Skip to content

Commit

Permalink
#75 get secret from master based on user/password auth
Browse files Browse the repository at this point in the history
  • Loading branch information
Constantin Bugneac committed Dec 21, 2018
1 parent 6e1fc54 commit b04f2bf
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 3 deletions.
4 changes: 3 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,9 @@ Optional environment variables:

* `JENKINS_URL`: url for the Jenkins server, can be used as a replacement to `-url` option, or to set alternate jenkins URL
* `JENKINS_TUNNEL`: (`HOST:PORT`) connect to this agent host and port instead of Jenkins server, assuming this one do route TCP traffic to Jenkins master. Useful when when Jenkins runs behind a load balancer, reverse proxy, etc.
* `JENKINS_SECRET`: agent secret, if not set as an argument
* `JENKINS_SECRET`: agent secret, if not set as an argument (mutually exclusive to `JENKINS_USERNAME` and `JENKINS_PASSWORD`)
* `JENKINS_USERNAME`: username to authenticate to master (used to dynamicly get the secret from master)
* `JENKINS_PASSWORD`: password to authenticate to master (used to dynamicly get the secret from master)
* `JENKINS_AGENT_NAME`: agent name, if not set as an argument
* `JENKINS_AGENT_WORKDIR`: agent work directory, if not set by optional parameter `-workDir`

Expand Down
23 changes: 21 additions & 2 deletions jenkins-slave
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,22 @@
# * JENKINS_SECRET : agent secret, if not set as an argument
# * JENKINS_AGENT_NAME : agent name, if not set as an argument
# * JENKINS_AGENT_WORKDIR : agent work directory, if not set by optional parameter -workDir
# * JENKINS_USERNAME : username to use when authenticating to master -credentials
# * JENKINS_PASSWORD : password to use when authenticating to master -credentials


# Get the secret from Jenkins master
get_secret() {
local jenkins_url="$1"
local jenkins_agent_name="$2"
local username="$3"
local password="$4"
local crumb=".crumb:dac7ce5614f8cb32a6ce75153aaf2398"

secret="$(curl -L -s -u $username:$password -H "$crumb" -X GET $jenkins_url/computer/$jenkins_agent_name/slave-agent.jnlp \
| sed "s/.*<application-desc main-class=\"hudson.remoting.jnlp.Main\"><argument>\([a-z0-9]*\).*/\1/")"
echo "$secret"
}

if [ $# -eq 1 ]; then

Expand Down Expand Up @@ -82,8 +98,11 @@ else
*)
OPT_JENKINS_SECRET="${JENKINS_SECRET}" ;;
esac
# use jenkins credentials if secret not defined
elif [ -n "$JENKINS_USERNAME" ] && [ -n "$JENKINS_PASSWORD" ]; then
OPT_JENKINS_SECRET="$(get_secret "$JENKINS_URL" "$JENKINS_AGENT_NAME" "$JENKINS_USERNAME" "$JENKINS_PASSWORD")"
fi

OPT_JENKINS_AGENT_NAME=""
if [ -n "$JENKINS_AGENT_NAME" ]; then
case "$@" in
Expand All @@ -97,4 +116,4 @@ else
#It is fine it blows up for now since it should lead to an error anyway.

exec $JAVA_BIN $JAVA_OPTS $JNLP_PROTOCOL_OPTS -cp /usr/share/jenkins/slave.jar hudson.remoting.jnlp.Main -headless $TUNNEL $URL $WORKDIR $OPT_JENKINS_SECRET $OPT_JENKINS_AGENT_NAME "$@"
fi
fi

0 comments on commit b04f2bf

Please sign in to comment.