过去几天我一直在为此烦恼不已。我知道有一个 Jenkins bug 可能会影响这一点...但实际上,这个问题自 2017 年以来就没有得到修复??
此外,这在几个月前之前是有效的,现在它被破坏了,所以我假设最近的更新再次破坏了它,或者系统上的某些条件/更改破坏了它,而我没有意识到连接。
我在云实例上的 Ubuntu 上运行了最新稳定的 Jenkins。所有插件都是最新的。我定义了全局凭据和特定于用户的凭据。以具有用户特定凭据的用户身份登录。
然后我尝试这个:
pipeline {
agent any
parameters {
credentials(
name: 'USER_CREDENTIALS',
description: 'Select your personal username and password credentials.',
credentialType: 'com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl', required: true
)
}
stages {
stage('Test User Credentials') {
steps {
script {
withCredentials([usernamePassword(credentialsId: "${params.USER_CREDENTIALS}", usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
echo "Username: ${USERNAME}"
echo "Password: ${PASSWORD}"
}
}
}
}
}
}
系统/全局凭据工作正常,但用户特定/全局凭据返回:
ERROR: Could not find credentials entry with ID 'salainen'
秘密
salainen
在用户特定的全局凭据(不受限制)下设置为用户秘密,并且它显示在 parameters > credentials selection
阶段,但是一旦管道命中 withCredentials
绑定,它就会失败。
我安装了
Authorize Project
并配置为以登录用户身份运行管道,但尝试各种不同的操作,它总是返回为:
ERROR: Could not find credentials entry with ID 'some-secret-id'.
看来该作业无法解决/调用
UserCredentialsProperty
这可以解释为什么这不起作用。目前,用户特定的凭据在 Jenkins 中是否已经损坏且无用?全局凭据工作正常,但我需要适用于我的特定用例的用户特定凭据。有什么想法吗?
感谢您的任何见解!
经过大量实验,我解决了这个问题。我在下面发布了完整的概念证明。这只能在相当可信和安全的环境中使用,因为任何具有管道编辑访问权限的人都可以添加一条 echo 语句,将当前选择的私有 SSH 密钥打印到日志中。话虽如此,这里是工作管道脚本,它允许在整个管道中使用特定于用户的全局密钥,而不仅仅是在
withCredentials
绑定内。
void testFunction() {
def fileExists = fileExists(env.SSH_KEY)
if (fileExists) {
def fileContents = readFile(env.SSH_KEY)
def allLines = fileContents.readLines()
def firstFiveLines = allLines.take(5).join('\n')
def displayContent = firstFiveLines + (allLines.size() > 5 ? "\n..." : "")
echo("First five lines of the private keyfile:\n${displayContent}")
} else {
echo("File does not exist.")
}
}
pipeline {
agent any
stages {
stage('Get params') {
steps {
script {
properties([
parameters([
credentials(
name: 'SELECT_YOUR_SSH_CREDENTIALS',
description: 'Check the "List user credentials" checkbox and select your user credentials from the drop-down menu to proceed.\nNOTE: If you don\'t make a selection here, the pipeline will fail with an obscure \'NullPointerException\' error.',
credentialType: 'com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey',
required: true
)
])
])
}
}
}
stage('Use credentials') {
steps {
script {
withCredentials([
sshUserPrivateKey(credentialsId: '${SELECT_YOUR_SSH_CREDENTIALS}',
keyFileVariable: 'SSH_KEY',
usernameVariable: 'SSH_USERNAME')
]) {
env.SSH_KEY = "${SSH_KEY}"
env.SSH_KEY_ACTUAL = readFile("${SSH_KEY}")
env.SSH_USERNAME = "${SSH_USERNAME}"
}
// Create a temporary file for the SSH key
def tempSSHKeyFileName = "${env.WORKSPACE}@tmp/secretFiles/sshkey_${UUID.randomUUID()}.txt"
writeFile(file: tempSSHKeyFileName, text: env.SSH_KEY_ACTUAL)
env.SSH_KEY = tempSSHKeyFileName
env.SSH_KEY_ACTUAL = null
tempSSHKeyFileName = null
}
}
}
stage('Use credentials outside of the closure') {
steps {
script {
echo "Now outside of the closure"
echo("SSH username is ${env.SSH_USERNAME}")
echo("SSH key path is ${env.SSH_KEY}")
testFunction()
}
}
}
}
post {
always {
script {
// Remove the temporary SSH key file
def tempSSHKeyFilePath = env.SSH_KEY
if (tempSSHKeyFilePath) {
echo "Deleting temporary SSH key file: ${tempSSHKeyFilePath}"
sh "ls -l ${tempSSHKeyFilePath}"
sh "rm -f ${tempSSHKeyFilePath}"
}
}
}
}
}