Example 66 with User
use of hudson.model.User in project blueocean-plugin by jenkinsci.
the class GithubPipelineCreateRequest method create.
@SuppressWarnings("unchecked")
@Override
public BluePipeline create(Reachable parent) throws IOException {
String apiUrl = null;
//default
String orgName = getName();
String credentialId = null;
StringBuilder sb = new StringBuilder();
List<String> repos = new ArrayList<>();
if (scmConfig != null) {
apiUrl = StringUtils.defaultIfBlank(scmConfig.getUri(), GithubScm.DEFAULT_API_URI);
if (scmConfig.getConfig().get("orgName") instanceof String) {
orgName = (String) scmConfig.getConfig().get("orgName");
}
credentialId = scmConfig.getCredentialId();
if (scmConfig != null && scmConfig.getConfig().get("repos") instanceof List) {
for (String r : (List<String>) scmConfig.getConfig().get("repos")) {
sb.append(String.format("(%s\\b)?", r));
repos.add(r);
}
}
}
User authenticatedUser = User.current();
if (authenticatedUser == null) {
throw new ServiceException.UnauthorizedException("Must login to create a pipeline");
}
TopLevelItem item = null;
try {
if (credentialId != null) {
validateCredentialId(credentialId, apiUrl);
}
item = create(Jenkins.getInstance(), getName(), DESCRIPTOR, CustomOrganizationFolderDescriptor.class);
if (item instanceof OrganizationFolder) {
if (credentialId != null) {
//Find domain attached to this credentialId, if present check if it's BlueOcean specific domain then
//add the properties otherwise simply use it
Domain domain = CredentialsUtils.findDomain(credentialId, authenticatedUser);
if (domain == null) {
//this should not happen since validateCredentialId found the credential
throw new ServiceException.BadRequestExpception(new ErrorMessage(400, "Failed to create pipeline").add(new ErrorMessage.Error("scm.credentialId", ErrorMessage.Error.ErrorCodes.INVALID.toString(), "No domain in user credentials found for credentialId: " + scmConfig.getCredentialId())));
}
if (domain.test(new BlueOceanDomainRequirement())) {
((OrganizationFolder) item).addProperty(new BlueOceanCredentialsProvider.FolderPropertyImpl(authenticatedUser.getId(), credentialId, BlueOceanCredentialsProvider.createDomain(apiUrl)));
}
}
GitHubSCMNavigator gitHubSCMNavigator = new GitHubSCMNavigator(apiUrl, orgName, credentialId, credentialId);
if (sb.length() > 0) {
gitHubSCMNavigator.setPattern(sb.toString());
}
// cick of github scan build
OrganizationFolder organizationFolder = (OrganizationFolder) item;
organizationFolder.getNavigators().replace(gitHubSCMNavigator);
if (repos.size() == 1) {
SCMSourceEvent.fireNow(new SCMSourceEventImpl(repos.get(0), item, apiUrl, gitHubSCMNavigator));
} else {
organizationFolder.scheduleBuild(new Cause.UserIdCause());
}
return new GithubOrganizationFolder(organizationFolder, parent.getLink());
}
} catch (Exception e) {
String msg = String.format("Error creating pipeline %s: %s", getName(), e.getMessage());
logger.error(msg, e);
if (item != null) {
try {
item.delete();
} catch (InterruptedException e1) {
logger.error(String.format("Error creating pipeline %s: %s", getName(), e1.getMessage()), e1);
throw new ServiceException.UnexpectedErrorException("Error cleaning up pipeline " + getName() + " due to error: " + e.getMessage(), e);
}
}
if (e instanceof ServiceException) {
throw e;
}
throw new ServiceException.UnexpectedErrorException(msg, e);
}
return null;
}
Also used :
User(hudson.model.User)
ArrayList(java.util.ArrayList)
TopLevelItem(hudson.model.TopLevelItem)
Cause(hudson.model.Cause)
ArrayList(java.util.ArrayList)
List(java.util.List)
CustomOrganizationFolderDescriptor(jenkins.branch.CustomOrganizationFolderDescriptor)
OrganizationFolder(jenkins.branch.OrganizationFolder)
BlueOceanCredentialsProvider(io.jenkins.blueocean.rest.impl.pipeline.credential.BlueOceanCredentialsProvider)
GitHubSCMNavigator(org.jenkinsci.plugins.github_branch_source.GitHubSCMNavigator)
IOException(java.io.IOException)
ServiceException(io.jenkins.blueocean.commons.ServiceException)
ServiceException(io.jenkins.blueocean.commons.ServiceException)
BlueOceanDomainRequirement(io.jenkins.blueocean.rest.impl.pipeline.credential.BlueOceanDomainRequirement)
Domain(com.cloudbees.plugins.credentials.domains.Domain)
ErrorMessage(io.jenkins.blueocean.commons.ErrorMessage)
Example 67 with User
use of hudson.model.User in project blueocean-plugin by jenkinsci.
the class GithubPipelineUpdateRequest method update.
