Example for usage in pipeline

Question

Example for usage in pipeline

Opened this issue 5 years ago · 9 comments

Can you please provide example or some documentation on how to use it declarative or scripted pipeline? I used as below,

#!groovy

node("master") {
    stage ("List GCP Projects"){
        withCredentials([[$class: 'FileBinding', credentialsId: 'my-project-id', variable: 'GOOGLE_APPLICATION_CREDENTIALS']]) {
        
            sh "gcloud projects list --sort-by=projectId --limit=5"
        }
    }
}

But it giving error like,

ERROR: Credentials 'my-project-id' is of type 'Google Service Account from private key' where 'org.jenkinsci.plugins.plaincredentials.FileCredentials' was expected

I also tried using as given in file https://github.com/jenkinsci/google-oauth-plugin/blob/develop/Jenkinsfile.google

withCredentials([[$class: 'StringBinding', credentialsId: 'my-project-id', variable: 'GOOGLE_CREDENTIALS']]) {
   sh "gcloud projects list --sort-by=projectId --limit=5"
}

But above gave me error like,

ERROR: Credentials 'my-project-id' is of type 'Google Service Account from private key' where 'org.jenkinsci.plugins.plaincredentials.StringCredentials' was expected

Answer 1 · 2020-03-30T15:19:09.000Z

Seconded, is there instructions anywhere on how to run gcloud commands with these credentials?

Answer 2 · 2020-08-21T06:08:28.000Z

i am also facing the same issue
withCredentials([file(credentialsId: 'gcpgcr', variable: 'GC_KEY')]){
sh "cat '$GC_KEY' | docker login -u _json_key --password-stdin https://us.gcr.io"
sh "gcloud auth activate-service-account --key-file='$GC_KEY'"
sh "gcloud auth configure-docker"
GLOUD_AUTH = sh (
script: 'gcloud auth print-access-token',
returnStdout: true
).trim()
echo "Pushing image To GCR"
sh "docker push $REMOTE_GCR/gemalto/$name:$version"
}

error: Credentials 'gcpgcr' is of type 'Google Service Account from private key' where 'org.jenkinsci.plugins.plaincredentials.FileCredentials' was expected
Finished: FAILURE

any resolution will help us

Answer 3 · 2020-08-21T07:58:43.000Z

@rkamisetti792 we're using the helper function from this gist:
https://gist.github.com/spmason/a53b646ab6219c788b8d04ad959ca940

with slight modifications (because the way credentials are stored might have changed since the time the gist was written):

import hudson.util.Secret
import com.cloudbees.plugins.credentials.CredentialsProvider
import com.google.jenkins.plugins.credentials.oauth.GoogleRobotPrivateKeyCredentials
import com.google.jenkins.plugins.credentials.oauth.GoogleOAuth2ScopeRequirement

@NonCPS
private def getCredentials(credentialsId) {
    def build = currentBuild.rawBuild
    CredentialsProvider.findCredentialById(
      credentialsId,
      GoogleRobotPrivateKeyCredentials.class,
      build,
      new GoogleOAuth2ScopeRequirement()  {
            @Override
            public Collection<String> getScopes() {
              return null;
            }
          }
      );
}
private def writeKeyFile(jsonKey) {
    def json
    try {
      json = Secret.decrypt(new String(jsonKey.getPlainData())).getPlainText()
    } catch(Exception e) {
      json = new String(jsonKey.getPlainData())
    }
    writeFile encoding: 'UTF-8', file: '.auth/gcloud.json', text: json
    return pwd() + "/.auth/gcloud.json"
}

def call(projectId, credentialsId = null, body) {
  if (!credentialsId) {
    credentialsId = projectId
  }
  def serviceAccount = getCredentials(credentialsId).getServiceAccountConfig()
  def keyFile = writeKeyFile(serviceAccount.getSecretJsonKey())
  withEnv(["CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${keyFile}"]) {
    try {
      body()
    } finally {
      sh "rm ${keyFile}"
    }
  }
}

then use it:

withGCloudCredentials(PROJECT_ID) {
  sh 'echo stuff'
}

Answer 4 · 2020-10-16T17:55:43.000Z

If you don't want to use a shared library I made it working with:

withCredentials([[$class: 'FileBinding', credentialsId: 'XXXXXXXXX', variable: 'JSON_KEY']]) {
  sh 'gcloud auth activate-service-account --key-file $JSON_KEY'
  sh 'make yourstuff'
}

But I agree, I don't understand why such a plugin does not show how to simply use it :/ or I probably missed something but I mainly saw questions about usage.

Answer 5 · 2021-04-09T10:07:10.000Z

FTR not able to make it work using @sneko approach +1 to provide instructions here

Answer 6 · 2021-10-16T16:04:21.000Z

+1 on providing instructions about consuming the credentials-id in the jenking pipeline.

Answer 7 · 2021-11-11T06:26:01.000Z

Adding notes that I also can't make @sneko solution works.

I got the following error message:

Credentials 'xxxx' is of type 'Google Service Account from private key' where 'org.jenkinsci.plugins.plaincredentials.FileCredentials' was expected

Changing $class: 'FileBinding' to $class: 'FileCredentials' also doesn't work.

Answer 8 · 2022-07-26T20:36:53.000Z

You need to upload the JSON as a 'Secret file', not a 'Google Service Account from private key' File

Answer 9 · 2024-03-13T15:41:35.000Z

@eyalzek method really works, just had to rename
def call(projectId, credentialsId = null, body) to
def withGCloudCredentials(projectId, credentialsId = null, body)