下面列出了hudson.model.ModelObject#org.jenkinsci.plugins.plaincredentials.impl.StringCredentialsImpl 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
/**
* Test that a JSON credential without a "jenkins_token" field and without a proper DC/OS service account value
* results in a 401 and only 1 web request.
*
* @throws Exception
*/
@Test
public void testRecorderInvalidToken() throws Exception {
final FreeStyleProject project = j.createFreeStyleProject();
final SystemCredentialsProvider.ProviderImpl system = ExtensionList.lookup(CredentialsProvider.class).get(SystemCredentialsProvider.ProviderImpl.class);
final CredentialsStore systemStore = system.getStore(j.getInstance());
final String credentialValue = "{\"field1\":\"some value\"}";
final Secret secret = Secret.fromString(credentialValue);
final StringCredentials credential = new StringCredentialsImpl(CredentialsScope.GLOBAL, "invalidtoken", "a token for JSON token test", secret);
TestUtils.enqueueFailureResponse(httpServer, 401);
systemStore.addCredentials(Domain.global(), credential);
addBuilders(TestUtils.loadFixture("idonly.json"), project);
// add post-builder
addPostBuilders(project, "invalidtoken");
final FreeStyleBuild build = j.assertBuildStatus(Result.FAILURE, project.scheduleBuild2(0).get());
j.assertLogContains("[Marathon] Authentication to Marathon instance failed:", build);
j.assertLogContains("[Marathon] Invalid DC/OS service account JSON", build);
assertEquals("Only 1 request should have been made.", 1, httpServer.getRequestCount());
}
/**
* Prepare global GitHub plugin configuration.
* Nothing specific to job.
*/
public static GitHubServerConfig prepareGitHubPlugin() {
// prepare global jRule settings
final StringCredentialsImpl cred = new StringCredentialsImpl(
CredentialsScope.GLOBAL,
null,
"description",
Secret.fromString(GH_TOKEN)
);
SystemCredentialsProvider.getInstance().getCredentials().add(cred);
final GitHubPluginConfig gitHubPluginConfig = GitHubPlugin.configuration();
final List<GitHubServerConfig> gitHubServerConfigs = new ArrayList<>();
final GitHubServerConfig gitHubServerConfig = new GitHubServerConfig(cred.getId());
gitHubServerConfig.setManageHooks(false);
gitHubServerConfig.setClientCacheSize(0);
gitHubServerConfigs.add(gitHubServerConfig);
gitHubPluginConfig.setConfigs(gitHubServerConfigs);
return gitHubServerConfig;
}
@Issue("SECURITY-1374")
@Test public void maskingPostBuild() throws Exception {
String credentialsId = "creds_1";
String password = "p4$$";
StringCredentialsImpl firstCreds = new StringCredentialsImpl(CredentialsScope.GLOBAL, credentialsId, "sample1", Secret.fromString(password));
CredentialsProvider.lookupStores(r.jenkins).iterator().next().addCredentials(Domain.global(), firstCreds);
SecretBuildWrapper wrapper = new SecretBuildWrapper(Collections.singletonList(new StringBinding("PASS_1", credentialsId)));
FreeStyleProject f = r.createFreeStyleProject();
f.setConcurrentBuild(true);
f.getBuildWrappersList().add(wrapper);
Publisher publisher = new PasswordPublisher(password);
f.getPublishersList().add(publisher);
FreeStyleBuild b = r.buildAndAssertSuccess(f);
r.assertLogNotContains(password, b);
r.assertLogContains("****", b);
}
@Test public void incorrectType() throws Exception {
story.addStep(new Statement() {
@Override public void evaluate() throws Throwable {
StringCredentialsImpl c = new StringCredentialsImpl(CredentialsScope.GLOBAL, "creds", "sample", Secret.fromString("s3cr3t"));
