private String getApiToken(String apiTokenId) { StandardCredentials credentials = CredentialsMatchers.firstOrNull( lookupCredentials(StandardCredentials.class, (Item) null, ACL.SYSTEM, new ArrayList<DomainRequirement>()), CredentialsMatchers.withId(apiTokenId)); if (credentials != null) { if (credentials instanceof GitLabApiToken) { return ((GitLabApiToken) credentials).getApiToken().getPlainText(); } if (credentials instanceof StringCredentials) { return ((StringCredentials) credentials).getSecret().getPlainText(); } } throw new IllegalStateException("No credentials found for credentialsId: " + apiTokenId); }
@Initializer(after = InitMilestone.PLUGINS_STARTED) public static void migrate() throws IOException { GitLabConnectionConfig descriptor = (GitLabConnectionConfig) Jenkins.getInstance().getDescriptor(GitLabConnectionConfig.class); for (GitLabConnection connection : descriptor.getConnections()) { if (connection.apiTokenId == null && connection.apiToken != null) { for (CredentialsStore credentialsStore : CredentialsProvider.lookupStores(Jenkins.getInstance())) { if (credentialsStore instanceof SystemCredentialsProvider.StoreImpl) { List<Domain> domains = credentialsStore.getDomains(); connection.apiTokenId = UUID.randomUUID().toString(); credentialsStore.addCredentials(domains.get(0), new GitLabApiTokenImpl(CredentialsScope.SYSTEM, connection.apiTokenId, "GitLab API Token", Secret.fromString(connection.apiToken))); } } } } descriptor.save(); } }
public static StandardUsernameCredentials lookupSystemCredentials(String credentialsId) { return CredentialsMatchers.firstOrNull( CredentialsProvider .lookupCredentials(StandardUsernameCredentials.class, Jenkins.getInstance(), ACL.SYSTEM, SSH_SCHEME), CredentialsMatchers.withId(credentialsId) ); }
/** * Stores a new credentials record (Used only during migration). * @param u The new credentials to store; * @return The Id of the new record or {@code null} on failure. * @throws IOException on error. */ public static String storeCredentials(final StandardUsernameCredentials u) throws IOException { if (null != u) { try (final ACLContext ctx = ACL.as(ACL.SYSTEM)) { final CredentialsStore s = CredentialsProvider.lookupStores(Jenkins.getInstance()).iterator().next(); s.addCredentials(Domain.global(), u); return u.getId(); } } return null; }
@CheckForNull public static StandardUsernamePasswordCredentials lookupSystemCredentials(@CheckForNull String credentialsId, @CheckForNull URL url) { if (credentialsId == null) { return null; } return CredentialsMatchers.firstOrNull( CredentialsProvider.lookupCredentials( StandardUsernamePasswordCredentials.class, Jenkins.getInstance(), ACL.SYSTEM, URIRequirementBuilder.fromUri(url != null ? url.toExternalForm() : null).build() ), CredentialsMatchers.withId(credentialsId) ); }
public FormValidation doCheckCredentialsId(@CheckForNull @AncestorInPath Item item, @QueryParameter String credentialsId, @QueryParameter String serverUrl) { if (item == null) { if (!Jenkins.getActiveInstance().hasPermission(Jenkins.ADMINISTER)) { return FormValidation.ok(); } } else if (!item.hasPermission(Item.EXTENDED_READ) && !item.hasPermission(CredentialsProvider.USE_ITEM)) { return FormValidation.ok(); } if (StringUtils.isBlank(credentialsId)) { return FormValidation.warning(Messages.NPMRegistry_DescriptorImpl_emptyCredentialsId()); } List<DomainRequirement> domainRequirement = URIRequirementBuilder.fromUri(serverUrl).build(); if (CredentialsProvider.listCredentials(StandardUsernameCredentials.class, item, getAuthentication(item), domainRequirement, CredentialsMatchers.withId(credentialsId)).isEmpty()) { return FormValidation.error(Messages.NPMRegistry_DescriptorImpl_invalidCredentialsId()); } return FormValidation.ok(); }
