Java源码示例:com.cloudbees.plugins.credentials.CredentialsStore
示例1
private static Domain getDomain(CredentialsStore store) {
Domain domain = store.getDomainByName(BLUEOCEAN_DOMAIN_NAME);
if (domain == null) {
try {
//create new one
boolean result = store.addDomain(new Domain(BLUEOCEAN_DOMAIN_NAME, null, null));
if (!result) {
throw new ServiceException.UnexpectedErrorException(String.format("Failed to create credential domain: %s", BLUEOCEAN_DOMAIN_NAME));
}
domain = store.getDomainByName(BLUEOCEAN_DOMAIN_NAME);
if (domain == null) {
throw new ServiceException.UnexpectedErrorException(String.format("Domain %s created but not found", BLUEOCEAN_DOMAIN_NAME));
}
} catch (IOException ex) {
throw new ServiceException.UnexpectedErrorException("Failed to save the Blue Ocean domain.", ex);
}
}
return domain;
}
示例2
@Nonnull
@Override
public List<Credentials> getCredentials(@Nonnull Domain domain) {
final List<Credentials> result = new ArrayList<>(1);
if (domain.equals(FolderPropertyImpl.this.domain)) {
final User proxyUser = User.get(getUser(), false, Collections.emptyMap());
if (proxyUser != null) {
try (ACLContext ignored = ACL.as(proxyUser.impersonate())) {
for (CredentialsStore s : CredentialsProvider.lookupStores(proxyUser)) {
for (Domain d : s.getDomains()) {
if (d.test(PROXY_REQUIREMENT)) {
result.addAll(filter(s.getCredentials(d), withId(getId())));
}
}
}
} catch (UsernameNotFoundException ex) {
logger.warn("BlueOceanCredentialsProvider.StoreImpl#getCredentials(): Username attached to credentials can not be found");
}
}
}
return result;
}
示例3
public static void createCredentialsInUserStore(@Nonnull Credentials credential, @Nonnull User user,
@Nonnull String domainName, @Nonnull List<DomainSpecification> domainSpecifications)
throws IOException {
CredentialsStore store= findUserStoreFirstOrNull(user);
if(store == null){
throw new ServiceException.ForbiddenException(String.format("Logged in user: %s doesn't have writable credentials store", user.getId()));
}
Domain domain = findOrCreateDomain(store, domainName, domainSpecifications);
if(!store.addCredentials(domain, credential)){
throw new ServiceException.UnexpectedErrorException("Failed to add credential to domain");
}
}
示例4
public static void updateCredentialsInUserStore(@Nonnull Credentials current, @Nonnull Credentials replacement,
@Nonnull User user,
@Nonnull String domainName, @Nonnull List<DomainSpecification> domainSpecifications)
throws IOException {
CredentialsStore store= findUserStoreFirstOrNull(user);
if(store == null){
throw new ServiceException.ForbiddenException(String.format("Logged in user: %s doesn't have writable credentials store",
user.getId()));
}
Domain domain = findOrCreateDomain(store, domainName, domainSpecifications);
if(!store.updateCredentials(domain, current, replacement)){
throw new ServiceException.UnexpectedErrorException("Failed to update credential to domain");
}
}
示例5
private static @Nonnull Domain findOrCreateDomain(@Nonnull CredentialsStore store,
@Nonnull String domainName,
@Nonnull List<DomainSpecification> domainSpecifications)
throws IOException {
Domain domain = store.getDomainByName(domainName);
if (domain == null) { //create new one
boolean result = store.addDomain(new Domain(domainName,
domainName+" to store credentials by BlueOcean", domainSpecifications)
);
if (!result) {
throw new ServiceException.BadRequestException("Failed to create credential domain: " + domainName);
}
domain = store.getDomainByName(domainName);
if (domain == null) {
throw new ServiceException.UnexpectedErrorException("Domain %s created but not found");
}
}
return domain;
}
示例6
@Test
public void listAllCredentials() throws IOException {
