How to support nonProd/Prod credentials in Pipeline?
9 views
Skip to first unread message
Torsten Reinhard
Feb 5, 2018, 4:49:03 PM2/5/18
to Jenkins Users
Hi,
in our builld & deploy Pipeline we need to support TEST, INT as well as PROD environment.
For accessing the TEST, INT environment we are allowed to store the credentials in Jenkins (Credentials Binding plugin)
By using the "credentialsId" I can easily get the username/pwd and pass it to my *.sh script(s):
The code looks something like:
But how to support PROD credentials, now - where we are not allowed to store them in Jenkins ? I would like to enter at the least the PASSWORD manually, maybe the USERNAME, too.
Is there a way to use withCredentials(....) and pick up the values from build parameters (nonstoredpassword, textfield, .....) ?
Or just a simple
Any other ideas?
Thanx for some hints,
Torsten
in our builld & deploy Pipeline we need to support TEST, INT as well as PROD environment.
For accessing the TEST, INT environment we are allowed to store the credentials in Jenkins (Credentials Binding plugin)
By using the "credentialsId" I can easily get the username/pwd and pass it to my *.sh script(s):
The code looks something like:
stage("Deploy") {
withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: 'oc-nonProd',
usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD'], [$class: 'UsernamePasswordMultiBinding', credentialsId: 'proxy.muc',
usernameVariable: 'HTTP_USER', passwordVariable: 'HTTP_PASSWORD']]) {
withEnv([ "http_proxy=\$HTTP_USER:\$HTTP_P...@proxy.host:8080", "https_proxy=\$HTTP_USER:\$HTTP_P...@proxy.host:8080"]) {
dir('project') {
sh( """
./openshift/loginProject.sh ${config.url} ${config.targetEnvironment}
./openshift/rolloutFrontend.sh ${VERSION}
""" )
}
}
}
}
But how to support PROD credentials, now - where we are not allowed to store them in Jenkins ? I would like to enter at the least the PASSWORD manually, maybe the USERNAME, too.
Is there a way to use withCredentials(....) and pick up the values from build parameters (nonstoredpassword, textfield, .....) ?
Or just a simple
if (nonProd) {
// like shown above
withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: 'oc-nonProd',
usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD'], [$class: 'UsernamePasswordMultiBinding', credentialsId: 'proxy.key',
usernameVariable: 'HTTP_USER', passwordVariable: 'HTTP_PASSWORD']]) {
withEnv([ "http_proxy=\$HTTP_USER:\$HTTP_P...@proxy.host:8080", "https_proxy=\$HTTP_USER:\$HTTP_P...@proxy.host:8080"]) {
dir('project') {
sh( """
./openshift/loginProject.sh ${config.url} ${config.targetEnvironment}
./openshift/rolloutFrontend.sh ${VERSION}
""" )
}
}
} else {
// similar to above, but instead of withCredentials assign variables by using withEnv ???
withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: 'proxy.muc',
usernameVariable: 'HTTP_USER', passwordVariable: 'HTTP_PASSWORD']]) {
withEnv([ "USERNAME=$USERNAME_FIELD", "PASSWORD=$PASSWORD_FIELD", "http_proxy=\$HTTP_USER:\$HTTP_P...@proxy.host:8080", "https_proxy=\$HTTP_USER:\$HTTP_P...@proxy.host:8080"]) {
// TODO extract this to helper
dir('project') {
sh( """
./openshift/loginProject.sh ${config.url} ${config.targetEnvironment}
./openshift/rolloutFrontend.sh ${VERSION}
""" )
}
Any other ideas?
Thanx for some hints,
Torsten
Reply all
Reply to author
Forward
0 new messages