[英]Jenkins Pipelines: How to use withCredentials() from a shared-variable script
I'd like to use a withCredentials()
block in a shared-variable ("vars/") script rather than directly in the Jenkins pipeline because this is a lower-level semantic of a particular library, and also may or may not be required depending on the situation.我想在共享变量(“vars/”)脚本中而不是直接在 Jenkins 管道中使用
withCredentials()
块,因为这是特定库的低级语义,也可能是也可能不是需要视情况而定。 However, withCredentials
(or, at least, that signature of it) doesn't appear to be in scope.但是,
withCredentials
(或者,至少,它的签名)似乎不在范围内。
script:脚本:
def credentials = [
[$class: 'UsernamePasswordMultiBinding', credentialsId: '6a55c310-aaf9-4822-bf41-5500cd82af4e', passwordVariable: 'GERRIT_PASSWORD', usernameVariable: 'GERRIT_USERNAME'],
[$class: 'StringBinding', credentialsId: 'SVC_SWREGISTRY_PASSWORD', variable: 'SVC_SWREGISTRY_PASSWORD']
]
withCredentials(credentials) {
// ...
}
Console:安慰:
hudson.remoting.ProxyException: groovy.lang.MissingMethodException: No signature of method: BuildagentInstallAndRun.withCredentials() is applicable for argument types: (java.util.ArrayList, org.jenkinsci.plugins.workflow.cps.CpsClosure2) values: [[[$class:UsernamePasswordMultiBinding, credentialsId:6a55c310-aaf9-4822-bf41-5500cd82af4e, ...], ...], ...]
Has anyone had any success with this?有没有人在这方面取得过任何成功?
I'm using a shared library rather than a shared variable, but I guess it is a similar situation.我使用的是共享库而不是共享变量,但我想这是类似的情况。 I'm not using the
$class
parameter, but i'm calling directly one of the functions suggested by the pipeline snippet generator.我没有使用
$class
参数,但我直接调用管道片段生成器建议的函数之一。 You can have a list here .你可以在这里列出一份清单。 In the example below, I use the
usernameColonPassword
binding.在下面的示例中,我使用
usernameColonPassword
绑定。 In the pipeline, I instantiate the class utilities and I pass this
to the constructor.在管道工程中,我实例化类公用事业和我通过
this
来构造。 Then, in the library, I use the step
object to access the pipeline steps (such as withCredentials
or usernameColonPassword
).然后,在库中,我使用
step
对象来访问管道步骤(例如withCredentials
或usernameColonPassword
)。
class Utilities implements Serializable {
def steps
Utilities(steps) {
this.steps = steps
}
def doArchiveToNexus(String credentials, String artifact, String artifact_registry_path){
try {
this.steps.withCredentials([steps.usernameColonPassword(credentialsId: credentials, variable: 'JENKINS_USER')]) {
this.steps.sh "curl --user " + '${JENKINS_USER}' + " --upload-file ${artifact} ${artifact_registry_path}"
}
} catch (error){
this.steps.echo error.getMessage()
throw error
}
}
}
You can try following:您可以尝试以下操作:
import jenkins.model.*
credentialsId = '6a55c310-aaf9-4822-bf41-5500cd82af4e'
def creds = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials(
com.cloudbees.plugins.credentials.common.StandardUsernameCredentials.class, Jenkins.instance, null, null ).find{
it.id == credentialsId}
println creds.username
println creds.password
But it is not secure, everything will be in console log但它不安全,一切都会在控制台日志中
I was able to obtain credentials inside the shared library with proper passwords masking with such code:我能够获得共享库内的凭据,并使用以下代码屏蔽正确的密码:
class Utilities implements Serializable {
def steps
Utilities(steps) {
this.steps = steps
}
def execute() {
this.steps.withCredentials(
bindings: [
this.steps.usernameColonPassword(
credentialsId: this.credentialsId,
variable: "unameColonPwd")
]) {
this.steps.sh "echo {this.steps.env.unameColonPwd}"
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.