CredentialsProvider.lookupStores(story.j.jenkins).iterator().next().addCredentials(Domain.global(), c);
WorkflowJob p = story.j.jenkins.createProject(WorkflowJob.class, "p");
p.setDefinition(new CpsFlowDefinition(""
+ "node {\n"
+ " withCredentials([usernamePassword(usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD', credentialsId: 'creds')]) {\n"
+ " }\n"
+ "}", true));
WorkflowRun r = story.j.assertBuildStatus(Result.FAILURE, p.scheduleBuild2(0).get());
// make sure error message contains information about the actual type and the expected type
story.j.assertLogNotContains("s3cr3t", r);
story.j.assertLogContains(StandardUsernamePasswordCredentials.class.getName(), r); // no descriptor for the interface type
story.j.assertLogContains(stringCredentialsDescriptor.getDisplayName(), r);
story.j.assertLogNotContains("\tat ", r);
}
});
}
@Issue("JENKINS-27389")
@Test public void grabEnv() {
story.addStep(new Statement() {
@Override public void evaluate() throws Throwable {
String credentialsId = "creds";
String secret = "s3cr3t";
CredentialsProvider.lookupStores(story.j.jenkins).iterator().next().addCredentials(Domain.global(), new StringCredentialsImpl(CredentialsScope.GLOBAL, credentialsId, "sample", Secret.fromString(secret)));
WorkflowJob p = story.j.jenkins.createProject(WorkflowJob.class, "p");
p.setDefinition(new CpsFlowDefinition(""
+ "def extract(id) {\n"
+ " def v\n"
+ " withCredentials([string(credentialsId: id, variable: 'temp')]) {\n"
+ " v = env.temp\n"
+ " }\n"
+ " v\n"
+ "}\n"
+ "node {\n"
+ " echo \"got: ${extract('" + credentialsId + "')}\"\n"
+ "}", true));
story.j.assertLogContains("got: " + secret, story.j.assertBuildStatusSuccess(p.scheduleBuild2(0).get()));
}
});
}
@Issue("JENKINS-27486")
@Test public void masking() {
story.addStep(new Statement() {
@Override public void evaluate() throws Throwable {
String credentialsId = "creds";
String secret = "s3cr3t";
CredentialsProvider.lookupStores(story.j.jenkins).iterator().next().addCredentials(Domain.global(), new StringCredentialsImpl(CredentialsScope.GLOBAL, credentialsId, "sample", Secret.fromString(secret)));
WorkflowJob p = story.j.jenkins.createProject(WorkflowJob.class, "p");
p.setDefinition(new CpsFlowDefinition(""
+ "node {\n"
+ " withCredentials([string(credentialsId: '" + credentialsId + "', variable: 'SECRET')]) {\n"
// forgot set +x, ran /usr/bin/env, etc.
+ " if (isUnix()) {sh 'echo $SECRET > oops'} else {bat 'echo %SECRET% > oops'}\n"
+ " }\n"
+ "}", true));
WorkflowRun b = story.j.assertBuildStatusSuccess(p.scheduleBuild2(0).get());
story.j.assertLogNotContains(secret, b);
story.j.assertLogContains("echo ****", b);
}
});
}
@Issue("JENKINS-37871")
@Test public void secretBuildWrapperRunsBeforeNormalWrapper() throws Exception {
StringCredentialsImpl firstCreds = new StringCredentialsImpl(CredentialsScope.GLOBAL, credentialsId, "sample1", Secret.fromString(password));
CredentialsProvider.lookupStores(r.jenkins).iterator().next().addCredentials(Domain.global(), firstCreds);
SecretBuildWrapper wrapper = new SecretBuildWrapper(Arrays.asList(new StringBinding(bindingKey, credentialsId)));
FreeStyleProject f = r.createFreeStyleProject("buildWrapperOrder");
f.getBuildersList().add(Functions.isWindows() ? new BatchFile("echo %PASS_1%") : new Shell("echo $PASS_1"));
f.getBuildWrappersList().add(new BuildWrapperOrder());
f.getBuildWrappersList().add(wrapper);
// configRoundtrip makes sure the ordinal of SecretBuildWrapper extension is applied correctly.
