我想问一下是否有一种捷径可以在一个詹金斯管道上设置aws sts assume-role生成的全局环境变量。我的目标是使这些生成的值(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN)可在一个詹金斯管道上重用于3个阶段。目前,我在舞台上有此设置,尽管我觉得它太乱了,我想知道您是否可以建议我设置全局变量的更好方法。我当前的管道看起来像这样:
pipeline { agent any stages { stage ('S3 CHECK') { steps { sh ''' unset AWS_SESSION_TOKEN unset AWS_SECRET_ACCESS_KEY unset AWS_ACCESS_KEY_ID
CREDENTIALS=`aws sts assume-role --role-arn arn:aws:iam::0123456789123:role/POGI --role-session-name RoleSession`
export AWS_ACCESS_KEY_ID=`echo $CREDENTIALS | jq -r '.Credentials.AccessKeyId'`
export AWS_SECRET_ACCESS_KEY=`echo $CREDENTIALS | jq -r '.Credentials.SecretAccessKey'`
export AWS_SESSION_TOKEN=`echo $CREDENTIALS | jq -r '.Credentials.SessionToken'`
aws s3 ls
'''
}
}
stage ('CHECK AVAILABLE BEANSTALK PLATFORMS') {
steps {
sh '''
unset AWS_SESSION_TOKEN
unset AWS_SECRET_ACCESS_KEY
unset AWS_ACCESS_KEY_ID
CREDENTIALS=`aws sts assume-role --role-arn arn:aws:iam::0123456789123:role/POGI --role-session-name RoleSession`
export AWS_ACCESS_KEY_ID=`echo $CREDENTIALS | jq -r '.Credentials.AccessKeyId'`
export AWS_SECRET_ACCESS_KEY=`echo $CREDENTIALS | jq -r '.Credentials.SecretAccessKey'`
export AWS_SESSION_TOKEN=`echo $CREDENTIALS | jq -r '.Credentials.SessionToken'`
aws elasticbeanstalk describe-environment-resources --environment-name pogi
aws elasticbeanstalk list-platform-versions
'''
}
}
stage ('BEANSTALK CHECK') {
steps {
sh '''
unset AWS_SESSION_TOKEN
unset AWS_SECRET_ACCESS_KEY
unset AWS_ACCESS_KEY_ID
CREDENTIALS=`aws sts assume-role --role-arn arn:aws:iam::0123456789123:role/POGI --role-session-name RoleSession`
export AWS_ACCESS_KEY_ID=`echo $CREDENTIALS | jq -r '.Credentials.AccessKeyId'`
export AWS_SECRET_ACCESS_KEY=`echo $CREDENTIALS | jq -r '.Credentials.SecretAccessKey'`
export AWS_SESSION_TOKEN=`echo $CREDENTIALS | jq -r '.Credentials.SessionToken'`
aws elasticbeanstalk describe-environment-resources --environment-name pogi
'''
}
}
}
}
我真的很想消除每个阶段的使用,以使格式更加简洁
unset AWS_SESSION_TOKEN
unset AWS_SECRET_ACCESS_KEY
unset AWS_ACCESS_KEY_ID
CREDENTIALS=`aws sts assume-role --role-arn arn:aws:iam::0123456789123:role/POGI --role-session-name RoleSession`
export AWS_ACCESS_KEY_ID=`echo $CREDENTIALS | jq -r '.Credentials.AccessKeyId'`
export AWS_SECRET_ACCESS_KEY=`echo $CREDENTIALS | jq -r '.Credentials.SecretAccessKey'`
export AWS_SESSION_TOKEN=`echo $CREDENTIALS | jq -r '.Credentials.SessionToken'`
aws elasticbeanstalk describe-environment-resources --environment-name pogi
答案 0 :(得分:0)
您可以将其提取到bash文件中,然后在每个阶段使用source <bash-file>.sh。
例如,您可以调用文件init.sh并具有以下内容:
#!/usr/bin/env bash
unset AWS_SESSION_TOKEN
unset AWS_SESSION_TOKEN
unset AWS_SECRET_ACCESS_KEY
unset AWS_ACCESS_KEY_ID
CREDENTIALS=`aws sts assume-role --role-arn arn:aws:iam::0123456789123:role/POGI --role-session-name RoleSession`
export AWS_ACCESS_KEY_ID=`echo $CREDENTIALS | jq -r '.Credentials.AccessKeyId'`
export AWS_SECRET_ACCESS_KEY=`echo $CREDENTIALS | jq -r '.Credentials.SecretAccessKey'`
export AWS_SESSION_TOKEN=`echo $CREDENTIALS | jq -r '.Credentials.SessionToken'`
例如,这样CHECK AVAILABLE BEANSTALK PLATFORMS阶段将变为以下内容:
source init.sh
aws elasticbeanstalk describe-environment-resources --environment-name pogi
aws elasticbeanstalk list-platform-versions
如果不同阶段具有一些变量,则可以使用source init.sh var1 var2中的var1和$1将是init.sh,而var2将是{{ 1}}。
顺便说一句,您可以摆脱$2部门,而只使用jq。这是针对使用AWS awk格式而不是JSON的MFA(但可以使用相同的方法进行假定)。
text