@Nonnull
@Override
public BluePipeline update(BluePipeline pipeline) throws IOException {
ACL acl = Jenkins.getInstance().getACL();
Authentication a = Jenkins.getAuthentication();
if (!acl.hasPermission(a, Item.CONFIGURE)) {
throw new ServiceException.ForbiddenException(String.format("Failed to update Git pipeline: %s. User %s doesn't have Job configure permission", pipeline.getName(), a.getName()));
}
User user = User.current();
if (user == null) {
throw new ServiceException.UnauthorizedException("User is not authenticated");
}
Item item = Jenkins.getInstance().getItemByFullName(pipeline.getFullName());
if (item instanceof OrganizationFolder) {
OrganizationFolder folder = (OrganizationFolder) item;
GitHubSCMNavigator gitHubSCMNavigator = getNavigator(folder);
if (gitHubSCMNavigator != null) {
folder.getNavigators().replace(gitHubSCMNavigator);
if (repos.size() == 1) {
SCMSourceEvent.fireNow(new GithubPipelineCreateRequest.SCMSourceEventImpl(repos.get(0), item, gitHubSCMNavigator.getApiUri(), gitHubSCMNavigator));
} else {
folder.scheduleBuild(new Cause.UserIdCause());
}
}
}
return pipeline;
}
Also used :
Item(hudson.model.Item)
User(hudson.model.User)
OrganizationFolder(jenkins.branch.OrganizationFolder)
Authentication(org.acegisecurity.Authentication)
Cause(hudson.model.Cause)
ACL(hudson.security.ACL)
GitHubSCMNavigator(org.jenkinsci.plugins.github_branch_source.GitHubSCMNavigator)
Nonnull(javax.annotation.Nonnull)
Example 68 with User
use of hudson.model.User in project blueocean-plugin by jenkinsci.
the class GithubOrgFolderTest method shouldFindUserStoreCredential.
@Test
public void shouldFindUserStoreCredential() throws IOException {
//add username password credential to user's credential store in user domain and in USER scope
User user = login();
CredentialsStore store = null;
for (CredentialsStore s : CredentialsProvider.lookupStores(user)) {
if (s.hasPermission(CredentialsProvider.CREATE) && s.hasPermission(CredentialsProvider.UPDATE)) {
store = s;
break;
}
}
assertNotNull(store);
store.addDomain(new Domain("github-domain", "Github Domain to store personal access token", Collections.<DomainSpecification>singletonList(new BlueOceanDomainSpecification())));
Domain domain = store.getDomainByName("github-domain");
StandardUsernamePasswordCredentials credential = new UsernamePasswordCredentialsImpl(CredentialsScope.USER, "github", "Github Access Token", user.getId(), "12345");
store.addCredentials(domain, credential);
//create another credentials with same id in system store with different description
for (CredentialsStore s : CredentialsProvider.lookupStores(Jenkins.getInstance())) {
s.addCredentials(Domain.global(), new UsernamePasswordCredentialsImpl(CredentialsScope.USER, "github", "System Github Access Token", user.getId(), "12345"));
}
//create org folder and attach user and credential id to it
OrganizationFolder organizationFolder = j.createProject(OrganizationFolder.class, "demo");
AbstractFolderProperty prop = new BlueOceanCredentialsProvider.FolderPropertyImpl(user.getId(), credential.getId(), BlueOceanCredentialsProvider.createDomain("https://api.github.com"));
organizationFolder.addProperty(prop);
// lookup for created credential id in system store, it should resolve to previously created user store credential
StandardCredentials c = Connector.lookupScanCredentials(organizationFolder, "https://api.github.com", credential.getId());
assertEquals("Github Access Token", c.getDescription());
assertNotNull(c);
assertTrue(c instanceof StandardUsernamePasswordCredentials);
StandardUsernamePasswordCredentials usernamePasswordCredentials = (StandardUsernamePasswordCredentials) c;
assertEquals(credential.getId(), usernamePasswordCredentials.getId());
assertEquals(credential.getPassword().getPlainText(), usernamePasswordCredentials.getPassword().getPlainText());
assertEquals(credential.getUsername(), usernamePasswordCredentials.getUsername());
//check the domain
Domain d = CredentialsUtils.findDomain(credential.getId(), user);
assertNotNull(d);
assertTrue(d.test(new BlueOceanDomainRequirement()));
//now remove this property
organizationFolder.getProperties().remove(prop);
