简体繁体 English

Jenkins TFS凭证绑定

[英]Jenkins TFS Credential Binding

原文 2018-01-03 12:16:16 9 1 powershell/ jenkins/ tfs/ jenkins-plugins/ credentials

I have a large team of users using the same Active Directory credentials to log in to both TFS and Jenkins. 我有大量的用户使用相同的Active Directory凭据登录到TFS和Jenkins。

Example of AD accounts that can be used to access both TFS and Jenkins: 可用于访问TFS和Jenkins的AD帐户示例：

Company\\JohnSmith 公司\\ JohnSmith
Company\\MaryJones 公司\\ MaryJones
Company\\ServiceAccount 公司\\服务帐户

In Jenkins I've created a job that will merge code and check-in to TFS by executing a PowerShell script. 在Jenkins中，我创建了一个作业，该作业将合并代码并通过执行PowerShell脚本签入TFS。

At the moment the PowerShell script uses Company\\ServiceAccount to complete the merge and check-in in TFS. 目前，PowerShell脚本使用Company \\ ServiceAccount来完成TFS中的合并和签入。 The problem with this is that even if Company\\JohnSmith or Company\\MaryJones kick off the Jenkins job, Company\\ServiceAccount is recorded in TFS as having completed the check-in. 这样做的问题是，即使Company \\ JohnSmith或Company \\ MaryJones启动了Jenkins作业， Company \\ ServiceAccount也已记录在TFS中，已完成签入。

For better traceability I would like to be able to use the credentials of the user that is currently logged into Jenkins (be it JohnSmith or MaryJones or any of the other hundreds of users), and pass that username & password to the PowerShell script to connect to TFS. 为了获得更好的可追溯性，我希望能够使用当前登录到Jenkins的用户（无论是JohnSmith或MaryJones还是其他数百个用户）的凭据，并将该用户名和密码传递给PowerShell脚本以进行连接到TFS。 The outcome will be that in TFS it will show that JohnSmith / MaryJones did the check-in instead of ServiceAccount . 结果将是，在TFS中它将显示JohnSmith / MaryJones而不是ServiceAccount进行了签入。

I have installed the following Jenkins plugins: 我已经安装了以下Jenkins插件：

Credentials Binding Plugin 凭证绑定插件
Credentials Plugin 凭证插件
Plain Credentials 普通凭证
Plugin Team Foundation Server Plug-in 插件Team Foundation Server插件

I would like to be able to automatically pass the currently logged in user's credentials to the PowerShell script. 我希望能够自动将当前登录的用户凭据传递给PowerShell脚本。 Is this possible and how do I go about it? 这可能吗，我该怎么做？

I don't wan't to pass the same credentials each time, and I don't want to have the user re-enter their username/password as a parameter. 我不想每次都传递相同的凭据，也不想让用户重新输入用户名/密码作为参数。

1 个解决方案

The script is using the user/ TFS credentials Company\\ServiceAccount which configured in Jenkins TFS plugin to do the TFS connection and check in operation. 该脚本使用在Jenkins TFS插件中配置的用户/ TFS凭证Company\\ServiceAccount进行TFS连接并签入操作。

There is no way to be able to automatically pass the currently logged in Jenkins user's credentials to the PowerShell script. 无法将当前登录的Jenkins用户的凭据自动传递到PowerShell脚本。

As a workaround, you could do this through TFS build pipeline. 解决方法是，您可以通过TFS构建管道来完成此操作。 Since your source control is managed in TFS and just use the Jenkins build. 由于您的源代码管理是在TFS中管理的，因此只需使用Jenkins构建即可。

You could simply add a Jenkins Queue Job task which will queue a job on a Jenkins sever in TFS build definition. 您可以简单地添加一个Jenkins队列作业任务，该任务将在TFS构建定义中的Jenkins服务器上对作业进行排队。

Then add a powershell script task to do the merge and check in operation. 然后添加一个powershell脚本任务来执行合并和签入操作。 About how to commit code to TFS with powerShell please refer this blog . 有关如何使用powerShell将代码提交到TFS的信息，请参阅此博客。 Finally it will be the user who queued Jenkins Job, then checked in code in TFS. 最后，将用户排入Jenkins Job队列，然后在TFS中签入代码。