[FIXED JENKINS-26085] Credentials support for git step

Originally-Committed-As: 696119a41c8443c2d5099f7aba1f2e14cb7458b4
jenkinsci · Mar 9, 2015 · f7a7b28 · f7a7b28
1 parent 12d58c3
commit f7a7b28
Show file tree

Hide file tree

Showing 5 changed files with 182 additions and 5 deletions.
diff --git a/scm-step/README.md b/scm-step/README.md
@@ -64,7 +64,19 @@ You may specify `poll: false` to disable polling for an SCM checkout.
 # Built-in integrations
 
 Currently there are special integrations with the Git (`git` step) and Subversion (`svn` step) plugins.
-At the moment these are very simple and take just a `url` parameter.
+
+## git
+
+the `git` step lets you define a repository to clone. For authentication, a reference to a configured credential can
+be passed.
+
+```groovy
+git url: 'git@git.local.domain:ps/project.git', credentialsId: '67c3072d-b9a7-44fa-a5aa-560ba9c1662f'
+```
+
+## svn
+
+At the moment this step is very simple and takes just a `url` parameter.
 Richer configuration may come in the future.
 
 # Generic SCM step

diff --git a/scm-step/pom.xml b/scm-step/pom.xml
@@ -26,5 +26,12 @@
             <artifactId>subversion</artifactId>
             <optional>true</optional>
         </dependency>
+        <dependency>
+            <groupId>org.jenkins-ci.plugins.workflow</groupId>
+            <artifactId>workflow-step-api</artifactId>
+            <version>${project.version}</version>
+            <classifier>tests</classifier>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 </project>
diff --git a/scm-step/src/main/java/org/jenkinsci/plugins/workflow/steps/scm/GitStep.java b/scm-step/src/main/java/org/jenkinsci/plugins/workflow/steps/scm/GitStep.java
@@ -24,17 +24,41 @@
 
 package org.jenkinsci.plugins.workflow.steps.scm;
 
+import com.cloudbees.plugins.credentials.CredentialsMatchers;
+import com.cloudbees.plugins.credentials.CredentialsProvider;
+import com.cloudbees.plugins.credentials.common.StandardCredentials;
+import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
+import hudson.EnvVars;
 import hudson.Extension;
+import hudson.Util;
+import hudson.model.Item;
+import hudson.model.TaskListener;
 import hudson.plugins.git.BranchSpec;
+import hudson.plugins.git.GitException;
 import hudson.plugins.git.GitSCM;
+import hudson.plugins.git.GitTool;
+import hudson.plugins.git.Messages;
 import hudson.plugins.git.SubmoduleConfig;
 import hudson.plugins.git.UserRemoteConfig;
 import hudson.scm.SCM;
+
+import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
+
+import hudson.security.ACL;
+import hudson.util.FormValidation;
+import hudson.util.ListBoxModel;
+import org.jenkinsci.plugins.gitclient.Git;
+import org.jenkinsci.plugins.gitclient.GitClient;
+import org.jenkinsci.plugins.gitclient.GitURIRequirementsBuilder;
+import org.kohsuke.stapler.AncestorInPath;
 import org.kohsuke.stapler.DataBoundConstructor;
 import org.kohsuke.stapler.DataBoundSetter;
+import org.kohsuke.stapler.QueryParameter;
+
+import javax.annotation.Nonnull;
 
 /**
  * Runs Git using {@link GitSCM}.
@@ -43,6 +67,7 @@ public final class GitStep extends SCMStep {
 
     private final String url;
     private String branch = "master";
+    private String credentialsId;
 
     @DataBoundConstructor public GitStep(String url) {
         this.url = url;
@@ -56,28 +81,95 @@ public String getBranch() {
         return branch;
     }
 
+    public String getCredentialsId() {
+        return credentialsId;
+    }
+
     @DataBoundSetter public void setBranch(String branch) {
         this.branch = branch;
     }
 
+    @DataBoundSetter public void setCredentialsId(String credentialsId) {
+        this.credentialsId = credentialsId;
+    }
+
     @Override public SCM createSCM() {
-        return new GitSCM(createRepoList(url), Collections.singletonList(new BranchSpec("*/" + branch)), false, Collections.<SubmoduleConfig>emptyList(), null, null, null);
+        return new GitSCM(createRepoList(url, credentialsId), Collections.singletonList(new BranchSpec("*/" + branch)), false, Collections.<SubmoduleConfig>emptyList(), null, null, null);
     }
 
     // copied from GitSCM
-    static private List<UserRemoteConfig> createRepoList(String url) {
+    static private List<UserRemoteConfig> createRepoList(String url, String credentialsId) {
         List<UserRemoteConfig> repoList = new ArrayList<UserRemoteConfig>();
-        repoList.add(new UserRemoteConfig(url, null, null, null));
+        repoList.add(new UserRemoteConfig(url, null, null, credentialsId));
         return repoList;
     }
 
+
+    private static StandardCredentials lookupCredentials(Item project, @Nonnull String credentialId, String uri) {
+        return CredentialsMatchers.firstOrNull(
+                CredentialsProvider.lookupCredentials(StandardCredentials.class, project, ACL.SYSTEM,
+                        GitURIRequirementsBuilder.fromUri(uri).build()),
+                        CredentialsMatchers.withId(credentialId));
+    }
+
     @Extension(optional=true) public static final class DescriptorImpl extends SCMStepDescriptor {
 
         public DescriptorImpl() {
             // Fail now if dependency plugin not loaded. Descriptor.<init> will actually fail anyway, but this is just to be sure.
             GitSCM.class.hashCode();
         }
 
