Skip to content

Commit

Permalink
[FIXED JENKINS-27631] Store variables as Secret so they do not appear…
Browse files Browse the repository at this point in the history 
… in program.dat.
  • Loading branch information
@jglick
jglick committed Mar 30, 2015
1 parent 802365f commit 6731df3
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 15 deletions.
10 changes: 5 additions & 5 deletions pom.xml
View file
Expand Up @@ -18,7 +18,7 @@
</description>
<url>http://wiki.jenkins-ci.org/display/JENKINS/Credentials+Binding+Plugin</url>
<properties>
<workflow.version>1.5-SNAPSHOT</workflow.version> <!-- TODO withEnv-JENKINS-26128 @ e19ac3608789e841eed2bdd90aff35bc9bd74dc9 -->
<workflow.version>1.5-SNAPSHOT</workflow.version> <!-- TODO SecretPickle-JENKINS-27631 @ 05916afaa456187a5618b36c64aa6b45ce4d4ae5 -->
</properties>
<licenses>
<license>
Expand Down Expand Up @@ -61,25 +61,25 @@
<dependency>
<groupId>org.jenkins-ci.plugins.workflow</groupId>
<artifactId>workflow-step-api</artifactId>
<version>1.5-20150330.201447-2</version>
<version>1.5-20150330.224744-3</version>
</dependency>
<dependency>
<groupId>org.jenkins-ci.plugins.workflow</groupId>
<artifactId>workflow-aggregator</artifactId>
<version>1.5-20150330.201704-2</version>
<version>1.5-20150330.224936-3</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.jenkins-ci.plugins.workflow</groupId>
<artifactId>workflow-step-api</artifactId>
<version>1.5-20150330.201447-2</version>
<version>1.5-20150330.224744-3</version>
<classifier>tests</classifier>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.jenkins-ci.plugins.workflow</groupId>
<artifactId>workflow-support</artifactId>
<version>1.5-20150330.201513-2</version>
<version>1.5-20150330.224810-3</version>
<classifier>tests</classifier>
<scope>test</scope>
</dependency>
Expand Down
35 changes: 26 additions & 9 deletions src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStep.java
View file
Expand Up @@ -31,13 +31,18 @@
import hudson.Launcher;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.util.Secret;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.jenkinsci.plugins.credentialsbinding.MultiBinding;
import org.jenkinsci.plugins.workflow.steps.AbstractStepDescriptorImpl;
import org.jenkinsci.plugins.workflow.steps.AbstractStepExecutionImpl;
import org.jenkinsci.plugins.workflow.steps.AbstractStepImpl;
import org.jenkinsci.plugins.workflow.steps.BodyExecutionCallback;
import org.jenkinsci.plugins.workflow.steps.EnvironmentExpander;
import org.jenkinsci.plugins.workflow.steps.StepContext;
import org.jenkinsci.plugins.workflow.steps.StepContextParameter;
import org.kohsuke.stapler.DataBoundConstructor;
Expand Down Expand Up @@ -67,30 +72,42 @@ public static final class Execution extends AbstractStepExecutionImpl {
@StepContextParameter private transient FilePath workspace;
@StepContextParameter private transient Launcher launcher;
@StepContextParameter private transient TaskListener listener;
// TODO ideally we would like to just create a fresh EnvVars with only our own bindings.
// But DefaultStepContext has no notion of merging multiple EnvVars instances across nested scopes.
// So we need to pick up the bindings created by ExecutorStepExecution and append to them.
// This has the unfortunate effect of “freezing” any custom values set via EnvActionImpl.setProperty for the duration of this step,
// because these will also be present in the inherited EnvVars.
@StepContextParameter private transient EnvVars env;

@Override public boolean start() throws Exception {
EnvVars overrides = new EnvVars(env);
Map<String,String> overrides = new HashMap<String,String>();
List<MultiBinding.Unbinder> unbinders = new ArrayList<MultiBinding.Unbinder>();
for (MultiBinding<?> binding : step.bindings) {
MultiBinding.MultiEnvironment environment = binding.bind(run, workspace, launcher, listener);
unbinders.add(environment.getUnbinder());
overrides.putAll(environment.getValues());
}
getContext().newBodyInvoker().withContext(overrides).withCallback(new Callback(unbinders)).start();
getContext().newBodyInvoker().withContext(new Overrider(overrides)).withCallback(new Callback(unbinders)).start();
return false;
}

@Override public void stop(Throwable cause) throws Exception {
// should be no need to do anything special (but verify in JENKINS-26148)
}

// TODO in case [Workflow]Run gets some equivalent to getSensitiveBuildVariables, this should be implemented here somehow
}

private static final class Overrider extends EnvironmentExpander {

private static final long serialVersionUID = 1;

private final Map<String,Secret> overrides = new HashMap<String,Secret>();

Overrider(Map<String,String> overrides) {
for (Map.Entry<String,String> override : overrides.entrySet()) {
this.overrides.put(override.getKey(), Secret.fromString(override.getValue()));
}
}

@Override public void expand(EnvVars env) throws IOException, InterruptedException {
for (Map.Entry<String,Secret> override : overrides.entrySet()) {
env.override(override.getKey(), override.getValue().getPlainText());
}
}

}

Expand Down
2 changes: 1 addition & 1 deletion src/test/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStepTest.java
View file
Expand Up @@ -107,7 +107,7 @@ public class BindingStepTest {
assertNotNull(p);
WorkflowRun b = p.getBuildByNumber(1);
assertNotNull(b);
assertEquals("TODO JENKINS-27631", Collections.singleton("program.dat"), grep(b.getRootDir(), password));
assertEquals(Collections.<String>emptySet(), grep(b.getRootDir(), password));
SemaphoreStep.success("basics/1", null);
while (b.isBuilding()) { // TODO 1.607+ use waitForCompletion
Thread.sleep(100);
Expand Down

0 comments on commit 6731df3

Please sign in to comment.