Automating Jenkins User and Role Management with Python Scripts
This guide demonstrates how to create Jenkins roles, authorize plugin APIs, and automate user creation and role assignment using Python scripts and HTTP POST requests, including sample code for creating accounts, granting roles, and managing a list of users via a parameterized Jenkins job.
This article explains how to set up role creation and plugin API authorization in Jenkins, and provides a Python script to automate user creation and role assignment.
Create User
method:POST
url: http://demo.com:8080/securityRealm/createAccountByAdmin
data: {"username": userName, "password1": '123456', "password2": '123456', "fullname" : userName,"email" : userName + '@jenkins.com'}User Authorization Plugin
method:POST
url:http://demo.com:8080/role-strategy/strategy/assignRole
roletype: globalRoles projectRoles
data : {'type': 'globalRoles','roleName': roleName,'sid': userName}Python Script
#coding:utf8
#用户授权脚本
import requests
import sys
class auth(object):
def __init__(self):
self.Jenkins = {"url":"http://deme.com:8080/role-strategy/strategy/assignRole",
"passwd":"xxxxxxxxxxxx"}
#创建用户
def Create(self,userName):
uurl="http://demo.com:8080/securityRealm/createAccountByAdmin"
refdata = {"username": userName,
"password1": '123456',
"password2": '123456',
"fullname" : userName,
"email" : userName + '@jenkins.com'}
response = requests.post(uurl,data=refdata,auth=('admin',self.Jenkins["passwd"]))
#print(response.status_code,response.text)
#授权
def Grant(self,roleType,roleName,userName):
self.Create(userName)
if roleType == "global" :
data = {'type': 'globalRoles','roleName': roleName,'sid': userName}
elif roleType == "project" :
data = {'type': 'projectRoles','roleName': roleName,'sid': userName}
response = requests.post(self.Jenkins["url"],
data=data,
auth=('admin', self.Jenkins["passwd"]))
print(response.status_code,response.text)
return int(response.status_code)
if __name__ == '__main__':
if sys.argv[1] == "help":
print("1. 添加用户到users.txt中,每行一个.")
print("2. python role.py global globalName")
print("3. python role.py project projectName")
else:
server = auth()
roleType = sys.argv[1]
roleName = sys.argv[2]
#get users
f = open("users.txt","r")
users = f.readlines()
f.close()
#do grant
for user in users :
result = server.Grant(roleType,roleName,user)
if result <=400 :
print("--->{0}-->{1}-->{2} --->Success!".format(user,roleType,roleName))
else:
raise Exception("--->{0}-->{1}-->{2} --->Error!".format(user,roleType,roleName))Example users.txt file contains usernames, one per line, e.g., zhangsan lisi wangwu
Finally, you can create a parameterized Jenkins job to run this script and manage user authorizations automatically.
DevOps Cloud Academy
Exploring industry DevOps practices and technical expertise.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.