SystemCredentialsProvider.ProviderImpl system = ExtensionList.lookup(CredentialsProvider.class).get(SystemCredentialsProvider.ProviderImpl.class);
CredentialsStore systemStore = system.getStore(j.getInstance());
systemStore.addDomain(new Domain("domain1", null, null));
systemStore.addDomain(new Domain("domain2", null, null));
systemStore.addCredentials(systemStore.getDomainByName("domain1"), new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, null,null, "admin", "pass$wd"));
systemStore.addCredentials(systemStore.getDomainByName("domain2"), new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, null,null, "joe", "pass$wd"));
CredentialsStoreAction credentialsStoreAction = ExtensionList.lookup(ViewCredentialsAction.class).get(0).getStore("system");
CredentialsStoreAction.DomainWrapper domain1 = credentialsStoreAction.getDomain("domain1");
CredentialsStoreAction.DomainWrapper domain2 = credentialsStoreAction.getDomain("domain2");
CredentialsStoreAction.CredentialsWrapper credentials1 = domain1.getCredentialsList().get(0);
CredentialsStoreAction.CredentialsWrapper credentials2 = domain2.getCredentialsList().get(0);
List<Map> creds = get("/search?q=type:credential;organization:jenkins", List.class);
Assert.assertEquals(2, creds.size());
Assert.assertEquals(credentials1.getId(), creds.get(0).get("id"));
Assert.assertEquals(credentials2.getId(), creds.get(1).get("id"));
creds = get("/search?q=type:credential;organization:jenkins;domain:domain2", List.class);
Assert.assertEquals(1, creds.size());
Assert.assertEquals(credentials2.getId(), creds.get(0).get("id"));
}
示例7
@Test
public void createSshCredentialUsingDirectSsh() throws IOException {
SystemCredentialsProvider.ProviderImpl system = ExtensionList.lookup(CredentialsProvider.class).get(SystemCredentialsProvider.ProviderImpl.class);
CredentialsStore systemStore = system.getStore(j.getInstance());
systemStore.addDomain(new Domain("domain1", null, null));
Map<String, Object> resp = post("/organizations/jenkins/credentials/system/domains/domain1/credentials/",
ImmutableMap.of("credentials",
new ImmutableMap.Builder<String,Object>()
.put("privateKeySource", ImmutableMap.of(
"privateKey", "abcabc1212",
"stapler-class", "com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey$DirectEntryPrivateKeySource"))
.put("passphrase", "ssh2")
.put("scope", "GLOBAL")
.put("description", "ssh2 desc")
.put("$class", "com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey")
.put("username", "ssh2").build()
)
, 201);
Assert.assertEquals("SSH Username with private key", resp.get("typeName"));
Assert.assertEquals("domain1", resp.get("domain"));
}
示例8
@Test
public void createUsingUsernamePassword() throws IOException {
SystemCredentialsProvider.ProviderImpl system = ExtensionList.lookup(CredentialsProvider.class).get(SystemCredentialsProvider.ProviderImpl.class);
CredentialsStore systemStore = system.getStore(j.getInstance());
systemStore.addDomain(new Domain("domain1", null, null));
Map<String, Object> resp = post("/organizations/jenkins/credentials/system/domains/domain1/credentials/",
ImmutableMap.of("credentials",
new ImmutableMap.Builder<String,Object>()
.put("password", "abcd")
.put("stapler-class", "com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl")
.put("scope", "GLOBAL")
.put("description", "joe desc")
.put("$class", "com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl")
.put("username", "joe").build()
)
, 201);
Assert.assertEquals("Username with password", resp.get("typeName"));
Assert.assertEquals("domain1", resp.get("domain"));
}
示例9
/**
* Test that a JSON credential without a "jenkins_token" field and without a proper DC/OS service account value
* results in a 401 and only 1 web request.
*
* @throws Exception
*/
@Test
public void testRecorderInvalidToken() throws Exception {
final FreeStyleProject project = j.createFreeStyleProject();
final SystemCredentialsProvider.ProviderImpl system = ExtensionList.lookup(CredentialsProvider.class).get(SystemCredentialsProvider.ProviderImpl.class);
final CredentialsStore systemStore = system.getStore(j.getInstance());
final String credentialValue = "{\"field1\":\"some value\"}";
final Secret secret = Secret.fromString(credentialValue);
final StringCredentials credential = new StringCredentialsImpl(CredentialsScope.GLOBAL, "invalidtoken", "a token for JSON token test", secret);
TestUtils.enqueueFailureResponse(httpServer, 401);
systemStore.addCredentials(Domain.global(), credential);
addBuilders(TestUtils.loadFixture("idonly.json"), project);
// add post-builder
addPostBuilders(project, "invalidtoken");
final FreeStyleBuild build = j.assertBuildStatus(Result.FAILURE, project.scheduleBuild2(0).get());
j.assertLogContains("[Marathon] Authentication to Marathon instance failed:", build);
j.assertLogContains("[Marathon] Invalid DC/OS service account JSON", build);
assertEquals("Only 1 request should have been made.", 1, httpServer.getRequestCount());
}
示例10
@BeforeClass
public static void setUpAgent() throws Exception {
s = j.createOnlineSlave();
s.setLabelString("some-label docker");
s.getNodeProperties().add(new EnvironmentVariablesNodeProperty(new EnvironmentVariablesNodeProperty.Entry("ONAGENT", "true"),
new EnvironmentVariablesNodeProperty.Entry("WHICH_AGENT", "first")));
s.setNumExecutors(2);
s2 = j.createOnlineSlave();
s2.setLabelString("other-docker");
s2.getNodeProperties().add(new EnvironmentVariablesNodeProperty(new EnvironmentVariablesNodeProperty.Entry("ONAGENT", "true"),
new EnvironmentVariablesNodeProperty.Entry("WHICH_AGENT", "second")));
//setup credentials for docker registry
CredentialsStore store = CredentialsProvider.lookupStores(j.jenkins).iterator().next();
password = System.getProperty("docker.password");
if(password != null) {
UsernamePasswordCredentialsImpl globalCred =
new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL,
"dockerhub", "real", "jtaboada", password);
store.addCredentials(Domain.global(), globalCred);
}
}
示例11
@Test
public void configRoundTrip() throws Exception {
story.addStep(new Statement() {
@SuppressWarnings("rawtypes")
@Override
public void evaluate() throws Throwable {
CredentialsStore store = CredentialsProvider.lookupStores(story.j.getInstance()).iterator().next();
assertThat(store, instanceOf(SystemCredentialsProvider.StoreImpl.class));
Domain domain = new Domain("docker", "A domain for docker credentials",
Collections.<DomainSpecification> singletonList(new DockerServerDomainSpecification()));
DockerServerCredentials c = new DockerServerCredentials(CredentialsScope.GLOBAL,
"docker-client-cert", "desc", Secret.fromString("clientKey"), "clientCertificate", "serverCaCertificate");
store.addDomain(domain, c);
BindingStep s = new StepConfigTester(story.j)
.configRoundTrip(new BindingStep(Collections.<MultiBinding> singletonList(
new DockerServerCredentialsBinding("DOCKER_CERT_PATH", "docker-client-cert"))));
story.j.assertEqualDataBoundBeans(s.getBindings(), Collections.singletonList(
new DockerServerCredentialsBinding("DOCKER_CERT_PATH", "docker-client-cert")));
}
});
}
示例12
@Test
public void configRoundTripUpdateCertificates() throws Exception {
CredentialsStore store = CredentialsProvider.lookupStores(j.getInstance()).iterator().next();
assertThat(store, instanceOf(SystemCredentialsProvider.StoreImpl.class));
Domain domain = new Domain("docker", "A domain for docker credentials", Collections.singletonList(new DockerServerDomainSpecification()));
DockerServerCredentials credentials = new DockerServerCredentials(CredentialsScope.GLOBAL, "foo", "desc", Secret.fromString("key"), "client-cert", "ca-cert");
store.addDomain(domain, credentials);
HtmlForm form = getUpdateForm(domain, credentials);
for (HtmlElement button : form.getElementsByAttribute("input", "class", "secret-update-btn")) {
button.click();
}
form.getTextAreaByName("_.clientKeySecret").setText("new key");
form.getTextAreaByName("_.clientCertificate").setText("new cert");
form.getTextAreaByName("_.serverCaCertificate").setText("new ca cert");
j.submit(form);
DockerServerCredentials expected = new DockerServerCredentials(
credentials.getScope(), credentials.getId(), credentials.getDescription(),
Secret.fromString("new key"), "new cert", "new ca cert");
j.assertEqualDataBoundBeans(expected, findFirstWithId(credentials.getId()));
}
示例13
@Initializer(after = InitMilestone.PLUGINS_STARTED)
public static void migrate() throws IOException {
GitLabConnectionConfig descriptor = (GitLabConnectionConfig) Jenkins.get().getDescriptor(GitLabConnectionConfig.class);
if (descriptor == null) return;
for (GitLabConnection connection : descriptor.getConnections()) {
if (connection.apiTokenId == null && connection.apiToken != null) {
for (CredentialsStore credentialsStore : CredentialsProvider.lookupStores(Jenkins.getInstance())) {
if (credentialsStore instanceof SystemCredentialsProvider.StoreImpl) {
List<Domain> domains = credentialsStore.getDomains();
connection.apiTokenId = UUID.randomUUID().toString();
credentialsStore.addCredentials(domains.get(0),
new GitLabApiTokenImpl(CredentialsScope.SYSTEM, connection.apiTokenId, "GitLab API Token", Secret.fromString(connection.apiToken)));
}
}
}
}
descriptor.save();
}
示例14
private void setupCredentials(String credentialId, String secret) throws Exception {
final CredentialsStore credentialsStore =
CredentialsProvider.lookupStores(jRule.jenkins).iterator().next();
final Domain domain = Domain.global();
final Credentials credentials =
new StringCredentialsImpl(
CredentialsScope.GLOBAL, credentialId, "", Secret.fromString(secret));
credentialsStore.addCredentials(domain, credentials);
}
示例15
private void setupCredentials(String credentialId, String secret) throws Exception {
final CredentialsStore credentialsStore =
CredentialsProvider.lookupStores(jRule.jenkins).iterator().next();
final Domain domain = Domain.global();
final Credentials credentials =
new StringCredentialsImpl(
CredentialsScope.GLOBAL, credentialId, "", Secret.fromString(secret));
credentialsStore.addCredentials(domain, credentials);
}
示例16
/**
* Gets the existing generated SSH key for the user or creates one and
* returns it in the user's credential store
* @param user owner of the key
* @return the user's personal private key
*/
public static @Nonnull BasicSSHUserPrivateKey getOrCreate(@Nonnull User user) {
Preconditions.checkNotNull(user);
CredentialsStore store = getUserStore(user);
if(store == null){
throw new ServiceException.ForbiddenException(String.format("Logged in user: %s doesn't have writable credentials store", user.getId()));
}
// try to find the right key
for (Credentials cred : store.getCredentials(getDomain(store))) {
if (cred instanceof BasicSSHUserPrivateKey) {
BasicSSHUserPrivateKey sshKey = (BasicSSHUserPrivateKey)cred;
if (BLUEOCEAN_GENERATED_SSH_KEY_ID.equals(sshKey.getId())) {
return sshKey;
}
}
}
// if none found, create one
try {
// create one!
String privateKey = SSHKeyUtils.generateKey(KEY_SIZE).trim();
BasicSSHUserPrivateKey.DirectEntryPrivateKeySource keySource = new BasicSSHUserPrivateKey.DirectEntryPrivateKeySource(privateKey);
BasicSSHUserPrivateKey key = new BasicSSHUserPrivateKey(CredentialsScope.USER, BLUEOCEAN_GENERATED_SSH_KEY_ID, user.getId(), keySource, null, BLUEOCEAN_GENERATED_SSH_KEY_ID);
store.addCredentials(getDomain(store), key);
store.save();
return key;
} catch (IOException ex) {
throw new ServiceException.UnexpectedErrorException("Failed to create the private key", ex);
}
}
示例17
/**
* Resets the user's generated key by deleting it and creating a new one
* @param user user to reset a key for
*/
public static void reset(@Nonnull User user) {
Preconditions.checkNotNull(user);
try {
// create one!
CredentialsStore store = getUserStore(user);
if(store == null){
throw new ServiceException.ForbiddenException(String.format("Logged in user: %s doesn't have writable credentials store", user.getId()));
}
Credentials key = null;
// try to find the key
for (Credentials cred : store.getCredentials(getDomain(store))) {
if (cred instanceof BasicSSHUserPrivateKey) {
BasicSSHUserPrivateKey sshKey = (BasicSSHUserPrivateKey)cred;
if (BLUEOCEAN_GENERATED_SSH_KEY_ID.equals(sshKey.getId())) {
key = sshKey;
break;
}
}
}
if (key != null) {
store.removeCredentials(getDomain(store), key);
store.save();
}
} catch (IOException ex) {
throw new ServiceException.UnexpectedErrorException("Unable to reset the user's key", ex);
}
}
示例18
/**
* Gets the user's CredentialStore
* @param user user to find a store for
* @return the credential store or null if not found
*/
private static @CheckForNull CredentialsStore getUserStore(User user){
for(CredentialsStore s : CredentialsProvider.lookupStores(user)) {
if(s.hasPermission(CredentialsProvider.CREATE) && s.hasPermission(CredentialsProvider.UPDATE)){
return s;
}
}
return null;
}
示例19
@Nonnull
public <C extends Credentials> List<C> getCredentials(@Nonnull final Class<C> type,
@Nullable ItemGroup itemGroup,
@Nullable
Authentication authentication,
@Nonnull List<DomainRequirement> domainRequirements) {
final List<C> result = new ArrayList<>();
final FolderPropertyImpl prop = propertyOf(itemGroup);
if (prop != null && prop.domain.test(domainRequirements)) {
final User proxyUser = User.get(prop.getUser(), false, Collections.emptyMap());
if (proxyUser != null) {
try (ACLContext ignored = ACL.as(proxyUser.impersonate())) {
for (CredentialsStore s : CredentialsProvider.lookupStores(proxyUser)) {
for (Domain d : s.getDomains()) {
if (d.test(PROXY_REQUIREMENT)) {
for (Credentials c : filter(s.getCredentials(d), withId(prop.getId()))) {
if (type.isInstance(c)) {
result.add((C) c);
}
}
}
}
}
} catch (UsernameNotFoundException ex) {
logger.warn("BlueOceanCredentialsProvider#getCredentials(): Username attached to credentials can not be found");
}
}
}
return result;
}
示例20
private static @CheckForNull CredentialsStore findUserStoreFirstOrNull(User user){
for(CredentialsStore s: CredentialsProvider.lookupStores(user)){
if(s.hasPermission(CredentialsProvider.CREATE) && s.hasPermission(CredentialsProvider.UPDATE)){
return s;
}
}
return null;
}
示例21
@Test
public void listCredentials() throws IOException {
SystemCredentialsProvider.ProviderImpl system = ExtensionList.lookup(CredentialsProvider.class).get(SystemCredentialsProvider.ProviderImpl.class);
CredentialsStore systemStore = system.getStore(j.getInstance());
systemStore.addDomain(new Domain("domain1", null, null));
systemStore.addCredentials(systemStore.getDomainByName("domain1"), new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, null,null, "admin", "pass$wd"));
CredentialsStoreAction credentialsStoreAction = ExtensionList.lookup(ViewCredentialsAction.class).get(0).getStore("system");
CredentialsStoreAction.DomainWrapper domainWrapper = credentialsStoreAction.getDomain("domain1");
CredentialsStoreAction.CredentialsWrapper credentialsWrapper = domainWrapper.getCredentialsList().get(0);
List<Map> creds = get("/organizations/jenkins/credentials/system/domains/domain1/credentials/", List.class);
Assert.assertEquals(1, creds.size());
Map cred = creds.get(0);
Assert.assertNotNull(cred.get("id"));
Map cred1 = get("/organizations/jenkins/credentials/system/domains/domain1/credentials/"+cred.get("id")+"/");
Assert.assertEquals(credentialsWrapper.getId(),cred1.get("id"));
Assert.assertEquals(credentialsWrapper.getTypeName(),cred1.get("typeName"));
Assert.assertEquals(credentialsWrapper.getDisplayName(),cred1.get("displayName"));
Assert.assertEquals(credentialsWrapper.getFullName(),cred1.get("fullName"));
