이 문서는 JBamboo - Powershell Script 활용하여 Deployment 권한 하위 Environment들에게 주기 가이드를 공유하기 위해 작성되었다.
| 도구명 | Bamboo, Powershell |
|---|
Powershell Script 활용하여 Deployment 권한 하위 Environment에 주기
DeploymentID값 확인하기
- Bamboo Web → Deployment Project → 웹 URL 끝부분 ID값 확인
Powershell
- 윈도우 키 → Powershell ISE 실행 → 새로 만들기
- 스크립트 중요내용
3 줄: DeploymentID 값
4 줄: Bamboo Url
11 줄: Deploy 권한 주고 싶을 경우 $true 아닐 경우 $false
19~20 줄: Bamboo Web ID 및 Password - 스크립트
# 참고할 Deployment ID
$deploymentId = ""
#Url 및 api 주소 끝부분 / 생략
$base_url = ""
if(${base_url}.ToString()[-1] -eq '/'){
$base_url = $base_url.ToString().Substring(0, $base_url.Length - 1)
}
#deploy 권한 주고 싶은 경우 $true
$deploy_permission = $true
$get_deployment_user_permission = "/rest/api/latest/permissions/deployment/${deploymentId}/users.json?limit=200"
$get_deployment_group_permission = "/rest/api/latest/permissions/deployment/${deploymentId}/groups.json?limit=200"
$get_deployment_api = "/rest/api/latest/deploy/project/${deploymentId}.json?limit=200"
# admin 계정 정보
$user ="jk.park"
$password = ""
$LogArray = @()
# SSL 인증서 오류 일 경우, SSL 인증서 문제 없을 경우 해당 부분 필요 X
Add-Type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem){
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls, [Net.SecurityProtocolType]::Tls11, [Net.SecurityProtocolType]::Tls12, [Net.SecurityProtocolType]::Tls13, [Net.SecurityProtocolType]::Ssl3
# 인증 인코딩
function Get-BasicAuthCreds {
param([string]$Username, [string]$Password)
$AuthString = "{0}:{1}" -f $Username,$Password
$AuthBytes = [System.Text.Encoding]::ASCII.GetBytes($AuthString)
return [Convert]::ToBase64String($AuthBytes)
}
$BasicCreds = Get-BasicAuthCreds -Username $user -Password $password;
#하위 Deployment Enviroment들 가져오기
$get_deployment = Invoke-WebRequest -Uri "${base_url}${get_deployment_api}" -Method Get -ContentType 'application/json' -Headers @{"Authorization"="Basic $BasicCreds"}
# 조회 값 UTF-8, 및 json으로 변환
$deployments = [System.Text.Encoding]::UTF8.GetString($get_deployment.RawContentStream.ToArray()) | ConvertFrom-Json
#참고할 Deployment User Environment 리스트 가져오기
$user_permission = Invoke-WebRequest -Uri "${base_url}${get_deployment_user_permission}" -Method Get -ContentType 'application/json' -Headers @{"Authorization"="Basic $BasicCreds"}
# 조회 값 UTF-8, 및 json으로 변환
$users = [System.Text.Encoding]::UTF8.GetString($user_permission.RawContentStream.ToArray()) | ConvertFrom-Json
#참고할 Deployment Group Environment 리스트 가져오기
$group_permission = Invoke-WebRequest -Uri "${base_url}${get_deployment_group_permission}" -Method Get -ContentType 'application/json' -Headers @{"Authorization"="Basic $BasicCreds"}
# 조회 값 UTF-8, 및 json으로 변환
$groups = [System.Text.Encoding]::UTF8.GetString($group_permission.RawContentStream.ToArray()) | ConvertFrom-Json
# 각 Environments에 권한 주기
$deployments.environments | ForEach-Object{
#적용 할 Environment 이름 및 ID
$environment = $_
$environmentName = $environment.name
$environmentId = $environment.id
write-host "Name: ${environmentName} ID: ${environmentId}"
# Deployment에서 user permission들
$user_permissions = $users.results
$post_user_api = "/rest/api/latest/permissions/environment/${environmentId}/users"
# Deployment에서 group permission들
$group_permissions = $groups.results
$post_group_api = "/rest/api/latest/permissions/environment/${environmentId}/groups"
# Environment에 user permission 주기
$user_permissions | ForEach-Object{
$userName = $_.name
$temppermissions = $_.permissions
# Deploy 권한 부여
if($deploy_permission){
$permissions = $temppermissions + "BUILD" | ConvertTo-Json -Depth 2
} else {
$permissions = $temppermissions | ConvertTo-Json -Depth 2
}
write-host $userName $permissions
$enc = [system.Text.Encoding]::UTF8
#User 권한 부여
try{
$LogArray += "${environmentName} User: ${userName} Add ${permissions}"
$put_user_permissions = Invoke-WebRequest -Uri "${base_url}${post_user_api}/${userName}.json" -Method PUT -ContentType 'application/json' -Headers @{"Authorization"="Basic $BasicCreds"} -Body $enc.GetBytes($permissions)
} catch{
$LogArray += "${environmentName} User: ${userName} Failed"
}
}
# Environment에 Group permission 주기
$group_permissions | ForEach-Object{
$groupName = $_.name
$grouptemppermissions = $_.permissions
# Deploy 권한 부여
if($deploy_permission){
$grouppermissions = $grouptemppermissions + "BUILD" | ConvertTo-Json -Depth 2
} else {
$grouppermissions = $grouptemppermissions | ConvertTo-Json -Depth 2
}
write-host $groupName $grouppermissions
$enc = [system.Text.Encoding]::UTF8
#User 권한 부여
try{
$LogArray += "${environmentName} Group: ${groupName} Add ${grouppermissions}"
$put_group_permissions = Invoke-WebRequest -Uri "${base_url}${post_group_api}/${groupName}.json" -Method PUT -ContentType 'application/json' -Headers @{"Authorization"="Basic $BasicCreds"} -Body $enc.GetBytes($grouppermissions)
} catch{
$LogArray += "${environmentName} Group: ${groupName} Failed"
}
}
}
$LogArray