Example 1 with StandardUsernamePasswordCredentials
use of com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials in project blueocean-plugin by jenkinsci.
the class GithubScm method validateAndCreate.
@Override
public HttpResponse validateAndCreate(@JsonBody JSONObject request) {
String accessToken = (String) request.get("accessToken");
if (accessToken == null) {
throw new ServiceException.BadRequestExpception("accessToken is required");
}
try {
User authenticatedUser = getAuthenticatedUser();
HttpURLConnection connection = connect(String.format("%s/%s", getUri(), "user"), accessToken);
validateAccessTokenScopes(connection);
String data = IOUtils.toString(connection.getInputStream());
GHUser user = GithubScm.om.readValue(data, GHUser.class);
if (user.getEmail() != null) {
Mailer.UserProperty p = authenticatedUser.getProperty(Mailer.UserProperty.class);
// the one from Github?
if (p == null) {
authenticatedUser.addProperty(new Mailer.UserProperty(user.getEmail()));
}
}
//Now we know the token is valid. Lets find credential
StandardUsernamePasswordCredentials githubCredential = CredentialsUtils.findCredential(getId(), StandardUsernamePasswordCredentials.class, new BlueOceanDomainRequirement());
final StandardUsernamePasswordCredentials credential = new UsernamePasswordCredentialsImpl(CredentialsScope.USER, "github", "Github Access Token", authenticatedUser.getId(), accessToken);
if (githubCredential == null) {
CredentialsUtils.createCredentialsInUserStore(credential, authenticatedUser, getCredentialsDomainName(getUri()), ImmutableList.<DomainSpecification>of(new BlueOceanDomainSpecification()));
} else {
CredentialsUtils.updateCredentialsInUserStore(githubCredential, credential, authenticatedUser, getCredentialsDomainName(getUri()), ImmutableList.<DomainSpecification>of(new BlueOceanDomainSpecification()));
}
return createResponse(credential.getId());
} catch (IOException e) {
throw new ServiceException.UnexpectedErrorException(e.getMessage());
}
}
Also used :
GHUser(org.kohsuke.github.GHUser)
User(hudson.model.User)
BlueOceanDomainSpecification(io.jenkins.blueocean.rest.impl.pipeline.credential.BlueOceanDomainSpecification)
Mailer(hudson.tasks.Mailer)
GHUser(org.kohsuke.github.GHUser)
IOException(java.io.IOException)
UsernamePasswordCredentialsImpl(com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl)
StandardUsernamePasswordCredentials(com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials)
HttpURLConnection(java.net.HttpURLConnection)
ServiceException(io.jenkins.blueocean.commons.ServiceException)
BlueOceanDomainRequirement(io.jenkins.blueocean.rest.impl.pipeline.credential.BlueOceanDomainRequirement)
Example 2 with StandardUsernamePasswordCredentials
use of com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials in project blueocean-plugin by jenkinsci.
the class GithubScmContentProvider method saveContent.
