如何在Jenkins管道中使用Google服务帐户进行身份验证
问题描述:
我想在Jenkins管道中使用gcloud
,因此我必须先使用Google服务帐户进行身份验证.我正在使用 https://wiki.jenkins.io/display/JENKINS/Google + OAuth +插件,其中包含我的私钥凭据.我一直坚持将凭据加载到管道中:
I want to use gcloud
in Jenkins pipeline and therefore I have to authenticate first with the Google Service account. I'm using the https://wiki.jenkins.io/display/JENKINS/Google+OAuth+Plugin which holds my Private Key Credentials. I'm stuck with loading the credentials into the pipeline:
withCredentials([[$class: 'MultiBinding', credentialsId: 'my-creds', variable: 'GCSKEY']]) {
sh "gcloud auth activate-service-account --key-file=${GCSKEY}"
}
我也尝试过使用文件,但是没有运气.
I also tried it with from file, but without luck.
withCredentials([file(credentialsId:'my-creds', variable: 'GCSKEY')]) {
日志显示:
org.jenkinsci.plugins.credentialsbinding.impl.CredentialNotFoundException: Credentials 'my-creds' is of type 'Google Service Account from private key' ....
答
您需要将您的服务帐户JSON文件作为秘密文件上传. 然后:
You need to upload your Sevice Account JSON file as a secret file. Then:
withCredentials([file(credentialsId: 'key-sa', variable: 'GC_KEY')]) {
sh("gcloud auth activate-service-account --key-file=${GC_KEY}")
sh("gcloud container clusters get-credentials prod --zone northamerica-northeast1-a --project ${project}")
}