如何在脚本控制台中列出我的所有 Jenkins 凭据?

问题描述 投票:0回答:7

我正在尝试让 Jenkins 从 BitBucket 克隆我的 Mercurial 项目。它不会,因为它凭证有问题 - 好吧,bitbucket 拒绝 Jenkins 提供的任何内容。

我几乎 100% 确定 Jenkins 没有提供它应该提供的东西,因为当我运行时

hg clone --ssh="ssh -i /path/to/my/key" ssh://[email protected]/my-org/my-repo

它克隆了-OK。 

/path/to/my/key
的内容是我放入 Jenkins 凭证管理器密钥中的内容。我已经验证在我的 jenkins 
credentials.xml
文件中找到了它。

还有,当我尝试执行我的工作时?克隆失败是因为

remote: Host key verification failed.
这让我相信问题出在通过 Mercurial 插件传递的任何内容上。但我在日志中看不到它,因为它是某种

masked string 并且仅显示为 ******

所以我想确保 Hg 插件的凭据实际上是我的

credentials.xml

 文件中存在的内容。

到目前为止我已经做到了这里:

import com.cloudbees.plugins.credentials.CredentialsProvider import com.cloudbees.plugins.credentials.common.StandardUsernameCredentials def creds = CredentialsProvider.all() print creds
这给了我一个凭证提供者的列表......但我不知道下一步该去哪里。我一直在淹没在文档中,试图弄清楚如何获取我想要的凭证信息......但没有骰子。

(如何)我可以使用我所拥有的内容并在 Groovy 脚本控制台中显示我的 Jenkins 凭据列表吗?

jenkins groovy mercurial
7个回答
84
投票
这对我来说非常有效...

import java.nio.charset.StandardCharsets; def creds = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials( com.cloudbees.plugins.credentials.Credentials.class ) for (c in creds) { println(c.id) if (c.properties.description) { println(" description: " + c.description) } if (c.properties.username) { println(" username: " + c.username) } if (c.properties.password) { println(" password: " + c.password) } if (c.properties.passphrase) { println(" passphrase: " + c.passphrase) } if (c.properties.secret) { println(" secret: " + c.secret) } if (c.properties.secretBytes) { println(" secretBytes: ") println("\n" + new String(c.secretBytes.getPlainData(), StandardCharsets.UTF_8)) println("") } if (c.properties.privateKeySource) { println(" privateKey: " + c.getPrivateKey()) } if (c.properties.apiToken) { println(" apiToken: " + c.apiToken) } if (c.properties.token) { println(" token: " + c.token) } if (c.properties.subscriptionId) { println(" subscriptionId: " + c.subscriptionId) } if (c.properties.clientId) { println(" clientId: " + c.clientId) } if (c.properties.tenant) { println(" tenant: " + c.tenant) } if (c.properties.clientSecret) { println(" clientSecret: " + c.clientSecret) } if (c.properties.plainClientSecret) { println(" plainClientSecret: " + c.plainClientSecret) } println("") }
15
投票
这是一个组合脚本,将有关该主题的多个发现连接在一起。它列出了 Jenkins 所有范围的所有凭据,而不仅仅是根范围。希望有帮助。

import com.cloudbees.plugins.credentials.Credentials Set<Credentials> allCredentials = new HashSet<Credentials>(); def creds = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials( com.cloudbees.plugins.credentials.Credentials.class ); allCredentials.addAll(creds) Jenkins.instance.getAllItems(com.cloudbees.hudson.plugins.folder.Folder.class).each{ f -> creds = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials( com.cloudbees.plugins.credentials.Credentials.class, f) allCredentials.addAll(creds) } for (c in allCredentials) { println(c.id) if (c.properties.username) { println(" description: " + c.description) } if (c.properties.username) { println(" username: " + c.username) } if (c.properties.password) { println(" password: " + c.password) } if (c.properties.passphrase) { println(" passphrase: " + c.passphrase) } if (c.properties.secret) { println(" secret: " + c.secret) } if (c.properties.privateKeySource) { println(" privateKey: " + c.getPrivateKey()) } println("") }
5
投票
我想要一份可用凭据的列表,并发现了这个:

def creds = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials( com.cloudbees.plugins.credentials.common.StandardUsernameCredentials.class, Jenkins.instance, null, null ); for (c in creds) { println(c.id + ": " + c.description) }
从这里得到的:

https://wiki.jenkins-ci.org/display/JENKINS/Printing+a+list+of+credentials+and+their+IDs

