public StandardCredentials getGitCredentials() { if (overrideCredentials) { return new UsernamePasswordCredentialsImpl(null, null, "release staging Git credentials", username, password); } return null; }
public static String createCredentials(String serverAPIUrl, String username, String password) throws Exception { String description = serverAPIUrl + " GitHub auto generated Username password credentials"; UsernamePasswordCredentialsImpl credentials = new UsernamePasswordCredentialsImpl( CredentialsScope.GLOBAL, UUID.randomUUID().toString(), description, username, password); return createCredentials(serverAPIUrl, credentials); }
@Override public StandardUsernamePasswordCredentials getCredentials(final String collectionUri) { final StandardUsernamePasswordCredentials credentials = new UsernamePasswordCredentialsImpl( CredentialsScope.GLOBAL, null, null, this.userName, this.password.getPlainText() ); return credentials; }
@Override public StandardCredentials toCredentials(String description) { return new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, null, description, userName, getPassword()); }
/** * Converts old identity/credential new UsernamePassword credential-plugin record. * @param description The for the credentials record. * @param identity The old identity (AKA username). * @param credential The old credential (AKA password). * @return The Id of the newly created credential-plugin record. */ public static String convertCredentials(final String description, final String identity, final Secret credential) { StandardUsernameCredentials u = new UsernamePasswordCredentialsImpl( CredentialsScope.SYSTEM, null, description, identity, Secret.toString(credential)); try { return CredentialsHelper.storeCredentials(u); } catch (IOException e) { LOGGER.warning(String.format("Error while migrating identity/credentials: %s", e.getMessage())); } return null; }
public static String setCredentials(final String hostName, String username, String password) { List<DomainSpecification> domainSpecifications = new ArrayList<>(); domainSpecifications.add(new HostnameSpecification(hostName, null)); Domain domain = new Domain("Generated for " + hostName, "", domainSpecifications); SystemCredentialsProvider.getInstance().getDomainCredentialsMap().put(domain, new ArrayList<Credentials>()); String credentialsId; StandardUsernamePasswordCredentials newCredential = new UsernamePasswordCredentialsImpl( CredentialsScope.GLOBAL, credentialsId = UUID.randomUUID().toString(), "Generated for " + username, username, password ); SystemCredentialsProvider.getInstance().getDomainCredentialsMap().get(domain).add(newCredential); try { SystemCredentialsProvider.getInstance().save(); } catch (IOException ex) { LOGGER.log(Level.WARNING, "SystemCredentialsProvider instance save failed: ", ex); } return credentialsId; }
private String createCredentials(String username, String password) { String credentialId = name + "_" + username; try{ StandardCredentials credential = retrieveCredential(credentialId); if (credential != null) { return StringUtils.EMPTY; } UsernamePasswordCredentialsImpl migrateCredential = new UsernamePasswordCredentialsImpl( CredentialsScope.GLOBAL, name + "_" + username, "Migrated Coverity Credential", username, password); CredentialsStore store = CredentialsProvider.lookupStores(Jenkins.getInstance()).iterator().next(); store.addCredentials(Domain.global(), migrateCredential); } catch (IOException ioe) { logger.warning("Migrating username and password into credentials encountered IOException" + "\nPlease try to resolve this issue by adding credentials manually"); return StringUtils.EMPTY; } return credentialId; }
private void addUsernamePasswordCredential(List<Credentials> globalCredentials, UsernamePassword secret) throws IOException { globalCredentials.add(new UsernamePasswordCredentialsImpl( CredentialsScope.GLOBAL, id(secret.getId()), secret.getId(), secret.getUsername(), secret.getPassword())); }
private Object readResolve() { return new UsernamePasswordCredentialsImpl(getScope(), getId(), getDescription(), getUsername(), getPassword().getEncryptedValue()); }
@Test public void credentialsAvailableAtFolderScope() throws Exception { Folder f = createFolder(); List<StandardUsernamePasswordCredentials> asGroup = CredentialsProvider.lookupCredentials(StandardUsernamePasswordCredentials.class, (ItemGroup) f, ACL.SYSTEM, Collections.emptyList()); List<StandardUsernamePasswordCredentials> asItem = CredentialsProvider.lookupCredentials(StandardUsernamePasswordCredentials.class, (Item) f, ACL.SYSTEM, Collections.emptyList()); assertThat(asGroup, is(asItem)); CredentialsStore folderStore = getFolderStore(f); UsernamePasswordCredentialsImpl credentials = new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "test-id", "description", "test-user", "secret"); folderStore.addCredentials(Domain.global(), credentials); asGroup = CredentialsProvider.lookupCredentials(StandardUsernamePasswordCredentials.class, (ItemGroup) f, ACL.SYSTEM, Collections.emptyList()); asItem = CredentialsProvider.lookupCredentials(StandardUsernamePasswordCredentials.class, (Item) f, ACL.SYSTEM, Collections.emptyList()); assertThat(asGroup, is(asItem)); assertThat(asGroup, hasItem(credentials)); assertThat(asItem, hasItem(credentials)); }