r.configRoundtrip(f);
FreeStyleBuild b = r.buildAndAssertSuccess(f);
r.assertLogContains("Secret found!", b);
}
private void setupCredentials(String credentialId, String secret) throws Exception {
final CredentialsStore credentialsStore =
CredentialsProvider.lookupStores(jRule.jenkins).iterator().next();
final Domain domain = Domain.global();
final Credentials credentials =
new StringCredentialsImpl(
CredentialsScope.GLOBAL, credentialId, "", Secret.fromString(secret));
credentialsStore.addCredentials(domain, credentials);
}
private void setupCredentials(String credentialId, String secret) throws Exception {
final CredentialsStore credentialsStore =
CredentialsProvider.lookupStores(jRule.jenkins).iterator().next();
final Domain domain = Domain.global();
final Credentials credentials =
new StringCredentialsImpl(
CredentialsScope.GLOBAL, credentialId, "", Secret.fromString(secret));
credentialsStore.addCredentials(domain, credentials);
}
/**
* Test a basic API token using StringCredentials.
*
* @throws Exception
*/
@Test
public void testRecorderBasicToken() throws Exception {
final FreeStyleProject project = j.createFreeStyleProject();
final String responseStr = "{\"version\": \"one\", \"deploymentId\": \"someid-here\"}";
final SystemCredentialsProvider.ProviderImpl system = ExtensionList.lookup(CredentialsProvider.class).get(SystemCredentialsProvider.ProviderImpl.class);
final CredentialsStore systemStore = system.getStore(j.getInstance());
final String tokenValue = "my secret token";
final Secret secret = Secret.fromString(tokenValue);
final StringCredentials credential = new StringCredentialsImpl(CredentialsScope.GLOBAL, "basictoken", "a token for basic token test", secret);
TestUtils.enqueueJsonResponse(httpServer, responseStr);
systemStore.addCredentials(Domain.global(), credential);
// add builders
addBuilders(TestUtils.loadFixture("idonly.json"), project);
// add post-builder
addPostBuilders(project, "basictoken");
final FreeStyleBuild build = j.assertBuildStatusSuccess(project.scheduleBuild2(0).get());
j.assertLogContains("[Marathon]", build);
// handler assertions
assertEquals("Only 1 request should be made", 1, httpServer.getRequestCount());
RecordedRequest request = httpServer.takeRequest();
final String authorizationText = request.getHeader("Authorization");
assertEquals("Token does not match", "token=" + tokenValue, authorizationText);
}
/**
* Test that a JSON credential with "jenkins_token" uses the token value as the authentication token.
*
* @throws Exception
*/
@Test
public void testRecorderJSONToken() throws Exception {
final FreeStyleProject project = j.createFreeStyleProject();
final String responseStr = "{\"version\": \"one\", \"deploymentId\": \"someid-here\"}";
final SystemCredentialsProvider.ProviderImpl system = ExtensionList.lookup(CredentialsProvider.class).get(SystemCredentialsProvider.ProviderImpl.class);
final CredentialsStore systemStore = system.getStore(j.getInstance());
final String tokenValue = "my secret token";
final String credentialValue = "{\"field1\":\"some value\", \"jenkins_token\":\"" + tokenValue + "\"}";
final Secret secret = Secret.fromString(credentialValue);
final StringCredentials credential = new StringCredentialsImpl(CredentialsScope.GLOBAL, "jsontoken", "a token for JSON token test", secret);
TestUtils.enqueueJsonResponse(httpServer, responseStr);
systemStore.addCredentials(Domain.global(), credential);
// add builders
addBuilders(TestUtils.loadFixture("idonly.json"), project);
// add post-builder
addPostBuilders(project, "jsontoken");
final FreeStyleBuild build = j.assertBuildStatusSuccess(project.scheduleBuild2(0).get());
j.assertLogContains("[Marathon]", build);
// handler assertions
assertEquals("Only 1 request should be made", 1, httpServer.getRequestCount());
RecordedRequest request = httpServer.takeRequest();
final String authorizationText = request.getHeader("Authorization");
assertEquals("Token does not match", "token=" + tokenValue, authorizationText);
}
@Initializer(before = InitMilestone.PLUGINS_STARTED)
public static void addAliases() {
Jenkins.XSTREAM2.addCompatibilityAlias(
"org.csanchez.jenkins.plugins.kubernetes.OpenShiftBearerTokenCredentialImpl",
org.jenkinsci.plugins.kubernetes.credentials.OpenShiftBearerTokenCredentialImpl.class);
Jenkins.XSTREAM2.addCompatibilityAlias(
"org.csanchez.jenkins.plugins.kubernetes.OpenShiftTokenCredentialImpl",
StringCredentialsImpl.class);
Jenkins.XSTREAM2.addCompatibilityAlias("org.csanchez.jenkins.plugins.kubernetes.ServiceAccountCredential",
org.jenkinsci.plugins.kubernetes.credentials.FileSystemServiceAccountCredential.class);
}
@Test
@LocalData()
public void upgradeFrom_1_1() throws Exception {
List<Credentials> credentials = SystemCredentialsProvider.getInstance().getCredentials();
assertEquals(3, credentials.size());
UsernamePasswordCredentialsImpl cred0 = (UsernamePasswordCredentialsImpl) credentials.get(0);
assertEquals("token", cred0.getId());
assertEquals("myusername", cred0.getUsername());
FileSystemServiceAccountCredential cred1 = (FileSystemServiceAccountCredential) credentials.get(1);
StringCredentialsImpl cred2 = (StringCredentialsImpl) credentials.get(2);
assertEquals("mytoken", Secret.toString(cred2.getSecret()));
assertThat(cloud.getLabels(), hasEntry("jenkins", "slave"));
assertEquals(cloud.DEFAULT_WAIT_FOR_POD_SEC, cloud.getWaitForPodSec());
}
static void addGitLabApiToken() throws IOException {
for (CredentialsStore credentialsStore : CredentialsProvider.lookupStores(Jenkins.getInstance())) {
if (credentialsStore instanceof SystemCredentialsProvider.StoreImpl) {
List<Domain> domains = credentialsStore.getDomains();
credentialsStore.addCredentials(domains.get(0),
new StringCredentialsImpl(CredentialsScope.SYSTEM, API_TOKEN_ID, "GitLab API Token", Secret.fromString(API_TOKEN)));
}
}
}
static void setupGitLabConnections(JenkinsRule jenkins, MockServerRule mockServer) throws IOException {
GitLabConnectionConfig connectionConfig = jenkins.get(GitLabConnectionConfig.class);
String apiTokenId = "apiTokenId";
for (CredentialsStore credentialsStore : CredentialsProvider.lookupStores(Jenkins.getInstance())) {
if (credentialsStore instanceof SystemCredentialsProvider.StoreImpl) {
List<Domain> domains = credentialsStore.getDomains();
credentialsStore.addCredentials(domains.get(0),
new StringCredentialsImpl(CredentialsScope.SYSTEM, apiTokenId, "GitLab API Token", Secret.fromString(TestUtility.API_TOKEN)));
}
}
connectionConfig.addConnection(new GitLabConnection(TestUtility.GITLAB_CONNECTION_V3, "http://localhost:" + mockServer.getPort() + "/gitlab", apiTokenId, new V3GitLabClientBuilder(), false, 10, 10));
connectionConfig.addConnection(new GitLabConnection(TestUtility.GITLAB_CONNECTION_V4, "http://localhost:" + mockServer.getPort() + "/gitlab", apiTokenId, new V4GitLabClientBuilder(), false, 10, 10));
}
@Before
public void setup() throws IOException {
for (CredentialsStore credentialsStore : CredentialsProvider.lookupStores(Jenkins.getInstance())) {
if (credentialsStore instanceof SystemCredentialsProvider.StoreImpl) {
List<Domain> domains = credentialsStore.getDomains();
credentialsStore.addCredentials(domains.get(0),
new StringCredentialsImpl(CredentialsScope.SYSTEM, API_TOKEN_ID, "GitLab API Token", Secret.fromString(API_TOKEN_ID)));
}
}
}
@Before
public void setup() throws IOException {
gitLabUrl = "http://localhost:" + mockServer.getPort() + "/gitlab";
for (CredentialsStore credentialsStore : CredentialsProvider.lookupStores(Jenkins.getInstance())) {
if (credentialsStore instanceof SystemCredentialsProvider.StoreImpl) {
List<Domain> domains = credentialsStore.getDomains();
credentialsStore.addCredentials(domains.get(0),
new StringCredentialsImpl(CredentialsScope.SYSTEM, API_TOKEN_ID, "GitLab API Token", Secret.fromString(API_TOKEN)));
}
}
}
public GitLabConnectionProperty createGitLabConnectionProperty() throws IOException {
for (CredentialsStore credentialsStore : CredentialsProvider.lookupStores(Jenkins.getInstance())) {
if (credentialsStore instanceof SystemCredentialsProvider.StoreImpl) {
List<Domain> domains = credentialsStore.getDomains();
credentialsStore.addCredentials(domains.get(0),
new StringCredentialsImpl(CredentialsScope.SYSTEM, API_TOKEN_ID, "GitLab API Token", Secret.fromString(getApiToken())));
}
}
GitLabConnectionConfig config = Jenkins.getInstance().getDescriptorByType(GitLabConnectionConfig.class);
GitLabConnection connection = new GitLabConnection("test", url, API_TOKEN_ID, new V3GitLabClientBuilder(), true,10, 10);
config.addConnection(connection);
config.save();
return new GitLabConnectionProperty(connection.getName());
}
@Issue("JENKINS-24805")
@Test
public void maskingFreeStyleSecrets() throws Exception {
String firstCredentialsId = "creds_1";
String firstPassword = "a$build";
StringCredentialsImpl firstCreds = new StringCredentialsImpl(CredentialsScope.GLOBAL, firstCredentialsId, "sample1", Secret.fromString(firstPassword));
CredentialsProvider.lookupStores(r.jenkins).iterator().next().addCredentials(Domain.global(), firstCreds);
String secondCredentialsId = "creds_2";
String secondPassword = "a$$b";
StringCredentialsImpl secondCreds = new StringCredentialsImpl(CredentialsScope.GLOBAL, secondCredentialsId, "sample2", Secret.fromString(secondPassword));
CredentialsProvider.lookupStores(r.jenkins).iterator().next().addCredentials(Domain.global(), secondCreds);
SecretBuildWrapper wrapper = new SecretBuildWrapper(Arrays.asList(new StringBinding("PASS_1", firstCredentialsId),
new StringBinding("PASS_2", secondCredentialsId)));
FreeStyleProject project = r.createFreeStyleProject();
project.setConcurrentBuild(true);
project.getBuildersList().add(Functions.isWindows() ? new BatchFile("echo %PASS_1%") : new Shell("echo \"$PASS_1\""));
project.getBuildersList().add(Functions.isWindows() ? new BatchFile("echo %PASS_2%") : new Shell("echo \"$PASS_2\""));
project.getBuildersList().add(new Maven("$PASS_1 $PASS_2", "default"));
project.getBuildWrappersList().add(wrapper);
r.configRoundtrip((Item)project);
QueueTaskFuture<FreeStyleBuild> future = project.scheduleBuild2(0);
FreeStyleBuild build = future.get();
r.assertLogNotContains(firstPassword, build);
r.assertLogNotContains(firstPassword.replace("$", "$$"), build);
r.assertLogNotContains(secondPassword, build);
r.assertLogNotContains(secondPassword.replace("$", "$$"), build);
r.assertLogContains("****", build);
}
@Issue("JENKINS-24805")
@Test public void maskingFreeStyleSecrets() throws Exception {
String firstCredentialsId = "creds_1";
String firstPassword = "p4$$";
StringCredentialsImpl firstCreds = new StringCredentialsImpl(CredentialsScope.GLOBAL, firstCredentialsId, "sample1", Secret.fromString(firstPassword));
