jenkinsci · timja · Apr 29, 2019 · Apr 25, 2019 · Apr 25, 2019 · Apr 26, 2019
@@ -214,7 +214,7 @@
     <dependency>
       <groupId>org.jenkins-ci.plugins</groupId>
       <artifactId>ssh-credentials</artifactId>
-      <version>1.13</version>
+      <version>1.16</version>
       <scope>test</scope>
     </dependency>
 

@@ -3,16 +3,24 @@
 import com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey;
 import com.cloudbees.plugins.credentials.CredentialsProvider;
 import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
+import hudson.ExtensionList;
+import hudson.util.Secret;
 import io.jenkins.plugins.casc.misc.ConfiguredWithCode;
 import io.jenkins.plugins.casc.misc.JenkinsConfiguredWithCodeRule;
+import io.jenkins.plugins.casc.model.CNode;
+import io.jenkins.plugins.casc.model.Mapping;
+import io.jenkins.plugins.casc.support.credentials.CredentialsRootConfigurator;
 import java.util.Collections;
 import java.util.List;
 import jenkins.model.Jenkins;
 import org.junit.Rule;
 import org.junit.Test;
 
+import static java.util.Objects.requireNonNull;
 import static org.hamcrest.Matchers.is;
+import static org.hamcrest.core.IsNot.not;
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertThat;
 
 public class CredentialsTest {
@@ -31,9 +39,14 @@ public void testGlobalScopedCredentials() {
 
         List<BasicSSHUserPrivateKey> creds2 = CredentialsProvider.lookupCredentials(BasicSSHUserPrivateKey.class,Jenkins.getInstanceOrNull(), null, Collections.emptyList());
         assertThat(creds2.size(), is(1));
-        assertEquals("agentuser", creds2.get(0).getUsername());
-        assertEquals("password", creds2.get(0).getPassphrase().getPlainText());
-        assertEquals("ssh private key used to connect ssh slaves", creds2.get(0).getDescription());
+        BasicSSHUserPrivateKey basicSSHUserPrivateKey = creds2.get(0);
+        assertEquals("agentuser", basicSSHUserPrivateKey.getUsername());
+        assertEquals("password", basicSSHUserPrivateKey.getPassphrase().getPlainText());
+        assertEquals("ssh private key used to connect ssh slaves", basicSSHUserPrivateKey.getDescription());
+        assertThat(basicSSHUserPrivateKey.getPrivateKeySource().getPrivateKeys().size(), is(1));
+        String directKey = basicSSHUserPrivateKey.getPrivateKeySource().getPrivateKeys().get(0);
+        assertThat(directKey, is("sp0ds9d+skkfjf"));
+
     }
 
 
@@ -47,4 +60,43 @@ public void testDomainScopedCredentials() {
         assertEquals("secret", creds.get(0).getPassword().getPlainText());
     }
 
