如何解决使用 codebuild 将从 aws ssm 参数获取的文件内容复制到容器
下面是我的 jenkins 文件,这个管道的目的之一是从 ssm 参数中获取关键文件并复制到一个变量中。
// Run CodeBuild on account
pipeline {
agent any
options {
ansiColor('xterm')
disableConcurrentBuilds()
}
stages {
stage('TEST') {
steps {
script {
// Getting SSM Parameters
withAWSParameterStore(
credentialsId: '1023564897565',regionName: 'us-east-1',recursive: true,naming: 'relative',path: '/ddc/pvs/ops1/ans-wer-tst/'
) {
SSH_PRIV_US_KEY = "${env.TLS_PRIVATE_KEY}"
}
withAWSParameterStore(
credentialsId: '1023564897565',regionName: 'eu-west-1',path: '/ddc/pvs/ops2/ans-wer-tst/'
) {
SSH_PRIV_EU_KEY = "${env.TLS_PRIVATE_KEY}"
}
}
wrap([$class: 'MaskPasswordsBuildWrapper',varPasswordPairs: [[password: "${SSH_PRIV_US_KEY}",var: 'VALUE'],[password: "${SSH_PRIV_EU_KEY}",var: 'VALUE']]]) {
withAWS(role: "${DDC_CODEBUILD_PVS_ROLE}",roleAccount: "${DDC_PVS_AWS_ACCOUNT_ID}") {
awsCodeBuild(
projectName: "${DDC_CODEBUILD_PVS_OPS1_VPC}",credentialsType: 'keys',region: "us-east-1",sourceControlType: 'jenkins',buildSpecFile: "buildspec.yml",imageOverride: "1023564897565.dkr.ecr.us-east-1.amazonaws.com/pvs-ops1-ecr-anr-0e47e200ddff4875:0.1",privilegedModeOverride: 'True',envVariables: """[
{ SSH_PRIV_US_KEY,${SSH_PRIV_US_KEY} },{ SSH_PRIV_EU_KEY,${SSH_PRIV_EU_KEY} }
]"""
)
}
}
}
}
}
}
下面的 bash 脚本将存储在变量中的密钥(发生在 jenkins 文件中)复制到容器中的文件中。
#!/bin/bash
###
### CodeBuild script
###
set -e
echo "Get SSH_PUB_KEY"
echo "Get SSH_PRIV_KEY"
#export SSH_PRIV_US_KEY SSH_PRIV_EU_KEY
mkdir -p ~/.ssh
touch ~/.ssh/id_rsa_us
touch ~/.ssh/id_rsa_eu
chmod 400 ~/.ssh/id_rsa_us
chmod 400 ~/.ssh/id_rsa_eu
echo ${SSH_PRIV_US_KEY} > ~/.ssh/id_rsa_us
echo ${SSH_PRIV_EU_KEY} > ~/.ssh/id_rsa_eu
问题:
> environment variables: [
{ SSH_PRIV_US_KEY,-----BEGIN RSA PRIVATE KEY-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END RSA PRIVATE KEY-----
},-----BEGIN RSA PRIVATE KEY-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END RSA PRIVATE KEY-----
}
]
> image: 1023564897565.dkr.ecr.us-east-1.amazonaws.com/pvs-ops1-ecr-anr-0e47e200ddff4875:0.1
> privileged mode override: True
> build spec:
buildspec.yml
[AWS CodeBuild Plugin]
