How to pass credential id in curl command - jenkins

I am using below curl command to upload file in nexus.
curl -v -L -user "id":"password" --upload-file /jenkins/workspace/Raghu/SonarQube/target/spring-petclinic-2.0.0.BUILD-SNAPSHOT.jar https://uat.alm.com/nexus/content/repositories/NexusTest1_Snapshot/2.0/
I want to use credentials Id : "ff154118-e8d1-4c40-a63b-5ce5821c347c" instead of id and password.
Please help me how can i use it.

Related

Masking Basic Auth header when using CURL to trigger remote jenkins job

I want to trigger remote Jenkins job from my container(k8s).
Currently, I'm using:
curl -k -X POST -u $USER:$JENKINS_TOKEN "${JENKINS_URL}/job/{$JOB_NAME}/buildWithParameters?token=12345"
But this information($USER,$JENKINS_TOKEN) is displayed in ArgoUI, is there any secure/other way to save credentials for remote trigger?
You can try one of the following.
Save the password in a file called password-file and read from that
curl -k -X POST -u $USER:$(cat .password-file)"${JENKINS_URL}/job/{$JOB_NAME}/buildWithParameters?token=12345"
Accept credentials from the STDIN.
curl -k -X POST "${JENKINS_URL}/job/{$JOB_NAME}/buildWithParameters?token=12345" -K- <<< "--user $USER:$JENKINS_TOKEN"
You can also try using --netrc-file option with curl where you can store the username and password in a file itself.
file
machine JENKINS_HOST login USERNAME password PASSWORD
Curl Command
curl -k -X POST --netrc-file my-password-file "${JENKINS_URL}/job/{$JOB_NAME}/buildWithParameters?token=12345"

Can any one please provide Curl Command to get Artifact from Nexus in Jenkins file

Please provide Curl command to download the artifact from nexus with username and password.
The Assets API mentions how to get the download URL for some asset, and it uses username and password with curl:
curl -u admin:admin123 -X GET 'http://localhost:8081/service/rest/v1/assets?repository=maven-central'
Once you have that, run curl again with the download URL you obtained:
curl -u admin:admin123 -X GET 'http://localhost:8081/repository/maven-central/asm/asm/3.1/asm-3.1-sources.jar'

How to fetch war file from Jfrog artifactory inside dockerfile ? getting HTTP 401 error

I have created a declarative jenkins pipeline and one of it's stages is as follows:
stage('Docker Image'){
steps{
bat 'docker build -t HMT/demo-application:%BUILD_NUMBER% --no-cache -f Dockerfile .'
}
}
This is the docker file:
FROM tomcat:alpine
RUN wget -O /usr/local/tomcat/webapps/launchstation04.war http://localhost:8082/artifactory/demoArtifactory/com/demo/0.0.1-SNAPSHOT/demo-0.0.1-SNAPSHOT.war
EXPOSE 9100
CMD /usr/local/tomcat/bin/cataline.bat run
I am getting the below error.:
[91m/bin/sh:
01:33:28 [0mThe command '/bin/sh -c wget -O /usr/local/tomcat/webapps/launchstation04.war http://localhost:8082/artifactory/demoArtifactory/com/demo/0.0.1-SNAPSHOT/demo-0.0.1-SNAPSHOT.war' returned a non-zero code: 127
UPDATE:
I have updated the command to
RUN wget -O /usr/local/tomcat/webapps/launchstation04.war -U jenkinsuser:Learning#% http://localhost:8082/artifactory/demoArtifactory/com/demo/0.0.1-SNAPSHOT/demo-0.0.1-20200823.053346-18.war
There is no problem in my command.Jfrog artifactory was unable to authorize this action.So I added username and password details but it still didn't work.
Error:
wget: server returned error: HTTP/1.1 401 Unauthorized
It didnt work after modifiying the password policy to unsupported.But it worked when I allowed anonymous access.
How to provide access using credentials.
Need more clarification on your question. Not sure where you are using curl command.
Image tomcat:alpine doesn't contains curl command. Unless you install it manually.
bash-4.4# type curl
bash: type: curl: not found
bash-4.4#
If your ask is regarding the sh -c option, if the script is invoked through CMD option, yes it will use sh. Instead you can give a try with ENTRYPOINT.
You can provide username & password via command line:
wget --user user --password pass
Using curl :
curl -u username:password -O
But void using special characters:
Change your password to another once in: [a-z][A-Z][0-9]
Try an API Key instead of password, I have a feeling that "#" may be throwing you off. Quotes can help there too or separating the password with -p
Also look at the request logs for whether the entry comes as 401 for the user, or anonymous/unauthenticated
Lastly, see if you can cURL from outside the image and then ADD the file in, as that will remove any external factors that may vary from the host (where I assume the command works)