CredentialsProvider.lookupStores(r.jenkins).iterator().next().addCredentials(Domain.global(), firstCreds);
String secondCredentialsId = "creds_2";
String secondPassword = "p4$$" + "someMoreStuff";
StringCredentialsImpl secondCreds = new StringCredentialsImpl(CredentialsScope.GLOBAL, secondCredentialsId, "sample2", Secret.fromString(secondPassword));
CredentialsProvider.lookupStores(r.jenkins).iterator().next().addCredentials(Domain.global(), secondCreds);
SecretBuildWrapper wrapper = new SecretBuildWrapper(Arrays.asList(new StringBinding("PASS_1", firstCredentialsId),
new StringBinding("PASS_2", secondCredentialsId)));
FreeStyleProject f = r.createFreeStyleProject();
f.setConcurrentBuild(true);
f.getBuildersList().add(Functions.isWindows() ? new BatchFile("echo %PASS_1%") : new Shell("echo \"$PASS_1\""));
f.getBuildersList().add(Functions.isWindows() ? new BatchFile("echo %PASS_2%") : new Shell("echo \"$PASS_2\""));
f.getBuildWrappersList().add(wrapper);
r.configRoundtrip((Item)f);
FreeStyleBuild b = r.buildAndAssertSuccess(f);
r.assertLogNotContains(firstPassword, b);
r.assertLogNotContains(secondPassword, b);
r.assertLogContains("****", b);
}
@Issue("JENKINS-41760")
@Test public void emptySecret() throws Exception {
CredentialsProvider.lookupStores(r.jenkins).iterator().next().addCredentials(Domain.global(), new StringCredentialsImpl(CredentialsScope.GLOBAL, "creds", null, Secret.fromString("")));
FreeStyleProject p = r.createFreeStyleProject();
p.getBuildWrappersList().add(new SecretBuildWrapper(Collections.singletonList(new StringBinding("SECRET", "creds"))));
p.getBuildersList().add(Functions.isWindows() ? new BatchFile("echo PASSES") : new Shell("echo PASSES"));
r.assertLogContains("PASSES", r.buildAndAssertSuccess(p));
}
@Issue("JENKINS-38831")
@Test
public void testTrackingOfCredential() {
story.addStep(new Statement() {
@Override public void evaluate() throws Throwable {
String credentialsId = "creds";
String secret = "s3cr3t";
StringCredentialsImpl credentials = new StringCredentialsImpl(CredentialsScope.GLOBAL, credentialsId, "sample", Secret.fromString(secret));
Fingerprint fingerprint = CredentialsProvider.getFingerprintOf(credentials);
CredentialsProvider.lookupStores(story.j.jenkins).iterator().next().addCredentials(Domain.global(), credentials);
WorkflowJob p = story.j.jenkins.createProject(WorkflowJob.class, "p");
p.setDefinition(new CpsFlowDefinition(""
+ "def extract(id) {\n"
+ " def v\n"
+ " withCredentials([[$class: 'StringBinding', credentialsId: id, variable: 'temp']]) {\n"
+ " v = env.temp\n"
+ " }\n"
+ " v\n"
+ "}\n"
+ "node {\n"
+ " echo \"got: ${extract('" + credentialsId + "')}\"\n"
+ "}", true));
assertThat("No fingerprint created until first use", fingerprint, nullValue());
story.j.assertLogContains("got: " + secret, story.j.assertBuildStatusSuccess(p.scheduleBuild2(0).get()));
fingerprint = CredentialsProvider.getFingerprintOf(credentials);
assertThat(fingerprint, notNullValue());
assertThat(fingerprint.getJobs(), hasItem(is(p.getFullName())));
}
});
}
@Issue("JENKINS-41760")
@Test public void emptyOrBlankCreds() {
story.addStep(new Statement() {
@Override public void evaluate() throws Throwable {
WorkflowJob p = story.j.jenkins.createProject(WorkflowJob.class, "p");
p.setDefinition(new CpsFlowDefinition("node {withCredentials([]) {echo 'normal output'}}", true));
story.j.assertLogContains("normal output", story.j.buildAndAssertSuccess(p));
