Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Example for usage in pipeline #86

Open
pvshewale opened this issue Mar 18, 2020 · 9 comments
Open

Example for usage in pipeline #86

pvshewale opened this issue Mar 18, 2020 · 9 comments

Comments

@pvshewale
Copy link

Can you please provide example or some documentation on how to use it declarative or scripted pipeline? I used as below,

#!groovy

node("master") {
    stage ("List GCP Projects"){
        withCredentials([[$class: 'FileBinding', credentialsId: 'my-project-id', variable: 'GOOGLE_APPLICATION_CREDENTIALS']]) {
        
            sh "gcloud projects list --sort-by=projectId --limit=5"
        }
    }
}

But it giving error like,

ERROR: Credentials 'my-project-id' is of type 'Google Service Account from private key' where 'org.jenkinsci.plugins.plaincredentials.FileCredentials' was expected

I also tried using as given in file https://github.com/jenkinsci/google-oauth-plugin/blob/develop/Jenkinsfile.google

withCredentials([[$class: 'StringBinding', credentialsId: 'my-project-id', variable: 'GOOGLE_CREDENTIALS']]) {
   sh "gcloud projects list --sort-by=projectId --limit=5"
}

But above gave me error like,

ERROR: Credentials 'my-project-id' is of type 'Google Service Account from private key' where 'org.jenkinsci.plugins.plaincredentials.StringCredentials' was expected
@alexgeek
Copy link

Seconded, is there instructions anywhere on how to run gcloud commands with these credentials?

@rkamisetti792
Copy link

rkamisetti792 commented Aug 21, 2020
edited

i am also facing the same issue
withCredentials([file(credentialsId: 'gcpgcr', variable: 'GC_KEY')]){
sh "cat '$GC_KEY' | docker login -u _json_key --password-stdin https://us.gcr.io"
sh "gcloud auth activate-service-account --key-file='$GC_KEY'"
sh "gcloud auth configure-docker"
GLOUD_AUTH = sh (
script: 'gcloud auth print-access-token',
returnStdout: true
).trim()
echo "Pushing image To GCR"
sh "docker push $REMOTE_GCR/gemalto/$name:$version"
}

error: Credentials 'gcpgcr' is of type 'Google Service Account from private key' where 'org.jenkinsci.plugins.plaincredentials.FileCredentials' was expected
Finished: FAILURE

any resolution will help us

@eyalzek
Copy link

eyalzek commented Aug 21, 2020
edited

@rkamisetti792 we're using the helper function from this gist:
https://gist.github.com/spmason/a53b646ab6219c788b8d04ad959ca940

with slight modifications (because the way credentials are stored might have changed since the time the gist was written):

import hudson.util.Secret
import com.cloudbees.plugins.credentials.CredentialsProvider
import com.google.jenkins.plugins.credentials.oauth.GoogleRobotPrivateKeyCredentials
import com.google.jenkins.plugins.credentials.oauth.GoogleOAuth2ScopeRequirement

@NonCPS
private def getCredentials(credentialsId) {
    def build = currentBuild.rawBuild
    CredentialsProvider.findCredentialById(
      credentialsId,
      GoogleRobotPrivateKeyCredentials.class,
      build,
      new GoogleOAuth2ScopeRequirement()  {
            @Override
            public Collection<String> getScopes() {
              return null;
            }
          }
      );
}
private def writeKeyFile(jsonKey) {
    def json
    try {
      json = Secret.decrypt(new String(jsonKey.getPlainData())).getPlainText()
    } catch(Exception e) {
      json = new String(jsonKey.getPlainData())
    }
    writeFile encoding: 'UTF-8', file: '.auth/gcloud.json', text: json
    return pwd() + "/.auth/gcloud.json"
}

def call(projectId, credentialsId = null, body) {
  if (!credentialsId) {
    credentialsId = projectId
  }
  def serviceAccount = getCredentials(credentialsId).getServiceAccountConfig()
  def keyFile = writeKeyFile(serviceAccount.getSecretJsonKey())
  withEnv(["CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${keyFile}"]) {
    try {
      body()
    } finally {
      sh "rm ${keyFile}"
    }
  }
}

then use it:

withGCloudCredentials(PROJECT_ID) {
  sh 'echo stuff'
}

@sneko
Copy link

sneko commented Oct 16, 2020

If you don't want to use a shared library I made it working with:

withCredentials([[$class: 'FileBinding', credentialsId: 'XXXXXXXXX', variable: 'JSON_KEY']]) {
  sh 'gcloud auth activate-service-account --key-file $JSON_KEY'
  sh 'make yourstuff'
}

But I agree, I don't understand why such a plugin does not show how to simply use it :/ or I probably missed something but I mainly saw questions about usage.

@imonteroperez
Copy link

FTR not able to make it work using @sneko approach +1 to provide instructions here

@tapanhalani
Copy link

+1 on providing instructions about consuming the credentials-id in the jenking pipeline.

@sumodirjo
Copy link

sumodirjo commented Nov 11, 2021
edited

Adding notes that I also can't make @sneko solution works.

I got the following error message:

Credentials 'xxxx' is of type 'Google Service Account from private key' where 'org.jenkinsci.plugins.plaincredentials.FileCredentials' was expected

Changing $class: 'FileBinding' to $class: 'FileCredentials' also doesn't work.

@ciizz
Copy link

ciizz commented Jul 26, 2022

You need to upload the JSON as a 'Secret file', not a 'Google Service Account from private key' File

@dmtr-t
Copy link

dmtr-t commented Mar 13, 2024

@eyalzek method really works, just had to rename
def call(projectId, credentialsId = null, body) to
def withGCloudCredentials(projectId, credentialsId = null, body)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
10 participants
@sumodirjo @imonteroperez @alexgeek @eyalzek @pvshewale @sneko @tapanhalani @dmtr-t @rkamisetti792 @ciizz