如何设置jenkins管道中的全局环境变量
我想问一下,是否有一种快捷的方法可以在一个jenkins管道上设置由aws sts assume-role生成的全局环境变量。我的目标是将这些生成的值(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN)重用到一个jenkins管道上的三个步骤。目前,我在我的阶段有这个设置,虽然我发现它太混乱,我想知道你是否可以建议我一个更好的方式来设置全局变量。我现在的管道是这样的:
pipeline { agent any stages { stage ('S3 CHECK') { steps { sh ''' unset AWS\_SESSION\_TOKEN unset AWS\_SECRET\_ACCESS\_KEY unset AWS\_ACCESS\_KEY\_ID
CREDENTIALS=`aws sts assume-role --role-arn arn:aws:iam::0123456789123:role/POGI --role-session-name RoleSession`
export AWS_ACCESS_KEY_ID=`echo $CREDENTIALS | jq -r '.Credentials.AccessKeyId'`
export AWS_SECRET_ACCESS_KEY=`echo $CREDENTIALS | jq -r '.Credentials.SecretAccessKey'`
export AWS_SESSION_TOKEN=`echo $CREDENTIALS | jq -r '.Credentials.SessionToken'`
aws s3 ls
'''
}
}
stage ('CHECK AVAILABLE BEANSTALK PLATFORMS') {
steps {
sh '''
unset AWS_SESSION_TOKEN
unset AWS_SECRET_ACCESS_KEY
unset AWS_ACCESS_KEY_ID
CREDENTIALS=`aws sts assume-role --role-arn arn:aws:iam::0123456789123:role/POGI --role-session-name RoleSession`
export AWS_ACCESS_KEY_ID=`echo $CREDENTIALS | jq -r '.Credentials.AccessKeyId'`
export AWS_SECRET_ACCESS_KEY=`echo $CREDENTIALS | jq -r '.Credentials.SecretAccessKey'`
export AWS_SESSION_TOKEN=`echo $CREDENTIALS | jq -r '.Credentials.SessionToken'`
aws elasticbeanstalk describe-environment-resources --environment-name pogi
aws elasticbeanstalk list-platform-versions
'''
}
}
stage ('BEANSTALK CHECK') {
steps {
sh '''
unset AWS_SESSION_TOKEN
unset AWS_SECRET_ACCESS_KEY
unset AWS_ACCESS_KEY_ID
CREDENTIALS=`aws sts assume-role --role-arn arn:aws:iam::0123456789123:role/POGI --role-session-name RoleSession`
export AWS_ACCESS_KEY_ID=`echo $CREDENTIALS | jq -r '.Credentials.AccessKeyId'`
export AWS_SECRET_ACCESS_KEY=`echo $CREDENTIALS | jq -r '.Credentials.SecretAccessKey'`
export AWS_SESSION_TOKEN=`echo $CREDENTIALS | jq -r '.Credentials.SessionToken'`
aws elasticbeanstalk describe-environment-resources --environment-name pogi
'''
}
}
}}
我真的想消除把这个每一个阶段,以使格式更加清晰。
unset AWS_SESSION_TOKEN
unset AWS_SECRET_ACCESS_KEY
unset AWS_ACCESS_KEY_ID
CREDENTIALS=`aws sts assume-role --role-arn arn:aws:iam::0123456789123:role/POGI --role-session-name RoleSession`
export AWS_ACCESS_KEY_ID=`echo $CREDENTIALS | jq -r '.Credentials.AccessKeyId'`
export AWS_SECRET_ACCESS_KEY=`echo $CREDENTIALS | jq -r '.Credentials.SecretAccessKey'`
export AWS_SESSION_TOKEN=`echo $CREDENTIALS | jq -r '.Credentials.SessionToken'`
aws elasticbeanstalk describe-environment-resources --environment-name pogi回答 1
Stack Overflow用户
发布于 2019-06-01 02:17:28
您可以将其提取到bash文件中,然后在每个阶段使用source <bash-file>.sh。
例如,您可以调用文件init.sh并具有以下内容:
#!/usr/bin/env bash
unset AWS_SESSION_TOKEN
unset AWS_SESSION_TOKEN
unset AWS_SECRET_ACCESS_KEY
unset AWS_ACCESS_KEY_ID
CREDENTIALS=`aws sts assume-role --role-arn arn:aws:iam::0123456789123:role/POGI --role-session-name RoleSession`
export AWS_ACCESS_KEY_ID=`echo $CREDENTIALS | jq -r '.Credentials.AccessKeyId'`
export AWS_SECRET_ACCESS_KEY=`echo $CREDENTIALS | jq -r '.Credentials.SecretAccessKey'`
export AWS_SESSION_TOKEN=`echo $CREDENTIALS | jq -r '.Credentials.SessionToken'`例如,通过这种方式,CHECK AVAILABLE BEANSTALK PLATFORMS阶段将变成如下:
source init.sh
aws elasticbeanstalk describe-environment-resources --environment-name pogi
aws elasticbeanstalk list-platform-versions 如果不同的阶段有一些变量,您可以使用类似于source init.sh var1 var2和var1在init.sh中的$1和var2将是$2之类的东西。
顺便说一句,您可以去掉jq dep,而只使用awk。这适用于MFA (但同样的方法可以用于承担角色),使用AWS text格式而不是JSON。
# output format "CREDENTIALS <spaces> <access-key-id> <expiry> <secret-access-key> <session-token>"
CREDENTIALS=`aws sts get-session-token --output text \
--serial-number <mfa-arn> \
--token-code <otp> \
--duration-seconds 43200`
export AWS_ACCESS_KEY_ID=$(echo $CREDENTIALS | awk '{print $2}')
export AWS_SECRET_ACCESS_KEY=$(echo $CREDENTIALS | awk '{print $4}')
export AWS_SESSION_TOKEN=$(echo $CREDENTIALS | awk '{print $5}')https://stackoverflow.com/questions/54230824
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号