API tools faq
paste
Guest User

Untitled

a guest
Apr 21st, 2018
231
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.59 KB | None | 0 0
raw download clone embed print report
  1. @Library('jenkins-creds-util@master') // Call the pipeline library using the master branch
  2. import com.jenkins.creds.scripts.*
  3.  
  4. CredentialUtils credUtils
  5.  
  6. // define for app team
  7. def username = "username" // Service account username
  8. def project = "app-develop" // Project name in OpenShift
  9. def serviceAccount = "serviceaccount" // Name of OpenShift service account to login to cluster
  10. def folderName = "folder/folder/folder" // Folder of credential in Jenkins
  11. def clusterAPIURL = "openshift.com" // URL of OpenShift cluster
  12.  
  13. def newPassword = null // This will be populated after updating password in LDAP
  14.  
  15. node('jenkins-agent-base') {
  16. stage ('Rotate Password') {
  17. try {
  18.  
  19. credUtils = new CredentialUtils()
  20. newPassword = credUtils.rotatePassword(username, folderName)
  21.  
  22. // Remove this print statement if you don't want to print the new password
  23. print "New password: " + newPassword
  24.  
  25. newPassword = newPassword.toString()
  26. changeGitSecret(username, newPassword, project,
  27. clusterAPIURL, serviceAccount)
  28.  
  29. // Update to real email address
  30. emailext to: 'email@email.com',
  31. subject: "SUCCESS: Password rotation for ${username}",
  32. body: "Console results: ${BUILD_URL}/console, new password is ${newPassword}"
  33.  
  34. } catch (Exception e) {
  35.  
  36. currentBuild.result = 'FAILURE'
  37. print "Exception: ${e}"
  38.  
  39. // Update to real email address
  40. emailext to: 'email@email.com',
  41. subject: "FAILED: Password rotation for ${username}",
  42. body: "Console results: ${BUILD_URL}/console, new password is ${newPassword}"
  43.  
  44. } // try/catch
  45. } // stage
  46. } // node
  47.  
  48. def changeGitSecret(String username, String password, String project,
  49. String clusterAPIURL, String serviceAccount) {
  50.  
  51. def clusterAuthToken = null
  52.  
  53. // Get OCP service account token to login to cluster
  54. withCredentials([[$class: 'StringBinding',
  55. credentialsId: serviceAccount,
  56. variable: 'authToken']]) {
  57. clusterAuthToken = authToken
  58. }
  59.  
  60. // Login to OCP cluster and update git secret
  61. sh """
  62. oc login --token=${clusterAuthToken} ${clusterAPIURL} \
  63. >/dev/null 2>&1 || echo 'OpenShift login failed'
  64.  
  65. oc delete secret gitsecret -n ${project} --ignore-not-found=true
  66. oc secrets new-basicauth gitsecret \
  67. --username='${username}' \
  68. --password='${password}' \
  69. -n ${project}
  70. """
  71.  
  72. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!