@SuppressWarnings("unchecked")
private Object saveContent(@Nonnull GithubScmSaveFileRequest githubRequest, @Nonnull Item item) {
String apiUrl = GithubScm.DEFAULT_API_URI;
String owner = null;
String repo = null;
String accessToken = null;
String credentialId = null;
if (item instanceof OrganizationFolder) {
List<SCMNavigator> navigators = ((OrganizationFolder) item).getSCMNavigators();
if (!navigators.isEmpty() && navigators.get(0) instanceof GitHubSCMNavigator) {
GitHubSCMNavigator navigator = (GitHubSCMNavigator) navigators.get(0);
if (navigator.getApiUri() != null) {
apiUrl = navigator.getApiUri();
}
credentialId = navigator.getScanCredentialsId();
owner = navigator.getRepoOwner();
}
} else if (item instanceof MultiBranchProject) {
List<SCMSource> sources = ((MultiBranchProject) item).getSCMSources();
if (!sources.isEmpty() && sources.get(0) instanceof GitHubSCMSource) {
GitHubSCMSource source = (GitHubSCMSource) sources.get(0);
if (source.getApiUri() != null) {
apiUrl = source.getApiUri();
}
credentialId = source.getScanCredentialsId();
owner = owner(source);
repo = repo(source);
}
}
if (credentialId != null) {
StandardCredentials credentials = Connector.lookupScanCredentials((SCMSourceOwner) item, apiUrl, credentialId);
if (credentials instanceof StandardUsernamePasswordCredentials) {
accessToken = ((StandardUsernamePasswordCredentials) credentials).getPassword().getPlainText();
} else {
throw new ServiceException.BadRequestExpception("accessToken not found in pipeline: " + item.getFullName());
}
}
return githubRequest.save(apiUrl, owner, repo, accessToken);
}
Also used :
StandardUsernamePasswordCredentials(com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials)
SCMNavigator(jenkins.scm.api.SCMNavigator)
GitHubSCMNavigator(org.jenkinsci.plugins.github_branch_source.GitHubSCMNavigator)
OrganizationFolder(jenkins.branch.OrganizationFolder)
MultiBranchProject(jenkins.branch.MultiBranchProject)
ArrayList(java.util.ArrayList)
List(java.util.List)
GitHubSCMSource(org.jenkinsci.plugins.github_branch_source.GitHubSCMSource)
GitHubSCMNavigator(org.jenkinsci.plugins.github_branch_source.GitHubSCMNavigator)
StandardCredentials(com.cloudbees.plugins.credentials.common.StandardCredentials)
Example 3 with StandardUsernamePasswordCredentials
use of com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials in project blueocean-plugin by jenkinsci.
the class GithubPipelineCreateRequest method validateCredentialId.
static void validateCredentialId(String credentialId, String apiUrl) throws IOException {
if (credentialId != null && !credentialId.trim().isEmpty()) {
StandardUsernamePasswordCredentials credentials = CredentialsUtils.findCredential(credentialId, StandardUsernamePasswordCredentials.class, new BlueOceanDomainRequirement());
if (credentials == null) {
throw new ServiceException.BadRequestExpception(new ErrorMessage(400, "Failed to create Github pipeline").add(new ErrorMessage.Error("scmConfig.credentialId", ErrorMessage.Error.ErrorCodes.NOT_FOUND.toString(), "No Credentials instance found for credentialId: " + credentialId)));
} else {
String accessToken = credentials.getPassword().getPlainText();
validateGithubAccessToken(accessToken, apiUrl);
}
}
}
Also used :
StandardUsernamePasswordCredentials(com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials)
BlueOceanDomainRequirement(io.jenkins.blueocean.rest.impl.pipeline.credential.BlueOceanDomainRequirement)
ErrorMessage(io.jenkins.blueocean.commons.ErrorMessage)
Example 4 with StandardUsernamePasswordCredentials
use of com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials in project blueocean-plugin by jenkinsci.
the class GithubOrgFolderTest method shouldFindUserStoreCredential.
