I have a script that delete and re-create jobs through curl HTTP-calls and I want to get rid of any hard-coded "username:password".
E.g. curl -X POST $url --user username:password
Considerations:
Jenkins CLI (probably not an option).
One should be able to achieve the same with the CLI as with Jenkins API (creating jobs etc) but as far as I understand Jenkins CLI is not a good alternative for me since jobs created with will only appear in Jenkins after restarting or a "Reload Configuration from Disk", and that would cancel any other running jobs.
API token. Can't find out how to get the user token and then pass it
as a parameter to the script, but that may be a solution..
Try this way: (for example delete the job)
curl --silent --show-error http://<username>:<api-token>@<jenkins-server>/job/<job-name>/doDelete
The api-token can be obtained from http://<jenkins-server>/user/<username>/configure
.
This worked for me:
curl -u $username:$api_token -FSubmit=Build 'http://<jenkins-server>/job/<job-name>/buildWithParameters?environment='
API token can be obtained from Jenkins user configuration.
I needed to explicitly add POST in the CURL command:
curl -X POST http://<user>:<token>@<server>/safeRestart
I also have the SafeRestart Plugin installed, in case that makes a difference.
If you want to write a script to automate creation of jobs using the Jenkins API, you can use one of the API clients to do that. A ruby client for Jenkins is available at https://github.com/arangamani/jenkins_api_client
gem install jenkins_api_client
require "rubygems"
require "jenkins_api_client"
# Initialize the client by passing in the server information
# and credentials to communicate with the server
client = JenkinsApi::Client.new(
:server_ip => "127.0.0.1",
:username => "awesomeuser",
:password => "awesomepassword"
)
# The following block will create 10 jobs in Jenkins
# test_job_0, test_job_1, test_job_2, ...
10.times do |num|
client.job.create_freestyle(:name => "test_job_#{num}")
end
# The jobs in Jenkins can be listed using
client.job.list_all
The API client can be used to perform a lot of operations.
API token is the same as password from API point of view, see source code uses token in place of passwords for the API.
See related answer from @coffeebreaks in my question python-jenkins or jenkinsapi for jenkins remote access API in python
Others is described in doc to use http basic authentication model
In order to use API tokens, users will have to obtain their own tokens, each from https://<jenkins-server>/me/configure
or https://<jenkins-server>/user/<user-name>/configure
. It is up to you, as the author of the script, to determine how users supply the token to the script. For example, in a Bourne Shell script running interactively inside a Git repository, where .gitignore
contains /.jenkins_api_token
, you might do something like:
api_token_file="$(git rev-parse --show-cdup).jenkins_api_token"
api_token=$(cat "$api_token_file" || true)
if [ -z "$api_token" ]; then
echo
echo "Obtain your API token from $JENKINS_URL/user/$user/configure"
echo "After entering here, it will be saved in $api_token_file; keep it safe!"
read -p "Enter your Jenkins API token: " api_token
echo $api_token > "$api_token_file"
fi
curl -u $user:$api_token $JENKINS_URL/someCommand