Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[JENKINS-41004] Revert the 'also fix' from 6beb07a
- Added tests that show it was unnecessary, so reverting back to original behaviour as that matches more closely the System store in credentials plugin
  • Loading branch information
stephenc committed Jan 24, 2017
1 parent 6beb07a commit 2a4e8cc
Show file tree
Hide file tree
Showing 2 changed files with 176 additions and 48 deletions.
Expand Up @@ -124,36 +124,35 @@ public <C extends Credentials> List<C> getCredentials(@NonNull Class<C> type, @N
public <C extends Credentials> List<C> getCredentials(@NonNull Class<C> type, @Nullable ItemGroup itemGroup,
@Nullable Authentication authentication,
@NonNull List<DomainRequirement> domainRequirements) {
if (authentication == null) {
authentication = ACL.SYSTEM;
}
List<C> result = new ArrayList<C>();
Set<String> ids = new HashSet<String>();
while (itemGroup != null) {
if (itemGroup instanceof AbstractFolder) {
if (!((AbstractFolder) itemGroup).getACL().hasPermission(authentication, USE_ITEM)) {
continue;
}
final AbstractFolder<?> folder = AbstractFolder.class.cast(itemGroup);
FolderCredentialsProperty property = folder.getProperties().get(FolderCredentialsProperty.class);
if (property != null) {
for (C c : DomainCredentials.getCredentials(
property.getDomainCredentialsMap(),
type,
domainRequirements,
CredentialsMatchers.always())) {
if (!(c instanceof IdCredentials) || ids.add(((IdCredentials) c).getId())) {
// if IdCredentials, only add if we havent added already
// if not IdCredentials, always add
result.add(c);
if (ACL.SYSTEM.equals(authentication)) {
while (itemGroup != null) {
if (itemGroup instanceof AbstractFolder) {
if (!((AbstractFolder) itemGroup).getACL().hasPermission(authentication, USE_ITEM)) {
continue;
}
final AbstractFolder<?> folder = AbstractFolder.class.cast(itemGroup);
FolderCredentialsProperty property = folder.getProperties().get(FolderCredentialsProperty.class);
if (property != null) {
for (C c : DomainCredentials.getCredentials(
property.getDomainCredentialsMap(),
type,
domainRequirements,
CredentialsMatchers.always())) {
if (!(c instanceof IdCredentials) || ids.add(((IdCredentials) c).getId())) {
// if IdCredentials, only add if we havent added already
// if not IdCredentials, always add
result.add(c);
}
}
}
}
}
if (itemGroup instanceof Item) {
itemGroup = Item.class.cast(itemGroup).getParent();
} else {
break;
if (itemGroup instanceof Item) {
itemGroup = Item.class.cast(itemGroup).getParent();
} else {
break;
}
}
}
return result;
Expand Down Expand Up @@ -184,34 +183,33 @@ public <C extends IdCredentials> ListBoxModel getCredentialIds(@NonNull Class<C>
@Nullable Authentication authentication,
@NonNull List<DomainRequirement> domainRequirements,
@NonNull CredentialsMatcher matcher) {
if (authentication == null) {
authentication = ACL.SYSTEM;
}
ListBoxModel result = new ListBoxModel();
Set<String> ids = new HashSet<String>();
while (itemGroup != null) {
if (itemGroup instanceof AbstractFolder) {
if (!((AbstractFolder) itemGroup).getACL().hasPermission(authentication, USE_ITEM)) {
continue;
}
final AbstractFolder<?> folder = AbstractFolder.class.cast(itemGroup);
FolderCredentialsProperty property = folder.getProperties().get(FolderCredentialsProperty.class);
if (property != null) {
for (C c : DomainCredentials.getCredentials(
property.getDomainCredentialsMap(),
type,
domainRequirements,
matcher)) {
if (ids.add(c.getId())) {
result.add(CredentialsNameProvider.name(c), c.getId());
if (ACL.SYSTEM.equals(authentication)) {
while (itemGroup != null) {
if (itemGroup instanceof AbstractFolder) {
if (!((AbstractFolder) itemGroup).getACL().hasPermission(authentication, USE_ITEM)) {
continue;
}
final AbstractFolder<?> folder = AbstractFolder.class.cast(itemGroup);
FolderCredentialsProperty property = folder.getProperties().get(FolderCredentialsProperty.class);
if (property != null) {
for (C c : DomainCredentials.getCredentials(
property.getDomainCredentialsMap(),
type,
domainRequirements,
matcher)) {
if (ids.add(c.getId())) {
result.add(CredentialsNameProvider.name(c), c.getId());
}
}
}
}
}
if (itemGroup instanceof Item) {
itemGroup = Item.class.cast(itemGroup).getParent();
} else {
break;
if (itemGroup instanceof Item) {
itemGroup = Item.class.cast(itemGroup).getParent();
} else {
break;
}
}
}
return result;
Expand Down
Expand Up @@ -25,25 +25,45 @@

import com.cloudbees.hudson.plugins.folder.Folder;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsNameProvider;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.CredentialsStore;
import com.cloudbees.plugins.credentials.SystemCredentialsProvider;
import com.cloudbees.plugins.credentials.common.IdCredentials;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import com.cloudbees.plugins.credentials.common.UsernamePasswordCredentials;
import com.cloudbees.plugins.credentials.domains.Domain;
import com.cloudbees.plugins.credentials.domains.DomainRequirement;
import com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl;
import hudson.Launcher;
import hudson.model.AbstractBuild;
import hudson.model.AbstractProject;
import hudson.model.BuildListener;
import hudson.model.Computer;
import hudson.model.FreeStyleProject;
import hudson.model.Item;
import hudson.model.ItemGroup;
import hudson.model.Result;
import hudson.model.User;
import hudson.security.ACL;
import hudson.tasks.BuildStepDescriptor;
import hudson.tasks.Builder;
import hudson.util.ListBoxModel;
import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import jenkins.security.QueueItemAuthenticatorConfiguration;
import org.acegisecurity.Authentication;
import org.hamcrest.Matcher;
import org.junit.Rule;
import org.junit.Test;
import org.jvnet.hudson.test.JenkinsRule;
import org.jvnet.hudson.test.MockAuthorizationStrategy;
import org.jvnet.hudson.test.MockQueueItemAuthenticator;
import org.jvnet.hudson.test.TestExtension;
import org.kohsuke.stapler.DataBoundConstructor;

