使用curl和crumb触发参数化构建
我已经看到过类似的帖子,但并不完全是我想要做的(或者至少没有运行命令的完整示例) 我正在尝试使用curl远程触发Jenkins上的参数化构建。我已经启用了“防止跨站点请求伪造”,所以我还需要传递一个有效的crump 我的剧本如下:使用curl和crumb触发参数化构建,curl,jenkins,Curl,Jenkins,我已经看到过类似的帖子,但并不完全是我想要做的(或者至少没有运行命令的完整示例) 我正在尝试使用curl远程触发Jenkins上的参数化构建。我已经启用了“防止跨站点请求伪造”,所以我还需要传递一个有效的crump 我的剧本如下: #!/bin/bash json="{\"parameter\": [{ \"P1\": \"param1\", \"P2\": \"param2\", \"P3\": \"param3\" }]}" crumb=`curl "http://SERVER/crumb
#!/bin/bash
json="{\"parameter\": [{ \"P1\": \"param1\", \"P2\": \"param2\", \"P3\": \"param3\" }]}"
crumb=`curl "http://SERVER/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,%22:%22,//crumb)"`
curl -v -H $crumb -X POST http://SERVER/job/JOB_NAME/buildWithParameters -d token=runme --data-urlencode json="$json"
USERNAME:APITOKEN@SERVER
* About to connect() to SERVER port 8080 (#0)
* Trying SERVER... connected
* Connected to SERVER (SERVER) port 8080 (#0)
* Server auth using Basic with user 'USERNAME'
> POST /job/JOB_NAME/buildWithParameters HTTP/1.1
> Authorization: Basic bjAwNjY5MjI6YWxLaW5kaTg=
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.13.1.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2
> Host: SERVER:8080
> Accept: */*
> .crumb:776eb589e8b930d9f06cfc2df885314c
> Content-Length: 168
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 403 No valid crumb was included in the request
< Content-Type: text/html;charset=ISO-8859-1
< Cache-Control: must-revalidate,no-cache,no-store
< Content-Length: 1469
< Server: Jetty(8.y.z-SNAPSHOT)
<
*即将()连接到服务器端口8080(#0)
*正在尝试服务器。。。有联系的
*已连接到服务器(服务器)端口8080(#0)
*使用用户“用户名”的Basic进行服务器身份验证
>POST/job/job_NAME/buildWithParameters HTTP/1.1
>授权:基本bjAwNjY5MjI6YWxLaW5kaTg=
>用户代理:curl/7.19.7(x86_64-redhat-linux-gnu)libcurl/7.19.7 NSS/3.13.1.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2
>主机:服务器:8080
>接受:*/*
>.碎屑:776eb589e8b930d9f06cfc2df885314c
>内容长度:168
>内容类型:application/x-www-form-urlencoded
>
因此,看起来我没有正确地传递碎屑,但我不确定命令的正确格式应该是什么。正确格式如下:
curl -H ".crumb:xxxxxxxxxxxxxxxxxxxxxx"
SERVER=http://localhost:8080
CRUMB=$(curl --user $USER:$APITOKEN \
$SERVER/crumbIssuer/api/xml?xpath=concat\(//crumbRequestField,%22:%22,//crumb\))
curl --user $USER:$APITOKEN -H "$CRUMB" -d "script=$GROOVYSCRIPT" $SERVER/script
SERVER=http://localhost:8080
CRUMB=$(curl --user $USER:$APITOKEN \
$SERVER/crumbIssuer/api/xml?xpath=concat\(//crumbRequestField,%22:%22,//crumb\))
curl --user $USER:$APITOKEN -H "$CRUMB" -d "script=$GROOVYSCRIPT" $SERVER/script