CredentialsProvider.lookupStores(story.j.jenkins).iterator().next().addCredentials(Domain.global(), new StringCredentialsImpl(CredentialsScope.GLOBAL, "creds", null, Secret.fromString("")));
p.setDefinition(new CpsFlowDefinition("node {withCredentials([string(variable: 'SECRET', credentialsId: 'creds')]) {echo 'normal output'}}", true));
story.j.assertLogContains("normal output", story.j.buildAndAssertSuccess(p));
}
});
}
private static BaseStandardCredentials secretCredential() {
return new StringCredentialsImpl(
CredentialsScope.GLOBAL, CREDENTIAL_ID, "test-secret", Secret.fromString("secret"));
}
private static BaseStandardCredentials secretCredential() {
return new StringCredentialsImpl(
CredentialsScope.GLOBAL, CREDENTIAL_ID, "test-secret", Secret.fromString("secret"));
}
@Issue("JENKINS-30326")
@Test
public void testGlobalBindingWithAuthorization() {
story.addStep(new Statement() {
@SuppressWarnings("deprecation") // using TestExtension would be better, as would calling ScriptApproval.preapprove
@Override public void evaluate() throws Throwable {
// configure security
story.j.jenkins.setSecurityRealm(story.j.createDummySecurityRealm());
story.j.jenkins.setAuthorizationStrategy(new FullControlOnceLoggedInAuthorizationStrategy());
// create the user.
User.get("dummy", true);
// enable the run as user strategy for the AuthorizeProject plugin
Map<String, Boolean> strategies = new HashMap<String, Boolean>();
strategies.put(story.j.jenkins.getDescriptor(SpecificUsersAuthorizationStrategy.class).getId(), true);
QueueItemAuthenticatorConfiguration.get().getAuthenticators().add(new ProjectQueueItemAuthenticator(strategies));
// blanket whitelist all methods (easier than whitelisting Jenkins.getAuthentication)
story.j.jenkins.getExtensionList(Whitelist.class).add(new BlanketWhitelist());
String credentialsId = "creds";
String secret = "s3cr3t";
CredentialsProvider.lookupStores(story.j.jenkins).iterator().next().addCredentials(Domain.global(), new StringCredentialsImpl(CredentialsScope.GLOBAL, credentialsId, "sample", Secret.fromString(secret)));
WorkflowJob p = story.j.jenkins.createProject(WorkflowJob.class, "p");
p.setDefinition(new CpsFlowDefinition(""
+ "node {\n"
+ " def authentication = Jenkins.getAuthentication()\n"
+ " echo \"running as user: $authentication.principal\"\n"
+ " withCredentials([string(credentialsId: '" + credentialsId + "', variable: 'SECRET')]) {\n"
+ " writeFile file:'test', text: \"$env.SECRET\"\n"
+ " def content = readFile 'test'\n"
+ " if (\"$content\" != \"" + secret + "\") {\n"
+ " error 'The credential was not bound into the workflow correctly'\n"
+ " }\n"
+ " }\n"
+ "}", true));
// run the job as a specific user
SpecificUsersAuthorizationStrategy strategy = new SpecificUsersAuthorizationStrategy("dummy");
strategy.setDontRestrictJobConfiguration(true);
p.addProperty(new AuthorizeProjectProperty(strategy));
// the build will fail if we can not locate the credentials
WorkflowRun b = story.j.assertBuildStatusSuccess(p.scheduleBuild2(0).get());
// make sure this was actually run as a user and not system
story.j.assertLogContains("running as user: dummy", b);
}
});
}
/**
* Registers the given value as a {@link StringCredentials} into the default {@link CredentialsProvider} using the
* specified credentials id.
*/
public static void setStringCredentials(ModelObject context, String credentialsId, String value) throws IOException {
StringCredentials creds = new StringCredentialsImpl(CredentialsScope.GLOBAL, credentialsId, null, Secret.fromString(value));
CredentialsProvider.lookupStores(context).iterator().next().addCredentials(Domain.global(), creds);
}