Assert.assertEquals(String.format("%s:%s:%s", credentialsWrapper.getDisplayName(), credentialsWrapper.getDomain().getUrlName(), credentialsWrapper.getTypeName()),cred1.get("description"));
Assert.assertEquals(credentialsWrapper.getDomain().getUrlName(),cred1.get("domain"));
}
示例22
@Test
public void testStepWithFolderCredentials() throws Exception {
String folderCredentialsId = "folders-aws-creds";
// Create a folder with credentials in its store
Folder folder = jenkinsRule.jenkins.createProject(Folder.class, "folder" + jenkinsRule.jenkins.getItems().size());
CredentialsStore folderStore = this.getFolderStore(folder);
StandardUsernamePasswordCredentials inFolderCredentials = new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL,
folderCredentialsId, "test-folder-creds", "folder-aws-access-key-id", "folder-aws-secret-access-key");
folderStore.addCredentials(Domain.global(), inFolderCredentials);
SystemCredentialsProvider.getInstance().save();
List<String> credentialIds = new ArrayList<>();
credentialIds.add(folderCredentialsId);
WorkflowJob job = folder.createProject(WorkflowJob.class, "testStepWithFolderCredentials");
job.setDefinition(new CpsFlowDefinition(""
+ "node {\n"
+ " withAWS (credentials: '" + folderCredentialsId + "') {\n"
+ " echo 'It works!'\n"
+ " }\n"
+ "}\n", true)
);
jenkinsRule.assertBuildStatusSuccess(job.scheduleBuild2(0));
}
示例23
@Test
public void testStepWithAWSFolderCredentials() throws Exception {
String folderCredentialsId = "folders-aws-creds";
// Create a folder with credentials in its store
Folder folder = jenkinsRule.jenkins.createProject(Folder.class, "folder" + jenkinsRule.jenkins.getItems().size());
CredentialsStore folderStore = this.getFolderStore(folder);
AmazonWebServicesCredentials amazonWebServicesCredentials = new AWSCredentialsImpl(CredentialsScope.GLOBAL,
folderCredentialsId, "global-aws-access-key-id", "global-aws-secret-access-key", "Aws-Description",
"Arn::Something:or:Other", "12345678");
folderStore.addCredentials(Domain.global(), amazonWebServicesCredentials);
SystemCredentialsProvider.getInstance().save();
List<String> credentialIds = new ArrayList<>();
credentialIds.add(folderCredentialsId);
WorkflowJob job = folder.createProject(WorkflowJob.class, "testStepWithAWSFolderCredentials");
job.setDefinition(new CpsFlowDefinition(""
+ "node {\n"
+ " withAWS (credentials: '" + folderCredentialsId + "') {\n"
+ " echo 'It works!'\n"
+ " }\n"
+ "}\n", true)
);
WorkflowRun workflowRun = job.scheduleBuild2(0).get();
jenkinsRule.waitForCompletion(workflowRun);
jenkinsRule.assertBuildStatus(Result.FAILURE, workflowRun);
jenkinsRule.assertLogContains("The security token included in the request is invalid.", workflowRun);
jenkinsRule.assertLogContains("Constructing AWS Credentials", workflowRun);
}
示例24
@Test
public void testStepWithAWSIamMFAFolderCredentials() throws Exception {
String folderCredentialsId = "folders-aws-creds";
// Create a folder with credentials in its store
Folder folder = jenkinsRule.jenkins.createProject(Folder.class, "folder" + jenkinsRule.jenkins.getItems().size());
CredentialsStore folderStore = this.getFolderStore(folder);
AmazonWebServicesCredentials amazonWebServicesCredentials = new AWSCredentialsImpl(CredentialsScope.GLOBAL,
folderCredentialsId, "global-aws-access-key-id", "global-aws-secret-access-key", "Aws-Description",
"Arn::Something:or:Other", "12345678");
folderStore.addCredentials(Domain.global(), amazonWebServicesCredentials);
SystemCredentialsProvider.getInstance().save();
List<String> credentialIds = new ArrayList<>();
credentialIds.add(folderCredentialsId);
WorkflowJob job = folder.createProject(WorkflowJob.class, "testStepWithAWSIamMFAFolderCredentials");
job.setDefinition(new CpsFlowDefinition(""
+ "node {\n"
+ " withAWS (credentials: '" + folderCredentialsId + "', iamMfaToken: '1234567') {\n"
+ " echo 'It works!'\n"
