[JENKINS-49025] Adding a necessary whitelist entry.

jenkinsci · Jan 18, 2018 · fbffe2b · fbffe2b
1 parent 0ed1e9b
commit fbffe2b
Show file tree

Hide file tree

Showing 7 changed files with 128 additions and 32 deletions.
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -1 +1 @@
-buildPlugin()
+buildPlugin(jenkinsVersions: [null, '2.102'])
diff --git a/README.md b/README.md
@@ -469,6 +469,7 @@ String result = invokeLambda(
 # Changelog
 
 ## current master
+* Fix: `s3Upload` did not work in Jenkins 2.102+ (#JENKINS-49025)
 * Fix: RoleSessionName (slashes in buildNumber) in `withAWS` step for assume role. (#JENKINS-45807)
 * Doc: Clarify usage of metadata
 

diff --git a/pom.xml b/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <groupId>org.jenkins-ci.plugins</groupId>
         <artifactId>plugin</artifactId>
-        <version>2.5</version>
+        <version>3.2</version>
         <relativePath />
     </parent>
     <groupId>de.taimos</groupId>
@@ -24,7 +24,7 @@
             <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
             <distribution>repo</distribution></license>
     </licenses>
-    <url>https://wiki.jenkins-ci.org/display/JENKINS/Pipeline+AWS+Plugin</url>
+    <url>https://wiki.jenkins.io/display/JENKINS/Pipeline+AWS+Plugin</url>
     <organization>
         <name>Taimos GmbH</name>
         <url>https://www.taimos.de</url>
@@ -49,38 +49,44 @@
     <repositories>
         <repository>
             <id>repo.jenkins-ci.org</id>
-            <url>http://repo.jenkins-ci.org/public/</url>
+            <url>https://repo.jenkins-ci.org/public/</url>
         </repository>
     </repositories>
     <pluginRepositories>
         <pluginRepository>
             <id>repo.jenkins-ci.org</id>
-            <url>http://repo.jenkins-ci.org/public/</url>
+            <url>https://repo.jenkins-ci.org/public/</url>
         </pluginRepository>
     </pluginRepositories>
     <properties>
         <jenkins.version>2.7.4</jenkins.version>
+        <java.level>7</java.level>
     </properties>
     <dependencies>
         <dependency>
             <groupId>org.jenkins-ci.plugins.workflow</groupId>
             <artifactId>workflow-step-api</artifactId>
-            <version>2.4</version>
+            <version>2.14</version>
         </dependency>
         <dependency>
-            <groupId>org.jenkins-ci.plugins.workflow</groupId>
-            <artifactId>workflow-cps</artifactId>
-            <version>2.24</version>
+            <groupId>org.jenkins-ci.plugins</groupId>
+            <artifactId>script-security</artifactId>
+            <version>1.40</version>
+        </dependency>
+        <dependency>
+            <groupId>org.jenkins-ci.plugins</groupId>
+            <artifactId>structs</artifactId>
+            <version>1.10</version>
         </dependency>
         <dependency>
             <groupId>org.jenkins-ci.plugins</groupId>
             <artifactId>aws-java-sdk</artifactId>
-            <version>1.11.221</version>
+            <version>1.11.248</version>
         </dependency>
         <dependency>
             <groupId>org.jenkins-ci.plugins</groupId>
             <artifactId>credentials</artifactId>
-            <version>2.1.0</version>
+            <version>2.1.11</version>
         </dependency>
         <dependency>
             <groupId>org.jenkins-ci.plugins</groupId>
@@ -96,8 +102,44 @@
 
         <dependency>
             <groupId>org.jenkins-ci.plugins.workflow</groupId>
-            <artifactId>workflow-aggregator</artifactId>
-            <version>2.5</version>
+            <artifactId>workflow-job</artifactId>
+            <version>2.11.2</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.jenkins-ci.plugins.workflow</groupId>
+            <artifactId>workflow-cps</artifactId>
+            <version>2.41</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.jenkins-ci.plugins.workflow</groupId>
+            <artifactId>workflow-basic-steps</artifactId>
+            <version>2.6</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.jenkins-ci.plugins.workflow</groupId>
+            <artifactId>workflow-durable-task-step</artifactId>
+            <version>2.16</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.jenkins-ci.plugins.workflow</groupId>
+            <artifactId>workflow-api</artifactId>
+            <version>2.24</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.jenkins-ci.plugins.workflow</groupId>
+            <artifactId>workflow-support</artifactId>
+            <version>2.14</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.jenkins-ci.plugins</groupId>
+            <artifactId>cloudbees-folder</artifactId>
+            <version>6.1.2</version>
             <scope>test</scope>
         </dependency>
     </dependencies>

diff --git a/src/main/java/de/taimos/pipeline/aws/S3DownloadStep.java b/src/main/java/de/taimos/pipeline/aws/S3DownloadStep.java
@@ -30,7 +30,6 @@
 import org.jenkinsci.plugins.workflow.steps.AbstractStepDescriptorImpl;
 import org.jenkinsci.plugins.workflow.steps.AbstractStepExecutionImpl;
 import org.jenkinsci.plugins.workflow.steps.StepContextParameter;
-import org.jenkinsci.remoting.RoleChecker;
 import org.kohsuke.stapler.DataBoundConstructor;
 import org.kohsuke.stapler.DataBoundSetter;
 
@@ -48,6 +47,7 @@
 import hudson.FilePath;
 import hudson.model.TaskListener;
 import hudson.remoting.VirtualChannel;
+import jenkins.MasterToSlaveFileCallable;
 
 public class S3DownloadStep extends AbstractS3Step {
 
@@ -164,7 +164,7 @@ public void stop(@Nonnull Throwable cause) throws Exception {
 
