unable to post ssh credentials via API

397 views
Skip to first unread message

Jurgen Weber

unread,
Oct 11, 2017, 3:51:30 AM10/11/17
to Jenkins Users
Hi Team

I am trying without success to create and update global ssh keys via the API. Things to know:

Jenkins version 2.8.3.
Security is enabled.
Google Auth is enabled.
Prevent Cross Site Request Forgery exploits is on with the default Crumb issuer.
Running on Kubernetes with the helm chart, plugins installed:
      - build-token-root:1.4
      - credentials-binding:1.13
      - docker-commons:1.8
      - docker-build-step:1.43
      - Exclusion:0.12
      - git:3.6.0
      - git-client:2.5.0
      - github:1.28.0
      - google-login:1.3
      - kubernetes:1.0
      - promoted-builds:2.29.1
      - s3:0.10.12
      - ssh-credentials:1.13
      - workflow-aggregator:2.5
      - workflow-job:2.14.1

name=myname
user=myuser
token=mytoken
ssh_pri_key=$(cat ${PWD}/id_rsa | tr '\n' '&' | sed 's/&$//g' | sed 's/\&/\\n/g')

CRUMB=$(curl -s "https://${user}:${token}@jenkins/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,\":\",//crumb)")

curl -i -H "${CRUMB}" -X POST "https://${user}:${token}@jenkins/credentials/store/system/domain/_/createCredentials" \
 --data-urlencode "json={
  \"credentials\": {
   \"stapler-class\":\"com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey\",
   \"scope\":\"GLOBAL\",
   \"username\":\"git\",
   \"privateKeySource\":{
      \"value\":\"0\",
      \"privateKey\": \"${ssh_pri_key}\",
      \"stapler-class\":\"com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey$DirectEntryPrivateKeySource\"
   },
   \"id\":\"${name}-deploy-key\",
   \"description\":\"${name}-deploy-key\",
   \"Jenkins-Crumb\":\"$(echo ${CRUMB} | cut -d ':' -f2)\"
  }
}"

No matter what I do, this is the error:
Caused: java.lang.IllegalArgumentException: Failed to convert the privateKeySource parameter of the constructor public com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey(com.cloudbees.plugins.credentials.CredentialsScope,java.lang.String,java.lang.String,com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey$PrivateKeySource,java.lang.String,java.lang.String)

Richard Bywater

unread,
Oct 11, 2017, 1:57:03 PM10/11/17
to Jenkins Users

Personally for that task I've used the CLI functionality to run a Groovy script to setup credentials. Don't know if that's an option for you or not.

Richard. 


--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/aff88570-6692-4987-b9ff-bf65c1bedfda%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Stephen Connolly

unread,
Oct 11, 2017, 2:12:52 PM10/11/17
to jenkins...@googlegroups.com
When posting via REST it must be xml. See the example “Creating a credential” in https://github.com/jenkinsci/credentials-plugin/blob/master/docs/user.adoc#rest-api


For more options, visit https://groups.google.com/d/optout.
--
Sent from my phone

Stephen Connolly

unread,
Oct 12, 2017, 4:30:45 AM10/12/17
to jenkins...@googlegroups.com
https://github.com/jenkinsci/credentials-plugin/blob/master/docs/user.adoc#creating-a-credentials (now that I'm at a computer I can give the direct #fragment link)

To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscribe@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscribe@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages