问题
I am trying to use Jenkins for CI/CD.
I've developed a Python flask application. I am deploying this application into Google App Engine. So far I am using gcloud app deploy app.yaml
command to deploy application to Google App Engine.
Code for this application is present in Google Cloud Source Repository.
Since the authentication to git(Google Cloud Source Repository) requires Google OAuth, I've installed Google OAuth Credentials Plugin
Now I am facing two issues
- When I use "Google Service Account from metadata" Credential Kind, I am not seeing the credentials listed in "Source Code Management".
- when I use "Google Service Account from private key", I am able to see credentials. But when I run my jenkins job I am getting below error
FATAL: Could not call com.google.jenkins.plugins.source.GoogleRobotUsernamePassword.writeObject() : Failed to serialize com.google.jenkins.plugins.source.GoogleRobotUsernamePasswordModule$ForRemote#credentials for class com.google.jenkins.plugins.source.GoogleRobotUsernamePasswordModule$ForRemote ---- Debugging information ---- message : Could not call com.google.jenkins.plugins.source.GoogleRobotUsernamePassword.writeObject() cause-exception : java.lang.RuntimeException cause-message : Failed to serialize com.google.jenkins.plugins.source.GoogleRobotUsernamePasswordModule$ForRemote#credentials for class com.google.jenkins.plugins.source.GoogleRobotUsernamePasswordModule$ForRemote ------------------------------- java.lang.UnsupportedOperationException: Refusing to marshal org.joda.time.DateTime for security reasons; see https://jenkins.io/redirect/class-filter/ at hudson.util.XStream2$BlacklistedTypesConverter.marshal(XStream2.java:543) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69) at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
Question: How can I authenticate Google Cloud Source repository in Jenkins? What are the steps|plugins required to use Google Cloud Source repository in Jenkins?
回答1:
Solution
You probably need to add a missing scope to the Compute Engine VM Instance running Jenkins that would give it access to Cloud Source Repository. You can follow the documentation or this steps, which ever you find convenient.
- Go to Cloud Deployment Manager
- Click on the name of the Jenkins deployment in question
- Click on the instance name in the left info pane and it will redirect you to
VM instance details
Stop
the instance- Press
Edit
and set the right access scope for Cloud Source Repository
After your start the VM instance, try adding your git repository again and once you select the credentials, either "Google Service Account from metadata" or from service account, everything should work properly.
Elaboration
I stumbled upon the "Invalid authentication credentials." issue while trying to add a Cloud Source Repository after deploying Jenkins from Launcher.
In my case the reason why it happened was that during the process of deployment the Cloud API access scope for Cloud Source Repositories on the Compute Engine VM instance was set to Disabled
, which prevented any interaction from that instance even if a service account had all the necessary roles/permissions.
Here are the scopes that are reconfigured by Launcher:
scopes:
- 'https://www.googleapis.com/auth/cloud.useraccounts.readonly'
- 'https://www.googleapis.com/auth/devstorage.read_only'
- 'https://www.googleapis.com/auth/logging.write'
- 'https://www.googleapis.com/auth/monitoring.write'
{% if enableComputeApi %}
- 'https://www.googleapis.com/auth/compute'
{% endif %}
- 'https://www.googleapis.com/auth/cloudruntimeconfig'
Adding the following scope to the VM instance running Jenkins was enough to fix the error:
https://www.googleapis.com/auth/source.read_only
Extra:
List of scopes for Google APIs.
回答2:
I updated the plugin to 0.6 version. In 0.6 version, I have the same problem in Jenkins "Free-style" project. Bit I can success to checkout in Jenkins "pipeline" project. I just copy the "checkout syntax" in others project and replace 2 parts of the syntax to the right:
credentialsid -> replace to your right credentials id that you created Google Service Account from private key in jenkins. url ->replace to your google source repository url
来源:https://stackoverflow.com/questions/49650148/jenkins-with-google-cloud-source-repository