我在SO上看过类似的帖子,但不完全正是我要做的事情(或者至少没有完整的命令可以运行)。
我正在尝试使用curl远程触发Jenkins上的参数化构建。我已经“防止跨网站请求伪造”#39;启用所以我还需要传递有效的碎屑。
我的脚本如下:
#!/bin/bash
json="{\"parameter\": [{ \"P1\": \"param1\", \"P2\": \"param2\", \"P3\": \"param3\" }]}"
crumb=`curl "http://SERVER/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,%22:%22,//crumb)"`
curl -v -H $crumb -X POST http://SERVER/job/JOB_NAME/buildWithParameters -d token=runme --data-urlencode json="$json"
我还尝试修改我传递给卷曲的网址:
USERNAME:APITOKEN@SERVER
和
USERNAME:PASSWORD@SERVER
curl的输出是:
* About to connect() to SERVER port 8080 (#0)
* Trying SERVER... connected
* Connected to SERVER (SERVER) port 8080 (#0)
* Server auth using Basic with user 'USERNAME'
> POST /job/JOB_NAME/buildWithParameters HTTP/1.1
> Authorization: Basic bjAwNjY5MjI6YWxLaW5kaTg=
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.13.1.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2
> Host: SERVER:8080
> Accept: */*
> .crumb:776eb589e8b930d9f06cfc2df885314c
> Content-Length: 168
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 403 No valid crumb was included in the request
< Content-Type: text/html;charset=ISO-8859-1
< Cache-Control: must-revalidate,no-cache,no-store
< Content-Length: 1469
< Server: Jetty(8.y.z-SNAPSHOT)
<
所以看起来我没有正确传递碎屑,但我不确定该命令的正确格式应该是什么。
答案 0 :(得分:30)
对我有用的是什么:
SERVER=http://localhost:8080
CRUMB=$(curl --user $USER:$APITOKEN \
$SERVER/crumbIssuer/api/xml?xpath=concat\(//crumbRequestField,%22:%22,//crumb\))
curl --user $USER:$APITOKEN -H "$CRUMB" -d "script=$GROOVYSCRIPT" $SERVER/script
答案 1 :(得分:20)
正确的格式如下:
curl -H ".crumb:xxxxxxxxxxxxxxxxxxxxxx"
答案 2 :(得分:10)
这对我有用:
获得面包屑
$ wget -q --auth-no-challenge --user yourUserName --password yourPassword--output-document - 'http://myJenkins:8080/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)
'
现在运行Jenkins工作
$ curl -I -X POST http://yourUserName:yourPassword@myJenkins:8080/job/JOBName/build -H "Jenkins-Crumb:44e7038af70da95a47403c3bed5q10f8"
HTTP / 1.1 201创建日期:2017年7月28日星期五09:15:45 GMT X-Content-Type-Options:nosniff位置:http://myJenkins:8080/queue/item/17/内容长度:0
答案 3 :(得分:3)
这对我有用,我尝试使用此页面中已经提到的解决方案,但由于(a)引荐来源和(b)cookie,因此不得不对它们进行一些调整。 Jenkins版本2.204
sh script:"""
COOKIE_PATH=/tmp/cookie_jenkins_crumb.txt
CRUMB=\$(curl -s -c \$COOKIE_PATH -H '${jenkins_referer}' 'https://useridhere:${jenkins_live_token}@jenkins.example.com/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,\":\",//crumb)' )
# https://support.cloudbees.com/hc/en-us/articles/219257077-CSRF-Protection-Explained
# https://wiki.jenkins.io/display/JENKINS/Remote+access+API#RemoteaccessAPI-CSRFProtection
# but a bit adjusted as it is not exactly usable as it is in the documentation page.
# We discovered that the CRUMB should be identical because it
# is paired with a cookie. Thus save the cookie, it is important.
sed -i 's/ORGANIZATION/${PROJECT_NAME}/g' ${jenkins_credentials_json_template_file_path}
# a json file with labels for quick replacements.
# cat ${jenkins_credentials_json_template_file_path}
# https://support.cloudbees.com/hc/en-us/articles/360030526992-How-to-manage-Credentials-via-the-REST-API
curl -s -b \$COOKIE_PATH -u useridhere:${jenkins_live_token} -H '${jenkins_referer}' -H \"\${CRUMB}\" -X POST --data-urlencode json@${jenkins_credentials_json_template_file_path} 'https://jenkins.example.com/credentials/store/system/domain/_/createCredentials'
"""
答案 4 :(得分:2)
这是对@seeker答案的强调。
要格外注意
正如提到的其他答案一样,您获得的碎屑可能会有所不同,具体取决于用于浏览到Jenkins的浏览器,无论是Chrome,Curl还是WGet。
但是,这很重要,但是,我用于CURL命令的碎片是我从WGET命令获得的碎片。这不是我从CURL -X GET命令得到的东西。
我不清楚为什么会这样,但是就像@Seeker的回答一样,这对我有用。
什么时候我有不同的面包屑
浏览到http://10.143.18.43:8080/crumbIssuer/api/xml(qajenkins = 10.143.18.43)
正在运行
curl -X WGET http://10.143.18.43:8080/crumbIssuer/api/xml
正在运行
wget -q --auth-no-challenge --user raamee --password 12345678 --output-document-'http://10.143.18.43:8080/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,“:”,// crumb)'; echo
< / li>为了获取curl命令
curl -X POST -H "Jenkins-Crumb:2e03fc96f387abggga6581fe5883a14a" http://10.143.18.43:8080/view/Raamee_phase_2/job/test_remote_api_triggerring/buildWithParameters?token=MY_TOKEN --user "raamee:12345678"
我用了从wget命令(第4个命令)获得的碎屑。
答案 5 :(得分:0)
以前的答案都没有对我有用,但是混用了一些标志后,我才开始起作用:
JKSERVER="http://localhost:8080"
JKUSER="jenkins_user"
JKPASSWORD="jenkins_password"
JKCRUMB=`wget -q --auth-no-challenge --user $JKUSER --password $JKPASSWORD --output- document - '$JKSERVER/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)'`
curl --user $JKUSER:$JKPASSWORD -I -X POST "$JKSERVER/job/master/build" -H "$JKcrumb"
答案 6 :(得分:0)
这有效
crumb=$(curl -u "user:pass" -s 'http://jenkins_URL/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)')
curl -u "user:pass" -H "$crumb" -X POST **http://jenkins_URL/job/ENV/build?delay=0sec**
注意:右键单击获取此POST URL,然后复制“立即构建”链接。