+    @ConfiguredWithCode("GlobalCredentials.yml")
+    @Test
+    public void testExportSSHCredentials() throws Exception {
+        ConfiguratorRegistry registry = ConfiguratorRegistry.get();
+        ConfigurationContext context = new ConfigurationContext(registry);
+        CredentialsRootConfigurator root = ExtensionList.lookupSingleton(CredentialsRootConfigurator.class);
+
+        CNode node = root.describe(root.getTargetComponent(context), context);
+        assertNotNull(node);
+        final Mapping mapping = node.asMapping();
+
+        Mapping sshCredential = mapping.get("system")
+                .asMapping()
+                .get("domainCredentials")
+                .asSequence().get(0)
+                .asMapping().get("credentials")
+                .asSequence().get(1)
+                .asMapping().get("basicSSHUserPrivateKey").asMapping();
+
+        assertThat(sshCredential.getScalarValue("scope"), is("SYSTEM"));
+        assertThat(sshCredential.getScalarValue("id"), is("agent-private-key"));
+        assertThat(sshCredential.getScalarValue("username"), is("agentuser"));
+
+        String passphrase = sshCredential.getScalarValue("passphrase");
+        assertThat(passphrase, not("password"));
+        assertThat(requireNonNull(Secret.decrypt(passphrase)).getPlainText(), is("password"));
+
+        String sshKeyExported = sshCredential.get("privateKeySource")
+                .asMapping()
+                .get("directEntry")
+                .asMapping()
+                .get("privateKey")
+                .asScalar()
+                .getValue();
+
+        assertThat(sshKeyExported, not("sp0ds9d+skkfjf"));
+        assertThat(requireNonNull(Secret.decrypt(sshKeyExported)).getPlainText(), is("sp0ds9d+skkfjf"));
+    }
+
 }
@@ -73,14 +73,13 @@ public void configure_system_credentials() throws Exception {
         List<BasicSSHUserPrivateKey> sshPrivateKeys = CredentialsProvider.lookupCredentials(
                 BasicSSHUserPrivateKey.class, jenkins, ACL.SYSTEM, Collections.emptyList()
         );
-        assertThat(sshPrivateKeys, hasSize(2));
-        final BasicSSHUserPrivateKey ssh_with_passphrase = sshPrivateKeys.stream()
-                .filter(k -> k.getId().equals("ssh_with_passphrase_provided"))
-                .findFirst().orElseThrow(AssertionError::new);
+        assertThat(sshPrivateKeys, hasSize(1));
+
+        final BasicSSHUserPrivateKey ssh_with_passphrase = sshPrivateKeys.get(0);
         assertThat(ssh_with_passphrase.getPassphrase().getPlainText(), equalTo("ABCD"));
 
         final DirectEntryPrivateKeySource source = (DirectEntryPrivateKeySource) ssh_with_passphrase.getPrivateKeySource();
-        assertThat(source.getPrivateKey(), equalTo("s3cr3t"));
+        assertThat(source.getPrivateKey().getPlainText(), equalTo("s3cr3t"));
 
 
         // credentials should not appear in plain text in log

@@ -23,15 +23,6 @@ credentials:
               keyStoreSource:
                 fileOnMaster:
                   keyStoreFile: /docker/secret/id_rsa
-          - basicSSHUserPrivateKey:
-              scope: SYSTEM
-              id: ssh_with_passphrase
-              username: ssh_root
-              passphrase: ${SSH_KEY_PASSWORD}
-              description: "SSH passphrase with private key file"
-              privateKeySource:
-                FileOnMasterPrivateKeySource:
-                  privateKeyFile: /docker/secret/id_rsa_2
           - basicSSHUserPrivateKey:
               scope: SYSTEM
               id: ssh_with_passphrase_provided

@@ -38,13 +38,6 @@
       <optional>true</optional>
     </dependency>
 
-    <dependency>
 List<BasicSSHUserPrivateKey> creds2 = CredentialsProvider.lookupCredentials(BasicSSHUserPrivateKey.class,Jenkins.getInstanceOrNull(), null, Collections.emptyList()); 
 assertThat(creds2.size(), is(1)); 
 assertEquals("agentuser", creds2.get(0).getUsername()); 
 assertEquals("password", creds2.get(0).getPassphrase().getPlainText()); 
 assertEquals("ssh private key used to connect ssh slaves", creds2.get(0).getDescription()); 
 privateKeySource: 
   directEntry: 
     privateKey: sp0ds9d+skkfjf 
 List<BasicSSHUserPrivateKey> creds2 = CredentialsProvider.lookupCredentials(BasicSSHUserPrivateKey.class,Jenkins.getInstanceOrNull(), null, Collections.emptyList()); 
 assertThat(creds2.size(), is(1)); 
 assertEquals("agentuser", creds2.get(0).getUsername()); 
 assertEquals("password", creds2.get(0).getPassphrase().getPlainText()); 
 assertEquals("ssh private key used to connect ssh slaves", creds2.get(0).getDescription()); 
 privateKeySource: 
   directEntry: 
     privateKey: sp0ds9d+skkfjf 
-      <groupId>org.jenkins-ci.plugins</groupId>
-      <artifactId>ssh-credentials</artifactId>
-      <version>1.13</version>
-      <optional>true</optional>
-    </dependency>
-
     <dependency>
       <groupId>org.jenkins-ci.plugins</groupId>
       <artifactId>job-dsl</artifactId>