I am new to Jenkins, and I need to use python to read some user credentials which are stored on Jenkins, I am confused about how to do that.
I have created some global credentials in my local jenkins. I want to use python to read and use these credentials.
The above photo is the credential I created.
I also have some jenkins CI pipeline code for reading and using the credentials, and I want to know is there some way allow me to use them in python?
When you use withCredentials block, you can use uname and pass as the environment variables. I'm not good at Python, but os.environ['uname'] and os.environ['pass'] can be used inside the block.
Related
I have a python script that creates a folder in Jenkins using /createItem.
I need to enable the project-based security on that newly created folder and also assign all the perms to a particular user using that python script. I have seen this sample code to perform similar actions: https://wiki.jenkins-ci.org/display/JENKINS/Grant+Cancel+Permission+for+user+and+group+that+have+Build+permission that can be run in Jenkins Script Console, but is there a way to do this from my python script?
TIA
I am working on a project that allows users to upload a python script to an API and run it on a schedule. Currently, I'm trying to figure out a way to limit the functionality of the script so that it cannot access local files, mess with the flask server running the API, etc. Do you have any ideas on how I can achieve this? Is there anyway to make it so only specific libraries are available for importing?
Running other scripts on your server is serious security issue. If you are trying to deploy Python interpreter on your web application, you can try with something like judge0 - GitHub. It is free if you deploy it yourself and it will run scripts safely inside containers.
The simplest way is to ensure the user running the script is not root, but a user specifically designed for this task (e.g. part of a group that can only read and not write or execute). This means at minimum you should ensure all files have the appropriate mode. Then you can just use a pipe or something to run the script.
Alternatively, you could use a runtime that’s not “local”, like a VM or compute service (AWS lambda, etc). The latter would be simplest, and there’s lots of vendors who offer compute service with programmatic api.
tl;dr: Does Ansible have a variable containing the current Python interpreter?
As part of my playbook, I am creating a Python script on the controller (to be run by another command), and I want that script to be run by the Python interpreter being used by Ansible. To do this I am trying to set the interpreter in the shebang of the script.
If I were to set the interpreter manually, I could use the ansible_python_interpreter variable (and I have had it working that way). If I don't set the interpreter manually, then Ansible will auto-discover an interpreter, but I can no longer use the ansible_python_interpreter variable because it is not set.
From looking through the documentation I have been unable to find any way to see which interpreter Ansible has auto-detected. Is there something I've missed?
(Ansible version 2.9.10, Python 3.6)
The complete situation:
I am running Ansible on AWX (open-source Ansible Tower), using a custom virtual environment as the runner. I use Hashicorp Vault as a secret management system, rather than keeping secrets in AWX. For access to Vault I use short-lived access tokens, which doesn't work well with AWX's built-in support for pulling secrets from Vault, so instead I do it manually (so that I can supply a Vault token at job launch time). That works well for me, generally.
In this particular case, I am running ansible-vault (yes, there are too many things called 'vault') on the controller to decrypt a secret. I am using the --vault-password-file argument to supply the decryption password via a script. Since the virtual env that I am using already has the hvac package installed, I wish to just use a brief Python script to pull the password from Hashicorp Vault. All works fine, except that I can't figure out how to set the shebang on this script to point at the virtual environment that Ansible is using.
If I can't get a useable answer to this, I suppose I can change to instead pull the password directly into Ansible and then use the --ask-vault-pass flag to pass the password that way. It just seems to me that the interpreter should really be exposed somewhere by Ansible, so I'm trying that first.
As described in Special Variables ansible_playbook_python variable holds the path to python interpreter being used by Ansible on the controller.
With gather_facts: yes you should be able to get the active python using the ansible_facts.python variable.
I am writing an Azure timer trigger using Python 3.x. I've got one such function running. I think I know to do it, create one from JS and then delete the 'index.js' and create a run.py. But this time, when I run my python function, I always got an error saying "No such file: index.js". I didn't see any bonds between the function and the 'index.js' file.
Any thoughts?
We could add the python function from the Azure portal directly. If you want to create Timetrigger function,then we could change the trigger type
The following is my detail steps to create Python timetrigger function.
1.Create an Azure function App
2.Add a python function
3.Change the httptrigger to timetrigger
a. delete the httptrigger and http output
b. add the time trigger
4.Add the test code and test it from Azure portal.
The default version is 2.7.8. If you want to use python 3.x, you could follow this tutorial to update the python version.
5.Update the python version.
a. Install extension for Azure function App
b. Add Handler Mappings entry so as to use Python3.X via FastCGI
6.Test it from Azure portal
I followed tutorial in comment and reproduce your issue on my side though I refresh the portal.
However, after waiting for some time, it works. I suspect it's due to cache.
I suggest you creating python azure function on kudu directly. Just create run.py and function.json in new folder instead of changing the JS template.
Hope it helps you.
In my case, run.py is recognized and run after I restart Azure Functions from the portal:
Azure Functions > Overview > Restart
screenshot
Let's say I have some code running on a Heroku dyno (such as this autoscaling script), that needs access to the Platform API. To access the API, I have to authenticate using my app's API Key.
What's the right way to do this?
That script I referenced hardcoded the API Key in the script itself.
A better practice generally seems to put secrets in environment variables, which is what Heroku normally recommends. However, they say they say:
Setting the HEROKU_API_KEY environment variable on your machine will
interfere with normal functioning of auth commands from Toolbelt.
Clearly I could store the API key with under a different key name.
What's the right way? I couldn't find this in the documentation, but seems like a common issue.
Yes, storing this token into a config var is the right way to go.
As for HEROKU_API_KEY, this will happen because locally, the toolbelt will look for the environment variable as one solution to try to fetch your token.
This won't impact your production environment (the heroku toolbelt isn't available within dynos).
Locally, you can also set it easily with a tool like python-dotenv, which will allow you to have a local .env file (don't check it into source control, or your token could be corrupted), with all of it's values available as env vars in your dev app.