I have developed an application that lives in a public Github repository.
The app interacts with systems that require credentials that are currently stored in a properties file.
A jenkins box runs the app periodically.
The problem of saving the project in github without exposing my credentials is succinctly addressed here.
How do I pass my credentials to the jenkins job without exposing the credentials (needed by the app) to my workmates?
In my case I went for a jenkins parametrized build that allowed me to provide string and password type of params.
The params are read in the program via system.getProperty
Related
I have installed google datastore emulator in my local machine along with it written a sample spring boot application .
I can't connection datastore emulator
This is my application.properties config
spring.cloud.gcp.datastore.project-id=project-id
spring.cloud.gcp.datastore.emulator.enabled=true
spring.cloud.gcp.datastore.emulator-host=http://localhost:8081
by this config , I will throw Exception
The Application Default Credentials are not available. They are available if running in Google Compute Engine. Otherwise, the environment variable GOOGLE_APPLICATION_CREDENTIALS must be defined pointing to a file defining the credentials. See https://developers.google.com/accounts/docs/application-default-credentials for more information.
When using the Datastore emulator, you don't need credentials for running the application, so it might be that the library doesn't know that.
However, if you want to try it providing credentials, once you have a service account created, then run in the shell the following:
export GOOGLE_APPLICATION_CREDENTIALS="KEY_PATH"
KEY_PATH you have to replace it with the path of the JSON file that contains your service account key. You can find more information here.
So i have Java Maven project with Selenium.
This protect is hosted on GitHub and i also have Jenkis job that run this test every night.
Because my test require to login to specific WebSite i need to provide the credential (email address and password):
emailaddress="myemailaddress#gmail.com"
password="mypassword"
so i create config.properties file inside my Intellij and load this credential from this file.
Now because i hosted my project in free account i want to find a way the not everyone could see this credential and still be able to run my tests every night.
Any idea how to do that ?
I know that to deploy onto app-engine you can run the maven command:
mvn appengine:update
Which then prompts for the auth code and launches a browser to confirm you want to publish onto the app engine. I'm looking to automate this fully so it can just be run as a command from maven. I have the appengine-maven-plugin setup but there doesn't seem to be any functionality to skip the manual step.
Has anyone managed to solve this? I know you can deploy right from Jenkins but we're looking for a solution that could be automates if our Jenkins server was down
Thanks
The authentication flow which redirects you to the browser for login and consent is call three-legged Oauth because it involves three steps: 1) request for a token 2) login and consent 3) API call with token.
An authentication flow which does not involve user login and consent is called two-legged Oauth (server to server): 1) request for a token, signed with a private key 2) API call with token. Server to server auth requires that you setup a service account with appropriate permissions (scopes). You must also safely distribute the private key for that service account so that you can sign your requests. See the OAuth2ServiceAccount instructions
The Bitnami Jenkins image actually does quite a bit for you out of the box. When you setup Push-to-Deploy you launch an instance with gcloud. That launch command specifies the scopes you want that images to have access too with the --scopes parameter, including "https://www.googleapis.com/auth/appengine.admin". Permission to these scopes is given to the default project service account. When Jenkins deploys your code, the service account credentials are made available through the Jenkins Google Oauth Plugin.
You can build another tool that will push code programatically. You will need to create a service account which generates a JSON Web Token (JWT) Again see the Outh2ServiceAccount instructions. The JWT is your private credential and you need to find a secure place to store it. The App Engine SDK knows how to use JWTs to get auth tokens.
During runtime you can pass the path to the JWT file as the --service_account_json_key_file parameter to appcfg.py. To plumb that parameter through the Maven plugin you'll have to use -DadditionalParams="--service_account_json_key_file " which is available on the tip of github.com/GoogleCloudPlatform/appengine-maven-plugin/master. (Will be in App Engine release 1.9.27, but you can pull from Github until then.)
I'm developing an application based on java which allows one to manage jenkins jobs remotely.
How can I insert svn user and password when creating a new job?
I am not aware of any method of doing so, however you can have the master cache credentials after authenticating successfully once.
This can be found under: Manage Jenkins>Configure System>Subversion. Just check the box which specifies "Update default Subversion credentials cache after successful authentication".
If you have multiple repositories this won't help, but if your jobs use the same repo then you should be able to create a new job via the api without explicitly specifying the SVN credentials.
Can I configure, create/update the existing project in Hudson without using its user interface?
Is it possible by changing configuration file or other mean?
The Remote Access API page mentions that you an create/copy job with it.
Remote access API is offered in a REST-like style.
That is, there is no single entry point for all features, and instead they are available under the ".../api/" URL where "..." portion is the data that it acts on.
For example, if your Hudson installation sits at http://deadlock.netbeans.org/hudson/, http://deadlock.netbeans.org/hudson/api/ will give you HTML lists of all available functionality that act on the Hudson root.
On my Hudson, the /api address gives:
Create Job
To create a new job, post config.xml to this URL with query parameter name=JOBNAME.
You'll get 200 status code if the creation is successful, or 4xx/5xx code if it fails.
config.xml is the format Hudson uses to store the project in the file system, so you can see examples of them in /server/path/to/your/hudson/home.