-
Bug
-
Resolution: Fixed
-
Major
-
None
-
Jenkins ver. 2.164.3
job-dsl 1.74
ssh-credentials 1.16
-
-
job-dsl-plugin 1.79
Version 1.16 of the SSH Credentials plugin changed the plain SSH private key from String to a hudson.util.Secret.
This leads to the situation that Job DSL cannot be used to configure SSH credentials any longer.
This snippet works when using SSH Credentials plugin 1.15:
folder('foo') { properties { folderCredentialsProperty { domainCredentials { domainCredentials { domain { name(null) description(null) } credentials { basicSSHUserPrivateKey { scope('GLOBAL') id('my-ssh') description('My SSH Credentials') username('me') passphrase('') privateKeySource { directEntryPrivateKeySource { privateKey('SSH-PRIVATE-KEY-HERE') } } } } } } } } }
But with SSH Credentials version 1.16, the privateKeySource directive shows as empty in the Job DSL's API browser.
Maybe there's a way to also support hudson.util.Secret in Job DSL (by simply wrapping Strings into Secret.fromString(...))?
- is blocked by
-
-
- Open
-
- is related to
-
-
- Open
-
-
-
- In Review
-
-
-
- Closed
-
- relates to
-
JENKINS-54345 Job-DSL RTC Build Definition
-
- Open
-
- links to
[JENKINS-57435] Cannot configure SSH credentials via Job DSL
If you're wondering how to do this with configure blocks, it's something like this:
folder('example') { properties { folderCredentialsProperty { domainCredentials { domainCredentials { domain { name("") description("") } } } } } configure { def configNode = it / 'properties' / 'com.cloudbees.hudson.plugins.folder.properties.FolderCredentialsProvider_-FolderCredentialsProperty' / 'domainCredentialsMap' / 'entry' / 'java.util.concurrent.CopyOnWriteArrayList' configNode << 'com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey' { id("test_ssh_credentials") description("") username("test_ssh_credentials") privateKeySource(class:"com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey\$DirectEntryPrivateKeySource") { privateKey("""YOUR_PRIVATE_KEY_HERE""") } } } }
Renzo Crisóstomo
added a comment - - edited If you're wondering how to do this with configure blocks, it's something like this:
folder( 'example' ) {
properties {
folderCredentialsProperty {
domainCredentials {
domainCredentials {
domain {
name("")
description("")
}
}
}
}
}
configure {
def configNode = it / 'properties' / 'com.cloudbees.hudson.plugins.folder.properties.FolderCredentialsProvider_-FolderCredentialsProperty' / 'domainCredentialsMap' / 'entry' / 'java.util.concurrent.CopyOnWriteArrayList'
configNode << 'com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey' {
id( "test_ssh_credentials" )
description("")
username( "test_ssh_credentials" )
privateKeySource(class: "com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey\$DirectEntryPrivateKeySource" ) {
privateKey( """YOUR_PRIVATE_KEY_HERE" "")
}
}
}
}
The same issue exists with the https://github.com/jenkinsci/plain-credentials-plugin. It also uses a Secret parameter.
Ace Jones
added a comment - The PR raised by twz123 would also fix JENKINS-59971 The PR is merged, and should be available as part of release 1.79. Thanks for the contribution, and the patience!
Here's a complete working example, with JCasC, JobDSL and Ansible vault vars plus Jinja for the indent.
Now that the PR's for this issue JENKINS-57435 and JENKINS-44681 have been merged in the last couple months, creating separate credentials per folder is possible.
jobs: - script: | folder("Foo") { properties { folderCredentialsProperty { domainCredentials { domainCredentials { domain{ name("Foo creds") description("Credentials only for Foo folder") } credentials { basicSSHUserPrivateKey { scope("GLOBAL") id("git-server") description("Git SSH private key") username("{{ ansible_vault_ssh_user }}") passphrase("") privateKeySource { directEntryPrivateKeySource { privateKey(hudson.util.Secret.fromString (''' {{ ansible_vault_ssh_private_key | indent(8) }} ''')) } } } usernamePasswordCredentialsImpl { scope("GLOBAL") id("artifactory") description("Jfrog Artifactory") username("{{ ansible_vault_artifactory_user }}") password("{{ ansible_vault_artifactory }}") } } } } } } }
James
added a comment - - edited Here's a complete working example, with JCasC, JobDSL and Ansible vault vars plus Jinja for the indent.
Now that the PR's for this issue JENKINS-57435 and JENKINS-44681 have been merged in the last couple months, creating separate credentials per folder is possible.
jobs:
- script: |
folder( "Foo" ) {
properties {
folderCredentialsProperty {
domainCredentials {
domainCredentials {
domain{
name( "Foo creds" )
description( "Credentials only for Foo folder" )
}
credentials {
basicSSHUserPrivateKey {
scope( "GLOBAL" )
id( "git-server" )
description( "Git SSH private key" )
username( "{{ ansible_vault_ssh_user }}" )
passphrase("")
privateKeySource {
directEntryPrivateKeySource {
privateKey(hudson.util.Secret.fromString
('''
{{ ansible_vault_ssh_private_key | indent(8) }}
'''))
}
}
}
usernamePasswordCredentialsImpl {
scope( "GLOBAL" )
id( "artifactory" )
description( "Jfrog Artifactory" )
username( "{{ ansible_vault_artifactory_user }}" )
password( "{{ ansible_vault_artifactory }}" )
}
}
}
}
}
}
}
I opened PR #1202 that allows the usage of hudson.util.Secret as an input parameter, so that the following snippet works: