[JENKINS-41004] Add tests that verify correct sequencing of resolution

- Also need to bump credentials plugin to 2.1.11 to ensure that the stores are identified in the correct sequence
jenkinsci · Jan 27, 2017 · 244d3a5 · 244d3a5
1 parent 4d93613
commit 244d3a5
Show file tree

Hide file tree

Showing 2 changed files with 106 additions and 1 deletion.
diff --git a/pom.xml b/pom.xml
@@ -55,7 +55,7 @@
     <dependency>
       <groupId>org.jenkins-ci.plugins</groupId>
       <artifactId>credentials</artifactId>
-      <version>2.1.0</version>
+      <version>2.1.11</version>
       <optional>true</optional>
     </dependency>
     <dependency>

diff --git a/...st/java/com/cloudbees/hudson/plugins/folder/properties/FolderCredentialsProviderTest.java b/...st/java/com/cloudbees/hudson/plugins/folder/properties/FolderCredentialsProviderTest.java
@@ -41,6 +41,7 @@
 import hudson.model.AbstractProject;
 import hudson.model.BuildListener;
 import hudson.model.Computer;
+import hudson.model.FreeStyleBuild;
 import hudson.model.FreeStyleProject;
 import hudson.model.Item;
 import hudson.model.ItemGroup;
@@ -57,6 +58,8 @@
 import jenkins.security.QueueItemAuthenticatorConfiguration;
 import org.acegisecurity.Authentication;
 import org.hamcrest.Matcher;
+import org.hamcrest.Matchers;
+import org.hamcrest.StringDescription;
 import org.junit.Rule;
 import org.junit.Test;
 import org.jvnet.hudson.test.JenkinsRule;
@@ -201,19 +204,111 @@ public void given_folderCredential_when_builtAsUserWithoutUseItem_then_credentia
         r.assertBuildStatus(Result.FAILURE, prj.scheduleBuild2(0).get());
     }
 
+    @Test
+    public void given_folderAndSystemCredentials_when_builtAsUserWithUseItem_then_folderCredentialFound() throws Exception {
+        SystemCredentialsProvider.getInstance().getCredentials().add(
+                new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "foo-manchu", "You don't want me", "bar", "fly")
+        );
+        Folder f = createFolder();
+        CredentialsStore folderStore = getFolderStore(f);
+        folderStore.addCredentials(Domain.global(),
+                new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "foo-manchu", "Dr. Fu Manchu", "foo",
+                        "manchu"));
+        FreeStyleProject prj = f.createProject(FreeStyleProject.class, "job");
+        prj.getBuildersList().add(new HasCredentialBuilder("foo-manchu", Matchers.hasProperty("username", is("foo"))));
+
+        JenkinsRule.DummySecurityRealm realm = r.createDummySecurityRealm();
+        r.jenkins.setSecurityRealm(realm);
+
+        MockAuthorizationStrategy strategy = new MockAuthorizationStrategy();
+        strategy.grant(CredentialsProvider.USE_ITEM).everywhere().to("bob");
+        strategy.grant(Item.BUILD).everywhere().to("bob");
+        strategy.grant(Computer.BUILD).everywhere().to("bob");
+
+        r.jenkins.setAuthorizationStrategy(strategy);
+        HashMap<String, Authentication> jobsToUsers = new HashMap<String, Authentication>();
+        jobsToUsers.put(prj.getFullName(), User.get("bob").impersonate());
+        MockQueueItemAuthenticator authenticator = new MockQueueItemAuthenticator(jobsToUsers);
+
+        QueueItemAuthenticatorConfiguration.get().getAuthenticators().clear();
+        QueueItemAuthenticatorConfiguration.get().getAuthenticators().add(authenticator);
+        try {
+            r.buildAndAssertSuccess(prj);
+        } catch (Exception e) {
+            FreeStyleBuild build = prj.getLastBuild();
+            if (build != null) {
+                System.out.println(JenkinsRule.getLog(build));
+            }
+            throw e;
+        }
+    }
+
+    @Test
+    public void given_nestedFolderAndSystemCredentials_when_builtAsUserWithUseItem_then_folderCredentialFound() throws Exception {
+        SystemCredentialsProvider.getInstance().getCredentials().add(
+                new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "foo-manchu", "You don't want me", "bar", "fly")
+        );
+        Folder f = createFolder();
+        CredentialsStore folderStore = getFolderStore(f);
+        folderStore.addCredentials(Domain.global(),
+                new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "foo-manchu", "Prof. Xavier", "prof",
+                        "xavier"));
+        Folder child = f.createProject(Folder.class, "child");
+        getFolderStore(child).addCredentials(Domain.global(),
+                new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "foo-manchu", "Dr. Fu Manchu", "foo",
+                        "manchu"));
+        FreeStyleProject prj = child.createProject(FreeStyleProject.class, "job");
+        prj.getBuildersList().add(new HasCredentialBuilder("foo-manchu", Matchers.hasProperty("username", is("foo"))));
+
+        JenkinsRule.DummySecurityRealm realm = r.createDummySecurityRealm();
+        r.jenkins.setSecurityRealm(realm);
+
+        MockAuthorizationStrategy strategy = new MockAuthorizationStrategy();
+        strategy.grant(CredentialsProvider.USE_ITEM).everywhere().to("bob");
+        strategy.grant(Item.BUILD).everywhere().to("bob");
+        strategy.grant(Computer.BUILD).everywhere().to("bob");
+
+        r.jenkins.setAuthorizationStrategy(strategy);
+        HashMap<String, Authentication> jobsToUsers = new HashMap<String, Authentication>();
+        jobsToUsers.put(prj.getFullName(), User.get("bob").impersonate());
+        MockQueueItemAuthenticator authenticator = new MockQueueItemAuthenticator(jobsToUsers);
+
+        QueueItemAuthenticatorConfiguration.get().getAuthenticators().clear();
+        QueueItemAuthenticatorConfiguration.get().getAuthenticators().add(authenticator);
+        try {
+            r.buildAndAssertSuccess(prj);
+        } catch (Exception e) {
+            FreeStyleBuild build = prj.getLastBuild();
+            if (build != null) {
+                System.out.println(JenkinsRule.getLog(build));
+            }
+            throw e;
+        }
+    }
+
     public static class HasCredentialBuilder extends Builder {
 
         private final String id;
+        private Matcher<?> matcher;
 
         @DataBoundConstructor
         public HasCredentialBuilder(String id) {
             this.id = id;
         }
 
+        public HasCredentialBuilder(String id, Matcher<?> matcher) {
+            this.id = id;
+            this.matcher = matcher;
+        }
+
         public String getId() {
             return id;
         }
 
+        public Matcher<?> getMatcher() {
+            return matcher;
+        }
+
         @Override
         public boolean perform(AbstractBuild<?, ?> build, Launcher launcher, BuildListener listener)
                 throws InterruptedException, IOException {
@@ -225,6 +320,16 @@ public boolean perform(AbstractBuild<?, ?> build, Launcher launcher, BuildListen
             } else {
                 listener.getLogger()
                         .printf("Found %s credentials with id %s%n", CredentialsNameProvider.name(credentials), id);
+                if (matcher != null) {
+                    if (matcher.matches(credentials)) {
+                        listener.getLogger().println("Credentials match criteria");
+                    } else {
+                        StringDescription description = new StringDescription();
+                        matcher.describeMismatch(credentials, description);
+                        listener.getLogger().println(description.toString());
+                        return false;
+                    }
+                }
                 return true;
             }
         }