Examples with AzureCredentials com.microsoft.azure.util.AzureCredentials used on opensource projects

Example 1 with AzureCredentials

use of com.microsoft.azure.util.AzureCredentials in project azure-credentials-plugin by jenkinsci.

the class KeyVaultIntegrationTestBase method setUp.

@Before
public void setUp() throws InterruptedException {
    // Create Azure KeyVault
    final AzureResourceManager azureClient = IntegrationTestBase.getAzureClient();
    vaultName = "tst-vault-" + TestEnvironment.GenerateRandomString(5);
    final Vault vault = azureClient.vaults().define(vaultName).withRegion(testEnv.region).withNewResourceGroup(testEnv.resourceGroup).defineAccessPolicy().forServicePrincipal(testEnv.clientId).allowSecretAllPermissions().attach().create();
    vaultUri = vault.vaultUri();
    waitForKeyVaultAvailable();
    // Create Jenkins Azure Credentials
    final AzureCredentials credentials = new AzureCredentials(CredentialsScope.SYSTEM, jenkinsAzureCredentialsId, "", testEnv.subscriptionId, testEnv.clientId, Secret.fromString(testEnv.clientSecret));
    credentials.setTenant(testEnv.tenantId);
    final CredentialsStore store = CredentialsProvider.lookupStores(j.jenkins).iterator().next();
    try {
        store.addCredentials(Domain.global(), credentials);
    } catch (IOException e) {
        Assert.fail(e.getMessage());
    }
}

Example 2 with AzureCredentials

use of com.microsoft.azure.util.AzureCredentials in project azure-keyvault-plugin by jenkinsci.

the class AzureKeyVaultGlobalConfigurationSystemPropertySPTest method testValuesSet.

@Test
public void testValuesSet() {
    AzureKeyVaultGlobalConfiguration configuration = AzureKeyVaultGlobalConfiguration.get();
    assertThat(configuration.getCredentialID(), is(AzureKeyVaultGlobalConfiguration.GENERATED_ID));
    assertThat(configuration.getKeyVaultURL(), is("https://mine.vault.azure.net"));
    Credentials credentials = SystemCredentialsProvider.getInstance().getCredentials().get(0);
    assertThat(credentials, instanceOf(AzureCredentials.class));
    AzureCredentials azureCredentials = (AzureCredentials) credentials;
    assertThat(azureCredentials.getClientId(), is("1234"));
    assertThat(azureCredentials.getPlainClientSecret(), is("1255534"));
    assertThat(azureCredentials.getSubscriptionId(), is("5678"));
    assertThat(azureCredentials.getTenant(), is("tenant_id"));
    // Test updating value
    System.setProperty("jenkins.azure-keyvault.url", "https://mine2.vault.azure.net");
    System.setProperty("jenkins.azure-keyvault.sp.client_id", "5678");
    System.setProperty("jenkins.azure-keyvault.sp.client_secret", "99999");
    System.setProperty("jenkins.azure-keyvault.sp.subscription_id", "9999");
    System.setProperty("jenkins.azure-keyvault.sp.tenant_id", "11111");
    configuration = AzureKeyVaultGlobalConfiguration.get();
    assertThat(configuration.getCredentialID(), is(AzureKeyVaultGlobalConfiguration.GENERATED_ID));
    assertThat(configuration.getKeyVaultURL(), is("https://mine2.vault.azure.net"));
    List<Credentials> credentialsList = SystemCredentialsProvider.getInstance().getCredentials();
    assertThat(credentialsList.size(), is(1));
    AzureCredentials azureCredentialsUpdated = (AzureCredentials) credentialsList.get(0);
    assertThat(azureCredentialsUpdated.getClientId(), is("5678"));
    assertThat(azureCredentialsUpdated.getPlainClientSecret(), is("99999"));
    assertThat(azureCredentialsUpdated.getSubscriptionId(), is("9999"));
    assertThat(azureCredentialsUpdated.getTenant(), is("11111"));
}

Example 3 with AzureCredentials

use of com.microsoft.azure.util.AzureCredentials in project azure-keyvault-plugin by jenkinsci.

the class AzureKeyVaultGlobalConfigurationSystemPropertySPTest method testChangingFromSptoUami.

@Test
public void testChangingFromSptoUami() {
    AzureKeyVaultGlobalConfiguration configuration = AzureKeyVaultGlobalConfiguration.get();
    assertThat(configuration.getCredentialID(), is(AzureKeyVaultGlobalConfiguration.GENERATED_ID));
    assertThat(configuration.getKeyVaultURL(), is("https://mine.vault.azure.net"));
    Credentials credentials = SystemCredentialsProvider.getInstance().getCredentials().get(0);
    assertThat(credentials, instanceOf(AzureCredentials.class));
    AzureCredentials azureCredentials = (AzureCredentials) credentials;
    assertThat(azureCredentials.getClientId(), is("1234"));
    assertThat(azureCredentials.getPlainClientSecret(), is("1255534"));
    assertThat(azureCredentials.getSubscriptionId(), is("5678"));
    assertThat(azureCredentials.getTenant(), is("tenant_id"));
    System.setProperty("jenkins.azure-keyvault.uami.enabled", "true");
    assertThat(configuration.getCredentialID(), is(AzureKeyVaultGlobalConfiguration.GENERATED_ID));
    credentials = SystemCredentialsProvider.getInstance().getCredentials().get(0);
    assertThat(credentials, instanceOf(AzureImdsCredentials.class));
}