@Test
public void shouldFindUserStoreCredential() throws IOException {
//add username password credential to user's credential store in user domain and in USER scope
User user = login();
CredentialsStore store = null;
for (CredentialsStore s : CredentialsProvider.lookupStores(user)) {
if (s.hasPermission(CredentialsProvider.CREATE) && s.hasPermission(CredentialsProvider.UPDATE)) {
store = s;
break;
}
}
assertNotNull(store);
store.addDomain(new Domain("github-domain", "Github Domain to store personal access token", Collections.<DomainSpecification>singletonList(new BlueOceanDomainSpecification())));
Domain domain = store.getDomainByName("github-domain");
StandardUsernamePasswordCredentials credential = new UsernamePasswordCredentialsImpl(CredentialsScope.USER, "github", "Github Access Token", user.getId(), "12345");
store.addCredentials(domain, credential);
//create another credentials with same id in system store with different description
for (CredentialsStore s : CredentialsProvider.lookupStores(Jenkins.getInstance())) {
s.addCredentials(Domain.global(), new UsernamePasswordCredentialsImpl(CredentialsScope.USER, "github", "System Github Access Token", user.getId(), "12345"));
}
//create org folder and attach user and credential id to it
OrganizationFolder organizationFolder = j.createProject(OrganizationFolder.class, "demo");
AbstractFolderProperty prop = new BlueOceanCredentialsProvider.FolderPropertyImpl(user.getId(), credential.getId(), BlueOceanCredentialsProvider.createDomain("https://api.github.com"));
organizationFolder.addProperty(prop);
// lookup for created credential id in system store, it should resolve to previously created user store credential
StandardCredentials c = Connector.lookupScanCredentials(organizationFolder, "https://api.github.com", credential.getId());
assertEquals("Github Access Token", c.getDescription());
assertNotNull(c);
assertTrue(c instanceof StandardUsernamePasswordCredentials);
StandardUsernamePasswordCredentials usernamePasswordCredentials = (StandardUsernamePasswordCredentials) c;
assertEquals(credential.getId(), usernamePasswordCredentials.getId());
assertEquals(credential.getPassword().getPlainText(), usernamePasswordCredentials.getPassword().getPlainText());
assertEquals(credential.getUsername(), usernamePasswordCredentials.getUsername());
//check the domain
Domain d = CredentialsUtils.findDomain(credential.getId(), user);
assertNotNull(d);
assertTrue(d.test(new BlueOceanDomainRequirement()));
//now remove this property
organizationFolder.getProperties().remove(prop);
//it must resolve to system credential
c = Connector.lookupScanCredentials(organizationFolder, null, credential.getId());
assertEquals("System Github Access Token", c.getDescription());
}
Also used :
StandardUsernamePasswordCredentials(com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials)
User(hudson.model.User)
OrganizationFolder(jenkins.branch.OrganizationFolder)
BlueOceanDomainRequirement(io.jenkins.blueocean.rest.impl.pipeline.credential.BlueOceanDomainRequirement)
CredentialsStore(com.cloudbees.plugins.credentials.CredentialsStore)
BlueOceanDomainSpecification(io.jenkins.blueocean.rest.impl.pipeline.credential.BlueOceanDomainSpecification)
Domain(com.cloudbees.plugins.credentials.domains.Domain)
UsernamePasswordCredentialsImpl(com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl)
StandardCredentials(com.cloudbees.plugins.credentials.common.StandardCredentials)
BlueOceanDomainSpecification(io.jenkins.blueocean.rest.impl.pipeline.credential.BlueOceanDomainSpecification)
DomainSpecification(com.cloudbees.plugins.credentials.domains.DomainSpecification)
AbstractFolderProperty(com.cloudbees.hudson.plugins.folder.AbstractFolderProperty)
PipelineBaseTest(io.jenkins.blueocean.rest.impl.pipeline.PipelineBaseTest)
Test(org.junit.Test)
Example 5 with StandardUsernamePasswordCredentials
use of com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials in project blueocean-plugin by jenkinsci.
the class GithubScm method getOrganizations.
@Override
public Container<ScmOrganization> getOrganizations() {
StaplerRequest request = Stapler.getCurrentRequest();
String credentialId = getCredentialIdFromRequest(request);
User authenticatedUser = getAuthenticatedUser();
final StandardUsernamePasswordCredentials credential = CredentialsUtils.findCredential(credentialId, StandardUsernamePasswordCredentials.class, new BlueOceanDomainRequirement());