@Test public void doFillCredentialsIdItemsWithoutJobWhenAdmin() throws Exception { r.jenkins.setSecurityRealm(r.createDummySecurityRealm()); ProjectMatrixAuthorizationStrategy as = new ProjectMatrixAuthorizationStrategy(); as.add(Jenkins.ADMINISTER, "alice"); r.jenkins.setAuthorizationStrategy(as); final UsernamePasswordCredentialsImpl c = new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, null, "test", "bob", "s3cr3t"); CredentialsProvider.lookupStores(r.jenkins).iterator().next().addCredentials(Domain.global(), c); ACL.impersonate(User.get("alice").impersonate(), new Runnable() { @Override public void run() { ListBoxModel options = r.jenkins.getDescriptorByType(MercurialSCM.DescriptorImpl.class).doFillCredentialsIdItems(null, "http://nowhere.net/"); assertEquals(CredentialsNameProvider.name(c), options.get(1).name); } }); }
@Test public void docker() throws Exception { StandardUsernamePasswordCredentials credentials = new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "ContainerExecDecoratorPipelineTest-docker", "bob", "username", "secret_password"); SystemCredentialsProvider.getInstance().getCredentials().add(credentials); WorkflowJob p = r.jenkins.createProject(WorkflowJob.class, "docker"); p.setDefinition(new CpsFlowDefinition(loadPipelineScript("docker.groovy"), true)); containerExecLogs.capture(1000); WorkflowRun b = p.scheduleBuild2(0).waitForStart(); assertNotNull(b); r.waitForCompletion(b); r.assertLogContains("Wrote authentication to /home/jenkins/.dockercfg", b); // check that we don't accidentally start exporting sensitive info to the build log r.assertLogNotContains("secret_password", b); // check that we don't accidentally start exporting sensitive info to the Jenkins log assertFalse("credential leaked to log", containerExecLogs.getMessages().stream().anyMatch(msg -> msg.contains("secret_password"))); } }
/** * There was a bug that credentials stored in the remote call context was serialized wrongly. */ @Issue("JENKINS-8061") @Test public void remoteBuild() throws Exception { Proc p = runSvnServe(SubversionSCMTest.class.getResource("HUDSON-1379.zip")); try { SystemCredentialsProvider.getInstance().setDomainCredentialsMap(Collections.singletonMap(Domain.global(), Arrays.<Credentials>asList( new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "1-alice", null, "alice", "alice") ) )); FreeStyleProject b = r.createFreeStyleProject(); b.setScm(new SubversionSCM("svn://localhost/bob", "1-alice", ".")); b.setAssignedNode(r.createSlave()); FreeStyleBuild run = r.buildAndAssertSuccess(b); /* TODO runSvnServe not guaranteed to use port 3690; otherwise this works: assertLogContains(Messages.CredentialsSVNAuthenticationProviderImpl_sole_credentials("alice/******", "<svn://localhost:3690> 8a677b3a-1c61-4b23-9212-1bf3c3d713a7"), run); */ } finally { p.kill(); } } }
@Issue("SECURITY-158") @Test public void doFillCredentialsIdItems() throws Exception { r.jenkins.setSecurityRealm(r.createDummySecurityRealm()); ProjectMatrixAuthorizationStrategy as = new ProjectMatrixAuthorizationStrategy(); as.add(Jenkins.READ, "alice"); as.add(Jenkins.READ, "bob"); r.jenkins.setAuthorizationStrategy(as); FreeStyleProject p1 = r.createFreeStyleProject("p1"); FreeStyleProject p2 = r.createFreeStyleProject("p2"); p2.addProperty(new AuthorizationMatrixProperty(Collections.singletonMap(Item.CONFIGURE, Collections.singleton("bob")))); UsernamePasswordCredentialsImpl c = new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, null, "test", "bob", "s3cr3t"); CredentialsProvider.lookupStores(r.jenkins).iterator().next().addCredentials(Domain.global(), c); assertCredentials("alice", null); assertCredentials("alice", p1); assertCredentials("alice", p2); assertCredentials("bob", null); assertCredentials("bob", p1); assertCredentials("bob", p2, c); } private void assertCredentials(String user, final Job<?,?> owner, Credentials... expected) {
@Test public void given_folderCredential_when_builtAsSystem_then_credentialFound() throws Exception { Folder f = createFolder(); CredentialsStore folderStore = getFolderStore(f); folderStore.addCredentials(Domain.global(), new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "foo-manchu", "Dr. Fu Manchu", "foo", "manchu")); FreeStyleProject prj = f.createProject(FreeStyleProject.class, "job"); prj.getBuildersList().add(new HasCredentialBuilder("foo-manchu")); r.buildAndAssertSuccess(prj); }
