From 4a0d1996a3e7a204b3ce6c6e361ec5b4bb506856 Mon Sep 17 00:00:00 2001 From: Joseph Petersen Date: Thu, 25 Apr 2019 14:06:02 +0200 Subject: [PATCH 1/3] remove ssh credentials from support plugin --- integrations/pom.xml | 2 +- support/pom.xml | 7 ---- ...rectEntryPrivateKeySourceConfigurator.java | 34 ------------------- 3 files changed, 1 insertion(+), 42 deletions(-) delete mode 100644 support/src/main/java/io/jenkins/plugins/casc/support/credentials/DirectEntryPrivateKeySourceConfigurator.java diff --git a/integrations/pom.xml b/integrations/pom.xml index c83a90d4d2..09794514a8 100644 --- a/integrations/pom.xml +++ b/integrations/pom.xml @@ -214,7 +214,7 @@ org.jenkins-ci.plugins ssh-credentials - 1.13 + 1.16 test diff --git a/support/pom.xml b/support/pom.xml index 38d6c9543b..7c00fa4c20 100644 --- a/support/pom.xml +++ b/support/pom.xml @@ -38,13 +38,6 @@ true - - org.jenkins-ci.plugins - ssh-credentials - 1.13 - true - - org.jenkins-ci.plugins job-dsl diff --git a/support/src/main/java/io/jenkins/plugins/casc/support/credentials/DirectEntryPrivateKeySourceConfigurator.java b/support/src/main/java/io/jenkins/plugins/casc/support/credentials/DirectEntryPrivateKeySourceConfigurator.java deleted file mode 100644 index 8becdf18db..0000000000 --- a/support/src/main/java/io/jenkins/plugins/casc/support/credentials/DirectEntryPrivateKeySourceConfigurator.java +++ /dev/null @@ -1,34 +0,0 @@ -package io.jenkins.plugins.casc.support.credentials; - -import com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey.DirectEntryPrivateKeySource; -import edu.umd.cs.findbugs.annotations.CheckForNull; -import hudson.Extension; -import io.jenkins.plugins.casc.ConfigurationContext; -import io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator; -import io.jenkins.plugins.casc.model.CNode; -import io.jenkins.plugins.casc.model.Mapping; -import io.jenkins.plugins.casc.model.Scalar; - -/** - * @author Nicolas De Loof - */ -@Extension(optional = true) -public class DirectEntryPrivateKeySourceConfigurator extends DataBoundConfigurator { - - public DirectEntryPrivateKeySourceConfigurator() { - super(DirectEntryPrivateKeySource.class); - } - - @Override - public Class getTarget() { - return DirectEntryPrivateKeySource.class; - } - - @CheckForNull - @Override - public CNode describe(DirectEntryPrivateKeySource instance, ConfigurationContext context) throws Exception { - final Mapping mapping = new Mapping(); - mapping.putIfAbsent("privateKey", new Scalar("****")); - return mapping; - } -} From 202ab7b2ff378c0a2ddb614b72a3d497d25b380c Mon Sep 17 00:00:00 2001 From: Joseph Petersen Date: Thu, 25 Apr 2019 15:22:32 +0200 Subject: [PATCH 2/3] update tests, FileOnMasterPrivateKeySource is deprecated --- .../java/io/jenkins/plugins/casc/CredentialsTest.java | 11 ++++++++--- .../jenkins/plugins/casc/SystemCredentialsTest.java | 9 ++++----- .../io/jenkins/plugins/casc/SystemCredentialsTest.yml | 9 --------- 3 files changed, 12 insertions(+), 17 deletions(-) diff --git a/integrations/src/test/java/io/jenkins/plugins/casc/CredentialsTest.java b/integrations/src/test/java/io/jenkins/plugins/casc/CredentialsTest.java index b8261a98bd..09218eb43b 100644 --- a/integrations/src/test/java/io/jenkins/plugins/casc/CredentialsTest.java +++ b/integrations/src/test/java/io/jenkins/plugins/casc/CredentialsTest.java @@ -31,9 +31,14 @@ public void testGlobalScopedCredentials() { List creds2 = CredentialsProvider.lookupCredentials(BasicSSHUserPrivateKey.class,Jenkins.getInstanceOrNull(), null, Collections.emptyList()); assertThat(creds2.size(), is(1)); - assertEquals("agentuser", creds2.get(0).getUsername()); - assertEquals("password", creds2.get(0).getPassphrase().getPlainText()); - assertEquals("ssh private key used to connect ssh slaves", creds2.get(0).getDescription()); + BasicSSHUserPrivateKey basicSSHUserPrivateKey = creds2.get(0); + assertEquals("agentuser", basicSSHUserPrivateKey.getUsername()); + assertEquals("password", basicSSHUserPrivateKey.getPassphrase().getPlainText()); + assertEquals("ssh private key used to connect ssh slaves", basicSSHUserPrivateKey.getDescription()); + assertThat(basicSSHUserPrivateKey.getPrivateKeySource().getPrivateKeys().size(), is(1)); + String directKey = basicSSHUserPrivateKey.getPrivateKeySource().getPrivateKeys().get(0); + assertThat(directKey, is("sp0ds9d+skkfjf")); + } diff --git a/integrations/src/test/java/io/jenkins/plugins/casc/SystemCredentialsTest.java b/integrations/src/test/java/io/jenkins/plugins/casc/SystemCredentialsTest.java index ec99126273..ca5cb2276d 100644 --- a/integrations/src/test/java/io/jenkins/plugins/casc/SystemCredentialsTest.java +++ b/integrations/src/test/java/io/jenkins/plugins/casc/SystemCredentialsTest.java @@ -73,14 +73,13 @@ public void configure_system_credentials() throws Exception { List sshPrivateKeys = CredentialsProvider.lookupCredentials( BasicSSHUserPrivateKey.class, jenkins, ACL.SYSTEM, Collections.emptyList() ); - assertThat(sshPrivateKeys, hasSize(2)); - final BasicSSHUserPrivateKey ssh_with_passphrase = sshPrivateKeys.stream() - .filter(k -> k.getId().equals("ssh_with_passphrase_provided")) - .findFirst().orElseThrow(AssertionError::new); + assertThat(sshPrivateKeys, hasSize(1)); + + final BasicSSHUserPrivateKey ssh_with_passphrase = sshPrivateKeys.get(0); assertThat(ssh_with_passphrase.getPassphrase().getPlainText(), equalTo("ABCD")); final DirectEntryPrivateKeySource source = (DirectEntryPrivateKeySource) ssh_with_passphrase.getPrivateKeySource(); - assertThat(source.getPrivateKey(), equalTo("s3cr3t")); + assertThat(source.getPrivateKey().getPlainText(), equalTo("s3cr3t")); // credentials should not appear in plain text in log diff --git a/integrations/src/test/resources/io/jenkins/plugins/casc/SystemCredentialsTest.yml b/integrations/src/test/resources/io/jenkins/plugins/casc/SystemCredentialsTest.yml index 0397e20d19..7d28c6b5a4 100644 --- a/integrations/src/test/resources/io/jenkins/plugins/casc/SystemCredentialsTest.yml +++ b/integrations/src/test/resources/io/jenkins/plugins/casc/SystemCredentialsTest.yml @@ -23,15 +23,6 @@ credentials: keyStoreSource: fileOnMaster: keyStoreFile: /docker/secret/id_rsa - - basicSSHUserPrivateKey: - scope: SYSTEM - id: ssh_with_passphrase - username: ssh_root - passphrase: ${SSH_KEY_PASSWORD} - description: "SSH passphrase with private key file" - privateKeySource: - FileOnMasterPrivateKeySource: - privateKeyFile: /docker/secret/id_rsa_2 - basicSSHUserPrivateKey: scope: SYSTEM id: ssh_with_passphrase_provided From ba5f9c1a02e2df8e15c75ceed304c7ad45f0058b Mon Sep 17 00:00:00 2001 From: Tim Jacomb Date: Fri, 26 Apr 2019 15:53:25 +0100 Subject: [PATCH 3/3] Add ssh credentials test export --- .../jenkins/plugins/casc/CredentialsTest.java | 47 +++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/integrations/src/test/java/io/jenkins/plugins/casc/CredentialsTest.java b/integrations/src/test/java/io/jenkins/plugins/casc/CredentialsTest.java index 09218eb43b..d0023235da 100644 --- a/integrations/src/test/java/io/jenkins/plugins/casc/CredentialsTest.java +++ b/integrations/src/test/java/io/jenkins/plugins/casc/CredentialsTest.java @@ -3,16 +3,24 @@ import com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey; import com.cloudbees.plugins.credentials.CredentialsProvider; import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials; +import hudson.ExtensionList; +import hudson.util.Secret; import io.jenkins.plugins.casc.misc.ConfiguredWithCode; import io.jenkins.plugins.casc.misc.JenkinsConfiguredWithCodeRule; +import io.jenkins.plugins.casc.model.CNode; +import io.jenkins.plugins.casc.model.Mapping; +import io.jenkins.plugins.casc.support.credentials.CredentialsRootConfigurator; import java.util.Collections; import java.util.List; import jenkins.model.Jenkins; import org.junit.Rule; import org.junit.Test; +import static java.util.Objects.requireNonNull; import static org.hamcrest.Matchers.is; +import static org.hamcrest.core.IsNot.not; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertThat; public class CredentialsTest { @@ -52,4 +60,43 @@ public void testDomainScopedCredentials() { assertEquals("secret", creds.get(0).getPassword().getPlainText()); } + @ConfiguredWithCode("GlobalCredentials.yml") + @Test + public void testExportSSHCredentials() throws Exception { + ConfiguratorRegistry registry = ConfiguratorRegistry.get(); + ConfigurationContext context = new ConfigurationContext(registry); + CredentialsRootConfigurator root = ExtensionList.lookupSingleton(CredentialsRootConfigurator.class); + + CNode node = root.describe(root.getTargetComponent(context), context); + assertNotNull(node); + final Mapping mapping = node.asMapping(); + + Mapping sshCredential = mapping.get("system") + .asMapping() + .get("domainCredentials") + .asSequence().get(0) + .asMapping().get("credentials") + .asSequence().get(1) + .asMapping().get("basicSSHUserPrivateKey").asMapping(); + + assertThat(sshCredential.getScalarValue("scope"), is("SYSTEM")); + assertThat(sshCredential.getScalarValue("id"), is("agent-private-key")); + assertThat(sshCredential.getScalarValue("username"), is("agentuser")); + + String passphrase = sshCredential.getScalarValue("passphrase"); + assertThat(passphrase, not("password")); + assertThat(requireNonNull(Secret.decrypt(passphrase)).getPlainText(), is("password")); + + String sshKeyExported = sshCredential.get("privateKeySource") + .asMapping() + .get("directEntry") + .asMapping() + .get("privateKey") + .asScalar() + .getValue(); + + assertThat(sshKeyExported, not("sp0ds9d+skkfjf")); + assertThat(requireNonNull(Secret.decrypt(sshKeyExported)).getPlainText(), is("sp0ds9d+skkfjf")); + } + }