Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

jep-227 downstream usage #357

Merged
merged 2 commits into from
Nov 1, 2023
Merged

jep-227 downstream usage #357

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5f0a3b4
jep-227 downstream API usage
Vlatombe Oct 26, 2023
1da0249
Pick up release
jglick Nov 1, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,11 @@
<scope>import</scope>
<type>pom</type>
</dependency>
<dependency>
<groupId>org.jenkins-ci.plugins</groupId>
<artifactId>credentials</artifactId>
<version>1307.v3757c78f17c3</version>
</dependency>
</dependencies>
</dependencyManagement>

Expand Down
45 changes: 16 additions & 29 deletions src/main/java/com/cloudbees/hudson/plugins/folder/properties/FolderCredentialsProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@
import hudson.model.ModelObject;
import hudson.security.ACL;
import hudson.security.ACLContext;
import hudson.security.AccessDeniedException2;
import hudson.security.AccessDeniedException3;
import hudson.security.Permission;
import hudson.util.CopyOnWriteMap;
import hudson.util.ListBoxModel;
Expand All @@ -69,11 +69,11 @@
import jenkins.model.Jenkins;
import net.jcip.annotations.GuardedBy;
import net.sf.json.JSONObject;
import org.acegisecurity.Authentication;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.StaplerRequest;
import org.springframework.security.core.Authentication;

/**
* A store of credentials that can be used as a Stapler object.
Expand Down Expand Up @@ -102,27 +102,14 @@
return super.getScopes(object);
}

/**
* {@inheritDoc}
*/
@NonNull
@Override
public <C extends Credentials> List<C> getCredentials(@NonNull Class<C> type, @Nullable ItemGroup itemGroup,
@Nullable Authentication authentication) {
return getCredentials(type, itemGroup, authentication, Collections.emptyList());
Comment on lines -110 to -112
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fewer overloads to deal with 👍

}

/**
* {@inheritDoc}
*/
@NonNull
@Override
public <C extends Credentials> List<C> getCredentials(@NonNull Class<C> type, @Nullable ItemGroup itemGroup,
public <C extends Credentials> List<C> getCredentialsInItemGroup(@NonNull Class<C> type, @Nullable ItemGroup itemGroup,
@Nullable Authentication authentication,
@NonNull List<DomainRequirement> domainRequirements) {
List<C> result = new ArrayList<>();
Set<String> ids = new HashSet<>();
if (ACL.SYSTEM.equals(authentication)) {
if (ACL.SYSTEM2.equals(authentication)) {
while (itemGroup != null) {
if (itemGroup instanceof AbstractFolder) {
final AbstractFolder<?> folder = AbstractFolder.class.cast(itemGroup);
Expand Down Expand Up @@ -156,29 +143,29 @@
*/
@NonNull
@Override
public <C extends Credentials> List<C> getCredentials(@NonNull Class<C> type, @NonNull Item item,
public <C extends Credentials> List<C> getCredentialsInItem(@NonNull Class<C> type, @NonNull Item item,
@Nullable Authentication authentication,
@NonNull List<DomainRequirement> domainRequirements) {
if (item instanceof AbstractFolder) {
// credentials defined in the folder should be available in the context of the folder
return getCredentials(type, (ItemGroup) item, authentication, domainRequirements);
return getCredentialsInItemGroup(type, (ItemGroup) item, authentication, domainRequirements);

Check warning on line 151 in src/main/java/com/cloudbees/hudson/plugins/folder/properties/FolderCredentialsProvider.java

View check run for this annotation

ci.jenkins.io / Code Coverage

Not covered line 

Line 151 is not covered by tests
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

clearer 👍

}
return super.getCredentials(type, item, authentication, domainRequirements);
return super.getCredentialsInItem(type, item, authentication, domainRequirements);
}

/**
* {@inheritDoc}
*/
@NonNull
@Override
public <C extends IdCredentials> ListBoxModel getCredentialIds(@NonNull Class<C> type,
public <C extends IdCredentials> ListBoxModel getCredentialIdsInItemGroup(@NonNull Class<C> type,
@Nullable ItemGroup itemGroup,
@Nullable Authentication authentication,
@NonNull List<DomainRequirement> domainRequirements,
@NonNull CredentialsMatcher matcher) {
ListBoxModel result = new ListBoxModel();
Set<String> ids = new HashSet<>();
if (ACL.SYSTEM.equals(authentication)) {
if (ACL.SYSTEM2.equals(authentication)) {

