Access Jenkins credentials bindings from inside a Jenkins job DSL script

Question

I'm not creating a new job.

I want to access a Jenkins secret string binding from inside a job DSL script. I haven't been able to find examples of this.

If I have a secret string binding in Jenkins named "my-secret-string" how do I get the value of that in a DSL script? I want the DSL to make REST calls and other things using secrets I have securely stored in Jenkins.

I cant use credentials('<idCredentials>') because I'm not creating a new job or anything, I want to use those secret values in the DSL script itself.

Answer 1

I don't understand the scenario. You are not creating a new job but you are still inside a job? What does that mean? I understood that you defined a credential - secret text in Jenkinks and you want to access it from a job? This is a standard scenario:

withCredentials([string(credentialsId: 'my-secret-string', variable: 'mySecretStringVar')]){
    println mySecretStringVar
}

From Jenkins Console or groovy script epending on where credentials are located:

def getFolderCredsScript(def pipelineFolder, def credId){
    def credentialsStore =
    jenkins.model.Jenkins.instance.getAllItems(com.cloudbees.hudson.plugins.folder.Folder.class).findAll{it.name.equals(pipelineFolder)}
    .each{
        com.cloudbees.hudson.plugins.folder.AbstractFolder<?> folderAbs = com.cloudbees.hudson.plugins.folder.AbstractFolder.class.cast(it)
        com.cloudbees.hudson.plugins.folder.properties.FolderCredentialsProvider.FolderCredentialsProperty property = folderAbs.getProperties().get(com.cloudbees.hudson.plugins.folder.properties.FolderCredentialsProvider.FolderCredentialsProperty.class)
        if(property != null){
            for (cred in property.getCredentials()){
                if ( cred.id == credId ) {
                    return "${cred.username}:${cred.password}"
                }
            }
        }
    }
}

def getGlobalCredsScript(def credId){
    def creds = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials(com.cloudbees.plugins.credentials.common.StandardUsernameCredentials.class, Jenkins.instance, null, null);
    for (cred in creds) {     
        if (cred.id == credId){
            return "${cred.username}:${cred.password}"
        }
    }
}

Answer 2

I found this question when trying to figure out how to set authenticationToken in my jenkins DSL. You can't use withCredential or a credentials call since it only accepts a string. The answer I found is to wrap the build/seed file. It can use withCredential and you pass in the credential as a string like this:

Jenkinsfile.build

withCredentials([
  string(credentialsId: 'deploy-trigger-token', variable: 'TRIGGER_TOKEN'),
]) {
    jobDsl targets: ".jenkins/deploy_${env.INSTANCE}_svc.dsl",
    ignoreMissingFiles: true,
    additionalParameters: [
      trigger_token: env.TRIGGER_TOKEN
    ]
}

Then in your dsl file:

pipelineJob("Deploy Service") {
...
 authenticationToken (trigger_token)
...
}

So to answer your question, you are correct you can't directly access the credential in your dsl, instead you do it in the seed build file which passes it in as a additionalParameters variable.