Remove ssh credentials from support plugin

[jetersen]

Your checklist for this pull request

🚨 Please review the guidelines for contributing to this repository.

• Make sure you are requesting to pull a topic/feature/bugfix branch (right side) and not your master branch!

• Please describe what you did

• Link to relevant GitHub issues or pull requests

• Link to relevant Jenkins JIRA issues

• Did you provide a test-case? That demonstrates feature works or fixes the issue.

Description

Thanks, @jvz for your work on jenkinsci/ssh-credentials-plugin#40

Means we can get rid of another support configurator!

[timja]

have you verified / is there a test that shows that the private key isn't exported in plain text?

[jetersen]

YES 😆

Arguably this should be updated to check the direct key

configuration-as-code-plugin/integrations/src/test/java/io/jenkins/plugins/casc/CredentialsTest.java

Lines 32 to 36 in 40c8389

	List<BasicSSHUserPrivateKey> creds2 = CredentialsProvider.lookupCredentials(BasicSSHUserPrivateKey.class,Jenkins.getInstanceOrNull(), null, Collections.emptyList());
	assertThat(creds2.size(), is(1));
	assertEquals("agentuser", creds2.get(0).getUsername());
	assertEquals("password", creds2.get(0).getPassphrase().getPlainText());
	assertEquals("ssh private key used to connect ssh slaves", creds2.get(0).getDescription());

configuration-as-code-plugin/integrations/src/test/resources/io/jenkins/plugins/casc/GlobalCredentials.yml

Lines 19 to 21 in 40c8389

	privateKeySource:
	directEntry:
	privateKey: sp0ds9d+skkfjf

[jetersen]

apparently not ready, see CI... the test ran locally 😕

[jetersen]

@jvz we need some more magic it seems!
We just needed to fix our tests

[timja]

It really needs to be, as it was a security issue, and we don't want it accidentally re-introduced

[jetersen]

it works locally, I don't get it 😕

[timja]

I'm confused why its trying to use this:

Caused by: java.lang.IllegalArgumentException: No com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey$PrivateKeySource implementation found for FileOnMasterPrivateKeySource
Possible solution: Try to install 'configuration-as-code-support' plugin

it should be directEntry not the fileOnMaster...

[jetersen]

Fixed in: 202ab7b

[timja]

can you add an export test please to ensure what is exported isn't plain text

[jvz]

Hooray!

[timja]

I've added the missing test @Casz, mind checking you're happy with it when you get a chance please?

[jvz]

Not a blocker by any means, but it could be useful to create a matcher for secrets so you'd be able to assert something like assertThat(source.getPrivateKey(), hasPlainText("s3cr3t")); which would read better. Most appropriate place to add it would be here.

Edit: I submitted a PR for that idea.