2
投票
这是快速脏代码,它将打印 jenkins 上的一些凭证类型,如果您需要更多,可以使用此处定义的不同类:

https://github.com/jenkinsci/credentials-plugin/tree/master/src/main/java/com/cloudbees/plugins/credentials/common

def StandardUsernameCredentials = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials( com.cloudbees.plugins.credentials.common.StandardUsernameCredentials.class, Jenkins.instance, null, null ); for (c in StandardUsernameCredentials) { println(c.id + ": " + c.description) } def StandardUsernamePasswordCredentials = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials( com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials.class, Jenkins.instance, null, null ); for (c in StandardUsernamePasswordCredentials) { println(c.id + ": " + c.description) } def IdCredentials = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials( com.cloudbees.plugins.credentials.common.IdCredentials.class, Jenkins.instance, null, null ); for (c in IdCredentials) { println(c.id + ": " + c.description) } def StandardCertificateCredentialsCredentials = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials( com.cloudbees.plugins.credentials.common.StandardCertificateCredentials.class, Jenkins.instance, null, null ); for (c in StandardCertificateCredentialsCredentials) { println(c.id + ": " + c.description) }
2
投票
迭代所有属性,不使用愚蠢的 if:

def creds = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials( com.cloudbees.plugins.credentials.Credentials.class, Jenkins.instance, null, null ); for (c in creds) { println(c.id + ": " + c.description) c.properties.each { println it } println() println() } 
您的安全团队可能不高兴您这样做:)

    



    

    
    
    

    

        

            

                

                    
1
投票

                    
                

            

        

        
这是我根据已接受的答案修改的脚本。  我们使用天蓝色的凭据,这将打印它们。  如果未找到秘密类型,它还会打印 
c.properties


    com.cloudbees.plugins.credentials.Credentials.class
)

for (c in creds) {
  println(c.id)
  if (c.properties.username) {
    println("   description: " + c.description)
  }
  if (c.properties.username) {
    println("   username: |" + c.username + "|")
  }
  else if (c.properties.password) {
    println("   password: |" + c.password + "|")
  }
  else if (c.properties.passphrase) {
    println("   passphrase: |" + c.passphrase + "|")
  }
  else if (c.properties.secret) {
    println("   secret: |" + c.secret + "|")
  }
  else if (c.properties.privateKeySource) {
    println("   privateKey: " + c.getPrivateKey())
  }
  else if (c.properties.clientId) {
    println("   clientId    : " + c.getClientId())
    println("   tenant      : " + c.getTenant())
    println("   subscription: " + c.getSubscriptionId())
    println("   secret      : " + hudson.util.Secret.fromString(c.getClientSecret()))
  }
  else {
    println("unknown secret type")
    println(c.properties)
  }
  println("")
}

    



    

    
    
    

    

        

            

                

                    
0
投票

                    
                

            

        

        
我使用以下代码根据文件夹和作业列出和分组我的凭据。我希望它有帮助。


import com.cloudbees.plugins.credentials.CredentialsProvider
import com.cloudbees.plugins.credentials.domains.Domain
import com.cloudbees.plugins.credentials.Credentials
import jenkins.model.Jenkins
import com.cloudbees.hudson.plugins.folder.Folder

// Printing credentials from the global store
def jenkins = Jenkins.instance
def globalDomainCredentials = CredentialsProvider.lookupCredentials(
    Credentials.class,
    jenkins,
    null,
    null
)

println("Global credentials:")
globalDomainCredentials.each { cred ->
    println("  ID: ${cred.id}, Description: ${cred.description}, Type: ${cred.getClass().name}")
}

// Checking credentials within folders
jenkins.getAllItems(Folder.class).each { folder ->
    println("\nCredentials in folder: ${folder.fullName}")
    CredentialsProvider.lookupCredentials(
        Credentials.class,
        folder,
        null,
        null
    ).each { cred ->
        println("  ID: ${cred.id}, Description: ${cred.description}, Type: ${cred.getClass().name}")
}
}

    

	

    

    


  

  

    
最新问题


  





  

    © www.soinside.com 2019 - 2024. All rights reserved.