Skip to end of metadata
Go to start of metadata

이 문서는 JBamboo - Powershell Script 활용하여 Deployment 권한 하위 Environment들에게 주기 가이드를 공유하기 위해 작성되었다.


도구명Bamboo, Powershell




Powershell Script 활용하여 Deployment 권한 하위 Environment에 주기

DeploymentID값 확인하기

  • Bamboo Web → Deployment Project → 웹 URL 끝부분 ID값 확인

Powershell

  • 윈도우 키 → Powershell ISE 실행 → 새로 만들기


  • 스크립트 중요내용
    3 줄: DeploymentID 값
    4 줄: Bamboo Url
    11 줄: Deploy 권한 주고 싶을 경우 $true 아닐 경우 $false
    19~20 줄: Bamboo Web ID 및 Password 
  • 스크립트
# 참고할 Deployment ID
$deploymentId = ""
#Url 및 api 주소 끝부분 / 생략
$base_url = ""

if(${base_url}.ToString()[-1] -eq '/'){
    $base_url = $base_url.ToString().Substring(0, $base_url.Length - 1)
}

#deploy 권한 주고 싶은 경우 $true
$deploy_permission = $true

$get_deployment_user_permission = "/rest/api/latest/permissions/deployment/${deploymentId}/users.json?limit=200"
$get_deployment_group_permission = "/rest/api/latest/permissions/deployment/${deploymentId}/groups.json?limit=200"
$get_deployment_api = "/rest/api/latest/deploy/project/${deploymentId}.json?limit=200"


# admin 계정 정보
$user ="jk.park"
$password = ""

$LogArray = @()
# SSL 인증서 오류 일 경우, SSL 인증서 문제 없을 경우 해당 부분 필요 X
Add-Type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem){
                return true;
            }
    }
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls, [Net.SecurityProtocolType]::Tls11, [Net.SecurityProtocolType]::Tls12, [Net.SecurityProtocolType]::Tls13, [Net.SecurityProtocolType]::Ssl3

# 인증 인코딩
function Get-BasicAuthCreds {
    param([string]$Username, [string]$Password)
    $AuthString = "{0}:{1}" -f $Username,$Password
    $AuthBytes  = [System.Text.Encoding]::ASCII.GetBytes($AuthString)
    return [Convert]::ToBase64String($AuthBytes)
}
$BasicCreds = Get-BasicAuthCreds -Username $user -Password $password;

#하위 Deployment Enviroment들 가져오기
$get_deployment = Invoke-WebRequest -Uri "${base_url}${get_deployment_api}" -Method Get -ContentType 'application/json' -Headers @{"Authorization"="Basic $BasicCreds"}
# 조회 값 UTF-8, 및 json으로 변환
$deployments = [System.Text.Encoding]::UTF8.GetString($get_deployment.RawContentStream.ToArray()) | ConvertFrom-Json

#참고할 Deployment User Environment 리스트 가져오기
$user_permission = Invoke-WebRequest -Uri "${base_url}${get_deployment_user_permission}" -Method Get -ContentType 'application/json' -Headers @{"Authorization"="Basic $BasicCreds"}
# 조회 값 UTF-8, 및 json으로 변환
$users = [System.Text.Encoding]::UTF8.GetString($user_permission.RawContentStream.ToArray()) | ConvertFrom-Json

#참고할 Deployment Group Environment 리스트 가져오기
$group_permission = Invoke-WebRequest -Uri "${base_url}${get_deployment_group_permission}" -Method Get -ContentType 'application/json' -Headers @{"Authorization"="Basic $BasicCreds"}
# 조회 값 UTF-8, 및 json으로 변환
$groups = [System.Text.Encoding]::UTF8.GetString($group_permission.RawContentStream.ToArray()) | ConvertFrom-Json

# 각 Environments에 권한 주기 
$deployments.environments | ForEach-Object{
    #적용 할 Environment 이름 및 ID
    $environment = $_
    $environmentName = $environment.name
    $environmentId = $environment.id
    write-host "Name: ${environmentName} ID: ${environmentId}"

    # Deployment에서 user permission들
    $user_permissions = $users.results
    $post_user_api = "/rest/api/latest/permissions/environment/${environmentId}/users"

    # Deployment에서 group permission들
    $group_permissions = $groups.results
    $post_group_api = "/rest/api/latest/permissions/environment/${environmentId}/groups"

    # Environment에 user permission 주기
    $user_permissions | ForEach-Object{
        $userName = $_.name
        $temppermissions = $_.permissions

        # Deploy 권한 부여
        if($deploy_permission){
            $permissions = $temppermissions + "BUILD" | ConvertTo-Json -Depth 2
        } else {
            $permissions = $temppermissions | ConvertTo-Json -Depth 2
        }
        write-host $userName $permissions
        $enc = [system.Text.Encoding]::UTF8
        #User 권한 부여
        try{
            $LogArray += "${environmentName} User: ${userName} Add ${permissions}"
            $put_user_permissions = Invoke-WebRequest -Uri "${base_url}${post_user_api}/${userName}.json" -Method PUT -ContentType 'application/json' -Headers @{"Authorization"="Basic $BasicCreds"} -Body $enc.GetBytes($permissions)
        } catch{
            $LogArray += "${environmentName} User: ${userName} Failed"
        }
    }

    # Environment에 Group permission 주기
    $group_permissions | ForEach-Object{
        $groupName = $_.name
        $grouptemppermissions = $_.permissions

        # Deploy 권한 부여
        if($deploy_permission){
            $grouppermissions = $grouptemppermissions + "BUILD" | ConvertTo-Json -Depth 2
        } else {
            $grouppermissions = $grouptemppermissions | ConvertTo-Json -Depth 2
        }
        write-host $groupName $grouppermissions
        $enc = [system.Text.Encoding]::UTF8
        #User 권한 부여
        try{
            $LogArray += "${environmentName} Group: ${groupName} Add ${grouppermissions}"
            $put_group_permissions = Invoke-WebRequest -Uri "${base_url}${post_group_api}/${groupName}.json" -Method PUT -ContentType 'application/json' -Headers @{"Authorization"="Basic $BasicCreds"} -Body $enc.GetBytes($grouppermissions)
        } catch{
            $LogArray += "${environmentName} Group: ${groupName} Failed"
        }
    }    
}
$LogArray




참조링크


  • No labels