Example 1 with AzureImdsCredentials
use of com.microsoft.azure.util.AzureImdsCredentials in project azure-keyvault-plugin by jenkinsci.
the class AzureKeyVaultGlobalConfiguration method resolveCredentialIdFromEnvironment.
private Optional<String> resolveCredentialIdFromEnvironment() {
// directly lookup the credential so that we don't get a stackoverflow due to credential provider
Optional<Credentials> optionalCredentials = SystemCredentialsProvider.getInstance().getCredentials().stream().filter(credentials -> (credentials instanceof AzureCredentials || credentials instanceof AzureImdsCredentials) && ((IdCredentials) credentials).getId().equals(GENERATED_ID)).findAny();
String uami = getPropertyByEnvOrSystemProperty("AZURE_KEYVAULT_UAMI_ENABLED", "jenkins.azure-keyvault.uami.enabled").orElse("false");
AzureBaseCredentials credentials;
if (uami.equals("true")) {
if (optionalCredentials.isPresent() && optionalCredentials.get() instanceof AzureImdsCredentials) {
// don't overwrite the credential if it matches what we currently have so as we don't save to disk all the time
return Optional.empty();
}
credentials = new AzureImdsCredentials(CredentialsScope.GLOBAL, GENERATED_ID, GENERATED_DESCRIPTION);
storeCredential(credentials);
return Optional.of(credentials.getId());
}
String clientId = getPropertyByEnvOrSystemProperty("AZURE_KEYVAULT_SP_CLIENT_ID", "jenkins.azure-keyvault.sp.client_id").orElse("false");
if (clientId.equals("false")) {
return Optional.empty();
}
String clientSecret = getPropertyByEnvOrSystemProperty("AZURE_KEYVAULT_SP_CLIENT_SECRET", "jenkins.azure-keyvault.sp.client_secret").orElseThrow(IllegalArgumentException::new);
String subscriptionId = getPropertyByEnvOrSystemProperty("AZURE_KEYVAULT_SP_SUBSCRIPTION_ID", "jenkins.azure-keyvault.sp.subscription_id").orElseThrow(IllegalArgumentException::new);
String tenantId = getPropertyByEnvOrSystemProperty("AZURE_KEYVAULT_SP_TENANT_ID", "jenkins.azure-keyvault.sp.tenant_id").orElseThrow(IllegalArgumentException::new);
if (optionalCredentials.isPresent() && optionalCredentials.get() instanceof AzureCredentials && azureCredentialIsEqual((AzureCredentials) optionalCredentials.get(), clientId, clientSecret, subscriptionId, tenantId)) {
// don't overwrite the credential if it matches what we currently have so as we don't save to disk all the time
return Optional.empty();
}
AzureCredentials azureCredentials = new AzureCredentials(CredentialsScope.GLOBAL, GENERATED_ID, GENERATED_DESCRIPTION, subscriptionId, clientId, clientSecret);
azureCredentials.setTenant(tenantId);
storeCredential(azureCredentials);
return Optional.of(azureCredentials.getId());
}
Also used :
Credentials(com.cloudbees.plugins.credentials.Credentials)
IdCredentials(com.cloudbees.plugins.credentials.common.IdCredentials)
SystemCredentialsProvider(com.cloudbees.plugins.credentials.SystemCredentialsProvider)
QueryParameter(org.kohsuke.stapler.QueryParameter)
AzureBaseCredentials(com.microsoft.azure.util.AzureBaseCredentials)
SecretClientCache(com.microsoft.jenkins.keyvault.SecretClientCache)
StringUtils(org.apache.commons.lang3.StringUtils)
Symbol(org.jenkinsci.Symbol)
Level(java.util.logging.Level)
AncestorInPath(org.kohsuke.stapler.AncestorInPath)
Item(hudson.model.Item)
Extension(hudson.Extension)
SecretClient(com.azure.security.keyvault.secrets.SecretClient)
CredentialsScope(com.cloudbees.plugins.credentials.CredentialsScope)
GlobalConfiguration(jenkins.model.GlobalConfiguration)
ListBoxModel(hudson.util.ListBoxModel)
FormValidation(hudson.util.FormValidation)
Jenkins(jenkins.model.Jenkins)
DataBoundSetter(org.kohsuke.stapler.DataBoundSetter)
IOException(java.io.IOException)
Logger(java.util.logging.Logger)
AzureCredentials(com.microsoft.azure.util.AzureCredentials)
POST(org.kohsuke.stapler.verb.POST)
AzureImdsCredentials(com.microsoft.azure.util.AzureImdsCredentials)
Optional(java.util.Optional)
ExtensionList(hudson.ExtensionList)
AzureCredentials(com.microsoft.azure.util.AzureCredentials)
IdCredentials(com.cloudbees.plugins.credentials.common.IdCredentials)
AzureBaseCredentials(com.microsoft.azure.util.AzureBaseCredentials)
AzureImdsCredentials(com.microsoft.azure.util.AzureImdsCredentials)
Credentials(com.cloudbees.plugins.credentials.Credentials)
IdCredentials(com.cloudbees.plugins.credentials.common.IdCredentials)
AzureBaseCredentials(com.microsoft.azure.util.AzureBaseCredentials)
AzureCredentials(com.microsoft.azure.util.AzureCredentials)
AzureImdsCredentials(com.microsoft.azure.util.AzureImdsCredentials)
Example 2 with AzureImdsCredentials
use of com.microsoft.azure.util.AzureImdsCredentials in project azure-keyvault-plugin by jenkinsci.