[AWS CodeBuild Plugin] 2021/01/29 06:12:14 Phase is DOWNLOAD_SOURCE
[AWS CodeBuild Plugin] 2021/01/29 06:12:14 CODEBUILD_SRC_DIR=/codebuild/output/src301168615/src
[AWS CodeBuild Plugin] 2021/01/29 06:12:14 YAML location is /codebuild/output/src301168615/src/buildspec.yml
[AWS CodeBuild Plugin] 2021/01/29 06:12:14 Processing environment variables
[AWS CodeBuild Plugin] 2021/01/29 06:12:14 Moving to directory /codebuild/output/src301168615/src
[AWS CodeBuild Plugin] 2021/01/29 06:12:14 Registering with agent
[AWS CodeBuild Plugin] 2021/01/29 06:12:14 Phases found in YAML: 1
[AWS CodeBuild Plugin] 2021/01/29 06:12:14 BUILD: 7 commands
[AWS CodeBuild Plugin] 2021/01/29 06:12:14 Phase complete: DOWNLOAD_SOURCE State: SUCCEEDED
[AWS CodeBuild Plugin] 2021/01/29 06:12:14 Phase context status code: Message:
[AWS CodeBuild Plugin] 2021/01/29 06:12:14 Entering phase INSTALL
[AWS CodeBuild Plugin] 2021/01/29 06:12:14 Phase complete: INSTALL State: SUCCEEDED
[AWS CodeBuild Plugin] 2021/01/29 06:12:14 Phase context status code: Message:
[AWS CodeBuild Plugin] 2021/01/29 06:12:15 Entering phase PRE_BUILD
[AWS CodeBuild Plugin] 2021/01/29 06:12:15 Phase complete: PRE_BUILD State: SUCCEEDED
[AWS CodeBuild Plugin] 2021/01/29 06:12:15 Phase context status code: Message:
[AWS CodeBuild Plugin] 2021/01/29 06:12:15 Entering phase BUILD
[AWS CodeBuild Plugin] 2021/01/29 06:12:15 Running command bash codebuild.sh
[AWS CodeBuild Plugin] Get SSH_PUB_KEY
[AWS CodeBuild Plugin] Get SSH_PRIV_KEY
[AWS CodeBuild Plugin] id_rsa_eu
[AWS CodeBuild Plugin] id_rsa_us
[AWS CodeBuild Plugin] -----BEGIN RSA PRIVATE KEY-----WRZSuRtEVVexWa02QRweK+PHxwx9QJJUzSTF5P5xKNC7eOM1Xku+253pt3SR/c+343+b2Vvx5b0T2A8EZiZsSb+pgebrHfe5xeoKGtdTyW1uTYXL6oNSnXMJh3UQkctfszBxXVNZychGrPa/ldyvPM+QvAbr6TUBY4XiWimtXEzBATcuLtUmDMZlPX4OBPclhE+4lo/ykYiBVZvKY/aIB2b8pmeCmx6adyHpmMd728P4IA8uFAS1rrpFqhqXFIjHoRFZq8eGkm5BZOEOzgjMD3xvET6rAHAhdnXG4gWocTUYi29E9lVQHrnVEjXyddtkhj7mLB3R3qyvz3Jv+M+3a9BrJWR+KuywhRSLEu6Ica1CUMPw3Ci3tfNLpqfW9OyaUy0BnjyorLkNKLI2CL+9Ruemh1Gc1q91Wcei1PhivJ4PxD9+l/Y89owkMqvT6sgtsaxDuBoxQTsRSMVi9hQxoWawRIEiRDHncgEUfRw4HjHwyXc83HmeKov42MhiDxXFn4ECUqfdtF/uXjTKdSNZkZgmn