+ " }\n"
+ "}\n", true)
);
WorkflowRun workflowRun = job.scheduleBuild2(0).get();
jenkinsRule.waitForCompletion(workflowRun);
jenkinsRule.assertBuildStatus(Result.FAILURE, workflowRun);
jenkinsRule.assertLogContains("The security token included in the request is invalid.", workflowRun);
jenkinsRule.assertLogContains("Constructing AWS Credentials", workflowRun);
jenkinsRule.assertLogContains("utilizing MFA Token", workflowRun);
}
示例25
@Test
public void testListCredentials() throws Exception {
Folder folder = jenkinsRule.jenkins.createProject(Folder.class, "folder" + jenkinsRule.jenkins.getItems().size());
CredentialsStore folderStore = this.getFolderStore(folder);
StandardUsernamePasswordCredentials folderCredentials = new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL,
"folder-creds", "test-creds", "aws-access-key-id", "aws-secret-access-key");
StandardUsernamePasswordCredentials globalCredentials = new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL,
"global-creds", "test-creds", "aws-access-key-id", "aws-secret-access-key");
folderStore.addCredentials(Domain.global(), folderCredentials);
SystemCredentialsProvider.getInstance().getCredentials().add(globalCredentials);
SystemCredentialsProvider.getInstance().save();
WorkflowJob job = folder.createProject(WorkflowJob.class, "testStepWithFolderCredentials");
final WithAWSStep.DescriptorImpl descriptor = jenkinsRule.jenkins.getDescriptorByType(WithAWSStep.DescriptorImpl.class);
// 3 options: Root credentials, folder credentials and "none"
ListBoxModel list = descriptor.doFillCredentialsItems(job);
Assert.assertEquals(3, list.size());
StandardUsernamePasswordCredentials systemCredentials = new UsernamePasswordCredentialsImpl(CredentialsScope.SYSTEM,
"system-creds", "test-creds", "aws-access-key-id", "aws-secret-access-key");
SystemCredentialsProvider.getInstance().getCredentials().add(systemCredentials);
// Still 3 options: Root credentials, folder credentials and "none"
list = descriptor.doFillCredentialsItems(job);
Assert.assertEquals(3, list.size());
}
示例26
@Test
public void testListAWSCredentials() throws Exception {
Folder folder = jenkinsRule.jenkins.createProject(Folder.class, "folder" + jenkinsRule.jenkins.getItems().size());
CredentialsStore folderStore = this.getFolderStore(folder);
AmazonWebServicesCredentials amazonWebServicesCredentials = new AWSCredentialsImpl(CredentialsScope.GLOBAL,
"test-aws-creds", "global-aws-access-key-id", "global-aws-secret-access-key", "Aws-Description",
"Arn::Something:or:Other", "12345678");
AmazonWebServicesCredentials globalAmazonWebServicesCredentials = new AWSCredentialsImpl(CredentialsScope.GLOBAL,
"global-test-aws-creds", "global-aws-access-key-id", "global-aws-secret-access-key", "Aws-Description",
"Arn::Something:or:Other", "12345678");
folderStore.addCredentials(Domain.global(), amazonWebServicesCredentials);
SystemCredentialsProvider.getInstance().getCredentials().add(globalAmazonWebServicesCredentials);
SystemCredentialsProvider.getInstance().save();
WorkflowJob job = folder.createProject(WorkflowJob.class, "testStepWithFolderCredentials");
final WithAWSStep.DescriptorImpl descriptor = jenkinsRule.jenkins.getDescriptorByType(WithAWSStep.DescriptorImpl.class);
// 3 options: Root credentials, folder credentials and "none"
ListBoxModel list = descriptor.doFillCredentialsItems(job);
Assert.assertEquals(3, list.size());
StandardUsernamePasswordCredentials systemCredentials = new UsernamePasswordCredentialsImpl(CredentialsScope.SYSTEM,
"system-creds", "test-creds", "aws-access-key-id", "aws-secret-access-key");
SystemCredentialsProvider.getInstance().getCredentials().add(systemCredentials);
// Still 3 options: Root credentials, folder credentials and "none"
list = descriptor.doFillCredentialsItems(job);
Assert.assertEquals(3, list.size());
}
示例27