import static org.hamcrest.Matchers.hasItem;
import static org.hamcrest.Matchers.hasProperty;
Expand Down Expand Up @@ -114,6 +134,116 @@ public void credentialsListableAtFolderScope() throws Exception {
assertThat(asItem.get(0).value, is("test-id"));
}

@Test
public void given_folderCredential_when_builtAsSystem_then_credentialFound() throws Exception {
Folder f = createFolder();
CredentialsStore folderStore = getFolderStore(f);
folderStore.addCredentials(Domain.global(),
new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "foo-manchu", "Dr. Fu Manchu", "foo",
"manchu"));
FreeStyleProject prj = f.createProject(FreeStyleProject.class, "job");
prj.getBuildersList().add(new HasCredentialBuilder("foo-manchu"));
r.buildAndAssertSuccess(prj);
}

@Test
public void given_folderCredential_when_builtAsUserWithUseItem_then_credentialFound() throws Exception {
Folder f = createFolder();
CredentialsStore folderStore = getFolderStore(f);
folderStore.addCredentials(Domain.global(),
new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "foo-manchu", "Dr. Fu Manchu", "foo",
"manchu"));
FreeStyleProject prj = f.createProject(FreeStyleProject.class, "job");
prj.getBuildersList().add(new HasCredentialBuilder("foo-manchu"));

JenkinsRule.DummySecurityRealm realm = r.createDummySecurityRealm();
r.jenkins.setSecurityRealm(realm);

MockAuthorizationStrategy strategy = new MockAuthorizationStrategy();
strategy.grant(CredentialsProvider.USE_ITEM).everywhere().to("bob");
strategy.grant(Item.BUILD).everywhere().to("bob");
strategy.grant(Computer.BUILD).everywhere().to("bob");

r.jenkins.setAuthorizationStrategy(strategy);
HashMap<String, Authentication> jobsToUsers = new HashMap<String, Authentication>();
jobsToUsers.put(prj.getFullName(), User.get("bob").impersonate());
MockQueueItemAuthenticator authenticator = new MockQueueItemAuthenticator(jobsToUsers);

QueueItemAuthenticatorConfiguration.get().getAuthenticators().clear();
QueueItemAuthenticatorConfiguration.get().getAuthenticators().add(authenticator);
r.buildAndAssertSuccess(prj);
}

@Test
public void given_folderCredential_when_builtAsUserWithoutUseItem_then_credentialNotFound() throws Exception {
Folder f = createFolder();
CredentialsStore folderStore = getFolderStore(f);
folderStore.addCredentials(Domain.global(),
new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "foo-manchu", "Dr. Fu Manchu", "foo",
"manchu"));
FreeStyleProject prj = f.createProject(FreeStyleProject.class, "job");
prj.getBuildersList().add(new HasCredentialBuilder("foo-manchu"));

JenkinsRule.DummySecurityRealm realm = r.createDummySecurityRealm();
r.jenkins.setSecurityRealm(realm);

MockAuthorizationStrategy strategy = new MockAuthorizationStrategy();
strategy.grant(Item.BUILD).everywhere().to("bob");
strategy.grant(Computer.BUILD).everywhere().to("bob");

r.jenkins.setAuthorizationStrategy(strategy);
HashMap<String, Authentication> jobsToUsers = new HashMap<String, Authentication>();
jobsToUsers.put(prj.getFullName(), User.get("bob").impersonate());
MockQueueItemAuthenticator authenticator = new MockQueueItemAuthenticator(jobsToUsers);

QueueItemAuthenticatorConfiguration.get().getAuthenticators().clear();
QueueItemAuthenticatorConfiguration.get().getAuthenticators().add(authenticator);
r.assertBuildStatus(Result.FAILURE, prj.scheduleBuild2(0).get());
}

public static class HasCredentialBuilder extends Builder {

private final String id;

@DataBoundConstructor
public HasCredentialBuilder(String id) {
this.id = id;
}

public String getId() {
return id;
}

@Override
public boolean perform(AbstractBuild<?, ?> build, Launcher launcher, BuildListener listener)
throws InterruptedException, IOException {
IdCredentials credentials = CredentialsProvider.findCredentialById(id, IdCredentials.class, build);
if (credentials == null) {
listener.getLogger().printf("Could not find any credentials with id %s%n", id);
build.setResult(Result.FAILURE);
return false;
} else {
listener.getLogger()
.printf("Found %s credentials with id %s%n", CredentialsNameProvider.name(credentials), id);
return true;
}
}

@TestExtension
public static class DescriptorImpl extends BuildStepDescriptor<Builder> {

@Override
public boolean isApplicable(Class<? extends AbstractProject> jobType) {
return true;
}

@Override
public String getDisplayName() {
return "Probe credentials exist";
}
}
}

private CredentialsStore getFolderStore(Folder f) {
Iterable<CredentialsStore> stores = CredentialsProvider.lookupStores(f);
CredentialsStore folderStore = null;
Expand Down

0 comments on commit 2a4e8cc

Please sign in to comment.