@Issue("SECURITY-303") @Test public void credentialsAccess() throws Exception { r.jenkins.setSecurityRealm(r.createDummySecurityRealm()); r.jenkins.setAuthorizationStrategy(new MockAuthorizationStrategy(). grant(Jenkins.READ, Item.READ, Item.BUILD, Item.CONFIGURE).everywhere().to("devlead"). grant(Jenkins.READ, Item.READ, Item.BUILD).everywhere().to("user")); SystemCredentialsProvider.getInstance().setDomainCredentialsMap(Collections.singletonMap(Domain.global(), Collections.<Credentials>singletonList( new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "svncreds", null, "svn", "s3cr3t")))); r.createFreeStyleProject("p"); assertSniff("devlead", "svn:s3cr3t", /* server response is bad, Jenkins should say so */ false); assertSniff("user", null, /* Jenkins should not even try to connect, pretend it is OK */ true); } private void assertSniff(String user, String sniffed, boolean ok) throws Exception {
@BeforeClass public static void setUpAgent() throws Exception { s = j.createOnlineSlave(); s.setLabelString("some-label docker"); s.getNodeProperties().add(new EnvironmentVariablesNodeProperty(new EnvironmentVariablesNodeProperty.Entry("ONAGENT", "true"), new EnvironmentVariablesNodeProperty.Entry("WHICH_AGENT", "first"))); s.setNumExecutors(2); s2 = j.createOnlineSlave(); s2.setLabelString("other-docker"); s2.getNodeProperties().add(new EnvironmentVariablesNodeProperty(new EnvironmentVariablesNodeProperty.Entry("ONAGENT", "true"), new EnvironmentVariablesNodeProperty.Entry("WHICH_AGENT", "second"))); //setup credentials for docker registry CredentialsStore store = CredentialsProvider.lookupStores(j.jenkins).iterator().next(); password = System.getProperty("docker.password"); if(password != null) { UsernamePasswordCredentialsImpl globalCred = new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "dockerhub", "real", "jtaboada", password); store.addCredentials(Domain.global(), globalCred); } }
@BeforeClass public static void setUpAgentAndCreds() throws Exception { s = j.createOnlineSlave(); s.setLabelString("some-label docker here"); s.getNodeProperties().add(new EnvironmentVariablesNodeProperty(new EnvironmentVariablesNodeProperty.Entry("ONAGENT", "true"), new EnvironmentVariablesNodeProperty.Entry("WHICH_AGENT", "first"))); s.setNumExecutors(2); s2 = j.createOnlineSlave(); s2.setLabelString("other-docker"); s2.getNodeProperties().add(new EnvironmentVariablesNodeProperty(new EnvironmentVariablesNodeProperty.Entry("ONAGENT", "true"), new EnvironmentVariablesNodeProperty.Entry("WHICH_AGENT", "second"))); CredentialsStore store = CredentialsProvider.lookupStores(j.jenkins).iterator().next(); String usernamePasswordCredentialsId = "FOOcredentials"; UsernamePasswordCredentialsImpl usernamePassword = new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, usernamePasswordCredentialsId, "sample", usernamePasswordUsername, usernamePasswordPassword); store.addCredentials(Domain.global(), usernamePassword); }
@Test public void credentialsUsernamePasswordTest() throws Exception { UsernamePasswordCredentialsImpl credentials = new UsernamePasswordCredentialsImpl( CredentialsScope.GLOBAL, "", "", "testuser", "testpassword"); HgExe hgexe = new HgExe( this.mercurialInstallation, credentials, this.launcher, j.jenkins, this.listener, this.vars); ArgumentListBuilder b = hgexe.seed(false); assertEquals(new ArgumentListBuilder( "hg", "--config", "auth.jenkins.prefix=*", "--config", "auth.jenkins.username=testuser", "--config", "auth.jenkins.password=testpassword", "--config", "auth.jenkins.schemes=http https") .toList(), b.toList()); assertEquals(new ArgumentListBuilder( "hg", "--config", "auth.jenkins.prefix=*", "--config", "******", "--config", "******", "--config", "auth.jenkins.schemes=http https").toString(), b.toString()); hgexe.close(); }
@Test public void given_folderCredential_when_builtAsUserWithoutUseItem_then_credentialNotFound() throws Exception { Folder f = createFolder(); CredentialsStore folderStore = getFolderStore(f); folderStore.addCredentials(Domain.global(), new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "foo-manchu", "Dr. Fu Manchu", "foo", "manchu")); FreeStyleProject prj = f.createProject(FreeStyleProject.class, "job"); prj.getBuildersList().add(new HasCredentialBuilder("foo-manchu")); JenkinsRule.DummySecurityRealm realm = r.createDummySecurityRealm(); r.jenkins.setSecurityRealm(realm); MockAuthorizationStrategy strategy = new MockAuthorizationStrategy(); strategy.grant(Item.BUILD).everywhere().to("bob"); strategy.grant(Computer.BUILD).everywhere().to("bob"); r.jenkins.setAuthorizationStrategy(strategy); HashMap<String, Authentication> jobsToUsers = new HashMap<String, Authentication>(); jobsToUsers.put(prj.getFullName(), User.get("bob").impersonate()); MockQueueItemAuthenticator authenticator = new MockQueueItemAuthenticator(jobsToUsers); QueueItemAuthenticatorConfiguration.get().getAuthenticators().clear(); QueueItemAuthenticatorConfiguration.get().getAuthenticators().add(authenticator); r.assertBuildStatus(Result.FAILURE, prj.scheduleBuild2(0).get()); }