Allow init-script to create string type credentials
For the automation of the homepage build, a string type credential
is needed to store the firebase API key. So far, there was no way
to automatically create this credential on startup.
Now a json-formatted file can be mounted into the container that
can contain user-password or string credentials, which will be loaded
into Jenkins on startup.
Change-Id: Icfa411473a0c014af4915bc1729b6265bafeb4f5
diff --git a/jenkins-docker/master/Dockerfile b/jenkins-docker/master/Dockerfile
index 755ec7c..27206cd 100644
--- a/jenkins-docker/master/Dockerfile
+++ b/jenkins-docker/master/Dockerfile
@@ -66,7 +66,7 @@
mkdir -p $JENKINS_REF/jobs/gerrit-ci-scripts-manual/
COPY number-executors.groovy $JENKINS_REF/init.groovy.d/
-COPY set-credentials.groovy $JENKINS_REF/init.groovy.d/
+COPY setCredentials.groovy $JENKINS_REF/init.groovy.d/
COPY gerrit-ci-scripts.xml $JENKINS_REF/jobs/gerrit-ci-scripts/config.xml
COPY gerrit-ci-scripts-manual.xml $JENKINS_REF/jobs/gerrit-ci-scripts-manual/config.xml
diff --git a/jenkins-docker/master/Makefile b/jenkins-docker/master/Makefile
index d99c9a2..058a938 100644
--- a/jenkins-docker/master/Makefile
+++ b/jenkins-docker/master/Makefile
@@ -26,6 +26,7 @@
-v /var/run/docker.sock:/var/run/docker.sock \
-v ${JENKINS_HOME}/jobs:/var/jenkins_home/jobs \
-v ${JENKINS_HOME}/.netrc:/var/jenkins_home/.netrc \
+ -v ${JENKINS_HOME}/.secrets:/var/jenkins_home/.secrets \
--net=host ${IMAGE}
start_osx:
@@ -43,6 +44,8 @@
-e DOCKER_GID=${DOCKER_GID} \
-e DOCKER_HOST="tcp://host.docker.internal:1234" \
-v ${JENKINS_HOME}/jobs:/var/jenkins_home/jobs \
+ -v ${JENKINS_HOME}/.netrc:/var/jenkins_home/.netrc \
+ -v ${JENKINS_HOME}/.netrc:/var/jenkins_home/.secrets \
-p 8080:8080 ${IMAGE}
id_rsa:
diff --git a/jenkins-docker/master/set-credentials.groovy b/jenkins-docker/master/set-credentials.groovy
deleted file mode 100644
index 6459ed9..0000000
--- a/jenkins-docker/master/set-credentials.groovy
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright (C) 2019 The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-import com.cloudbees.plugins.credentials.impl.*;
-import com.cloudbees.plugins.credentials.*;
-import com.cloudbees.plugins.credentials.domains.*;
-
-new File("/var/jenkins_home/.netrc").eachLine { line ->
- def lineParts = line.trim().split()
- if (lineParts.size() > 0) {
- def machine = lineParts[1]
- def user = lineParts[3]
- def pass = lineParts[5]
- println "Setting password for user $user on machine $machine"
- Credentials c = (Credentials) new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, machine, ".netrc credentials for $machine", user, pass)
- SystemCredentialsProvider.getInstance().getStore().addCredentials(Domain.global(), c)
- }
-}
diff --git a/jenkins-docker/master/setCredentials.groovy b/jenkins-docker/master/setCredentials.groovy
new file mode 100644
index 0000000..00df561
--- /dev/null
+++ b/jenkins-docker/master/setCredentials.groovy
@@ -0,0 +1,116 @@
+// Copyright (C) 2019 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+/*
+The '/var/jenkins_home/.secrets'-file should have the following structure:
+
+{
+ "example": {
+ "id": "example.com",
+ "type": "string",
+ "string": "secret",
+ "description": "a secret"
+ },
+ "example2": {
+ "id": "exampleUserPassword",
+ "type": "UserPassword",
+ "user": "admin",
+ "password": "secret",
+ "description": "another secret"
+ },
+}
+*/
+
+import com.cloudbees.plugins.credentials.impl.*;
+import com.cloudbees.plugins.credentials.*;
+import com.cloudbees.plugins.credentials.domains.*;
+import groovy.json.JsonSlurper;
+import hudson.util.Secret;
+import java.io.FileNotFoundException;
+import org.jenkinsci.plugins.plaincredentials.impl.*;
+
+def addCredentials(Credentials c) {
+ SystemCredentialsProvider
+ .getInstance()
+ .getStore()
+ .addCredentials(Domain.global(), c)
+}
+
+def addStringCredential(id, string, description){
+ Secret secret = Secret.fromString(string)
+ addCredentials(
+ (Credentials) new StringCredentialsImpl(
+ CredentialsScope.GLOBAL,
+ id,
+ description,
+ secret))
+ println "Adding secret string with credential id $id"
+}
+
+def addUserPasswordCredential(id, user, password, description){
+ addCredentials(
+ (Credentials) new UsernamePasswordCredentialsImpl(
+ CredentialsScope.GLOBAL,
+ id,
+ description,
+ user,
+ password))
+ println "Setting password for user $user to credential id $id"
+}
+
+def extractCredFromFile(filePath){
+ def jsonSlurper = new JsonSlurper()
+ def fileContents = jsonSlurper.parse(new File(filePath))
+
+ fileContents.each { name, credential ->
+ switch(credential.type.toLowerCase()) {
+ case "userpassword":
+ addUserPasswordCredential(
+ credential.id,
+ credential.user,
+ credential.password,
+ credential.description)
+ break
+ case "string":
+ addStringCredential(
+ credential.id,
+ credential.string,
+ credential.description)
+ break
+ }
+ }
+}
+
+try {
+ extractCredFromFile('/var/jenkins_home/.secrets')
+} catch(FileNotFoundException e) {
+ println "Couldn't find .secrets file"
+}
+
+
+try {
+ new File("/var/jenkins_home/.netrc").eachLine { line ->
+ def lineParts = line.trim().split()
+ if (lineParts.size() > 0) {
+ def machine = lineParts[1]
+ def user = lineParts[3]
+ def pass = lineParts[5]
+ println "Setting password for user $user on machine $machine"
+ Credentials c = (Credentials) new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, machine, ".netrc credentials for $machine", user, pass)
+ SystemCredentialsProvider.getInstance().getStore().addCredentials(Domain.global(), c)
+ }
+ }
+} catch(FileNotFoundException e) {
+ println "Couldn't find .netrc file"
+}
