我需要通过脚本创建一个jenkins凭证(https://wiki.jenkins-ci.org/display/JENKINS/Credentials+Plugin).如何使用REST API或cli执行此操作?
请注意,我可以使用/ credential-store/domain// api/json和/ credential-store/domain //credential/8bd82461-e239-4db1-90bc-831ca3412e70/api/json等列出凭证.
小智 28
这个问题花了我一段时间来计算,大量的挖掘,所以我决定让解决方案在这里,如果其他人需要它.
curl -X POST 'http://user:token@jenkins_server:8080/credentials/store/system/domain/_/createCredentials' \
--data-urlencode 'json={
"": "0",
"credentials": {
"scope": "GLOBAL",
"id": "identification",
"username": "manu",
"password": "bar",
"description": "linda",
"$class": "com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl"
}
}'
小智 13
使用最新的jenkins,您需要一个CRUMB来验证此操作(参考/sf/answers/2682000051/)
CRUMB=$(curl -s 'http://user:token@jenkins_server:8080/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)')
curl -H $CRUMB -X POST 'http://user:token@jenkins_server:8080/credentials/store/system/domain/_/createCredentials' \
--data-urlencode 'json={
"": "0",
"credentials": {
"scope": "GLOBAL",
"id": "identification",
"username": "manu",
"password": "bar",
"description": "linda",
"$class": "com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl"
}
}'
否则你会得到
<body><h2>HTTP ERROR 403</h2>
<p>Problem accessing /credentials/store/system/domain/_/createCredentials. Reason:
<pre> No valid crumb was included in the request</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/>
如果您需要创建凭据但使用 pem 文件路径,则可以使用以下命令:
先决条件:ssh-credentials 插件
CRUMB=$(curl -s 'http://{{jenkins_admin_username}}:{{jenkins_admin_password}}@localhost:8080/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)')
curl -H $CRUMB -X POST 'http://{{jenkins_admin_username}}:{{jenkins_admin_password}}@localhost:8080/credentials/store/system/domain/_/createCredentials' \
--data-urlencode 'json={
"": "0",
"credentials": {
"scope": "GLOBAL",
"id": "'{{ii.ssh_user}}'",
"username": "'{{ii.ssh_user}}'",
"password": "",
"privateKeySource": {
"stapler-class": "com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey$FileOnMasterPrivateKeySource",
"privateKeyFile": "'{{jenkins_home}}/{{ii.key_name}}.pem'",
},
"description": "'{{ii.ssh_user}}'",
"stapler-class": "com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey"
}
}'
这个命令在 ansible 中使用,但你可以用你自己的变量替换 {{variables}}
如果您需要添加所有 pem 文件内容,您需要将这些行更改为:
....
"stapler-class": "com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey$DirectEntryPrivateKeySource",
"privateKey": "{{private_key_content}}",
},
"description": "{{user}}",
"stapler-class": "com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey"
...
对此没有特定的 API 调用,但您可以通过 jenkins jar 的 cli 命令来完成此操作。
echo 'jenkins.model.Jenkins.instance.securityRealm.createAccount("username", "password")' | java -jar jenkins-cli.jar -s http://localhost/ groovy =
为了授予他们权限,您可以在 Jenkins 中创建一个任务,该任务每 N 分钟运行一次并执行 Groovy 脚本,如下所述:
| 归档时间: |
|
| 查看次数: |
15854 次 |
| 最近记录: |