Its me again--still trying to configure Jenkins via Chef. In this case I
have extracted from the opscode Jenkins cookbook their script for creating
ssh credentials and have attempted to modify it to create a credential from
a UserPrivateKeySource instead of the DirectEntryPrivateKeySource that the
opscode script creates. Perhaps I don't understand the
UserPrivateKeySource class or its purpose correctly but I am not getting
the results I want.
Essentially what I am trying to do is this: The cookbook has already
installed an SSH key pair in the Master Jenkins users' .ssh directory. Now
I want to programmatically create a credential in Jenkins to use that pair.
The script should be the automated equivalent of choosing the "From the
Jenkins master ~/.ssh" option in the Manage Credentials UI. It seems to me
that the UserPrivateKeySource class is what I want, but when I use it, what
I get in the UI is the "Enter Directly" option checked, with the private
key from the .ssh folder loaded into the UI!. :-( So its using the right
key, but its making it visible in the UI which is a no-no for us.
Moreover, if I go in an manual choose the right option later, the update
part of the script switches it back to "Entire Directly" on the next chef
run.
Below is the recipe snippet containing the groovy script hat I am using to
create the credentials. Any advice on what I am doing wrong would be
greatly appreciated.
*jenkins_script 'create ~/.ssh credentials' do*
* command <<-EOH.gsub(/ ^{8}/, '')*
* import jenkins.model.**
* import com.cloudbees.plugins.credentials.**
* import com.cloudbees.plugins.credentials.common.**
* import com.cloudbees.plugins.credentials.domains.**
* import com.cloudbees.jenkins.plugins.sshcredentials.impl.**
* import hudson.plugins.sshslaves.*;*
* global_domain = Domain.global()*
* credentials_store =*
* Jenkins.instance.getExtensionList(*
* 'com.cloudbees.plugins.credentials.SystemCredentialsProvider'*
* )[0].getStore()*
* credentials = new BasicSSHUserPrivateKey(*
* CredentialsScope.GLOBAL,*
* "#{node['cvent-jenkins']['ssh-user-id']}",*
* "#{node['cvent-jenkins']['ssh-user']}",*
* new BasicSSHUserPrivateKey.UsersPrivateKeySource(),*
* "",*
* "Credential ID: #{node['cvent-jenkins']['ssh-user-id']}"*
* )*
* // Create or update the credentials in the Jenkins instance*
* username_matcher =
CredentialsMatchers.withUsername("#{node['cvent-jenkins']['ssh-user']}")*
* available_credentials =*
* CredentialsProvider.lookupCredentials(*
* StandardUsernameCredentials.class,*
* Jenkins.getInstance(),*
* hudson.security.ACL.SYSTEM,*
* new SchemeRequirement("ssh")*
* )*
* existing_credentials =*
* CredentialsMatchers.firstOrNull(*
* available_credentials,*
* username_matcher*
* )*
* if(existing_credentials != null) {*
* // !!This will take an existing UserPrivateKeySource credential
and *
* // turn it into a DirectEntryPrivateKeySource credentials. :(*
* credentials_store.updateCredentials(*
* global_domain,*
* existing_credentials,*
* credentials*
* )*
* } else {*
* credentials_store.addCredentials(global_domain, credentials)*
* }*
* EOH*
*end*
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-users/1470419e-0788-49b3-952b-854523037bb6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