9xu58zeq4NQz7rZVe4PQxJsqRqiJw+ah27Qt4W7wQT3gcVMfNKObb8XVtWZtNhjM9hYlXiqIknr8BC+JKrtMd+KlFIf0GSNgukCAwEAAQKCAgEAjVuHYfXp93z/0jSqw8B3xIqWVB/uTNIxhJj7QAX5H1XA373HxVsI+JJUqGAR/ghsllsoCaLHhCrMbIb+3kMpP71tKKQ+OJnGUyoMPJFZQsd3yDfhiBbEEBs7fLLOHrVY1msbcaORxBZXaVottxpJjkDXFzUyzEnJ/xVwYumGOBNvMCePDg/TZrMNli88O552z42RNWsap+o1ylTMkJPUI45Ubb20uGwuQZRPSpneOXvhTpemfVFZccM4tocPmaAASNeb5jfxnvk9+Ncf71IB36dxOZE7Xldfur98Q9wd+yeAMetaV2D6mEkHcKSY9gWxrwlYUZsjSLDp0ednSpGVNlpDMnCuGOZ8aMekImNJXjiL96z9iIwlXkD/I53k4aWbA+Zt7+yxGoDzG25F27A95Y0C9YFUsaK6qMQFu67EIfQHt+lx1pkWU6mA25Q5oMBNz4Y5HG8k/tgGYwN6/8uyakIiIdnelrGnCjjLf6aVUzEpaxHbSwzSUUP/JFAGDM48QNMCOrhKV9hvR6Aw8MnHpHYqwyEHl0Ty7ExL9QHC340Fz9v8t8p7rhiMMKkZ+fpCiqo9CCzGQQCxlifERXwnM7dkIGic2gGzm0W9peAWrhZ9MlE232aqJBI6Xv7XIV7l9Audt0F4eA/+4nPEzZ3XTb6Gpv4674U1JT1UzEg7rRECggEBAMpyusk4LO4tWYTOvlvhEN0zMkooIfwsYIRzLCdELAb30Jhv0J2HYVG2hZOb+4s5mDmZzqdaOld3mMKeKHKWnFntAtrHIXaLup/mxoo9pFPumxxiLZbAR7nl//d7xgaJIhAQ9gibfHocqBQT3jCr92gIWMUptxUMAFR/oeP2iEG7zk3lsYoFFBJQaaT3ZRWlS+KOjgmQdcYBWIy8IuvkO6rgmclohLyrR7M+PAkpQTjRuM01fpGCyy8Ve7CfC8Rh0C5zGNlJs+6OuN325nk2ROO/+rcwgm6jhqUSxnmQJyYgEG0bZio/Qh/Cb2JkC35FZooC4tgl+m04QfAaSq+uadUCggEBAPQSX5AzgH4b67W1oVWLEsWvruAm1zwg4zsKu0NL3OHTQj3qaMFENqwXxYNmvWv5gyPIzWcgqtSrrgaegw/mSAEnSdQzfOxUuGp2qBv0esCFrE76rGE9Tfja5OVwY3GNjpfM4dvgoQcJPSR5uiX3wABOGnCxcN04V6qY2lRouHAE+ArOqqTrv0Zmij6NFZq3uTleKNRnjsqzIHee87SgXsEsMz3tf...
[AWS CodeBuild Plugin] -----BEGIN RSA PRIVATE KEY-----RExicIXwDrEg25xt/HUn3LBSM7R98lrDPfGQmsBdXIfxKim5pNWhglteA0H9Eok9Tnoae5lkeEHbOC43qCZ7281Um5Q50QBkeO0AzEmJTPf8RLAx0XlJvYxTYwCJRFhnyOt2XcqQUQYn0n5kp85qUZNjRo/xuoDjwbfLcW6iBlL5XcQUwpXQN+v1TgIZCC8+iXQy4Z38/ggR7sMSsienAY69oc8fRSkK/lpbXp5N6q/KJN2LaramWnODSOKLTMfhOkGK9OkKnOJ61gfIye+jH8hUMlsSlxJpWzorXlaMhr8d+SEO6VmQdovSncYBCsY5lGomO04DEfZZcPf9GfbNrpZOipwGPF+k1qbqku4hNEW+3x6LXmukhAZR+9AnA4Pb1HjG7FnvcpyiPfDZ3J/o1sVViIw5Amw1FRoLZVeGws3MCHVAiJzLwzzgmSnYfUgeijOUZTR32wt0eMfMyITxHndc557Ta3MBWG2fg4szxdSWyklyyqcqY5aVfIjNbcWqCQkSaoWP4lc/3p9VNZBaocgYuCLweC4Uf9LMcDvZR/7/MHG4uEYxdIciUpogLp1nvwqm+Y/RJluMNYmvAt4gR4TRxlyIsHk9Lx1OXsz1oh4GMZW1pOuQpWXxD1QEZndVV/AsCAwEAAQKCAgB3XlACwZYn7YtZcoSCx2FuUfJNW/CCG3sfedG0f+ovcU8i66i3TUUmW906yzlSkeQVmUqGfanGCGUG71Y16r++p31sNvHJ0RKAmOIdfP/RNq5q6LMOEJ8g9BG7e3LWGAIHW1XQrScirrZ+QjDmdcuZFN8m2YS8+N0cj78VhTSDO45fNTdNQ8mbrsJ/JAdppAYK4YHszhAOXES0TGNJRdK0vcbIW91JQSCpgYG3q/1GKoru0gfjZj8Xz9YNpXL+tiwtE1tV+RCL620HmwnZMO8oDev8seWXnMBxQS8g648VWVXpil6zdYODVegw5LAr8BuFSEqdjZXpxj8WRhUaC3n3NIi0SvZRVAYcBQwTamWg4K3j/Utvcopz897yXahnyDpWo368SPrpS/vouCtxG6KAFak1YaR/PSR6FGgrl8dnZz5x3LgQi/ZBc5XGEIuqwi5DZvh1Z1IAg0iVosmog9SaFkoJiYsLUl/i0GRcWBiQUeHb3SkEAg31SOk7b0/BUovrbiPnO2+t+6ZmgzeK1gCDybHv8o4vl5h8tTfZZ6Bx6+DcIVHKIcHuBCkknyVKGYqwkB3/TDUFYIHOBETvNU8Dv6YqCu6kxll0TaZ/e6+juMfBuZFxHBGJJ9acVIWccwXqDI6recQIOosoFIsjaScmeDjVq00ZmdI/g94knA9dQQKCAQEA5XCK9EXgZS6Fzh5r65SoNTjbWYmZh0u4dpl5r32aM0+LfOOFknONKSHU9voXEPaEa+X7RzJ0ghqvJRdIxtkBqonb9xOoucvNuz/CYwwHDBmmV1/1A7mmNNyse9AloD+HtXLMvAfasZ5kIW0q5pjZIm/nSjId95G997mHBM8vPhbogqeh6rXHFSt0jg4qHvKQAjNCwZV0M6Cz6JGdESMWS1vwG2Ya7xez53I1M55ju3MJ+VZz8fgLSg+iV/Axkhcm+28qOfCvdhrflwKSb9vulanpP76DBf2Y2Mo19JscKUd0Mikc0xxo68nBKu1f5KDvEMReNk3FpTpN/ziQ6BhqqwKCAQEA402K2qftDOZFWIexaPgCqeNyp83Kn79dyf2ontBjkcEZNuD/lal2tqK6fQDrFVbmiTTXbp0uPk5GXgY5tD1eji4HKJW4XCKmUOBBOP5gq1BUafJ3MzHo3hUii7tHoDh7W+YsUK4w4ZLihb15bIKHlB102MFnMO7+sWIHAOkcjTjZixh30Tob+BGKXhLHNMejFoIIDez+/tOKpY4/NahpgCLcHwU9n...
buildspec.yml
version: 0.2
phases:
build:
commands:
- bash codebuild.sh
- /bin/bash setup.sh
echo "Get SSH_PRIV_US_KEY"
aws --profile "DEC" --region ${REGION} ssm get-parameter --with-decryption --name /xxx/xxx/tls_private_key --query "Parameter.Value" --output text > ~/.ssh/id_rsa_us
echo "Get SSH_PRIV_EU_KEY"
aws --profile "DEC" --region ${EU_REGION} ssm get-parameter --with-decryption --name /xxx/xxx/private_key --query "Parameter.Value" --output text > ~/.ssh/id_rsa_eu
解决方法
没有直接回答您的问题,但是否有任何特殊原因为什么您在 jenkins 中获取这些凭据,然后将它们作为 env var 传递给 CodeBuild,而不是通过使用内置参数直接在 CodeBuild 构建规范本身中获取它们存储选项:
shell: shell-tag
variables:
key: "value"
key: "value"
parameter-store:
key: "value"
key: "value"
exported-variables:
- variable
- variable
secrets-manager:
key: secret-id:json-key:version-stage:version-id
git-credential-helper: no | yes
来自here。
附言在公共互联网上共享 ssh 密钥不是一个好习惯。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。