Example 4 with AzureCredentials

use of com.microsoft.azure.util.AzureCredentials in project azure-keyvault-plugin by jenkinsci.

the class AzureKeyVaultGlobalConfiguration method resolveCredentialIdFromEnvironment.

private Optional<String> resolveCredentialIdFromEnvironment() {
    // directly lookup the credential so that we don't get a stackoverflow due to credential provider
    Optional<Credentials> optionalCredentials = SystemCredentialsProvider.getInstance().getCredentials().stream().filter(credentials -> (credentials instanceof AzureCredentials || credentials instanceof AzureImdsCredentials) && ((IdCredentials) credentials).getId().equals(GENERATED_ID)).findAny();
    String uami = getPropertyByEnvOrSystemProperty("AZURE_KEYVAULT_UAMI_ENABLED", "jenkins.azure-keyvault.uami.enabled").orElse("false");
    AzureBaseCredentials credentials;
    if (uami.equals("true")) {
        if (optionalCredentials.isPresent() && optionalCredentials.get() instanceof AzureImdsCredentials) {
            // don't overwrite the credential if it matches what we currently have so as we don't save to disk all the time
            return Optional.empty();
        }
        credentials = new AzureImdsCredentials(CredentialsScope.GLOBAL, GENERATED_ID, GENERATED_DESCRIPTION);
        storeCredential(credentials);
        return Optional.of(credentials.getId());
    }
    String clientId = getPropertyByEnvOrSystemProperty("AZURE_KEYVAULT_SP_CLIENT_ID", "jenkins.azure-keyvault.sp.client_id").orElse("false");
    if (clientId.equals("false")) {
        return Optional.empty();
    }
    String clientSecret = getPropertyByEnvOrSystemProperty("AZURE_KEYVAULT_SP_CLIENT_SECRET", "jenkins.azure-keyvault.sp.client_secret").orElseThrow(IllegalArgumentException::new);
    String subscriptionId = getPropertyByEnvOrSystemProperty("AZURE_KEYVAULT_SP_SUBSCRIPTION_ID", "jenkins.azure-keyvault.sp.subscription_id").orElseThrow(IllegalArgumentException::new);
    String tenantId = getPropertyByEnvOrSystemProperty("AZURE_KEYVAULT_SP_TENANT_ID", "jenkins.azure-keyvault.sp.tenant_id").orElseThrow(IllegalArgumentException::new);
    if (optionalCredentials.isPresent() && optionalCredentials.get() instanceof AzureCredentials && azureCredentialIsEqual((AzureCredentials) optionalCredentials.get(), clientId, clientSecret, subscriptionId, tenantId)) {
        // don't overwrite the credential if it matches what we currently have so as we don't save to disk all the time
        return Optional.empty();
    }
    AzureCredentials azureCredentials = new AzureCredentials(CredentialsScope.GLOBAL, GENERATED_ID, GENERATED_DESCRIPTION, subscriptionId, clientId, clientSecret);
    azureCredentials.setTenant(tenantId);
    storeCredential(azureCredentials);
    return Optional.of(azureCredentials.getId());
}

Example 5 with AzureCredentials

use of com.microsoft.azure.util.AzureCredentials in project azure-keyvault-plugin by jenkinsci.

the class AzureKeyVaultCredentialRetriever method getCredentialById.

@CheckForNull
public static TokenCredential getCredentialById(String credentialID, Run<?, ?> build) {
    TokenCredential credential;
    AzureBaseCredentials cred = CredentialsProvider.findCredentialById(credentialID, AzureBaseCredentials.class, build);
    if (cred == null) {
        throw new AzureKeyVaultException(String.format("Credential: %s was not found", credentialID));
    }
    if (cred instanceof AzureCredentials) {
        LOGGER.log(Level.FINE, format("Fetched %s as AzureCredentials", credentialID));
        CredentialsProvider.track(build, cred);
        AzureCredentials azureCredentials = (AzureCredentials) cred;
        credential = new ClientSecretCredentialBuilder().clientId(azureCredentials.getClientId()).clientSecret(azureCredentials.getPlainClientSecret()).httpClient(HttpClientRetriever.get()).tenantId(azureCredentials.getTenant()).build();
    } else if (cred instanceof AzureImdsCredentials) {
        credential = new ManagedIdentityCredentialBuilder().build();
    } else {
        throw new AzureKeyVaultException("Could not determine the type for Secret id " + credentialID + " only 'Azure Service Principal' and 'Azure Managed Identity' are supported");
    }
    return credential;
}