private CredentialsStore getFolderStore(AbstractFolder f) {
Iterable<CredentialsStore> stores = CredentialsProvider.lookupStores(f);
CredentialsStore folderStore = null;
for (CredentialsStore s : stores) {
if (s.getProvider() instanceof FolderCredentialsProvider && s.getContext() == f) {
folderStore = s;
break;
}
}
return folderStore;
}
示例28
@Test
public void buildWithFolderCredentials() throws Exception {
GitHubBuilder ghb = PowerMockito.mock(GitHubBuilder.class);
PowerMockito.when(ghb.withProxy(Matchers.<Proxy>anyObject())).thenReturn(ghb);
PowerMockito.when(ghb.withOAuthToken(anyString(), anyString())).thenReturn(ghb);
PowerMockito.whenNew(GitHubBuilder.class).withNoArguments().thenReturn(ghb);
GitHub gh = PowerMockito.mock(GitHub.class);
PowerMockito.when(ghb.build()).thenReturn(gh);
PowerMockito.when(gh.isCredentialValid()).thenReturn(true);
GHRepository repo = PowerMockito.mock(GHRepository.class);
GHUser user = PowerMockito.mock(GHUser.class);
GHCommit commit = PowerMockito.mock(GHCommit.class);
PowerMockito.when(user.getRepository(anyString())).thenReturn(repo);
PowerMockito.when(gh.getUser(anyString())).thenReturn(user);
PowerMockito.when((repo.getCommit(anyString()))).thenReturn(commit);
Folder f = jenkins.jenkins.createProject(Folder.class, "folder" + jenkins.jenkins.getItems().size());
CredentialsStore folderStore = getFolderStore(f);
folderStore.addCredentials(Domain.global(),
new DummyCredentials(CredentialsScope.GLOBAL, "user", "password"));
WorkflowJob p = f.createProject(WorkflowJob.class, "p");
p.setDefinition(new CpsFlowDefinition(
"githubNotify account: 'raul-arabaolaza', context: 'ATH Results', " +
"credentialsId: 'dummy', description: 'All tests are OK', " +
"repo: 'acceptance-test-harness', sha: '0b5936eb903d439ac0c0bf84940d73128d5e9487', " +
"status: 'SUCCESS', targetUrl: 'http://www.cloudbees.com'"
));
WorkflowRun b1 = p.scheduleBuild2(0).waitForStart();
jenkins.assertBuildStatus(Result.SUCCESS, jenkins.waitForCompletion(b1));
}
示例29
private CredentialsStore getFolderStore(Folder f) {
Iterable<CredentialsStore> stores = CredentialsProvider.lookupStores(f);
CredentialsStore folderStore = null;
for (CredentialsStore s : stores) {
if (s.getProvider() instanceof FolderCredentialsProvider && s.getContext() == f) {
folderStore = s;
break;
}
}
return folderStore;
}
示例30
/**
* Helper method to update tokenCredentials with contents of creds.
* <p>
* This searches all domains for the id associated with tokenCredentials and updates the first credential it finds.
*
* @param tokenId Existing credentials that should be updated.
* @param creds New credentials
* @throws IOException If problems reading or writing to Jenkins Credential Store
*/
boolean doTokenUpdate(final String tokenId, final Credentials creds) throws IOException {
final SystemCredentialsProvider.ProviderImpl systemProvider = ExtensionList.lookup(CredentialsProvider.class)
.get(SystemCredentialsProvider.ProviderImpl.class);
if (systemProvider == null) return false;
final CredentialsStore credentialsStore = systemProvider.getStore(Jenkins.getInstance());
if (credentialsStore == null) return false;
/*
Walk through all domains and credentials for each domain to find a credential with the matching id.
*/
for (final Domain d : credentialsStore.getDomains()) {
for (Credentials c : credentialsStore.getCredentials(d)) {
if (!(c instanceof StringCredentials)) continue;
final StringCredentials stringCredentials = (StringCredentials) c;
if (stringCredentials.getId().equals(tokenId)) {
final boolean wasUpdated = credentialsStore.updateCredentials(d, c, creds);
if (!wasUpdated) {
LOGGER.warning("Updating Token credential failed during update call.");
}
return wasUpdated;
}
}
}
// if the credential was not found, then put a warning in the console log.
LOGGER.warning("Token credential was not found in the Credentials Store.");
return false;
}
