与詹金斯一起使用gcloud [英] use gcloud with Jenkins

问题描述

我一直在尝试编写一个脚本，该脚本会定期轮询Google Cloud Storage.当我正常运行它时，它可以很好地工作，但是如果我将它作为Jenkins的构建步骤包括在内，它将给出一个403 Forbidden错误.这是因为Jenkins用户没有完成gcloud auth login流程，需要复制验证码.如何使用Jenkins做到这一点?

I've been trying to write a script that polls Google Cloud Storage periodically. This works fine when I run it normally, but if I include it as a build step in Jenkins, it gives a 403 Forbidden error. This is because there's no gcloud auth login process completed for the Jenkins user, which requires a verification code to be copied..how do I do that using Jenkins ?

我尝试了以下步骤: https://cloud.google.com/storage/docs/authentication#service_accounts 并下载了如下所示的JSON密钥:

I tried the steps at: https://cloud.google.com/storage/docs/authentication#service_accounts and downloaded a JSON key that looks like:

{"web":{"auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://accounts.google.com/o/oauth2/token","client_email":"....@project.googleusercontent.com","client_x509_cert_url":"https://www.googleapis.com/robot/v1/metadata/x509/....@project.googleusercontent.com","client_id":"....project.googleusercontent.com","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs"}}

这真是奇怪，因为所有链接都指向bad request, invalid request之类的东西.我一定做错了.我运行的命令是:

which is darn strange because all of the links point to stuff like bad request, invalid request..I must be doing something wrong. The command I ran was:

gcloud auth activate-service-account ...@project.googleusercontent.com --key-file /var/lib/jenkins/....project.googleusercontent.com.json

推荐答案

您最好的选择是使用服务帐户"对GCS服务进行gcloud/gsutil身份验证.主要步骤是按照此处的说明使用生成JSON格式的私钥:

Your best bet is probably to use a "service account" to authenticate gcloud/gsutil with the GCS service. The major steps are to use generate a JSON-formated private key following the instructions here:

https://cloud.google.com/storage/docs/authentication#service_accounts

将该密钥复制到Jenkins用户可以读取的地方，然后以Jenkins用户的身份运行

Copy that key to a place where the Jenkins user can read it, and as the Jenkins user run

gcloud auth activate-service-account ...

(请参阅 https://cloud.google.com/storage/docs/authentication# service_accounts ).请注意，对JSON密钥文件的支持是非常新的，您将需要最新的gcloud版本.

(See https://cloud.google.com/storage/docs/authentication#service_accounts). Note that support for JSON key files is pretty new and you'll need an up-to-date gcloud release.

从那里，您的Jenkins进程应该能够照常访问GCS.

From there your Jenkins process should be able to access GCS as usual.

密钥文件应具有以下格式:

The key file should have the following format:

{
  "private_key_id": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
  "private_key": "-----BEGIN PRIVATE KEY-----\n ...  \n-----END PRIVATE KEY-----\n",
  "client_email": "...@developer.gserviceaccount.com",
  "client_id": "..."
  "type": "service_account"
}

这篇关于与詹金斯一起使用gcloud的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！