Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- @Library('jenkins-creds-util@master') // Call the pipeline library using the master branch
- import com.jenkins.creds.scripts.*
- CredentialUtils credUtils
- // define for app team
- def username = "username" // Service account username
- def project = "app-develop" // Project name in OpenShift
- def serviceAccount = "serviceaccount" // Name of OpenShift service account to login to cluster
- def folderName = "folder/folder/folder" // Folder of credential in Jenkins
- def clusterAPIURL = "openshift.com" // URL of OpenShift cluster
- def newPassword = null // This will be populated after updating password in LDAP
- node('jenkins-agent-base') {
- stage ('Rotate Password') {
- try {
- credUtils = new CredentialUtils()
- newPassword = credUtils.rotatePassword(username, folderName)
- // Remove this print statement if you don't want to print the new password
- print "New password: " + newPassword
- newPassword = newPassword.toString()
- changeGitSecret(username, newPassword, project,
- clusterAPIURL, serviceAccount)
- // Update to real email address
- emailext to: 'email@email.com',
- subject: "SUCCESS: Password rotation for ${username}",
- body: "Console results: ${BUILD_URL}/console, new password is ${newPassword}"
- } catch (Exception e) {
- currentBuild.result = 'FAILURE'
- print "Exception: ${e}"
- // Update to real email address
- emailext to: 'email@email.com',
- subject: "FAILED: Password rotation for ${username}",
- body: "Console results: ${BUILD_URL}/console, new password is ${newPassword}"
- } // try/catch
- } // stage
- } // node
- def changeGitSecret(String username, String password, String project,
- String clusterAPIURL, String serviceAccount) {
- def clusterAuthToken = null
- // Get OCP service account token to login to cluster
- withCredentials([[$class: 'StringBinding',
- credentialsId: serviceAccount,
- variable: 'authToken']]) {
- clusterAuthToken = authToken
- }
- // Login to OCP cluster and update git secret
- sh """
- oc login --token=${clusterAuthToken} ${clusterAPIURL} \
- >/dev/null 2>&1 || echo 'OpenShift login failed'
- oc delete secret gitsecret -n ${project} --ignore-not-found=true
- oc secrets new-basicauth gitsecret \
- --username='${username}' \
- --password='${password}' \
- -n ${project}
- """
- }
Add Comment
Please, Sign In to add comment