有没有办法允许用户通过API触发rundeck作业而不暴露脚本?这似乎是我从 rundeck 获得的 HTTP 回复中的默认值。
示例:
curl -X "POST" -H "Accept: application/json" -H "Content-Type: application/json" -H 'X-Rundeck-Auth-Token: MYSECRET' https://RUNDECKSERVER.COM/api/43/job/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/run | jq
我从rundeck得到的回复:
{
"id": 64149,
"href": "https://RUNDECKSERVER.COM/api/43/execution/64149",
"permalink": "https://RUNDECKSERVER.COM/project/test-project/execution/show/64149",
"status": "running",
"project": "test-project",
"executionType": "user",
"user": "test_user",
"date-started": {
"unixtime": 1677504479271,
"date": "2023-02-27T13:27:59Z"
},
"job": {
"id": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
"averageDuration": 2487,
"name": "Test job",
"group": "",
"project": "test-project",
"description": "test",
"href": "https://RUNDECKSERVER.COM/api/43/job/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
"permalink": "https://RUNDECKSERVER.COM/project/test-project/job/show/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
},
"description": "#!/bin/bash\r\n\r\necho \"this is just\"\r\necho \"a test\"",
"argstring": null,
"serverUUID": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
}
作业背后的脚本由 rundeck 放入描述字段中(出于某种原因)。
"description": "#!/bin/bash\r\n\r\necho \"this is just\"\r\necho \"a test\""
我有办法禁用这种行为吗?特别是对于较大的脚本,它看起来非常不专业。另外,出于安全原因,我想保守秘密。
curl -X "POST" -H "Accept: application/json" -H "Content-Type: application/json" -H 'X-Rundeck-Auth-Token: MYSECRET' https://RUNDECKSERVER.COM/api/43/job/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/run | jq
从应用程序调用作业的最佳方法是使用 Webhooks。
Rundeck webhooks 允许您通过 POST 调用来调用作业,而无需暴露大量信息。
现在,要通过 Webhook 调用您的作业,只需向 Webhook URL 发送 POST 调用(第 7 步)。
curl -X POST http://localhost:4440/api/43/webhook/x4D4Rwh0xN1juNxw388RdyV3ri3cJIbS#MyWebhook
Rundeck服务器回答:
{"jobId":"c98ba2b4-f2a1-4627-b7d0-2574b13c05d7","executionId":"1"}
我无法在我的 rundeck 中找到 webhooks 作为选项。我的 rundeck api 版本是 50。即使我能够通过 postman 运行,它也会给我未经授权的错误...它不支持 API 版本..现在,该怎么办?