Skip to main content

Jenkins Utils

Project description

https://travis-ci.org/tarvitz/jenkins-utils.svg?branch=master https://coveralls.io/repos/github/tarvitz/jenkins-utils/badge.svg?branch=master https://badge.fury.io/py/jenkins-utils.svg

Abstract

Implements some jenkins utils in python way.

Notes

jenkins-utils does not support plain-credentials, ssh-credentials plugins, so there’s no option to encrypt/decrypt these data yet.

Requirements

  • Python 3.4+
  • pycrypto (non windows systems)
  • pycryptodomex (windows)

Note

Does not work automatically on python-3.7 and Windows due to inavailability to build pycrypto module on host system, however any of installed pycrypto/pycryptodomex modules are supported on any os/platform.

Usage

Currently there’s encrypt/decrypt operations implemented and gathered in convenient and python developer friendly form.

As an example you an decrypt (or encrypt) message using Jenkins’s master and hudson secret keys:

$ python invoke.py --master-key master.key --hudson-secret-key hudson.util.Secret \
                   --action decrypt "{AQAAABAAAAAgd+820Q6QR4ABkf3JpXHacuO3zdj11o8JD/6VIJi8XjS9GJJyWquIYbNokyKKsIfN}"

this is simple text to encrypt

$ python invoke.py --master-key master.key --hudson-secret-key hudson.util.Secret \
                   --aes-type cbc --action encrypt "this is simple text to encrypt"
{AQAAABAAAAAgfb9K8Kaq716l8SwGDqEFMRzm/3ynYDK7IsfI4C7BlVyMIlP/5JGfYK1n1Nc10VoD}
$

Note

  • Master key is located at $JENKINS_HOME/secrets/master.key
  • Hudson key is located at $JENKINS_HOME/secrets/hudson.util.Secret

Advanced use

reader.py

#!/usr/bin/env python3
import sys
import base64
import argparse
from lxml import etree
from jenkins.utils import Secret


def decrypt(opts):
    master_key = open(opts.master_key, 'rb').read()
    hudson_secret_key = open(opts.hudson_key, 'rb').read()
    secret = Secret(
        master_key=master_key, hudson_secret_key=hudson_secret_key
    )
    credentials = etree.fromstring(
        open(opts.credentials, 'rb').read()
    )
    for node in credentials.xpath('//com.cloudbees.plugins.credentials.'
                                  'impl.UsernamePasswordCredentialsImpl'):
        username, *_ = node.xpath('./username/text()')
        password_encoded, *_ = node.xpath('./password/text()')
        password = base64.decodebytes(password_encoded.encode('utf-8'))
        print(
            "Encrypted (username:password): ({}:{})".format(
                username, secret.decrypt(password)
            )
        )


def main():
    parser = argparse.ArgumentParser()
    parser.add_argument('-c', '--credentials', dest='credentials',
                        required=True, help='jenkins credentials.xml file')
    parser.add_argument('-m', '--master-key', dest='master_key',
                        help='jenkins secrets master.key file', required=True)
    parser.add_argument('-H', '--hudson-secret-key', dest='hudson_key',
                        help='jenkins secrets hudson.util.Secret file')
    options = parser.parse_args()
    sys.exit(decrypt(options))


if __name__ == '__main__':
    main()
$ python reader.py -c credentials.xml -m master.key -H hudson.util.Secret

Encrypted (username:password): (scm-bot:W9CA6qTajV)
Encrypted (username:password): (artifactory-bot:vB9V9BtPN4)
Encrypted (username:password): (git-bot:V32c5S8TnHCvmfr)
... and so on

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for jenkins-utils, version 0.1.2
Filename, size File type Python version Upload date Hashes
Filename, size jenkins_utils-0.1.2-py3-none-any.whl (9.6 kB) File type Wheel Python version py3 Upload date Hashes View
Filename, size jenkins-utils-0.1.2.tar.gz (9.4 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page