logo标签列表

如何在脚本控制台中列出所有的Jenkins凭据?

jenkinsgroovymercurial
23

我希望让Jenkins从BitBucket克隆我的Mercurial项目,但它无法克隆,因为它说凭据有问题——实际上,BitBucket拒绝了Jenkins提供的任何内容。

我近乎100%确定Jenkins没有提供应该提供的内容,因为当我运行

hg clone --ssh="ssh -i /path/to/my/key" ssh://hg@bitbucket.org/my-org/my-repo

它克隆得很好。 /path/to/my/key 的内容是我在 Jenkins 凭据管理器中放置的密钥。我已验证它可以在我的 Jenkins credentials.xml 文件中找到。

然而,当我尝试运行作业时,克隆失败了,因为

remote: Host key verification failed.

这让我相信问题在于通过mercurial插件传递的内容。但是我无法在日志中看到它,因为它是某种掩码字符串,只显示为******

所以我想确保发送到Hg插件的凭据实际上就是我credentials.xml文件中存在的内容。

到目前为止,我已经做到了这一点:

import com.cloudbees.plugins.credentials.CredentialsProvider
import com.cloudbees.plugins.credentials.common.StandardUsernameCredentials


def creds = CredentialsProvider.all()
print creds

这给了我一份凭据提供者的列表...但我不确定下一步该做什么。我一直在翻阅文档,试图找出如何获取我想要的凭证信息...但没有成功。

我该如何在Groovy脚本控制台中显示我的Jenkins凭证列表?

6个回答
70

这对我非常有效...

import java.nio.charset.StandardCharsets;
def creds = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials(
      com.cloudbees.plugins.credentials.Credentials.class
)

for (c in creds) {
  println(c.id)
  if (c.properties.description) {
    println("   description: " + c.description)
  }
  if (c.properties.username) {
    println("   username: " + c.username)
  }
  if (c.properties.password) {
    println("   password: " + c.password)
  }
  if (c.properties.passphrase) {
    println("   passphrase: " + c.passphrase)
  }
  if (c.properties.secret) {
    println("   secret: " + c.secret)
  }
  if (c.properties.secretBytes) {
    println("    secretBytes: ")
    println("\n" + new String(c.secretBytes.getPlainData(), StandardCharsets.UTF_8))
    println("")
  }
  if (c.properties.privateKeySource) {
    println("   privateKey: " + c.getPrivateKey())
  }
  if (c.properties.apiToken) {
    println("   apiToken: " + c.apiToken)
  }
  if (c.properties.token) {
    println("   token: " + c.token)
  }
  if (c.properties.subscriptionId) {
    println("   subscriptionId: " + c.subscriptionId)
  }
  if (c.properties.clientId) {
    println("   clientId: " + c.clientId)
  }
  if (c.properties.tenant) {
    println("   tenant: " + c.tenant)
  }
  if (c.properties.clientSecret) {
    println("   clientSecret: " + c.clientSecret)
  }
  if (c.properties.plainClientSecret) {
    println("   plainClientSecret: " + c.plainClientSecret)
  }
  println("")
}
编辑代码以添加secretBytes、apiToken和token支持。 - Praveen Lobo
嗨! 如果你想查看AWS凭证: if (c.getAccessKey()) { println(" Access Key: " + c.getAccessKey()) println(" Secret Key: " + c.getSecretKey()) } - xocasdashdash
13

这是一个综合脚本,将多个有关此主题的发现连接在一起。它列出了来自Jenkins所有范围(而不仅仅是根范围)的所有凭据。希望对您有所帮助。

import com.cloudbees.plugins.credentials.Credentials


Set<Credentials> allCredentials = new HashSet<Credentials>();


def creds = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials(
      com.cloudbees.plugins.credentials.Credentials.class
);


allCredentials.addAll(creds)


Jenkins.instance.getAllItems(com.cloudbees.hudson.plugins.folder.Folder.class).each{ f ->
 creds = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials(
      com.cloudbees.plugins.credentials.Credentials.class, f)
  allCredentials.addAll(creds)

