@Initializer(after = InitMilestone.PLUGINS_STARTED) public static void migrate() throws IOException { GitLabConnectionConfig descriptor = (GitLabConnectionConfig) Jenkins.getInstance().getDescriptor(GitLabConnectionConfig.class); for (GitLabConnection connection : descriptor.getConnections()) { if (connection.apiTokenId == null && connection.apiToken != null) { for (CredentialsStore credentialsStore : CredentialsProvider.lookupStores(Jenkins.getInstance())) { if (credentialsStore instanceof SystemCredentialsProvider.StoreImpl) { List<Domain> domains = credentialsStore.getDomains(); connection.apiTokenId = UUID.randomUUID().toString(); credentialsStore.addCredentials(domains.get(0), new GitLabApiTokenImpl(CredentialsScope.SYSTEM, connection.apiTokenId, "GitLab API Token", Secret.fromString(connection.apiToken))); } } } } descriptor.save(); } }
/** * {@inheritDoc} */ @Override protected int run() throws Exception { store.checkPermission(CredentialsProvider.CREATE); Domain domain = getDomainByName(store, this.domain); if (domain == null) { stderr.println("No such domain"); return 2; } Credentials credentials = (Credentials) Items.XSTREAM.unmarshal(safeXmlStreamReader(stdin)); if (store.addCredentials(domain, credentials)) { return 0; } stderr.println("No change"); return 1; } }
/** * {@inheritDoc} */ @Override protected int run() throws Exception { store.checkPermission(CredentialsProvider.CREATE); Domain domain = getDomainByName(store, this.domain); if (domain == null) { stderr.println("No such domain"); return 2; } Credentials credentials = (Credentials) Items.XSTREAM.unmarshal(safeXmlStreamReader(stdin)); if (store.addCredentials(domain, credentials)) { return 0; } stderr.println("No change"); return 1; } }
private String createCredentials(String username, String password) { String credentialId = name + "_" + username; try{ StandardCredentials credential = retrieveCredential(credentialId); if (credential != null) { return StringUtils.EMPTY; } UsernamePasswordCredentialsImpl migrateCredential = new UsernamePasswordCredentialsImpl( CredentialsScope.GLOBAL, name + "_" + username, "Migrated Coverity Credential", username, password); CredentialsStore store = CredentialsProvider.lookupStores(Jenkins.getInstance()).iterator().next(); store.addCredentials(Domain.global(), migrateCredential); } catch (IOException ioe) { logger.warning("Migrating username and password into credentials encountered IOException" + "\nPlease try to resolve this issue by adding credentials manually"); return StringUtils.EMPTY; } return credentialId; }
/** * Stores a new credentials record (Used only during migration). * @param u The new credentials to store; * @return The Id of the new record or {@code null} on failure. * @throws IOException on error. */ public static String storeCredentials(final StandardUsernameCredentials u) throws IOException { if (null != u) { try (final ACLContext ctx = ACL.as(ACL.SYSTEM)) { final CredentialsStore s = CredentialsProvider.lookupStores(Jenkins.getInstance()).iterator().next(); s.addCredentials(Domain.global(), u); return u.getId(); } } return null; }
@BeforeClass public static void setup() throws Exception { CredentialsStore store = CredentialsProvider.lookupStores(j.jenkins).iterator().next(); store.addCredentials(Domain.global(), globalCred); }
private static void addCredentials(ConduitCredentials credentials) throws IOException { CredentialsStore store = new SystemCredentialsProvider.UserFacingAction().getStore(); store.addCredentials(Domain.global(), credentials); }
@Issue("JENKINS-48380") @Test public void withCredentialsWrapper() throws Exception { final String credentialsId = "creds"; final String username = "bob"; final String passphrase = "s3cr3t"; final String keyContent = "the-key"; SSHUserPrivateKey c = new DummyPrivateKey(credentialsId, username, passphrase, keyContent); CredentialsProvider.lookupStores(j.jenkins).iterator().next().addCredentials(Domain.global(), c); expect("withCredentialsWrapper") .archives("userPass.txt", username + ":" + passphrase) .archives("key.txt", keyContent) .go(); }
@Issue("JENKINS-48380") @Test public void withCredentialsStageWrapper() throws Exception { final String credentialsId = "creds"; final String username = "bob"; final String passphrase = "s3cr3t"; final String keyContent = "the-key"; SSHUserPrivateKey c = new DummyPrivateKey(credentialsId, username, passphrase, keyContent); CredentialsProvider.lookupStores(j.jenkins).iterator().next().addCredentials(Domain.global(), c); expect("withCredentialsStageWrapper") .logContains("THEUSER is null") .archives("userPass.txt", username + ":" + passphrase) .archives("key.txt", keyContent) .go(); }
@Test public void doFillCredentialsIdItemsWithoutJobWhenAdmin() throws Exception { r.jenkins.setSecurityRealm(r.createDummySecurityRealm()); ProjectMatrixAuthorizationStrategy as = new ProjectMatrixAuthorizationStrategy(); as.add(Jenkins.ADMINISTER, "alice"); r.jenkins.setAuthorizationStrategy(as); final UsernamePasswordCredentialsImpl c = new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, null, "test", "bob", "s3cr3t"); CredentialsProvider.lookupStores(r.jenkins).iterator().next().addCredentials(Domain.global(), c); ACL.impersonate(User.get("alice").impersonate(), new Runnable() { @Override public void run() { ListBoxModel options = r.jenkins.getDescriptorByType(MercurialSCM.DescriptorImpl.class).doFillCredentialsIdItems(null, "http://nowhere.net/"); assertEquals(CredentialsNameProvider.name(c), options.get(1).name); } }); }
@Test public void withDefaults() throws Exception { Folder folder = j.createProject(Folder.class); getFolderStore(folder).addCredentials(Domain.global(), folderCred); getFolderStore(folder).addCredentials(Domain.global(), grandParentCred); folder.addProperty(new FolderConfig("folder_docker", "https://folder.registry", folderCred.getId())); expect("declarativeDockerConfigWithOverride") .inFolder(folder) .runFromRepo(false) .logContains("Docker Label is: other-label", "Registry URL is: https://other.registry", "Registry Creds ID is: " + grandParentCred.getId()).go(); }
@Issue("SECURITY-158") @Test public void doFillCredentialsIdItems() throws Exception { r.jenkins.setSecurityRealm(r.createDummySecurityRealm()); ProjectMatrixAuthorizationStrategy as = new ProjectMatrixAuthorizationStrategy(); as.add(Jenkins.READ, "alice"); as.add(Jenkins.READ, "bob"); r.jenkins.setAuthorizationStrategy(as); FreeStyleProject p1 = r.createFreeStyleProject("p1"); FreeStyleProject p2 = r.createFreeStyleProject("p2"); p2.addProperty(new AuthorizationMatrixProperty(Collections.singletonMap(Item.CONFIGURE, Collections.singleton("bob")))); UsernamePasswordCredentialsImpl c = new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, null, "test", "bob", "s3cr3t"); CredentialsProvider.lookupStores(r.jenkins).iterator().next().addCredentials(Domain.global(), c); assertCredentials("alice", null); assertCredentials("alice", p1); assertCredentials("alice", p2); assertCredentials("bob", null); assertCredentials("bob", p1); assertCredentials("bob", p2, c); } private void assertCredentials(String user, final Job<?,?> owner, Credentials... expected) {
@Test public void given_folderCredential_when_builtAsSystem_then_credentialFound() throws Exception { Folder f = createFolder(); CredentialsStore folderStore = getFolderStore(f); folderStore.addCredentials(Domain.global(), new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "foo-manchu", "Dr. Fu Manchu", "foo", "manchu")); FreeStyleProject prj = f.createProject(FreeStyleProject.class, "job"); prj.getBuildersList().add(new HasCredentialBuilder("foo-manchu")); r.buildAndAssertSuccess(prj); }
@Test public void grandParentOverride() throws Exception { Folder grandParent = j.createProject(Folder.class); getFolderStore(grandParent).addCredentials(Domain.global(), grandParentCred); grandParent.addProperty(new FolderConfig("parent_docker", "https://parent.registry", grandParentCred.getId())); Folder parent = grandParent.createProject(Folder.class, "testParent"); //Can be static since grandParent should be unique getFolderStore(parent).addCredentials(Domain.global(), folderCred); parent.addProperty(new FolderConfig("folder_docker", "https://folder.registry", folderCred.getId())); expect("declarativeDockerConfig") .inFolder(parent) .runFromRepo(false) .logContains("Docker Label is: folder_docker", "Registry URL is: https://folder.registry", "Registry Creds ID is: " + folderCred.getId()) .logNotContains("Docker Label is: parent_docker", "Registry URL is: https://parent.registry", "Registry Creds ID is: " + grandParentCred.getId()).go(); }
@BeforeClass public static void setUpAgent() throws Exception { s = j.createOnlineSlave(); s.setLabelString("some-label docker"); s.getNodeProperties().add(new EnvironmentVariablesNodeProperty(new EnvironmentVariablesNodeProperty.Entry("ONAGENT", "true"), new EnvironmentVariablesNodeProperty.Entry("WHICH_AGENT", "first"))); s.setNumExecutors(2); s2 = j.createOnlineSlave(); s2.setLabelString("other-docker"); s2.getNodeProperties().add(new EnvironmentVariablesNodeProperty(new EnvironmentVariablesNodeProperty.Entry("ONAGENT", "true"), new EnvironmentVariablesNodeProperty.Entry("WHICH_AGENT", "second"))); //setup credentials for docker registry CredentialsStore store = CredentialsProvider.lookupStores(j.jenkins).iterator().next(); password = System.getProperty("docker.password"); if(password != null) { UsernamePasswordCredentialsImpl globalCred = new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "dockerhub", "real", "jtaboada", password); store.addCredentials(Domain.global(), globalCred); } }
@Test public void directParent() throws Exception { Folder folder = j.createProject(Folder.class); getFolderStore(folder).addCredentials(Domain.global(), folderCred); folder.addProperty(new FolderConfig("folder_docker", "https://folder.registry", folderCred.getId())); expect("declarativeDockerConfig") .inFolder(folder) .runFromRepo(false) .logContains("Docker Label is: folder_docker", "Registry URL is: https://folder.registry", "Registry Creds ID is: " + folderCred.getId()).go(); }
@BeforeClass public static void setUpAgentAndCreds() throws Exception { s = j.createOnlineSlave(); s.setLabelString("some-label docker here"); s.getNodeProperties().add(new EnvironmentVariablesNodeProperty(new EnvironmentVariablesNodeProperty.Entry("ONAGENT", "true"), new EnvironmentVariablesNodeProperty.Entry("WHICH_AGENT", "first"))); s.setNumExecutors(2); s2 = j.createOnlineSlave(); s2.setLabelString("other-docker"); s2.getNodeProperties().add(new EnvironmentVariablesNodeProperty(new EnvironmentVariablesNodeProperty.Entry("ONAGENT", "true"), new EnvironmentVariablesNodeProperty.Entry("WHICH_AGENT", "second"))); CredentialsStore store = CredentialsProvider.lookupStores(j.jenkins).iterator().next(); String usernamePasswordCredentialsId = "FOOcredentials"; UsernamePasswordCredentialsImpl usernamePassword = new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, usernamePasswordCredentialsId, "sample", usernamePasswordUsername, usernamePasswordPassword); store.addCredentials(Domain.global(), usernamePassword); }
@Test public void grandParent() throws Exception { Folder grandParent = j.createProject(Folder.class); getFolderStore(grandParent).addCredentials(Domain.global(), grandParentCred); grandParent.addProperty(new FolderConfig("parent_docker", "https://parent.registry", grandParentCred.getId())); Folder parent = grandParent.createProject(Folder.class, "testParent"); //Can be static since grandParent should be unique expect("declarativeDockerConfig") .inFolder(parent) .runFromRepo(false) .logContains("Docker Label is: parent_docker", "Registry URL is: https://parent.registry", "Registry Creds ID is: " + grandParentCred.getId()).go(); }
@Test public void given_folderCredential_when_builtAsUserWithoutUseItem_then_credentialNotFound() throws Exception { Folder f = createFolder(); CredentialsStore folderStore = getFolderStore(f); folderStore.addCredentials(Domain.global(), new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "foo-manchu", "Dr. Fu Manchu", "foo", "manchu")); FreeStyleProject prj = f.createProject(FreeStyleProject.class, "job"); prj.getBuildersList().add(new HasCredentialBuilder("foo-manchu")); JenkinsRule.DummySecurityRealm realm = r.createDummySecurityRealm(); r.jenkins.setSecurityRealm(realm); MockAuthorizationStrategy strategy = new MockAuthorizationStrategy(); strategy.grant(Item.BUILD).everywhere().to("bob"); strategy.grant(Computer.BUILD).everywhere().to("bob"); r.jenkins.setAuthorizationStrategy(strategy); HashMap<String, Authentication> jobsToUsers = new HashMap<String, Authentication>(); jobsToUsers.put(prj.getFullName(), User.get("bob").impersonate()); MockQueueItemAuthenticator authenticator = new MockQueueItemAuthenticator(jobsToUsers); QueueItemAuthenticatorConfiguration.get().getAuthenticators().clear(); QueueItemAuthenticatorConfiguration.get().getAuthenticators().add(authenticator); r.assertBuildStatus(Result.FAILURE, prj.scheduleBuild2(0).get()); }
@Test public void directParentNotSystem() throws Exception { GlobalConfig.get().setDockerLabel("config_docker"); GlobalConfig.get().setRegistry(new DockerRegistryEndpoint("https://docker.registry", globalCred.getId())); Folder folder = j.createProject(Folder.class); getFolderStore(folder).addCredentials(Domain.global(), folderCred); folder.addProperty(new FolderConfig("folder_docker", "https://folder.registry", folderCred.getId())); expect("declarativeDockerConfig") .inFolder(folder) .runFromRepo(false) .logContains("Docker Label is: folder_docker", "Registry URL is: https://folder.registry", "Registry Creds ID is: " + folderCred.getId()) .logNotContains("Docker Label is: config_docker", "Registry URL is: https://docker.registry", "Registry Creds ID is: " + globalCred.getId()).go(); }