 	}
 
-	private static class RemoteDownloader implements FilePath.FileCallable<Void> {
+	private static class RemoteDownloader extends MasterToSlaveFileCallable<Void> {
 
 		protected static final long serialVersionUID = 1L;
 
@@ -208,9 +208,5 @@ public void progressChanged(ProgressEvent progressEvent) {
 			}
 		}
 
-		@Override
-		public void checkRoles(RoleChecker roleChecker) {
-			// nothing to do here
-		}
 	}
 }
diff --git a/src/main/java/de/taimos/pipeline/aws/S3UploadStep.java b/src/main/java/de/taimos/pipeline/aws/S3UploadStep.java
@@ -36,7 +36,6 @@
 import org.jenkinsci.plugins.workflow.steps.AbstractStepDescriptorImpl;
 import org.jenkinsci.plugins.workflow.steps.AbstractStepExecutionImpl;
 import org.jenkinsci.plugins.workflow.steps.StepContextParameter;
-import org.jenkinsci.remoting.RoleChecker;
 import org.kohsuke.stapler.DataBoundConstructor;
 import org.kohsuke.stapler.DataBoundSetter;
 
@@ -59,6 +58,7 @@
 import hudson.FilePath;
 import hudson.model.TaskListener;
 import hudson.remoting.VirtualChannel;
+import jenkins.MasterToSlaveFileCallable;
 
 public class S3UploadStep extends AbstractS3Step {
 
@@ -285,7 +285,7 @@ public void stop(@Nonnull Throwable cause) throws Exception {
 
 	}
 
-	private static class RemoteUploader implements FilePath.FileCallable<Void> {
+	private static class RemoteUploader extends MasterToSlaveFileCallable<Void> {
 
 		protected static final long serialVersionUID = 1L;
 		private final S3ClientOptions amazonS3ClientOptions;
@@ -391,12 +391,9 @@ public void progressChanged(ProgressEvent progressEvent) {
 			return null;
 		}
 
-		@Override
-		public void checkRoles(RoleChecker roleChecker) throws SecurityException {
-		}
 	}
 
-	private static class RemoteListUploader implements FilePath.FileCallable<Void> {
+	private static class RemoteListUploader extends MasterToSlaveFileCallable<Void> {
 
 		protected static final long serialVersionUID = 1L;
 		private final S3ClientOptions amazonS3ClientOptions;
@@ -464,12 +461,9 @@ public void progressChanged(ProgressEvent progressEvent) {
 			return null;
 		}
 
-		@Override
-		public void checkRoles(RoleChecker roleChecker) throws SecurityException {
-		}
 	}
 
-	private static class FeedList implements FilePath.FileCallable<Void> {
+	private static class FeedList extends MasterToSlaveFileCallable<Void> {
 
 		private final List<File> fileList;
 
@@ -483,9 +477,6 @@ public Void invoke(File localFile, VirtualChannel channel) throws IOException, I
 			return null;
 		}
 
-		@Override
-		public void checkRoles(RoleChecker arg0) throws SecurityException {
-		}
 	}
 
 }
diff --git a/src/main/resources/META-INF/hudson.remoting.ClassFilter b/src/main/resources/META-INF/hudson.remoting.ClassFilter
@@ -0,0 +1 @@
+java.lang.String$CaseInsensitiveComparator
diff --git a/src/test/java/de/taimos/pipeline/aws/S3UploadStepIntegrationTest.java b/src/test/java/de/taimos/pipeline/aws/S3UploadStepIntegrationTest.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2018 CloudBees, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package de.taimos.pipeline.aws;
+
+import com.cloudbees.plugins.credentials.CredentialsScope;
+import com.cloudbees.plugins.credentials.SystemCredentialsProvider;
+import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
+import com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl;
+import org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition;
+import org.jenkinsci.plugins.workflow.job.WorkflowJob;
+import org.junit.Test;
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.jvnet.hudson.test.BuildWatcher;
+import org.jvnet.hudson.test.For;
+import org.jvnet.hudson.test.Issue;
+import org.jvnet.hudson.test.JenkinsRule;
+
+@For(S3UploadStep.class)
+public class S3UploadStepIntegrationTest {
+
+    @ClassRule
+    public static BuildWatcher buildWatcher = new BuildWatcher();
+
+    @Rule
+    public JenkinsRule r = new JenkinsRule();
+
+    @Issue("JENKINS-49025")
+    @Test
+    public void smokes() throws Exception {
+        String globalCredentialsId = "x";
+        StandardUsernamePasswordCredentials key = new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, globalCredentialsId, "x", "x", "x");
+        SystemCredentialsProvider.getInstance().getCredentials().add(key);
+        WorkflowJob p = r.jenkins.createProject(WorkflowJob.class, "p");
+        p.setDefinition(new CpsFlowDefinition(
+            "node('" + r.createSlave().getNodeName() + "') {\n" +
+            "  withAWS (credentials: '" + globalCredentialsId + "') {\n" +
+            "    writeFile file: 'x', text: ''\n" +
+            "    try {\n" +
+            "      s3Upload bucket: 'x', file: 'x', path: 'x'\n" +
+            "      fail 'should not have worked'\n" +
+            "    } catch (com.amazonaws.services.s3.model.AmazonS3Exception x) {\n" +
+            "      echo(/got $x as expected/)\n" +
+            "    }\n" +
+            "  }\n" +
+            "}\n", true)
+        );
+        r.assertBuildStatusSuccess(p.scheduleBuild2(0));
+    }
+
+}