public ListBoxModel doFillCredentialsIdItems(@AncestorInPath ItemGroup context) { AccessControlled ac = (context instanceof AccessControlled ? (AccessControlled) context : Jenkins.getInstance()); if (!ac.hasPermission(Jenkins.ADMINISTER)) { return new ListBoxModel(); } return new SSHUserListBoxModel().withMatching(SSHAuthenticator.matcher(Connection.class), CredentialsProvider.lookupCredentials(StandardUsernameCredentials.class, context, ACL.SYSTEM, SSHLauncher.SSH_SCHEME)); } }
/** * This method is called to populate the credentials list on the Jenkins * config page. */ public ListBoxModel doFillCredentialsIdItems(@AncestorInPath ItemGroup context, @QueryParameter("target") final String target) { StandardListBoxModel result = new StandardListBoxModel(); result.includeEmptyValue(); result.withMatching(CredentialsMatchers.instanceOf(StandardCredentials.class), CredentialsProvider.lookupCredentials(StandardCredentials.class, context, ACL.SYSTEM, URIRequirementBuilder.fromUri(target).build())); return result; }
public FormValidation doCheckCredentialsId(@AncestorInPath ItemGroup context, @QueryParameter String value) { AccessControlled _context = (context instanceof AccessControlled ? (AccessControlled) context : Jenkins.getInstance()); if (_context == null || !_context.hasPermission(Computer.CONFIGURE)) { return FormValidation.ok(); // no need to alarm a user that cannot configure } for (ListBoxModel.Option o : CredentialsProvider.listCredentials(StandardUsernameCredentials.class, context, ACL.SYSTEM, Collections.<DomainRequirement>singletonList(SSHLauncher.SSH_SCHEME), SSHAuthenticator.matcher(Connection.class))) { if (StringUtils.equals(value, o.value)) { return FormValidation.ok(); } } return FormValidation.error(Messages.SSHLauncher_SelectedCredentialsMissing()); }
/** * Returns all credentials which are available to the {@link ACL#SYSTEM} {@link Authentication} * for use by the specified {@link Item}. * * @param type the type of credentials to get. * @param item the item. * @param <C> the credentials type. * @return the list of credentials. * @deprecated use {@link #lookupCredentials(Class, Item, Authentication, List)} * or {@link #lookupCredentials(Class, Item, Authentication, DomainRequirement...)} */ @Deprecated @NonNull @SuppressWarnings("unused") // API entry point for consumers public static <C extends Credentials> List<C> lookupCredentials(@NonNull Class<C> type, @Nullable Item item) { return item == null ? lookupCredentials(type, Jenkins.getInstance(), ACL.SYSTEM) : lookupCredentials(type, item, ACL.SYSTEM); }
@Restricted(DoNotUse.class) // Stapler only. @SuppressWarnings("unused") // Used by stapler. @RequirePOST public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Item item, @QueryParameter String master) { Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER); List<DomainRequirement> domainRequirements = (master == null) ? Collections.<DomainRequirement>emptyList() : URIRequirementBuilder.fromUri(master.trim()).build(); return new StandardListBoxModel().withEmptySelection().withMatching( CredentialsMatchers.instanceOf(UsernamePasswordCredentials.class), CredentialsProvider.lookupCredentials(StandardUsernamePasswordCredentials.class, item, null, domainRequirements) ); }
public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Item item, @QueryParameter String uri) { if (item == null && !Jenkins.getActiveInstance().hasPermission(Jenkins.ADMINISTER) || item != null && !item.hasPermission(Item.EXTENDED_READ)) { return new StandardListBoxModel(); } List<DomainRequirement> domainRequirements = URIRequirementBuilder.fromUri(uri).build(); domainRequirements.add(new DockerServerDomainRequirement()); return new StandardListBoxModel() .withEmptySelection() .withMatching( AuthenticationTokens.matcher(KeyMaterialFactory.class), CredentialsProvider .lookupCredentials(BASE_CREDENTIAL_TYPE, item, null, domainRequirements) ); }
