使用curl和crumb触发参数化构建

时间:2014-05-06 14:40:29

标签: curl jenkins

我在SO上看过类似的帖子,但不完全正是我要做的事情(或者至少没有完整的命令可以运行)。

我正在尝试使用curl远程触发Jenkins上的参数化构建。我已经“防止跨网站请求伪造”#39;启用所以我还需要传递有效的碎屑。

我的脚本如下:

#!/bin/bash

json="{\"parameter\": [{ \"P1\": \"param1\", \"P2\": \"param2\", \"P3\": \"param3\" }]}"
crumb=`curl "http://SERVER/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,%22:%22,//crumb)"`

curl -v -H $crumb -X POST http://SERVER/job/JOB_NAME/buildWithParameters -d token=runme --data-urlencode json="$json"

我还尝试修改我传递给卷曲的网址:

USERNAME:APITOKEN@SERVER

USERNAME:PASSWORD@SERVER

curl的输出是:

* About to connect() to SERVER port 8080 (#0)
*   Trying SERVER... connected
* Connected to SERVER (SERVER) port 8080 (#0)
* Server auth using Basic with user 'USERNAME'
> POST /job/JOB_NAME/buildWithParameters HTTP/1.1
> Authorization: Basic bjAwNjY5MjI6YWxLaW5kaTg=
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.13.1.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2
> Host: SERVER:8080
> Accept: */*
> .crumb:776eb589e8b930d9f06cfc2df885314c
> Content-Length: 168
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 403 No valid crumb was included in the request
< Content-Type: text/html;charset=ISO-8859-1
< Cache-Control: must-revalidate,no-cache,no-store
< Content-Length: 1469
< Server: Jetty(8.y.z-SNAPSHOT)
<

所以看起来我没有正确传递碎屑,但我不确定该命令的正确格式应该是什么。

7 个答案:

答案 0 :(得分:30)

对我有用的是什么:

SERVER=http://localhost:8080
CRUMB=$(curl --user $USER:$APITOKEN \
    $SERVER/crumbIssuer/api/xml?xpath=concat\(//crumbRequestField,%22:%22,//crumb\))

curl --user $USER:$APITOKEN -H "$CRUMB" -d "script=$GROOVYSCRIPT" $SERVER/script

答案 1 :(得分:20)

正确的格式如下:

curl -H ".crumb:xxxxxxxxxxxxxxxxxxxxxx"

答案 2 :(得分:10)

这对我有用:

获得面包屑 $ wget -q --auth-no-challenge --user yourUserName --password yourPassword--output-document - 'http://myJenkins:8080/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)'

现在运行Jenkins工作 $ curl -I -X POST http://yourUserName:yourPassword@myJenkins:8080/job/JOBName/build -H "Jenkins-Crumb:44e7038af70da95a47403c3bed5q10f8"

HTTP / 1.1 201创建日期:2017年7月28日星期五09:15:45 GMT X-Content-Type-Options:nosniff位置:http://myJenkins:8080/queue/item/17/内容长度:0

答案 3 :(得分:3)

这对我有用,我尝试使用此页面中已经提到的解决方案,但由于(a)引荐来源和(b)cookie,因此不得不对它们进行一些调整。 Jenkins版本2.204

sh script:"""

COOKIE_PATH=/tmp/cookie_jenkins_crumb.txt

CRUMB=\$(curl -s -c \$COOKIE_PATH -H '${jenkins_referer}' 'https://useridhere:${jenkins_live_token}@jenkins.example.com/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,\":\",//crumb)' )
# https://support.cloudbees.com/hc/en-us/articles/219257077-CSRF-Protection-Explained
# https://wiki.jenkins.io/display/JENKINS/Remote+access+API#RemoteaccessAPI-CSRFProtection
# but a bit adjusted as it is not exactly usable as it is in the documentation page.
# We discovered that the CRUMB should be identical because it
# is paired with a cookie. Thus save the cookie, it is important.

sed -i 's/ORGANIZATION/${PROJECT_NAME}/g' ${jenkins_credentials_json_template_file_path} 
# a json file with labels for quick replacements.

# cat ${jenkins_credentials_json_template_file_path}

# https://support.cloudbees.com/hc/en-us/articles/360030526992-How-to-manage-Credentials-via-the-REST-API
curl -s -b \$COOKIE_PATH -u useridhere:${jenkins_live_token} -H '${jenkins_referer}' -H \"\${CRUMB}\" -X POST --data-urlencode json@${jenkins_credentials_json_template_file_path} 'https://jenkins.example.com/credentials/store/system/domain/_/createCredentials'
"""

答案 4 :(得分:2)

这是对@seeker答案的强调。

要格外注意

正如提到的其他答案一样,您获得的碎屑可能会有所不同,具体取决于用于浏览到Jenkins的浏览器,无论是Chrome,Curl还是WGet。

但是,这很重要,但是,我用于CURL命令的碎片是我从WGET命令获得的碎片。这不是我从CURL -X GET命令得到的东西。

我不清楚为什么会这样,但是就像@Seeker的回答一样,这对我有用。

什么时候我有不同的面包屑

  1. 浏览到http://qajenkins:8080/crumbIssuer/api/xml

  2. 浏览到http://10.143.18.43:8080/crumbIssuer/api/xml(qajenkins = 10.143.18.43)

  3. 正在运行

    curl -X WGET http://10.143.18.43:8080/crumbIssuer/api/xml

  4. 正在运行

    wget -q --auth-no-challenge --user raamee --password 12345678 --output-document-'http://10.143.18.43:8080/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,“:”,// crumb)'; echo

    < / li>

为了获取curl命令

curl -X POST -H "Jenkins-Crumb:2e03fc96f387abggga6581fe5883a14a" http://10.143.18.43:8080/view/Raamee_phase_2/job/test_remote_api_triggerring/buildWithParameters?token=MY_TOKEN --user "raamee:12345678"

我用了从wget命令(第4个命令)获得的碎屑。

答案 5 :(得分:0)

以前的答案都没有对我有用,但是混用了一些标志后,我才开始起作用:

JKSERVER="http://localhost:8080"
JKUSER="jenkins_user"
JKPASSWORD="jenkins_password"
JKCRUMB=`wget -q --auth-no-challenge --user $JKUSER --password $JKPASSWORD --output-    document - '$JKSERVER/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)'`

curl --user $JKUSER:$JKPASSWORD -I -X POST "$JKSERVER/job/master/build" -H "$JKcrumb"

答案 6 :(得分:0)

这有效

crumb=$(curl -u "user:pass" -s 'http://jenkins_URL/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)')

curl -u "user:pass" -H "$crumb" -X POST **http://jenkins_URL/job/ENV/build?delay=0sec**

注意:右键单击获取此POST URL,然后复制“立即构建”链接。