+        // copy/paste from GitSCM.DescriptorImpl
+
+        public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Item project,
+                                                     @QueryParameter String url) {
+            if (project == null || !project.hasPermission(Item.CONFIGURE)) {
+                return new StandardListBoxModel();
+            }
+            return new StandardListBoxModel()
+                    .withEmptySelection()
+                    .withMatching(
+                            GitClient.CREDENTIALS_MATCHER,
+                            CredentialsProvider.lookupCredentials(StandardCredentials.class,
+                                    project,
+                                    ACL.SYSTEM,
+                                    GitURIRequirementsBuilder.fromUri(url).build())
+                    );
+        }
+
+        public FormValidation doCheckUrl(@AncestorInPath Item project,
+                                         @QueryParameter String credentialsId,
+                                         @QueryParameter String value) throws IOException, InterruptedException {
+
+            if (project == null || !project.hasPermission(Item.CONFIGURE)) {
+                return FormValidation.ok();
+            }
+
+            String url = Util.fixEmptyAndTrim(value);
+            if (url == null)
+                return FormValidation.error("Please enter repository url.");
+
+            // get git executable on master
+            final EnvVars environment = new EnvVars(EnvVars.masterEnvVars);
+
+            GitClient git = Git.with(TaskListener.NULL, environment)
+                    .using(GitTool.getDefaultInstallation().getGitExe())
+                    .getClient();
+            if (credentialsId != null) {
+                StandardCredentials credentials = lookupCredentials(project, credentialsId, url);
+                if (credentials != null) git.addDefaultCredentials(credentials);
+            }
+
+            // attempt to connect the provided URL
+            try {
+                git.getHeadRev(url, "HEAD");
+            } catch (GitException e) {
+                return FormValidation.error(Messages.UserRemoteConfig_FailedToConnect(e.getMessage()));
+            }
+
+            return FormValidation.ok();
+        }
+
         @Override public String getFunctionName() {
             return "git";
         }

diff --git a/scm-step/src/main/resources/org/jenkinsci/plugins/workflow/steps/scm/GitStep/config.jelly b/scm-step/src/main/resources/org/jenkinsci/plugins/workflow/steps/scm/GitStep/config.jelly
@@ -24,12 +24,15 @@ THE SOFTWARE.
 -->
 
 <?jelly escape-by-default='true'?>
-<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:f="/lib/form">
+<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:f="/lib/form" xmlns:c="/lib/credentials">
     <f:entry field="url" title="Repository URL">
         <f:textbox/>
     </f:entry>
     <f:entry field="branch" title="Branch">
         <f:textbox default="master"/>
     </f:entry>
+    <f:entry field="credentialsId" title="Credentials">
+        <c:select/>
+    </f:entry>
     <st:include page="config-generic.jelly" class="org.jenkinsci.plugins.workflow.steps.scm.SCMStep"/>
 </j:jelly>
diff --git a/scm-step/src/test/java/org/jenkinsci/plugins/workflow/steps/scm/GitStepTest.java b/scm-step/src/test/java/org/jenkinsci/plugins/workflow/steps/scm/GitStepTest.java
@@ -0,0 +1,63 @@
+/*
+ * The MIT License
+ *
+ * Copyright 2014 Jesse Glick.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package org.jenkinsci.plugins.workflow.steps.scm;
+
+import com.cloudbees.plugins.credentials.CredentialsProvider;
+import com.cloudbees.plugins.credentials.CredentialsScope;
+import com.cloudbees.plugins.credentials.common.IdCredentials;
+import com.cloudbees.plugins.credentials.domains.Domain;
+import com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl;
+import org.jenkinsci.plugins.workflow.steps.Step;
+import org.jenkinsci.plugins.workflow.steps.StepConfigTester;
+import org.junit.Rule;
+import org.junit.Test;
+import org.jvnet.hudson.test.JenkinsRule;
+
+/**
+ * @author <a href="mailto:nicolas.deloof@gmail.com">Nicolas De Loof</a>
+ */
+public class GitStepTest {
+
+    @Rule public JenkinsRule r = new JenkinsRule();
+
+    @Test
+    public void roundtrip() throws Exception {
+        GitStep step = new GitStep("git@github.com:jenkinsci/workflow-plugin.git");
+        Step roundtrip = new StepConfigTester(r).configRoundTrip(step);
+        r.assertEqualDataBoundBeans(step, roundtrip);
+    }
+
+    @Test
+    public void roundtrip_withcredentials() throws Exception {
+        IdCredentials c = new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, null, null, "user", "pass");
+        CredentialsProvider.lookupStores(r.jenkins).iterator().next()
+                .addCredentials(Domain.global(), c);
+        GitStep step = new GitStep("git@github.com:jenkinsci/workflow-plugin.git");
+        step.setCredentialsId(c.getId());
+        Step roundtrip = new StepConfigTester(r).configRoundTrip(step);
+        r.assertEqualDataBoundBeans(step, roundtrip);
+    }
+
+}