if (credential == null) {
throw new ServiceException.BadRequestExpception(String.format("Credential id: %s not found for user %s", credentialId, authenticatedUser.getId()));
}
String accessToken = credential.getPassword().getPlainText();
try {
GitHub github = new GitHubBuilder().withOAuthToken(accessToken).withRateLimitHandler(new RateLimitHandlerImpl()).withEndpoint(getUri()).build();
final Link link = getLink().rel("organizations");
// preserve the same order that github org api returns
Map<String, ScmOrganization> orgMap = new LinkedHashMap<>();
for (Map.Entry<String, GHOrganization> entry : github.getMyOrganizations().entrySet()) {
orgMap.put(entry.getKey(), new GithubOrganization(GithubScm.this, entry.getValue(), credential, link));
}
GHMyself user = github.getMyself();
if (orgMap.get(user.getLogin()) == null) {
//this is to take care of case if/when github starts reporting user login as org later on
orgMap = new HashMap<>(orgMap);
orgMap.put(user.getLogin(), new GithubUserOrganization(user, credential, this));
}
final Map<String, ScmOrganization> orgs = orgMap;
return new Container<ScmOrganization>() {
@Override
public ScmOrganization get(String name) {
ScmOrganization org = orgs.get(name);
if (org == null) {
throw new ServiceException.NotFoundException(String.format("GitHub organization %s not found", name));
}
return org;
}
@Override
public Link getLink() {
return link;
}
@Override
public Iterator<ScmOrganization> iterator() {
return orgs.values().iterator();
}
};
} catch (IOException e) {
if (e instanceof HttpException) {
HttpException ex = (HttpException) e;
if (ex.getResponseCode() == 401) {
throw new ServiceException.PreconditionRequired("Invalid Github accessToken", ex);
} else if (ex.getResponseCode() == 403) {
throw new ServiceException.PreconditionRequired("Github accessToken does not have required scopes. Expected scopes 'user:email, repo'", ex);
}
}
throw new ServiceException.UnexpectedErrorException(e.getMessage(), e);
}
}
Also used :
GHMyself(org.kohsuke.github.GHMyself)
GHUser(org.kohsuke.github.GHUser)
User(hudson.model.User)
GitHub(org.kohsuke.github.GitHub)
StaplerRequest(org.kohsuke.stapler.StaplerRequest)
GitHubBuilder(org.kohsuke.github.GitHubBuilder)
LinkedHashMap(java.util.LinkedHashMap)
StandardUsernamePasswordCredentials(com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials)
ScmOrganization(io.jenkins.blueocean.rest.impl.pipeline.scm.ScmOrganization)
Container(io.jenkins.blueocean.rest.model.Container)
GHOrganization(org.kohsuke.github.GHOrganization)
HttpException(org.kohsuke.github.HttpException)
IOException(java.io.IOException)
ServiceException(io.jenkins.blueocean.commons.ServiceException)
BlueOceanDomainRequirement(io.jenkins.blueocean.rest.impl.pipeline.credential.BlueOceanDomainRequirement)
Map(java.util.Map)
ImmutableMap(com.google.common.collect.ImmutableMap)
HashMap(java.util.HashMap)
LinkedHashMap(java.util.LinkedHashMap)
Link(io.jenkins.blueocean.rest.hal.Link)
Aggregations
StandardUsernamePasswordCredentials (com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials)5
BlueOceanDomainRequirement (io.jenkins.blueocean.rest.impl.pipeline.credential.BlueOceanDomainRequirement)4
User (hudson.model.User)3
StandardCredentials (com.cloudbees.plugins.credentials.common.StandardCredentials)2
UsernamePasswordCredentialsImpl (com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl)2
ServiceException (io.jenkins.blueocean.commons.ServiceException)2
BlueOceanDomainSpecification (io.jenkins.blueocean.rest.impl.pipeline.credential.BlueOceanDomainSpecification)2
IOException (java.io.IOException)2
OrganizationFolder (jenkins.branch.OrganizationFolder)2
GHUser (org.kohsuke.github.GHUser)2
AbstractFolderProperty (com.cloudbees.hudson.plugins.folder.AbstractFolderProperty)1
CredentialsStore (com.cloudbees.plugins.credentials.CredentialsStore)1
Domain (com.cloudbees.plugins.credentials.domains.Domain)1
DomainSpecification (com.cloudbees.plugins.credentials.domains.DomainSpecification)1
ImmutableMap (com.google.common.collect.ImmutableMap)1
Mailer (hudson.tasks.Mailer)1
ErrorMessage (io.jenkins.blueocean.commons.ErrorMessage)1
Link (io.jenkins.blueocean.rest.hal.Link)1
PipelineBaseTest (io.jenkins.blueocean.rest.impl.pipeline.PipelineBaseTest)1
ScmOrganization (io.jenkins.blueocean.rest.impl.pipeline.scm.ScmOrganization)1
