詹金斯乌提尔
jenkins-utils的Python项目详细描述
Requirements
- Python3.4+
- pycrypto(非windows系统)
- pycryptomex(Windows)
注意
由于不可用,无法在python-3.7和windows上自动运行 在主机系统上构建pycrypto模块,但是 任何操作系统/平台都支持pycrypto/pycryptomex模块。
Usage
目前有加密/解密操作的实现和收集在方便和 python开发人员友好的表单。
例如,使用詹金斯的主密钥和哈德逊密钥解密(或加密)消息:
$ python invoke.py --master-key master.key --hudson-secret-key hudson.util.Secret \ --action decrypt "{AQAAABAAAAAgd+820Q6QR4ABkf3JpXHacuO3zdj11o8JD/6VIJi8XjS9GJJyWquIYbNokyKKsIfN}" this is simple text to encrypt $ python invoke.py --master-key master.key --hudson-secret-key hudson.util.Secret \ --aes-type cbc --action encrypt "this is simple text to encrypt"{AQAAABAAAAAgfb9K8Kaq716l8SwGDqEFMRzm/3ynYDK7IsfI4C7BlVyMIlP/5JGfYK1n1Nc10VoD} $
注意
- 主密钥位于$jenkins_home/secrets/master.key
- 哈德逊密钥位于$jenkins_home/secrets/hudson.util.secret
Advanced use
reader.py
#!/usr/bin/env python3importsysimportbase64importargparsefromlxmlimportetreefromjenkins.utilsimportSecretdefdecrypt(opts):master_key=open(opts.master_key,'rb').read()hudson_secret_key=open(opts.hudson_key,'rb').read()secret=Secret(master_key=master_key,hudson_secret_key=hudson_secret_key)credentials=etree.fromstring(open(opts.credentials,'rb').read())fornodeincredentials.xpath('//com.cloudbees.plugins.credentials.''impl.UsernamePasswordCredentialsImpl'):username,*_=node.xpath('./username/text()')password_encoded,*_=node.xpath('./password/text()')password=base64.decodebytes(password_encoded.encode('utf-8'))print("Encrypted (username:password): ({}:{})".format(username,secret.decrypt(password)))defmain():parser=argparse.ArgumentParser()parser.add_argument('-c','--credentials',dest='credentials',required=True,help='jenkins credentials.xml file')parser.add_argument('-m','--master-key',dest='master_key',help='jenkins secrets master.key file',required=True)parser.add_argument('-H','--hudson-secret-key',dest='hudson_key',help='jenkins secrets hudson.util.Secret file')options=parser.parse_args()sys.exit(decrypt(options))if__name__=='__main__':main()
$ python reader.py -c credentials.xml -m master.key -H hudson.util.Secret Encrypted (username:password): (scm-bot:W9CA6qTajV) Encrypted (username:password): (artifactory-bot:vB9V9BtPN4) Encrypted (username:password): (git-bot:V32c5S8TnHCvmfr) ... and so on