//it must resolve to system credential
c = Connector.lookupScanCredentials(organizationFolder, null, credential.getId());
assertEquals("System Github Access Token", c.getDescription());
}
Also used :
StandardUsernamePasswordCredentials(com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials)
User(hudson.model.User)
OrganizationFolder(jenkins.branch.OrganizationFolder)
BlueOceanDomainRequirement(io.jenkins.blueocean.rest.impl.pipeline.credential.BlueOceanDomainRequirement)
CredentialsStore(com.cloudbees.plugins.credentials.CredentialsStore)
BlueOceanDomainSpecification(io.jenkins.blueocean.rest.impl.pipeline.credential.BlueOceanDomainSpecification)
Domain(com.cloudbees.plugins.credentials.domains.Domain)
UsernamePasswordCredentialsImpl(com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl)
StandardCredentials(com.cloudbees.plugins.credentials.common.StandardCredentials)
BlueOceanDomainSpecification(io.jenkins.blueocean.rest.impl.pipeline.credential.BlueOceanDomainSpecification)
DomainSpecification(com.cloudbees.plugins.credentials.domains.DomainSpecification)
AbstractFolderProperty(com.cloudbees.hudson.plugins.folder.AbstractFolderProperty)
PipelineBaseTest(io.jenkins.blueocean.rest.impl.pipeline.PipelineBaseTest)
Test(org.junit.Test)
Example 69 with User
use of hudson.model.User in project blueocean-plugin by jenkinsci.
the class JwtImplTest method getToken.
@Test
public void getToken() throws Exception {
j.jenkins.setSecurityRealm(j.createDummySecurityRealm());
User user = j.jenkins.getUser("alice");
user.setFullName("Alice Cooper");
user.addProperty(new Mailer.UserProperty("alice@jenkins-ci.org"));
JenkinsRule.WebClient webClient = j.createWebClient();
webClient.login("alice");
Page page = webClient.goTo("jwt-auth/token/", null);
String token = page.getWebResponse().getResponseHeaderValue("X-BLUEOCEAN-JWT");
Assert.assertNotNull(token);
JsonWebStructure jsonWebStructure = JsonWebStructure.fromCompactSerialization(token);
Assert.assertTrue(jsonWebStructure instanceof JsonWebSignature);
JsonWebSignature jsw = (JsonWebSignature) jsonWebStructure;
System.out.println(token);
System.out.println(jsw.toString());
String kid = jsw.getHeader("kid");
Assert.assertNotNull(kid);
page = webClient.goTo("jwt-auth/jwks/" + kid + "/", "application/json");
// for(NameValuePair valuePair: page.getWebResponse().getResponseHeaders()){
// System.out.println(valuePair);
// }
JSONObject jsonObject = JSONObject.fromObject(page.getWebResponse().getContentAsString());
System.out.println(jsonObject.toString());
RsaJsonWebKey rsaJsonWebKey = new RsaJsonWebKey(jsonObject, null);
JwtConsumer jwtConsumer = new JwtConsumerBuilder().setRequireExpirationTime().setAllowedClockSkewInSeconds(// allow some leeway in validating time based claims to account for clock skew
30).setRequireSubject().setVerificationKey(// verify the sign with the public key
rsaJsonWebKey.getKey()).build();
JwtClaims claims = jwtConsumer.processToClaims(token);
Assert.assertEquals("alice", claims.getSubject());
Map<String, Object> claimMap = claims.getClaimsMap();
Map<String, Object> context = (Map<String, Object>) claimMap.get("context");
Map<String, String> userContext = (Map<String, String>) context.get("user");
Assert.assertEquals("alice", userContext.get("id"));
Assert.assertEquals("Alice Cooper", userContext.get("fullName"));
Assert.assertEquals("alice@jenkins-ci.org", userContext.get("email"));
}
Also used :
User(hudson.model.User)
JwtClaims(org.jose4j.jwt.JwtClaims)
JwtConsumerBuilder(org.jose4j.jwt.consumer.JwtConsumerBuilder)
Mailer(hudson.tasks.Mailer)
Page(com.gargoylesoftware.htmlunit.Page)
JenkinsRule(org.jvnet.hudson.test.JenkinsRule)
JsonWebSignature(org.jose4j.jws.JsonWebSignature)
JSONObject(net.sf.json.JSONObject)
JwtConsumer(org.jose4j.jwt.consumer.JwtConsumer)
JSONObject(net.sf.json.JSONObject)
RsaJsonWebKey(org.jose4j.jwk.RsaJsonWebKey)
Map(java.util.Map)
JsonWebStructure(org.jose4j.jwx.JsonWebStructure)
Test(org.junit.Test)
Example 70 with User
use of hudson.model.User in project blueocean-plugin by jenkinsci.
the class GitPipelineCreateRequest method create.
