Search in sources :

Example 6 with InterpolatedSecretsAction

use of org.jenkinsci.plugins.workflow.cps.view.InterpolatedSecretsAction in project workflow-cps-plugin by jenkinsci.

the class DSLTest method sensitiveVariableInterpolationWithMetaStep.

@Issue("JENKINS-63254")
@Test
public void sensitiveVariableInterpolationWithMetaStep() throws Exception {
    final String credentialsId = "creds-sensitiveVariableInterpolationWithMetaStep";
    final String username = "bob";
    final String password = "secr3t";
    UsernamePasswordCredentialsImpl c = new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, credentialsId, "sample", username, password);
    CredentialsProvider.lookupStores(r.jenkins).iterator().next().addCredentials(Domain.global(), c);
    p.setDefinition(new CpsFlowDefinition("" + "node {\n" + "withCredentials([usernamePassword(credentialsId: '" + credentialsId + "', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {\n" + "archiveArtifacts(\"${PASSWORD}\")" + "}\n" + "}", true));
    WorkflowRun run = r.assertBuildStatus(Result.FAILURE, p.scheduleBuild2(0));
    r.assertLogContains("Warning: A secret was passed to \"archiveArtifacts\"", run);
    r.assertLogContains("Affected argument(s) used the following variable(s): [PASSWORD]", run);
    InterpolatedSecretsAction reportAction = run.getAction(InterpolatedSecretsAction.class);
    Assert.assertNotNull(reportAction);
    List<InterpolatedSecretsAction.InterpolatedWarnings> warnings = reportAction.getWarnings();
    MatcherAssert.assertThat(warnings.size(), is(1));
    InterpolatedSecretsAction.InterpolatedWarnings stepWarning = warnings.get(0);
    MatcherAssert.assertThat(stepWarning.getStepName(), is("archiveArtifacts"));
    MatcherAssert.assertThat(stepWarning.getInterpolatedVariables(), is(Arrays.asList("PASSWORD")));
}
Also used : Matchers.containsString(org.hamcrest.Matchers.containsString) InterpolatedSecretsAction(org.jenkinsci.plugins.workflow.cps.view.InterpolatedSecretsAction) UsernamePasswordCredentialsImpl(com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl) WorkflowRun(org.jenkinsci.plugins.workflow.job.WorkflowRun) Issue(org.jvnet.hudson.test.Issue) Test(org.junit.Test)

Example 7 with InterpolatedSecretsAction

use of org.jenkinsci.plugins.workflow.cps.view.InterpolatedSecretsAction in project workflow-cps-plugin by jenkinsci.

the class DSLTest method multipleSensitiveVariables.

@Test
public void multipleSensitiveVariables() throws Exception {
    final String credentialsId = "creds-multipleSensitiveVariables";
    final String username = "bob";
    final String password = "secr3t";
    UsernamePasswordCredentialsImpl c = new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, credentialsId, "sample", username, password);
    c.setUsernameSecret(true);
    CredentialsProvider.lookupStores(r.jenkins).iterator().next().addCredentials(Domain.global(), c);
    String shellStep = Functions.isWindows() ? "bat" : "sh";
    p.setDefinition(new CpsFlowDefinition("" + "node {\n" + "withCredentials([usernamePassword(credentialsId: '" + credentialsId + "', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {\n" + shellStep + " \"echo $PASSWORD $USERNAME $PASSWORD\"\n" + "}\n" + "}", true));
    WorkflowRun run = r.assertBuildStatusSuccess(p.scheduleBuild2(0));
    r.assertLogContains("Warning: A secret was passed to \"" + shellStep + "\"", run);
    r.assertLogContains("Affected argument(s) used the following variable(s): [PASSWORD, USERNAME]", run);
    InterpolatedSecretsAction reportAction = run.getAction(InterpolatedSecretsAction.class);
    Assert.assertNotNull(reportAction);
    List<InterpolatedSecretsAction.InterpolatedWarnings> warnings = reportAction.getWarnings();
    MatcherAssert.assertThat(warnings.size(), is(1));
    InterpolatedSecretsAction.InterpolatedWarnings stepWarning = warnings.get(0);
    MatcherAssert.assertThat(stepWarning.getStepName(), is(shellStep));
    MatcherAssert.assertThat(stepWarning.getInterpolatedVariables(), is(Arrays.asList("PASSWORD", "USERNAME")));
    LinearScanner scan = new LinearScanner();
    FlowNode node = scan.findFirstMatch(run.getExecution().getCurrentHeads().get(0), new NodeStepTypePredicate(shellStep));
    ArgumentsAction argAction = node.getPersistentAction(ArgumentsAction.class);
    Assert.assertFalse(argAction.isUnmodifiedArguments());
    MatcherAssert.assertThat(argAction.getArguments().values().iterator().next(), is("echo ${PASSWORD} ${USERNAME} ${PASSWORD}"));
}
Also used : ArgumentsAction(org.jenkinsci.plugins.workflow.actions.ArgumentsAction) NodeStepTypePredicate(org.jenkinsci.plugins.workflow.graphanalysis.NodeStepTypePredicate) Matchers.containsString(org.hamcrest.Matchers.containsString) InterpolatedSecretsAction(org.jenkinsci.plugins.workflow.cps.view.InterpolatedSecretsAction) UsernamePasswordCredentialsImpl(com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl) LinearScanner(org.jenkinsci.plugins.workflow.graphanalysis.LinearScanner) WorkflowRun(org.jenkinsci.plugins.workflow.job.WorkflowRun) FlowNode(org.jenkinsci.plugins.workflow.graph.FlowNode) Test(org.junit.Test)

Aggregations

InterpolatedSecretsAction (org.jenkinsci.plugins.workflow.cps.view.InterpolatedSecretsAction)7 Matchers.containsString (org.hamcrest.Matchers.containsString)6 WorkflowRun (org.jenkinsci.plugins.workflow.job.WorkflowRun)6 Test (org.junit.Test)6 UsernamePasswordCredentialsImpl (com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl)5 FlowNode (org.jenkinsci.plugins.workflow.graph.FlowNode)5 Issue (org.jvnet.hudson.test.Issue)5 ArgumentsAction (org.jenkinsci.plugins.workflow.actions.ArgumentsAction)4 LinearScanner (org.jenkinsci.plugins.workflow.graphanalysis.LinearScanner)4 NodeStepTypePredicate (org.jenkinsci.plugins.workflow.graphanalysis.NodeStepTypePredicate)4 Continuable (com.cloudbees.groovy.cps.Continuable)1 Outcome (com.cloudbees.groovy.cps.Outcome)1 CheckForNull (edu.umd.cs.findbugs.annotations.CheckForNull)1 NonNull (edu.umd.cs.findbugs.annotations.NonNull)1 Nullable (edu.umd.cs.findbugs.annotations.Nullable)1 SuppressFBWarnings (edu.umd.cs.findbugs.annotations.SuppressFBWarnings)1 Closure (groovy.lang.Closure)1 GString (groovy.lang.GString)1 GroovyObject (groovy.lang.GroovyObject)1 GroovyObjectSupport (groovy.lang.GroovyObjectSupport)1