I have a script that delete and re-create jobs through curl HTTP-calls and I want to get rid of any hard-coded "username:password".
E.g. curl -X POST $url --user username:password
Considerations:
Jenkins CLI (probably not an option).
One should be able to achieve the same with the CLI as with Jenkins API (creating jobs etc) but as far as I understand Jenkins CLI is not a good alternative for me since jobs created with will only appear in Jenkins after restarting or a "Reload Configuration from Disk", and that would cancel any other running jobs.
API token. Can't find out how to get the user token and then pass it
as a parameter to the script, but that may be a solution..
Try this way: (for example delete the job)
curl --silent --show-error http://<username>:<api-token>#<jenkins-server>/job/<job-name>/doDelete
The api-token can be obtained from http://<jenkins-server>/user/<username>/configure.
This worked for me:
curl -u $username:$api_token -FSubmit=Build 'http://<jenkins-server>/job/<job-name>/buildWithParameters?environment='
API token can be obtained from Jenkins user configuration.
With Jenkins CLI you do not have to reload everything - you just can load the job (update-job command). You can't use tokens with CLI, AFAIK - you have to use password or password file.
Token name for user can be obtained via http://<jenkins-server>/user/<username>/configure - push on 'Show API token' button.
Here's a link on how to use API tokens (it uses wget, but curl is very similar).
I needed to explicitly add POST in the CURL command:
curl -X POST http://<user>:<token>#<server>/safeRestart
I also have the SafeRestart Plugin installed, in case that makes a difference.
If you want to write a script to automate creation of jobs using the Jenkins API, you can use one of the API clients to do that. A ruby client for Jenkins is available at https://github.com/arangamani/jenkins_api_client
gem install jenkins_api_client
require "rubygems"
require "jenkins_api_client"
# Initialize the client by passing in the server information
# and credentials to communicate with the server
client = JenkinsApi::Client.new(
:server_ip => "127.0.0.1",
:username => "awesomeuser",
:password => "awesomepassword"
)
# The following block will create 10 jobs in Jenkins
# test_job_0, test_job_1, test_job_2, ...
10.times do |num|
client.job.create_freestyle(:name => "test_job_#{num}")
end
# The jobs in Jenkins can be listed using
client.job.list_all
The API client can be used to perform a lot of operations.
API token is the same as password from API point of view, see source code uses token in place of passwords for the API.
See related answer from #coffeebreaks in my question python-jenkins or jenkinsapi for jenkins remote access API in python
Others is described in doc to use http basic authentication model
In order to use API tokens, users will have to obtain their own tokens, each from https://<jenkins-server>/me/configure or https://<jenkins-server>/user/<user-name>/configure. It is up to you, as the author of the script, to determine how users supply the token to the script. For example, in a Bourne Shell script running interactively inside a Git repository, where .gitignore contains /.jenkins_api_token, you might do something like:
api_token_file="$(git rev-parse --show-cdup).jenkins_api_token"
api_token=$(cat "$api_token_file" || true)
if [ -z "$api_token" ]; then
echo
echo "Obtain your API token from $JENKINS_URL/user/$user/configure"
echo "After entering here, it will be saved in $api_token_file; keep it safe!"
read -p "Enter your Jenkins API token: " api_token
echo $api_token > "$api_token_file"
fi
curl -u $user:$api_token $JENKINS_URL/someCommand
Related
I have a control-repo in gitlab and I want to automatically generate an sshkey and send it to my repository throu the gitlab api(using Deploy Token).
It is actually a straight forward question I want answered. What is the (or is there any)"standard" with puppet on how to send an sshkey to gitlab via its api? I have tried using this module(https://forge.puppet.com/abrader/gms), but it doest work. Below I explain what I have done and tried.
I have generated a deploy token by going to Settings->Repository->Deploy Tokens. Here I got a random string that I have now saved.
I have been able to automatically generate a key named 'manager-deploy-key'. I use this module to generate the key: https://forge.puppet.com/puppet/ssh_keygen
Ssh-keygen code
ssh_keygen { 'root':
bits => 4096,
type => 'rsa',
filename => '/root/.ssh/manager-deploy-key',
}
I then wanted to use this module: "https://forge.puppet.com/abrader/gms" to automatically send the newly generated key to my repo as a deploy key.