/** * Returns all credentials which are available to the {@link ACL#SYSTEM} {@link Authentication} * within the {@link jenkins.model.Jenkins#getInstance()}. * * @param type the type of credentials to get. * @param <C> the credentials type. * @return the list of credentials. * @deprecated use {@link #lookupCredentials(Class, Item, Authentication, List)}, * {@link #lookupCredentials(Class, Item, Authentication, DomainRequirement...)}, * {@link #lookupCredentials(Class, ItemGroup, Authentication, List)} * or {@link #lookupCredentials(Class, ItemGroup, Authentication, DomainRequirement...)} */ @Deprecated @NonNull @SuppressWarnings("unused") // API entry point for consumers public static <C extends Credentials> List<C> lookupCredentials(@NonNull Class<C> type) { return lookupCredentials(type, (Item) null, ACL.SYSTEM); }
public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Item item) { if (item == null && !Jenkins.getActiveInstance().hasPermission(Jenkins.ADMINISTER) || item != null && !item.hasPermission(Item.EXTENDED_READ)) { return new StandardListBoxModel(); } // TODO may also need to specify a specific authentication and domain requirements return new StandardListBoxModel() .withEmptySelection() .withMatching(AuthenticationTokens.matcher(DockerRegistryToken.class), CredentialsProvider.lookupCredentials( StandardCredentials.class, item, null, Collections.<DomainRequirement>emptyList() ) ); }
@RequirePOST public ListBoxModel doFillCredentialsIdItems(@AncestorInPath ItemGroup context) { AccessControlled ac = (context instanceof AccessControlled ? (AccessControlled) context : Jenkins.getInstance()); if (!ac.hasPermission(Jenkins.ADMINISTER)) { return new ListBoxModel(); } List<StandardCredentials> credentials = CredentialsProvider.lookupCredentials(StandardCredentials.class, context, ACL.SYSTEM, Collections.emptyList()); return new CredentialsListBoxModel() .includeEmptyValue() .withMatching(CredentialsMatchers.always(), credentials); }
public FormValidation doCheckCredentialsId(@AncestorInPath ItemGroup context, @AncestorInPath AccessControlled _context, @QueryParameter String host, @QueryParameter String port, @QueryParameter String value) { Jenkins jenkins = Jenkins.getInstance(); if ((_context == jenkins && !jenkins.hasPermission(Computer.CREATE)) || (_context != jenkins && !_context.hasPermission(Computer.CONFIGURE))) { return FormValidation.ok(); // no need to alarm a user that cannot configure } try { int portValue = Integer.parseInt(port); for (ListBoxModel.Option o : CredentialsProvider .listCredentials(StandardUsernameCredentials.class, context, ACL.SYSTEM, Collections.singletonList( new HostnamePortRequirement(host, portValue) ), SSHAuthenticator.matcher(Connection.class))) { if (StringUtils.equals(value, o.value)) { return FormValidation.ok(); } } } catch (NumberFormatException e) { return FormValidation.warning(e, Messages.SSHLauncher_PortNotANumber()); } return FormValidation.error(Messages.SSHLauncher_SelectedCredentialsMissing()); }
public static ListBoxModel doFillCredentialsIdItems(String endpointUrl) { return new StandardListBoxModel() .withEmptySelection() .withMatching( CredentialsMatchers.anyOf(CredentialsMatchers.instanceOf(TokenCredentialsImpl.class), CredentialsMatchers.instanceOf(UsernamePasswordCredentials.class)), CredentialsProvider.lookupCredentials(StandardCredentials.class, Jenkins.getInstance(), ACL.SYSTEM, URIRequirementBuilder.fromUri(endpointUrl).build())); }
