daily pastebin goal
19%
SHARE
TWEET

Untitled

a guest Apr 21st, 2018 194 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. @Library('jenkins-creds-util@master')         // Call the pipeline library using the master branch
  2. import com.jenkins.creds.scripts.*
  3.  
  4. CredentialUtils credUtils
  5.  
  6. // define for app team
  7. def username = "username"                     // Service account username
  8. def project = "app-develop"                   // Project name in OpenShift
  9. def serviceAccount = "serviceaccount"         // Name of OpenShift service account to login to cluster
  10. def folderName = "folder/folder/folder"       // Folder of credential in Jenkins
  11. def clusterAPIURL = "openshift.com"           // URL of OpenShift cluster
  12.  
  13. def newPassword = null                        // This will be populated after updating password in LDAP
  14.  
  15. node('jenkins-agent-base') {
  16.     stage ('Rotate Password') {
  17.         try {
  18.  
  19.             credUtils = new CredentialUtils()
  20.             newPassword = credUtils.rotatePassword(username, folderName)
  21.  
  22.             // Remove this print statement if you don't want to print the new password
  23.             print "New password: " + newPassword
  24.  
  25.             newPassword = newPassword.toString()
  26.             changeGitSecret(username, newPassword, project,
  27.                             clusterAPIURL, serviceAccount)
  28.  
  29.             // Update to real email address
  30.             emailext to: 'email@email.com',
  31.                 subject: "SUCCESS: Password rotation for ${username}",
  32.                 body: "Console results: ${BUILD_URL}/console, new password is ${newPassword}"
  33.  
  34.         } catch (Exception e) {
  35.  
  36.             currentBuild.result = 'FAILURE'
  37.             print "Exception: ${e}"
  38.  
  39.             // Update to real email address
  40.             emailext to: 'email@email.com',
  41.                 subject: "FAILED: Password rotation for ${username}",
  42.                 body: "Console results: ${BUILD_URL}/console, new password is ${newPassword}"
  43.  
  44.         } // try/catch
  45.     } // stage
  46. } // node
  47.  
  48. def changeGitSecret(String username, String password, String project,
  49.                     String clusterAPIURL, String serviceAccount) {
  50.  
  51.     def clusterAuthToken = null
  52.  
  53.     // Get OCP service account token to login to cluster
  54.     withCredentials([[$class: 'StringBinding',
  55.     credentialsId: serviceAccount,
  56.     variable: 'authToken']]) {
  57.       clusterAuthToken = authToken
  58.     }
  59.  
  60.     // Login to OCP cluster and update git secret
  61.     sh """
  62.       oc login --token=${clusterAuthToken} ${clusterAPIURL} \
  63.         >/dev/null 2>&1 || echo 'OpenShift login failed'
  64.  
  65.       oc delete secret gitsecret -n ${project} --ignore-not-found=true
  66.       oc secrets new-basicauth gitsecret \
  67.         --username='${username}' \
  68.         --password='${password}' \
  69.         -n ${project}
  70.     """
  71.  
  72.   }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top