Creating an env variable via API

33 views
Skip to first unread message

Parichay Barpanda

unread,
Jun 10, 2019, 10:54:32 PM6/10/19
to Jenkins Developers
Hi all,

I am trying to figure out a way to add an environment variable to Jenkins without using the UI. Is there a way to do it via API? The intention is to let user add credentials to Jenkins without using UI. Please let me know if you have a solution to this.

Thanks.

Regards,
Parichay (baymac)


Parichay Barpanda

unread,
Jun 10, 2019, 11:12:36 PM6/10/19
to Jenkins Developers
For example,

To delete a job, you can make a POST request to Jenkins server as:

curl -X POST http://localhost:8080/job/my-job-name/doDelete --user jenkins:f1499cc9852c899d327a1f644e61a64d

where,
username: jenkins
api token: f1499cc9852c899d327a1f644e61a64d

Gavin Mogan

unread,
Jun 11, 2019, 12:34:02 AM6/11/19
to jenkin...@googlegroups.com

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/abc16929-b9e6-4e38-86c9-af7233f2451e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Parichay Barpanda

unread,
Jun 11, 2019, 5:27:47 AM6/11/19
to jenkin...@googlegroups.com
Thanks Gaven. Groovy is cool but we are using JCasC yaml to create credentials. I want to populate an environment variable and use it in my config.yaml. I want to know if there is a way to do it without using docker secrets. For example, when running Jenkins instance inside a VM or using jenkins.war file on local machine. Is there a way to do it in these cases (without going through UI)?

The config file looks like this:
credentials:
system:
domainCredentials:
- credentials:
- gitlabPersonalAccessToken:
scope: SYSTEM
id: "i<3GitLab"
token: ${GITLAB_PERSONAL_ACCESS_TOKEN}


Tim Jacomb

unread,
Jun 11, 2019, 6:07:22 AM6/11/19
to jenkin...@googlegroups.com
What I do for this is set the SECRETS environment variably and point it to a directory on the file system which had the secrets in it.
Basically pretending I’m using docker secrets

Thanks
Tim

Parichay Barpanda

unread,
Jun 11, 2019, 7:58:10 AM6/11/19
to jenkin...@googlegroups.com
Yes that shoud work. Although I think for a user it would be easier to have a cli command or api method to populate the env variable in Jenkins. Since in systems which are not isolated, storing a credentials in plain text can involve risk. 

Here is a small example from Travis,

Travis has CLI tool, that logs into your travis instance.

Let's say there is a file with my personal access token with the name `.gitlab_token`

If I run travis `travis encrypt-file .gitlab_token`, this generates an encoded file `.gitlab_token.enc` and pushes the necessary env variables to travis repository required to decrypt my file.

This file can be decrypted in the build step by adding:

openssl aes-256-cbc -K $encrypted_0a6446eb3ae3_key -iv $encrypted_0a6446eb3ae3_iv -in .gitlab_token.enc -out .gitlab_token -d

For encrypting env variables, it uses RSA key pair. The docs can explain this better. This more close to Jenkins pipeline but I think we can do a similar thing in JCasC so that we do not have to depend on docker secrets or azure secrets or any external party support.

Parichay Barpanda

unread,
Jun 11, 2019, 9:20:46 PM6/11/19
to Jenkins Developers
I found this groovy script to create a global environment variable in Jenkins.

Env.groovy:

import hudson.EnvVars;
import hudson.slaves.EnvironmentVariablesNodeProperty;
import hudson.slaves.NodeProperty;
import hudson.slaves.NodePropertyDescriptor;
import hudson.util.DescribableList;
import jenkins.model.Jenkins;
public createGlobalEnvironmentVariables(String key, String value){

        Jenkins instance = Jenkins.getInstance();

        DescribableList<NodeProperty<?>, NodePropertyDescriptor> globalNodeProperties = instance.getGlobalNodeProperties();
        List<EnvironmentVariablesNodeProperty> envVarsNodePropertyList = globalNodeProperties.getAll(EnvironmentVariablesNodeProperty.class);

        EnvironmentVariablesNodeProperty newEnvVarsNodeProperty = null;
        EnvVars envVars = null;

        if ( envVarsNodePropertyList == null || envVarsNodePropertyList.size() == 0 ) {
            newEnvVarsNodeProperty = new hudson.slaves.EnvironmentVariablesNodeProperty();
            globalNodeProperties.add(newEnvVarsNodeProperty);
            envVars = newEnvVarsNodeProperty.getEnvVars();
        } else {
            envVars = envVarsNodePropertyList.get(0).getEnvVars();
        }
        envVars.put(key, value)
        instance.save()
}
createGlobalEnvironmentVariables('xyzabc','baymac')


Using Jenkins CLI with the command to execute the above script

java -jar "jenkins-cli.jar" -s 'https://my.jenkins.instance' -noKeyAuth -auth ".jenkins-cli-auth" groovy = < 

where .jenkins-cli-auth is `<User ID>:<API Token>`

The env variables are populated

Screenshot from 2019-06-12 06-19-33.png


Now the question is, is it a good idea to recommend users to populate env with GitLab Personal Access Token using this method before performing a jcasc reload?

Also I think it would be better to store env variables values in a password form rather than plain text.

On Tuesday, June 11, 2019 at 8:24:32 AM UTC+5:30, Parichay Barpanda wrote:

Parichay Barpanda

unread,
Jun 12, 2019, 1:05:53 PM6/12/19
to Jenkins Developers
Just recorrecting myself here. I misconfused global properties with environment variables. Joseph Peterson clarified to me later. So I guess the previous method is not how it works with JCasC.

Thanks.
Reply all
Reply to author
Forward
0 new messages