/** * Exposes the {@link CredentialsStore} instances available to the {@link #getContext()}. * * @return the {@link CredentialsStore} instances available to the {@link #getContext()}. */ @NonNull public List<CredentialsStore> getParentStores() { List<CredentialsStore> result = new ArrayList<CredentialsStore>(); for (CredentialsStore s : CredentialsProvider.lookupStores(getContext())) { if (context != s.getContext() && s.hasPermission(CredentialsProvider.VIEW)) { result.add(s); } } return result; }
@BeforeClass public static void setup() throws Exception { CredentialsStore store = CredentialsProvider.lookupStores(j.jenkins).iterator().next(); String usernamePasswordCredentialsId = "FOOcredentials"; UsernamePasswordCredentialsImpl usernamePassword = new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, usernamePasswordCredentialsId, "sample", usernamePasswordUsername, usernamePasswordPassword); store.addCredentials(Domain.global(), usernamePassword); StringCredentialsImpl mixedEnvCred1 = new StringCredentialsImpl(CredentialsScope.GLOBAL, mixedEnvCred1Id, "test", Secret.fromString(mixedEnvCred1Secret)); store.addCredentials(Domain.global(), mixedEnvCred1); UsernamePasswordCredentialsImpl mixedEnvCred2 = new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, mixedEnvCred2Id, "sample", mixedEnvCred2U, mixedEnvCred2P); store.addCredentials(Domain.global(), mixedEnvCred2); StringCredentialsImpl mixedEnvCred3 = new StringCredentialsImpl(CredentialsScope.GLOBAL, mixedEnvCred3Id, "test", Secret.fromString(mixedEnvCred3Secret)); store.addCredentials(Domain.global(), mixedEnvCred3); FileCredentialsImpl fileCred = new FileCredentialsImpl(CredentialsScope.GLOBAL, fileCredId, "test", fileCredName, SecretBytes.fromBytes(fileCredContent.getBytes())); store.addCredentials(Domain.global(), fileCred); FileCredentialsImpl otherFileCred = new FileCredentialsImpl(CredentialsScope.GLOBAL, otherFileCredId, "test", otherFileCredName, SecretBytes.fromBytes(otherFileCredContent.getBytes())); store.addCredentials(Domain.global(), otherFileCred); folder = j.jenkins.createProject(Folder.class, "testFolder"); folder.addProperty(new FolderCredentialsProvider.FolderCredentialsProperty(new DomainCredentials[0])); j.configRoundtrip(folder); CredentialsStore folderStore = folder.getProperties().get(FolderCredentialsProvider.FolderCredentialsProperty.class).getStore(); StringCredentialsImpl sc = new StringCredentialsImpl(CredentialsScope.GLOBAL, mixedEnvCred1Id, "test", Secret.fromString(mixedEnvInFolderCred1Secret)); folderStore.addCredentials(Domain.global(), sc); UsernamePasswordCredentialsImpl c = new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, mixedEnvCred2Id, "sample", mixedEnvInFoldercred2U, mixedEnvInFolderCred2P); folderStore.addCredentials(Domain.global(), c); SSHUserPrivateKey k = new BasicSSHUserPrivateKey(CredentialsScope.GLOBAL, "sshCred1", "bobby", new BasicSSHUserPrivateKey.DirectEntryPrivateKeySource("abc123"), null, "sample"); store.addCredentials(Domain.global(), k); }
private SVNRepositoryView openSession(SVNURL repoURL) throws SVNException, IOException { return new SVNRepositoryView(repoURL, credentialsId == null ? null : CredentialsMatchers .firstOrNull(CredentialsProvider.lookupCredentials(StandardCredentials.class, getOwner(), ACL.SYSTEM, URIRequirementBuilder.fromUri(repoURL.toString()).build()), CredentialsMatchers.allOf(CredentialsMatchers.withId(credentialsId), CredentialsMatchers.anyOf(CredentialsMatchers.instanceOf(StandardCredentials.class), CredentialsMatchers.instanceOf(SSHUserPrivateKey.class))))); }