Jenkinsfile访问AWS凭据

3b6akqbq 于 2023-11-17 发布在 Jenkins

关注(0)|答案(4)|浏览(132)

我正在尝试访问存储在Jenkins中的AWS凭据，并在Jenkins管道中执行以下操作（Jenkinsfile）

steps {
            withCredentials([usernamePassword(credentialsId: 'eb1092d1-0f06-4bf9-93c7-32e5f7b9ef76', accessKeyVariable: 'AWS_ACCESS_KEY_ID', secretKeyVariable: 'AWS_SECRET_ACCESS_KEY')]) {
                sh 'echo $AWS_ACCESS_KEY_ID'
                sh 'echo $AWS_SECRET_ACCESS_KEY'
            }
      }

字符串
它的错误与

org.jenkinsci.plugins.credentialsbinding.impl.CredentialNotFoundException: Could not find credentials entry with ID 'eb1092d1-0f06-4bf9-93c7-32e5f7b9ef76'
at org.jenkinsci.plugins.credentialsbinding.MultiBinding.getCredentials(MultiBinding.java:153)
at org.jenkinsci.plugins.credentialsbinding.impl.UsernamePasswordMultiBinding.bind(UsernamePasswordMultiBinding.java:76)
at org.jenkinsci.plugins.credentialsbinding.impl.BindingStep$Execution.start(BindingStep.java:114)
at org.jenkinsci.plugins.workflow.cps.DSL.invokeStep(DSL.java:270)
at org.jenkinsci.plugins.workflow.cps.DSL.invokeMethod(DSL.java:178)
at org.jenkinsci.plugins.workflow.cps.CpsScript.invokeMethod(CpsScript.java:122)
at sun.reflect.GeneratedMethodAccessor3000.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93)
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1213)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1022)
at org.codehaus.groovy.runtime.callsite.PogoMetaClassSite.call(PogoMetaClassSite.java:42)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:157)
at org.kohsuke.groovy.sandbox.GroovyInterceptor.onMethodCall(GroovyInterceptor.java:23)
at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:155)
at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:155)
at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:159)
at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:129)
at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.methodCall(SandboxInvoker.java:17)
at WorkflowScript.run(WorkflowScript:16)

型
和

withCredentials([[ $class: 'AmazonWebServicesCredentialsBinding', credentialsId: 'eb1092d1-0f06-4bf9-93c7-32e5f7b9ef76', accessKeyVariable: 'AWS_ACCESS_KEY_ID', secretKeyVariable: 'AWS_SECRET_ACCESS_KEY']]) {
                sh "echo this is ${env.AWS_ACCESS_KEY_ID}"
                sh "echo this is ${env.AWS_SECRET_ACCESS_KEY}"
            }

型
埃什托

org.jenkinsci.plugins.credentialsbinding.impl.CredentialNotFoundException: Could not find credentials entry with ID 'eb1092d1-0f06-4bf9-93c7-32e5f7b9ef76'
at org.jenkinsci.plugins.credentialsbinding.MultiBinding.getCredentials(MultiBinding.java:153)
at com.cloudbees.jenkins.plugins.awscredentials.AmazonWebServicesCredentialsBinding.bind(AmazonWebServicesCredentialsBinding.java:97)
at org.jenkinsci.plugins.credentialsbinding.impl.BindingStep$Execution.start(BindingStep.java:114)
at org.jenkinsci.plugins.workflow.cps.DSL.invokeStep(DSL.java:270)
at org.jenkinsci.plugins.workflow.cps.DSL.invokeMethod(DSL.java:178)
at org.jenkinsci.plugins.workflow.cps.CpsScript.invokeMethod(CpsScript.java:122)
at sun.reflect.GeneratedMethodAccessor3000.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93)
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1213)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1022)
at org.codehaus.groovy.runtime.callsite.PogoMetaClassSite.call(PogoMetaClassSite.java:42)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:157)
at org.kohsuke.groovy.sandbox.GroovyInterceptor.onMethodCall(GroovyInterceptor.java:23)
at

型
我确实有证件，ID为eb1092d1-0f06-4bf9-93c7-32e5f7b9ef76
我已安装CloudBees AWS Credentials PluginVersion 1.24
有人知道这里有什么不对吗？

Jenkins

来源：https://stackoverflow.com/questions/53859575/jenkinsfile-access-aws-credentials

