How to support nonProd/Prod credentials in Pipeline?

[Torsten Reinhard]

Hi, 

in our builld & deploy Pipeline we need to support TEST, INT as well as 
PROD environment.
For accessing the TEST, INT environment we are allowed to store the 
credentials in Jenkins (Credentials Binding plugin)

By using the "credentialsId" I can easily get the username/pwd and pass it 
to my *.sh script(s):

The code looks something like:

     
   stage("Deploy") {
            withCredentials([[$class: 'UsernamePasswordMultiBinding', 
credentialsId: 'oc-nonProd',
                            usernameVariable: 'USERNAME', passwordVariable: 
'PASSWORD'], [$class: 'UsernamePasswordMultiBinding', credentialsId: 
'proxy.muc',
                            usernameVariable: 'HTTP_USER', passwordVariable: 
'HTTP_PASSWORD']]) {
                                
                withEnv([ "http_proxy=\$HTTP_USER:\$http_passw...@proxy.host
:8080", "https_proxy=\$HTTP_USER:\$http_passw...@proxy.host:8080"]) {
                    dir('project') {
                        sh( """
./openshift/loginProject.sh ${config.url} ${config.targetEnvironment} 
./openshift/rolloutFrontend.sh ${VERSION}
""" )
                    }
                }
            }
        }



But how to support PROD credentials, now - where we are not allowed to 
store them in Jenkins ? I would like to enter at the least the PASSWORD 
manually, maybe the USERNAME, too.
Is there a way to use withCredentials(....) and pick up the values from 
build parameters (nonstoredpassword, textfield, .....) ?

Or just a simple 

if (nonProd) {
// like shown above
            withCredentials([[$class: 'UsernamePasswordMultiBinding', 
credentialsId: 'oc-nonProd',
                            usernameVariable: 'USERNAME', passwordVariable: 
'PASSWORD'], [$class: 'UsernamePasswordMultiBinding', credentialsId: 
'proxy.key',
                            usernameVariable: 'HTTP_USER', passwordVariable: 
'HTTP_PASSWORD']]) {
                                
                withEnv([ 
"http_proxy=\$HTTP_USER:\$http_passw...@proxy.host:8080", 
"https_proxy=\$HTTP_USER:\$http_passw...@proxy.host:8080"]) {

                    dir('project') {
                        sh( """
./openshift/loginProject.sh ${config.url} ${config.targetEnvironment} 
./openshift/rolloutFrontend.sh ${VERSION}
""" )
                    }
}
} else {
    // similar to above, but instead of withCredentials assign variables by 
using withEnv ???
            withCredentials([[$class: 'UsernamePasswordMultiBinding', 
credentialsId: 'proxy.muc',
                            usernameVariable: 'HTTP_USER', passwordVariable: 
'HTTP_PASSWORD']]) {
                                
                withEnv([ "USERNAME=$USERNAME_FIELD", 
"PASSWORD=$PASSWORD_FIELD", 
"http_proxy=\$HTTP_USER:\$http_passw...@proxy.host:8080", 
"https_proxy=\$HTTP_USER:\$http_passw...@proxy.host:8080"]) {
    // TODO extract this to helper 
                    dir('project') {
                        sh( """
./openshift/loginProject.sh ${config.url} ${config.targetEnvironment} 
./openshift/rolloutFrontend.sh ${VERSION}
""" )

}



Any other ideas?

Thanx for some hints,

Torsten

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/be1fa083-0691-41e5-8c64-2c21ae082a74%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.