我需要通过脚本创建一个jenkins凭证(https://wiki.jenkins-ci.org/display/JENKINS/Credentials+Plugin)。如何使用REST API或cli执行此操作?
请注意,我可以使用/ credential-store / domain / / api / json和/ credential-store / domain / / credential / 8bd82461-e239-4db1-90bc列出凭据-831ca3412e70 / api / json等。
答案 0 :(得分:21)
这个问题花了我一段时间来计算,大量的挖掘,所以我决定让这里的解决方案,如果其他人需要它。
curl -X POST 'http://user:token@jenkins_server:8080/credentials/store/system/domain/_/createCredentials' \
--data-urlencode 'json={
"": "0",
"credentials": {
"scope": "GLOBAL",
"id": "identification",
"username": "manu",
"password": "bar",
"description": "linda",
"$class": "com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl"
}
}'
答案 1 :(得分:11)
使用最新的jenkins,您需要一个CRUMB来验证此操作(参考https://stackoverflow.com/a/38314286)
CRUMB=$(curl -s 'http://user:token@jenkins_server:8080/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)')
curl -H $CRUMB -X POST 'http://user:token@jenkins_server:8080/credentials/store/system/domain/_/createCredentials' \
--data-urlencode 'json={
"": "0",
"credentials": {
"scope": "GLOBAL",
"id": "identification",
"username": "manu",
"password": "bar",
"description": "linda",
"$class": "com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl"
}
}'
否则你得到
<body><h2>HTTP ERROR 403</h2>
<p>Problem accessing /credentials/store/system/domain/_/createCredentials. Reason:
<pre> No valid crumb was included in the request</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/>
答案 2 :(得分:3)
没有针对此的特定API调用,但您可以通过cli命令对jenkins jar执行此操作。
echo 'jenkins.model.Jenkins.instance.securityRealm.createAccount("username", "password")' | java -jar jenkins-cli.jar -s http://localhost/ groovy =
为了授予他们权限,您可以在Jenkins中创建一个任务,该任务每N分钟运行一次,并执行如下所述的groovy脚本:
答案 3 :(得分:3)
如果你需要创建凭证但是使用pem文件路径,你可以使用它:
先决条件:ssh-credentials插件
CRUMB=$(curl -s 'http://{{jenkins_admin_username}}:{{jenkins_admin_password}}@localhost:8080/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)')
curl -H $CRUMB -X POST 'http://{{jenkins_admin_username}}:{{jenkins_admin_password}}@localhost:8080/credentials/store/system/domain/_/createCredentials' \
--data-urlencode 'json={
"": "0",
"credentials": {
"scope": "GLOBAL",
"id": "'{{ii.ssh_user}}'",
"username": "'{{ii.ssh_user}}'",
"password": "",
"privateKeySource": {
"stapler-class": "com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey$FileOnMasterPrivateKeySource",
"privateKeyFile": "'{{jenkins_home}}/{{ii.key_name}}.pem'",
},
"description": "'{{ii.ssh_user}}'",
"stapler-class": "com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey"
}
}'
此命令在ansible中使用,但您可以使用自己的变量替换{{variables}}
如果您需要添加所有pem文件内容,则需要将行更改为:
....
"stapler-class": "com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey$DirectEntryPrivateKeySource",
"privateKey": "{{private_key_content}}",
},
"description": "{{user}}",
"stapler-class": "com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey"
...
答案 4 :(得分:3)
在这里添加我的2美分:如果您想为特定文件夹创建凭据,请使用以下内容:
curl -H $CRUMB -X POST 'http://user:token@jenkins_server:8080/job/MY_FOLDER_NAME/credentials/store/folder/domain/_/createCredentials' \
...
因此,您需要在查询部分的开头使用/ job / My_Folder并将/ store / system替换为/ store / folder
答案 5 :(得分:2)
我有一个groovy脚本,它还使用基于Matrix的安全性设置用户权限。该脚本发布在Creating user in Jenkins via API
答案 6 :(得分:0)
Unable to point to ssh keys in ~/.ssh on Jenkins host
这意味着它不再起作用,
"privateKeySource": {
"stapler-class": "com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey$FileOnMasterPrivateKeySource",
"privateKeyFile": "'{{jenkins_home}}/{{ii.key_name}}.pem'",
},