4条答案

按热度按时间

ttygqcqt1#

凭证eb1092d1-0f06-4bf9-93c7-32e5f7b9ef76不是AWS access key and secret类型。请在将凭证添加到Jenkins时仔细检查您选择的类型是否正确。
您可以通过Jenkins内置工具检查：管道生成器-> SnirkingGenerator如下指南：
1.通过your jenkins server url/pipeline-syntax/打开工具，例如https://my.jenkins.com/pipeline-syntax/
1.从示例步骤中选择withCredentials: Bind credentials to variables
1.单击添加按钮，然后从弹出选项中选择AWS access key and secret
1.从Credentials中选择您的凭据，如果您在凭据中找不到任何凭据，则表示您的凭据不是AWS access key and secret类型
1.点击Generate pipeline script按钮
1.检查生成的脚本中的credentialsId是否为eb1092d1-0f06-4bf9-93c7-32e5f7b9e
x1c 0d1x的数据

赞(0）回复(0）举报 2023-11-17

klr1opcd2#

将上面截图中的代码转换为代码片段，以便于复制

withCredentials([[
    $class: 'AmazonWebServicesCredentialsBinding',
    credentialsId: "credentials-id-here",
    accessKeyVariable: 'AWS_ACCESS_KEY_ID',
    secretKeyVariable: 'AWS_SECRET_ACCESS_KEY'
]]) {
    // AWS Code
}

字符串

赞(0）回复(0）举报 2023-11-17

wooyq4lh3#

您可能需要处理多字段凭据或插件（尚未）支持的供应商特定凭据类型。
在这种情况下，你有几个选择：
1.使用符合您要求的最接近的标准多字段凭据（例如，带密码的身份验证）。
1.使用字符串凭据，将所有字段序列化为secret值（例如，作为JSON或分隔字符串），并在作业脚本中解析它们。（当其他方法不起作用时，这是最后的手段，例如，当secret旋转会导致多个字段更改时。）
示例如下：Jenkins使用主AWS凭据（来自环境）向Secrets Manager进行身份验证。您有一个作业在不同的帐户中执行特定的AWS操作，该帐户使用辅助AWS凭据。您可以选择将辅助AWS凭据编码为JSON，并使用字符串credential foo：

node {
    withCredentials([string(credentialsId: 'foo', variable: 'secret')]) {
        script {
            def creds = readJSON text: secret
            env.AWS_ACCESS_KEY_ID = creds['accessKeyId']
            env.AWS_SECRET_ACCESS_KEY = creds['secretAccessKey']
            env.AWS_REGION = 'us-east-1' // or whatever
        }
        sh "aws sts get-caller-identity" // or whatever
    }
}

字符串
用户名密码类型凭据的典型示例（此处的示例）如下所示：

withCredentials([usernamePassword(credentialsId: 'amazon', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
  // available as an env variable, but will be masked if you try to print it out any which way
  // note: single quotes prevent Groovy interpolation; expansion is by Bourne Shell, which is what you want
  sh 'echo $PASSWORD'
  // also available as a Groovy variable
  echo USERNAME
  // or inside double quotes for string interpolation
  echo "username is $USERNAME"
}

型
ReadMore1
ReadMore2的

赞(0）回复(0）举报 2023-11-17

zsohkypk4#

现在是2023年，AWS凭证根据documentation有一个withCredentials绑定：

withCredentials([aws(credentialsId: "aws_credentials_id")]) {
    sh '''
       #!/bin/bash
       aws ...
       '''.stripIndent().stripLeading()
 }

字符串
感兴趣的文档片段：
将一个变量设置为AWS访问密钥，将另一个变量设置为凭据中给定的密钥。

accessKeyVariable：AWS访问密钥ID的String环境变量名称。如果为空，则使用AWS_ACCESS_KEY_ID。
secretKeyVariable：String AWS Secret Access Key的环境变量名。如果为空，则使用AWS_SECRET_ACCESS_KEY。
credentialsId：String要设置为变量的适当类型的凭据。
roleArn：String（可选）
roleSessionDurationSeconds：int（可选）
roleSessionName：String（可选）

你也可以在参数输入中使用这些凭证，即使没有文档记录。只要确保credentialsId设置为管道参数的名称：

parameters {
        credentials(credentialType: 'com.cloudbees.jenkins.plugins.awscredentials.AWSCredentialsImpl',
            defaultValue: '',
            description: 'AWS Credentials for AMI Generation',
            // the credentials name used here must match the parameter passed to userColonPassword in the 'Deploy' stage below
            name: 'aws_credentials',
            required: true)
    }

 ...

 withCredentials([aws(credentialsId: "aws_credentials")]) {
    sh '''
       #!/bin/bash
       aws ...
       '''.stripIndent().stripLeading()
 }

型

赞(0）回复(0）举报 2023-11-17

我来回答

Jenkinsfile访问AWS凭据

4条答案

相关问题

热门标签

最新问答