
echo('It is timeout!')
}
}
P.S. I agree, this is bad Jenkins design.

Adding Suppress automatic scm triggering except for named branches in Jenkins Job DSL?

How do I add default Suppress automatic scm triggering except for named branch - development in Job DSL?
I tried docs
https://jenkinsci.github.io/job-dsl-plugin/#path/multibranchPipelineJob . It doesn't say much. Seems like it is not supported.
So I guess my only way is adding custom properties directly to XML via configure block.
What I want:
<strategy class="jenkins.branch.NamedExceptionsBranchPropertyStrategy">
<defaultProperties class="java.util.Arrays$ArrayList">
<a class="jenkins.branch.BranchProperty-array">
<jenkins.branch.NoTriggerBranchProperty/>
</a>
</defaultProperties>
<namedExceptions class="java.util.Arrays$ArrayList">
<a class="jenkins.branch.NamedExceptionsBranchPropertyStrategy$Named-array">
<jenkins.branch.NamedExceptionsBranchPropertyStrategy_-Named>
<props class="empty-list"/>
<name>development</name>
</jenkins.branch.NamedExceptionsBranchPropertyStrategy_-Named>
</a>
</namedExceptions>
</strategy>
What I've tried:
multibranchPipelineJob(jobName) {
branchSources {
git {
remote(gitRepo)
credentialsId(credentials)
includes('*')
configure {
it / "sources class='jenkins.branch.MultiBranchProject$BranchSourceList'" / 'data' / 'jenkins.branch.BranchSource' / "strategy class='jenkins.branch.DefaultBranchPropertyStrategy'" << name('development')
}
}
}
}
This is useful, but keeps crashing http://job-dsl.herokuapp.com/
This is not so useful https://github.com/jenkinsci/job-dsl-plugin/blob/master/docs/The-Configure-Block.md
I have no idea what I'm doing and the docs, manuals and tutorials are not helpful at all.
EDIT:
Now I have this. It works, sort of...
I'm able to generate the job, but Jenkins throws an error when I try to resave the job. The output XML is somehow different.
multibranchPipelineJob(jobName) {
configure {
it / sources(class: 'jenkins.branch.MultiBranchProject$BranchSourceList') / 'data' / 'jenkins.branch.BranchSource' << {
source(class: 'jenkins.plugins.git.GitSCMSource') {
id(randomId)
remote(gitRepo)
credentialsId(credentials)
}
strategy(class: "jenkins.branch.NamedExceptionsBranchPropertyStrategy") {
defaultProperties(class: "java.util.Arrays\$ArrayList") {
a(class: "jenkins.branch.BranchProperty-array") {
'jenkins.branch.NoTriggerBranchProperty'()
}
}
namedExceptions(class: "java.util.Arrays\$ArrayList") {
a(class: "jenkins.branch.NamedExceptionsBranchPropertyStrategy\$Named-array") {
'jenkins.branch.NamedExceptionsBranchPropertyStrategy_-Named'() {
props(class: "empty-list")
name('development')
}
}
}
}
}
}
}
As you might have noticed, it is extremely ugly. Hopefully someone will fix the plugin in the future.
So the code which is working is the following:
UUID uuid = UUID.randomUUID()
println('Random UUID: ' + uuid)
multibranchPipelineJob('test') {
configure {
it / sources / 'data' / 'jenkins.branch.BranchSource' << {
source(class: 'jenkins.plugins.git.GitSCMSource') {
id(uuid)
remote('...')
credentialsId('...')
includes('*')
excludes('')
ignoreOnPushNotifications('false')
traits {
'jenkins.plugins.git.traits.BranchDiscoveryTrait'()
}
}
strategy(class: 'jenkins.branch.NamedExceptionsBranchPropertyStrategy') {
defaultProperties(class: 'empty-list')
namedExceptions(class: 'java.util.Arrays\$ArrayList') {
a(class: 'jenkins.branch.NamedExceptionsBranchPropertyStrategy\$Named-array') {
'jenkins.branch.NamedExceptionsBranchPropertyStrategy_-Named'() {
props(class: 'java.util.Arrays\$ArrayList') {
a(class: 'jenkins.branch.BranchProperty-array') {
'jenkins.branch.NoTriggerBranchProperty'()
}
}
name('master')
}
}
}
}
}
}
}
You can achieve this in two ways
Configuring in UI as explained here, which you said you do not want to do.
Using conditional statements in DSL as explained here

Grails channel security causing a redirect loop

I am new to Grails and I am working on an exisiting application. I am trying to force the anyone using our website to allways be on https. I added the Spring Security Core plugin
//BuildConfig.groovy
compile "org.grails.plugins:spring-security-core:2.0.0"
and I just added
///Config.groovy
grails.plugin.springsecurity.secureChannel.definition = [
'/**': 'REQUIRES_SECURE_CHANNEL'
When I try to go on localhost:8080/myapp, it redirects me to https://localhost:8443/myapp, but I get a "This webpage has a redirect loop ERR_TOO_MANY_REDIRECTS" message.
I added print statements in my SecurityFilters.groovy, and I can see the infinite loop going
baseFilter(controller: "*", action: "*")
{
before = {
println "baseFilter"
// If auth controller then ok to continue
if (controllerName.equals("auth"))
{
return true;
}
// If no subject (user) and not auth controller then user must authenticate
if (!session.subject && !(controllerName.equals("auth")))
{
params.targetUri = request.forwardURI - request.contextPath
if (params.action=="profile") {
params.targetUri=params.targetUri + "?page=" + params?.page
}
else if (params.action=="results") {
params.targetUri="/home"
}
println "baseFilter: Redirecting: PARAMS = $params"
redirect(controller:'auth', action:'login', params: params)
return false;
}
}
}
It's just:
baseFilter
baseFilter: Redirecting: PARAMS = [action:auth, format:null, controller:login, targetUri:/login/auth]
Over and over.
I've tried many other things I found on Stackoverflow and other websites, but they either do not work, or are too complicated.
Thank you.
Ok, so this isn't the answer to the question, but I managed to achieve what I was trying to do, which was to force SLL, and redirect any attempts to use http. I did this by using the shiro plugin, which was already being used by my application. In the Buildconfig.groovy, just add compile ":shiro:1.2.1" to you plugins. In the config.groovy I added the following properties:
security {
shiro {
filter {
loginUrl = "/login"
successUrl = "/"
unauthorizedUrl = "/unauthorized"
filterChainDefinitions = """
/** = ssl[443]
"""
}
}
}
You can modify your filterChainDefinitions to only force ssl on certain urls. I just used /** because I always want SSL.

Resources