wget-q--auth no challenge--user yourUserName--password yourPassword--output document--'http://myJenkins:8080/crumbIssuer/api/xml?xpath=concat(//crumb请求字段,“:”,//crumb)curl-I-X POSThttp://yourUserName:yourPassword@myJenkins:8080/job/JOBName/build-H“Jenkins面包屑:44e7038af70da95a47403c3bed5q10f8”HTTP/1.1 201创建日期:2017年7月28日星期五09:15:45 GMT X-Content-Type-Options:nosniff位置:内容长度:0这是对@seek答案的强调 特别注意面包屑步骤 正如前面提到的其他答案一样,你得到的面包屑可能会因浏览Jenkins时使用的浏览器而异,可以是Chrome、Curl或WGet 但是,这是一个重要的但是,我用于CURL命令的碎屑是我从WGET命令得到的。这不是我从CURL-xget命令中得到的面包屑 我不清楚为什么会出现这种情况,但就像@seek的回答一样,这对我很有效 我吃的面包屑不一样
curl -X POST -H "Jenkins-Crumb:2e03fc96f387abggga6581fe5883a14a" http://10.143.18.43:8080/view/Raamee_phase_2/job/test_remote_api_triggerring/buildWithParameters?token=MY_TOKEN --user "raamee:12345678"
我使用了从wget命令(第四个命令)得到的面包屑。前面的答案对我都不起作用,但混合了一些标志,我让它起作用了:
JKSERVER="http://localhost:8080"
JKUSER="jenkins_user"
JKPASSWORD="jenkins_password"
JKCRUMB=`wget -q --auth-no-challenge --user $JKUSER --password $JKPASSWORD --output- document - '$JKSERVER/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)'`
curl --user $JKUSER:$JKPASSWORD -I -X POST "$JKSERVER/job/master/build" -H "$JKcrumb"
crumb=$(curl -u "user:pass" -s 'http://jenkins_URL/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)')
curl -u "user:pass" -H "$crumb" -X POST **http://jenkins_URL/job/ENV/build?delay=0sec**
注意:通过右键单击并复制build now链接获取此帖子URL。这对我来说很有效,我尝试使用本页中已经提到的解决方案,但由于(a)referer和(b)cookie的原因,这些解决方案必须进行一些调整。詹金斯版本2.204
sh script:"""
COOKIE_PATH=/tmp/cookie_jenkins_crumb.txt
CRUMB=\$(curl -s -c \$COOKIE_PATH -H '${jenkins_referer}' 'https://useridhere:${jenkins_live_token}@jenkins.example.com/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,\":\",//crumb)' )
# https://support.cloudbees.com/hc/en-us/articles/219257077-CSRF-Protection-Explained
# https://wiki.jenkins.io/display/JENKINS/Remote+access+API#RemoteaccessAPI-CSRFProtection
# but a bit adjusted as it is not exactly usable as it is in the documentation page.
# We discovered that the CRUMB should be identical because it
# is paired with a cookie. Thus save the cookie, it is important.
sed -i 's/ORGANIZATION/${PROJECT_NAME}/g' ${jenkins_credentials_json_template_file_path}
# a json file with labels for quick replacements.
# cat ${jenkins_credentials_json_template_file_path}
# https://support.cloudbees.com/hc/en-us/articles/360030526992-How-to-manage-Credentials-via-the-REST-API
curl -s -b \$COOKIE_PATH -u useridhere:${jenkins_live_token} -H '${jenkins_referer}' -H \"\${CRUMB}\" -X POST --data-urlencode json@${jenkins_credentials_json_template_file_path} 'https://jenkins.example.com/credentials/store/system/domain/_/createCredentials'
"""
这与你的问题有什么不同?我遇到了同样的问题,无法理解为什么它拒绝CREAM,这似乎正是您在这里描述的方式。好的,解决了我的问题:如果您在用户名下生成CREAM(这可能需要取决于Jenkins security的配置),任何进一步的请求都必须包括这些凭据,反之亦然。不知怎的,我错过了这一点。请注意,如果你从不同的“浏览器”(如wget)或不同的url(如通过directip/dns/本地主机)获取面包屑,面包屑会有所不同,因此不要期望通过wget从某物获取面包屑,然后在curl中使用它。从2017年2月起,对于Windows中的Jenkins 2.32.1,请求头键不是
.crumbJenkins crumb/crumbisuer/api/xmlcrumberequestfield