1. 技术文章
  2. use gcloud with Jenkins

use gcloud with Jenkins

人走茶凉 提交于 2020-12-29 04:00:22

问题


I've been trying to write a script that polls Google Cloud Storage periodically. This works fine when I run it normally, but if I include it as a build step in Jenkins, it gives a 403 Forbidden error. This is because there's no gcloud auth login process completed for the Jenkins user, which requires a verification code to be copied..how do I do that using Jenkins ?

EDIT:

I tried the steps at: https://cloud.google.com/storage/docs/authentication#service_accounts and downloaded a JSON key that looks like: 

{"web":{"auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://accounts.google.com/o/oauth2/token","client_email":"....@project.googleusercontent.com","client_x509_cert_url":"https://www.googleapis.com/robot/v1/metadata/x509/....@project.googleusercontent.com","client_id":"....project.googleusercontent.com","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs"}}

which is darn strange because all of the links point to stuff like bad request, invalid request..I must be doing something wrong. The command I ran was:

gcloud auth activate-service-account ...@project.googleusercontent.com --key-file /var/lib/jenkins/....project.googleusercontent.com.json

回答1:


Your best bet is probably to use a "service account" to authenticate gcloud/gsutil with the GCS service. The major steps are to use generate a JSON-formated private key following the instructions here:

https://cloud.google.com/storage/docs/authentication#service_accounts

Copy that key to a place where the Jenkins user can read it, and as the Jenkins user run

gcloud auth activate-service-account ...

(See https://cloud.google.com/storage/docs/authentication#service_accounts). Note that support for JSON key files is pretty new and you'll need an up-to-date gcloud release.

From there your Jenkins process should be able to access GCS as usual.

The key file should have the following format:

{
  "private_key_id": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
  "private_key": "-----BEGIN PRIVATE KEY-----\n ...  \n-----END PRIVATE KEY-----\n",
  "client_email": "...@developer.gserviceaccount.com",
  "client_id": "..."
  "type": "service_account"
}


来源:https://stackoverflow.com/questions/28356497/use-gcloud-with-jenkins

标签
Jenkins
gcloud
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!