Should send deploykey
git_deploy_key { 'add_deploy_key_to_puppet_control':
ensure => present,
name => $::fqdn,
path => '/root/.ssh/manager-deploy-key.pub',
token => 'DEPLOY_TOKEN_HERE',
project_name => 'user/control-repo',
server_url => 'https://gitlab.com',
provider => 'gitlab',
}
This failed and therefore I chose to debug by adding --debug in my command --> "puppet apply --debug /file/test.pp"
Looking into the debugging information the response to the GET request is
"{\"error\":\"API V3 is no longer supported. Use API V4 instead.\"}"
The module doesnt work... Therefore I am now about to use curl to automate this myself. However, I really want to know if there is an easier alternative.
Seems like the only way really is to use curl since the module is deprecated. I have set up a command for it if someone needs an example.
curl -H "PRIVATE-TOKEN: ${git_api_token}" -H "Content-Type: application/json" \
-X POST -d "{\"title\":\"${git_ssl_keyname}\",\"key\":\"${sslpub}\", \"can_push\":\"true\"}" \
"https://gitlab.com/api/v4/projects/${project_id}/deploy_keys"
git_api_token is a token you generate on your account. I was unable to make this work with a deploy token that you can generate in a project.
git_ssl_keyname is the name of your ssh key. This can be anything you want.
sslpub is the actual key you want imported into your project.
project_id is the id of your project. If you visit your main project page it will be near the top.
If you want more information on gitlabs access token api visit https://docs.gitlab.com/ee/api/deploy_keys.html
I am trying to log into a server using my authentication(username and password) for app development purpose with swift 4. However my server requires csfrtoken and csrfmiddlewaretoken. How can I extract the csrfmiddlewaretoken value and make a Post request to log with all the other authentication?
Keep tadmans comment in mind. If you really want to do it the way as you described it in your question you would need to make a GET request in order to parse the CSRF token of your desired login page. The token should be located inside the login form.
I have added a bash script to extract the token from stackoverflow as a reference:
fkey=`curl https://stackoverflow.com/users/login? | grep -P -o '(?<=value\=\")\w*(?=\")'`
echo $fkey # got the token
# make a post request with the freshly parsed token
curl -L -c cookies -d 'fkey='$fkey'&ssrc=head&email=MY_MAIL_ADDRESS&password=MY_PASSWORD&oauth_version=&oauth_server=&openid_username=&openid_identifier=' https://stackoverflow.com/users/login?ssrc=he$
# finally browse the site with your obtained cookies
curl -b cookies https://stackoverflow.com/users/7727583/yannic-hamann
It is convenient to set up a token-based authentication method via the Django REST framework. But this is only an option in case you are developing your own API.
I tried call this command
curl -l -u "my_user_name" https://my-enterprise-github.com
Then, I input my password manually.
But it returns this
<html><body>You are being redirected.</body></html>
Please explain what's wrong with my command.
Thank you.
cURL should not be used for access to GitHub's (or most web) UI without specific reasons. GitHub provides an API to allow accessing data as a well-defined structure.
You mentioned wanting to get-a-single-pull-request. This relies on a URL pattern following GET /repos/:owner/:repo/pulls/:number.
So if you had a GitHub account, facebook, and wanted to look up a specific pull request 15947 in react-native. The full URL would be
https://api.github.com/repos/facebook/react-native/pulls/15947
The cURL command would be
curl -u osowskit -X GET https://api.github.com/repos/facebook/react-native/pulls/15947
Note that:
You will likely want to start using a PAT or OAuth token instead of username/password
There are tools that make exploring the GitHub API easier. postman or octokit
To start with you may want the -L flag. From the cURL Frequently Asked Questions
3.8 How do I tell curl to follow HTTP redirects?
Curl does not follow so-called redirects by default. The Location: header that informs the client about this is only interpreted if you're using the -L/--location option. As in:
curl -L http://redirector.com
Not all redirects are HTTP ones, see 4.14
There's also a CLI now that can be helpful for many similar use-cases:
https://cli.github.com/
$ gh pr list
Showing 2 of 2 open pull requests in Roblox/service-comms-nomad
#16 chi1 Traefik 1.7 GLB jobs chi1-glb-prep
#6 Cgt/t2 cgt/t2
I have a jenkins server using the Github OAuth plugin and authorized in the "Authorized applications" section of github, it works fine from my browser, i can access to the jenkins server as long as i'm authenticated with github.
Is there a way to access to the jenkins server api using oauth credentials/token from CURL or a ruby client?