@Override
public BluePipeline create(Reachable parent) throws IOException {
User authenticatedUser = User.current();
if (authenticatedUser == null) {
throw new ServiceException.UnauthorizedException("Must login to create a pipeline");
}
String sourceUri = scmConfig.getUri();
if (sourceUri == null) {
throw new ServiceException.BadRequestExpception(new ErrorMessage(400, "Failed to create Git pipeline:" + getName()).add(new ErrorMessage.Error("scmConfig.uri", ErrorMessage.Error.ErrorCodes.MISSING.toString(), "uri is required")));
}
TopLevelItem item = create(Jenkins.getInstance(), getName(), MODE, MultiBranchProjectDescriptor.class);
if (item instanceof WorkflowMultiBranchProject) {
WorkflowMultiBranchProject project = (WorkflowMultiBranchProject) item;
if (StringUtils.isNotBlank(scmConfig.getCredentialId())) {
Domain domain = CredentialsUtils.findDomain(scmConfig.getCredentialId(), authenticatedUser);
if (domain == null) {
throw new ServiceException.BadRequestExpception(new ErrorMessage(400, "Failed to create pipeline").add(new ErrorMessage.Error("scm.credentialId", ErrorMessage.Error.ErrorCodes.INVALID.toString(), "No domain in user credentials found for credentialId: " + scmConfig.getCredentialId())));
}
if (domain.test(new BlueOceanDomainRequirement())) {
//this is blueocean specific domain
project.addProperty(new BlueOceanCredentialsProvider.FolderPropertyImpl(authenticatedUser.getId(), scmConfig.getCredentialId(), BlueOceanCredentialsProvider.createDomain(sourceUri)));
}
}
String credentialId = StringUtils.defaultString(scmConfig.getCredentialId());
project.getSourcesList().add(new BranchSource(new GitSCMSource(null, sourceUri, credentialId, "*", "", false)));
project.scheduleBuild(new Cause.UserIdCause());
return new MultiBranchPipelineImpl(project);
} else {
try {
// we don't know about this project type
item.delete();
} catch (InterruptedException e) {
throw new ServiceException.UnexpectedErrorException("Failed to delete pipeline: " + getName());
}
}
return null;
}
Also used :
MultiBranchPipelineImpl(io.jenkins.blueocean.rest.impl.pipeline.MultiBranchPipelineImpl)
User(hudson.model.User)
BlueOceanCredentialsProvider(io.jenkins.blueocean.rest.impl.pipeline.credential.BlueOceanCredentialsProvider)
TopLevelItem(hudson.model.TopLevelItem)
GitSCMSource(jenkins.plugins.git.GitSCMSource)
BranchSource(jenkins.branch.BranchSource)
WorkflowMultiBranchProject(org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject)
ServiceException(io.jenkins.blueocean.commons.ServiceException)
BlueOceanDomainRequirement(io.jenkins.blueocean.rest.impl.pipeline.credential.BlueOceanDomainRequirement)
Cause(hudson.model.Cause)
ErrorMessage(io.jenkins.blueocean.commons.ErrorMessage)
Domain(com.cloudbees.plugins.credentials.domains.Domain)
Aggregations
User (hudson.model.User)105
Test (org.junit.Test)71
Map (java.util.Map)42
ImmutableMap (com.google.common.collect.ImmutableMap)38
PipelineBaseTest (io.jenkins.blueocean.rest.impl.pipeline.PipelineBaseTest)26
Mailer (hudson.tasks.Mailer)24
ServiceException (io.jenkins.blueocean.commons.ServiceException)21
StaplerRequest (org.kohsuke.stapler.StaplerRequest)14
MultiBranchProject (jenkins.branch.MultiBranchProject)13
List (java.util.List)12
JSONObject (net.sf.json.JSONObject)12
GitContent (io.jenkins.blueocean.rest.impl.pipeline.scm.GitContent)8
IOException (java.io.IOException)8
Domain (com.cloudbees.plugins.credentials.domains.Domain)7
BlueOceanDomainRequirement (io.jenkins.blueocean.rest.impl.pipeline.credential.BlueOceanDomainRequirement)7
Authentication (org.acegisecurity.Authentication)7
CredentialsStore (com.cloudbees.plugins.credentials.CredentialsStore)6
StandardUsernamePasswordCredentials (com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials)6
BufferedReader (java.io.BufferedReader)6
StringReader (java.io.StringReader)6