}


for (c in allCredentials) {
  println(c.id)
  if (c.properties.username) {
    println("   description: " + c.description)
  }
  if (c.properties.username) {
    println("   username: " + c.username)
  }
  if (c.properties.password) {
    println("   password: " + c.password)
  }
  if (c.properties.passphrase) {
    println("   passphrase: " + c.passphrase)
  }
  if (c.properties.secret) {
    println("   secret: " + c.secret)
  }
  if (c.properties.privateKeySource) {
    println("   privateKey: " + c.getPrivateKey())
  }
  println("")
}
这是一个有用的答案和代码片段,可以解决问题。谢谢@vkozyrev - shx
直到我删除了大部分的println语句后,才让代码正常工作。一直收到50x错误。我只保留了println(c.id)这一句,不过这没关系,因为我只是想找到特定的ID而已。 - Peter Lamberg
谢谢,我用了这个,只不过我用c.properties.each { println "$it.key -> $it.value" }替换了for循环内的所有内容,以便将所有内容都输出。 - IanB
5

我希望能够获取一份可用的凭证列表,找到了以下内容:

def creds = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials( com.cloudbees.plugins.credentials.common.StandardUsernameCredentials.class, Jenkins.instance, null, null );

for (c in creds) {
   println(c.id + ": " + c.description)
}

从这里获取: https://wiki.jenkins-ci.org/display/JENKINS/Printing+a+list+of+credentials+and+their+IDs 该链接提供了有关如何在Jenkins中打印凭据列表及其ID的详细信息。您可以使用“Jenkins Script Console”来执行脚本并打印出凭据列表和它们的ID。该页面提供了示例脚本和说明,以帮助您完成此操作。
你应该添加相关信息到你的答案中,以防链接失效导致信息丢失。 - drneel
这不会在文件夹中获得任何凭据。 - mkobit
1
这是快速的简陋代码,它将在Jenkins上打印一些凭据类型,如果您需要更多,可以使用此处定义的不同类别:

https://github.com/jenkinsci/credentials-plugin/tree/master/src/main/java/com/cloudbees/plugins/credentials/common

def StandardUsernameCredentials = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials(
    com.cloudbees.plugins.credentials.common.StandardUsernameCredentials.class,
    Jenkins.instance,
    null,
    null ); for (c in StandardUsernameCredentials) {
     println(c.id + ": " + c.description) } def StandardUsernamePasswordCredentials = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials(
    com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials.class,
    Jenkins.instance,
    null,
    null ); for (c in StandardUsernamePasswordCredentials) {
     println(c.id + ": " + c.description) }

def IdCredentials = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials(
    com.cloudbees.plugins.credentials.common.IdCredentials.class,
    Jenkins.instance,
    null,
    null ); for (c in IdCredentials) {
     println(c.id + ": " + c.description) }

def StandardCertificateCredentialsCredentials = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials(
    com.cloudbees.plugins.credentials.common.StandardCertificateCredentials.class,
    Jenkins.instance,
    null,
    null ); for (c in StandardCertificateCredentialsCredentials) {
     println(c.id + ": " + c.description) }
0
遍历所有属性而不需要愚蠢的if语句:
def creds = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials( com.cloudbees.plugins.credentials.Credentials.class, Jenkins.instance, null, null );

for (c in creds) {
   println(c.id + ": " + c.description)
   c.properties.each { println it }
   println()
   println()
}

你的安全团队可能不会喜欢你这样做 :)

0
这是我从被接受的答案修改的脚本。我们使用Azure凭据,它将打印它们。如果找不到密钥类型,它还将打印c.properties。
    com.cloudbees.plugins.credentials.Credentials.class
)

for (c in creds) {
  println(c.id)
  if (c.properties.username) {
    println("   description: " + c.description)
  }
  if (c.properties.username) {
    println("   username: |" + c.username + "|")
  }
  else if (c.properties.password) {
    println("   password: |" + c.password + "|")
  }
  else if (c.properties.passphrase) {
    println("   passphrase: |" + c.passphrase + "|")
  }
  else if (c.properties.secret) {
    println("   secret: |" + c.secret + "|")
  }
  else if (c.properties.privateKeySource) {
    println("   privateKey: " + c.getPrivateKey())
  }
  else if (c.properties.clientId) {
    println("   clientId    : " + c.getClientId())
    println("   tenant      : " + c.getTenant())
    println("   subscription: " + c.getSubscriptionId())
    println("   secret      : " + hudson.util.Secret.fromString(c.getClientSecret()))
  }
  else {
    println("unknown secret type")
    println(c.properties)
  }
  println("")
}
1
代码片段的开头丢失了。 - ZeWaren
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接