I've generated a token in https://github.com/settings/applications -> Personal access tokens -> Generate new token (there is no option to scope it to a third party application)
that token works fine to access github :
curl -H "Authorization: token cfbcff42e6a8a52a1076dd9fcxxxxxxxxxxxxxxx" https://api.github.com/user
however, that token is not valid for jenkins-server:
curl -H "Authorization: token cfbcff42e6a8a52a1076dd9fcxxxxxxxxxxxxxxx" https://jenkins-server/user/restebanez/api/json/\?pretty\=true
It generates this error:
<html><head><meta http-equiv='refresh' content='1;url=/securityRealm/commenceLogin?from=%2Fuser%2Frestebanez%2Fapi%2Fjson%2F%3Fpretty%3Dtrue'/><script>window.location.replace('/securityRealm/commenceLogin?from=%2Fuser%2Frestebanez%2Fapi%2Fjson%2F%3Fpretty%3Dtrue');</script></head><body style='background-color:white; color:white;'>
Authentication required
<!--
You are authenticated as: anonymous
Groups that you are in:
Permission you need to have (but didn't): hudson.model.Hudson.Read
... which is implied by: hudson.security.Permission.GenericRead
... which is implied by: hudson.model.Hudson.Administer
-->
</body></html>
```
the jenkins server has installed GitHub API Plugin 1.58 and Github Authentication plugin 0.19
I'm probably missing some fundamentals of oauth b/c i have googled this for a while and i haven't found anything
I'm not sure if you ever got to the bottom of this, but after trying several routes I finally got a scripted build using Github OAuth on Jenkins. The trick is that the API token is not one for GitHub but rather one from Jenkins.
For my setup I have a machine user on github, I logged in normally via the web with that user, then clicked on the username in the upper right corner. From there I clicked "Configure" on the left-hand menu, and finally "Show API Token" in the main content area.
Once I had that I could run:
curl --user <username>:<api_token> https://jenkins-server/user/<username>/api/json/?pretty=true
More information.
You should just use a Jenkins API token. This is configurable per user. See $JENKINS_URL/me
This will allow your scripted client to access Jenkins regardless of whatever authentication strategy is being used.
You should use "Basic" rather than "token"
For example:
curl -H "Authorization: Basic cfbcff42e6a8a52a1076dd9fcxx"
https://jenkins-server/user/restebanez/api/json
This worked for me (using getting commit statuses as an example):
url=https://api.github.com/repos/myowner/myrepo/commits/f40ddce88593482919761f74910f42f4b84c004b/statuses
curl -X GET -u :${GITHUB_TOKEN} ${url}
I'm trying to create a repo using Github API, but it always return this JSON:
{"message":"Not Found"}
But this error appears only when I try to create using OAuth access token in request header, if I use username and password, API create the repo and return a successful message.
Anyone had problems with this API endpoint?
You can create a new repository using the Python library, PyGithub.
from github import Github
g = Github("your username", "your password")
g = Github("your token") # safer alternative, if you have an access token
u = g.get_user()
repo = u.create_repo("name-of-your-repo")
This should solve your problem.
I had a different message come up with this
curl -i -d '{"name":"NAME"}' https://api.github.com/orgs/:ORG/repos?access_token=XXX
{
"message": "Must be an owner or admin of Organization."
}
But still not sure why I cannot create either
Ok
This worked for me
Create Auth Token
curl -u 'iwarner' -d '{"scopes":["repo"],"note":":NAME"}' https://api.github.com/authorizations
Create Repo - Need to contain "Authorization: token"
curl -i -H 'Authorization: token TOKENHERE' -d '{"name":":NAME"}' https://api.github.com/user/repos
This works, just tried it.
curl -F 'login=c00kiemon5ter' -F 'token=s3cr3t' https://github.com/api/v2/json/repos/create -F 'name=testapi' -F 'public=0'
Are we talking about API v2 or v3 ?
I do not know what technology you are using. But just in case of iOS, you can use this demo app which describes 3 simple ways to interact with the GitHub API.
Note: This demo app provide only few selected functionality.
GitHub-Interaction
Hope this helps!!
As of today, the GitHub v3 API documentation explicitly states:
Create
Create a new repository for the authenticated user. (Currently not enabled for Integrations)
EDIT:
The "not enabled for Integrations" means, if you get your OAuth token via one of your OAuth apps (which is an "integration") the GitHub API will refuse to create a repository with that function.
However, if you use some other access token (e.g. a personal access token you add yourself, see below) then the GitHub API will happily create a repository for you with the very same API call.
curl -u your_username -d '{"scopes":["repo"], "note":"Description of personal token"}' https://api.github.com/authorizations
That's the reason why the solution presented by Ian Warner works. The solution with PyGithub will suffer the same limitation. Only the token makes the difference!
EDIT: Not entirely true: With OAuth you can specify the scope to attach specific permissions to your OAuth token when authenticating (OAuth app flow). For creating repositories you need to have the 'repo' scope. (See also: Github v3 API - create a REPO)