jenkins Job Status via Curl

I need to get job build status failure or success via curl command.
I tried this :
curl --silent http://user:TokenID#Jenkins-BuildURL/job/job_number/api/json | jq -r '.result'
Unable to execute the curl.
Try below Command :
FYI , you are missing JOB_NAME in your curl command
curl --silent http://user:TokenID#Jenkins-BuildURL/job/${JOB_NAME}/${BUILD_NUMBER}/api/json
Note : JOB_NAME,BUILD_NUMBER are jenkins Environment variables , when executed from jenkins job it will pick latest job details
and you can always pass your credentials using '-u' option :
Example :
curl --silent -u username:user_pwd http://Jenkins-BuildURL/job/${JOB_NAME}/${BUILD_NUMBER}/api/json
And simple trick would be first check in browser if the Url is valid or not , if it valid half of the problem is eliminated , then we can focus on curl command

delete image from docker registry v2

the Docker Registry v2 has an API endpoint to delete an image
DELETE /v2/<name>/manifests/<reference>
https://github.com/docker/distribution/blob/master/docs/spec/api.md#deleting-an-image
However the doc says:
For deletes, reference must be a digest or the delete will fail.
Indeed, using a tag does not work and returns a 405 Operation Not Supported
The problem is, there doesn't seem to be any endpoint to get the digest of an image.
The endpoints to list images, and tags only list those.
Trying to get the manifest with
GET /v2/<name>/manifests/<reference>
using the tag as <reference>I see that a Docker-Content-Digest header is set with a digest which the doc says is
Docker-Content-Digest: Digest of the targeted content
for the request.
while the body contains a bunch of blobSum: <digest>
If I try using the Header digest value, with
GET /v2/<name>/manifests/<reference>
and the digest as <reference>, I get a 404.
the digest looks like: sha256:6367f164d92eb69a7f4bf4cab173e6b21398f94984ea1e1d8addc1863f4ed502
and I tried with and without the sha256 prefix. but no luck
So how am I supposed to get the digest of the image I want to delete, to delete it?
curl -u login:password -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -X GET https://registry.private.com/v2/<name>/manifests/<tag>
json > config > digest
Not a trivial operation in Docker API right now but I hope this procedure helps:
Create a file and give it a name, for me it will be delete-image.sh:
#!/bin/bash
# Inspired by: https://gist.github.com/jaytaylor/86d5efaddda926a25fa68c263830dac1
set -o errexit
if [ -z "$1" ]
then
echo "Error: The image name arg is mandatory"
exit 1
fi
registry='localhost:5000'
name=$1
curl -v -sSL -X DELETE "http://${registry}/v2/${name}/manifests/$(
curl -sSL -I \
-H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
"http://${registry}/v2/${name}/manifests/$(
curl -sSL "http://${registry}/v2/${name}/tags/list" | jq -r '.tags[0]'
)" \
| awk '$1 == "Docker-Content-Digest:" { print $2 }' \
| tr -d $'\r' \
)"
Give the permission to that file so that it can be executed;
sudo chmod u+x ./delete-image.sh
./delete-image.sh <your-image-name>
After deleting the image, collect the garbage;
docker exec -it registry.localhost bin/registry \
garbage-collect /etc/docker/registry/config.yml
Now delete the folder for that image (and I'm assuming that you created a volume previously);
sudo rm -rf ${HOME}/registry/docker/registry/v2/repositories/<your-image-name>
If you have not created a volume, you may have to enter the container to delete that folder. But, in any case, it's a good idea to restart the container;
docker restart registry.localhost
Procedure not recommended for production environments.
I hope that we will have better support for these operations natively in the Docker API in the future.

Resources