the class AzureKeyVaultCredentialRetriever method getCredentialById.
@CheckForNull
public static TokenCredential getCredentialById(String credentialID, Run<?, ?> build) {
TokenCredential credential;
AzureBaseCredentials cred = CredentialsProvider.findCredentialById(credentialID, AzureBaseCredentials.class, build);
if (cred == null) {
throw new AzureKeyVaultException(String.format("Credential: %s was not found", credentialID));
}
if (cred instanceof AzureCredentials) {
LOGGER.log(Level.FINE, format("Fetched %s as AzureCredentials", credentialID));
CredentialsProvider.track(build, cred);
AzureCredentials azureCredentials = (AzureCredentials) cred;
credential = new ClientSecretCredentialBuilder().clientId(azureCredentials.getClientId()).clientSecret(azureCredentials.getPlainClientSecret()).httpClient(HttpClientRetriever.get()).tenantId(azureCredentials.getTenant()).build();
} else if (cred instanceof AzureImdsCredentials) {
credential = new ManagedIdentityCredentialBuilder().build();
} else {
throw new AzureKeyVaultException("Could not determine the type for Secret id " + credentialID + " only 'Azure Service Principal' and 'Azure Managed Identity' are supported");
}
return credential;
}
Also used :
AzureCredentials(com.microsoft.azure.util.AzureCredentials)
ClientSecretCredentialBuilder(com.azure.identity.ClientSecretCredentialBuilder)
AzureBaseCredentials(com.microsoft.azure.util.AzureBaseCredentials)
AzureImdsCredentials(com.microsoft.azure.util.AzureImdsCredentials)
TokenCredential(com.azure.core.credential.TokenCredential)
ManagedIdentityCredentialBuilder(com.azure.identity.ManagedIdentityCredentialBuilder)
CheckForNull(javax.annotation.CheckForNull)
Aggregations
AzureBaseCredentials (com.microsoft.azure.util.AzureBaseCredentials)2
AzureCredentials (com.microsoft.azure.util.AzureCredentials)2
AzureImdsCredentials (com.microsoft.azure.util.AzureImdsCredentials)2
TokenCredential (com.azure.core.credential.TokenCredential)1
ClientSecretCredentialBuilder (com.azure.identity.ClientSecretCredentialBuilder)1
ManagedIdentityCredentialBuilder (com.azure.identity.ManagedIdentityCredentialBuilder)1
SecretClient (com.azure.security.keyvault.secrets.SecretClient)1
Credentials (com.cloudbees.plugins.credentials.Credentials)1
CredentialsScope (com.cloudbees.plugins.credentials.CredentialsScope)1
SystemCredentialsProvider (com.cloudbees.plugins.credentials.SystemCredentialsProvider)1
IdCredentials (com.cloudbees.plugins.credentials.common.IdCredentials)1
SecretClientCache (com.microsoft.jenkins.keyvault.SecretClientCache)1
Extension (hudson.Extension)1
ExtensionList (hudson.ExtensionList)1
Item (hudson.model.Item)1
FormValidation (hudson.util.FormValidation)1
ListBoxModel (hudson.util.ListBoxModel)1
IOException (java.io.IOException)1
Optional (java.util.Optional)1
Level (java.util.logging.Level)1