Check warning on line 168 in src/main/java/com/cloudbees/hudson/plugins/folder/properties/FolderCredentialsProvider.java

View check run for this annotation

ci.jenkins.io / Code Coverage

Partially covered line 

Line 168 is only partially covered, one branch is missing
while (itemGroup != null) {
if (itemGroup instanceof AbstractFolder) {
final AbstractFolder<?> folder = AbstractFolder.class.cast(itemGroup);
Expand Down Expand Up @@ -210,189 +197,189 @@
*/
@NonNull
@Override
public <C extends IdCredentials> ListBoxModel getCredentialIds(@NonNull Class<C> type, @NonNull Item item,
public <C extends IdCredentials> ListBoxModel getCredentialIdsInItem(@NonNull Class<C> type, @NonNull Item item,
@Nullable Authentication authentication,
@NonNull List<DomainRequirement> domainRequirements,
@NonNull CredentialsMatcher matcher) {
if (item instanceof AbstractFolder) {
// credentials defined in the folder should be available in the context of the folder
return getCredentialIds(type, (ItemGroup) item, authentication, domainRequirements, matcher);
return getCredentialIdsInItemGroup(type, (ItemGroup) item, authentication, domainRequirements, matcher);
}
return getCredentialIds(type, item.getParent(), authentication, domainRequirements, matcher);
return getCredentialIdsInItemGroup(type, item.getParent(), authentication, domainRequirements, matcher);
}

/**
* {@inheritDoc}
*/
@Override
public CredentialsStore getStore(@CheckForNull ModelObject object) {
if (object instanceof AbstractFolder) {
final AbstractFolder<?> folder = AbstractFolder.class.cast(object);
FolderCredentialsProperty property = folder.getProperties().get(FolderCredentialsProperty.class);
if (property != null) {
return property.getStore();
}
synchronized (emptyProperties) {
property = emptyProperties.get(folder);
if (property == null) {
property = new FolderCredentialsProperty(folder);
emptyProperties.put(folder, property);
}
}
return property.getStore();
}
return null;
}

/**
* {@inheritDoc}
*/
@Override
public String getIconClassName() {
return "icon-folder-store";
}

/**
* Our property.
*/
public static class FolderCredentialsProperty extends AbstractFolderProperty<AbstractFolder<?>> {

/**
* Old store of credentials
*
* @deprecated
*/
@Deprecated
private transient List<Credentials> credentials;

/**
* Our credentials.
*
* @since 3.10
*/
private Map<Domain, List<Credentials>> domainCredentialsMap =
new CopyOnWriteMap.Hash<>();

/**
* Our store.
*/
private transient StoreImpl store = new StoreImpl();

/*package*/ FolderCredentialsProperty(AbstractFolder<?> owner) {
setOwner(owner);
domainCredentialsMap = DomainCredentials.migrateListToMap(null, null);
}

/**
* Backwards compatibility.
*
* @param credentials the credentials.
* @deprecated
*/
@Deprecated
public FolderCredentialsProperty(List<Credentials> credentials) {
domainCredentialsMap = DomainCredentials.migrateListToMap(domainCredentialsMap, credentials);
}

/**
* Constructor for stapler.
*
* @param domainCredentials the credentials.
* @since 1.5
*/
@DataBoundConstructor
public FolderCredentialsProperty(DomainCredentials[] domainCredentials) {
domainCredentialsMap = DomainCredentials.asMap(Arrays.asList(domainCredentials));
}

/**
* Resolve old data store into new data store.
*
* @since 1.5
*/
@SuppressFBWarnings(value = "IS2_INCONSISTENT_SYNC", justification = "Only unprotected during deserialization")
@SuppressWarnings("deprecation")
private Object readResolve() throws ObjectStreamException {
if (domainCredentialsMap == null) {
domainCredentialsMap = DomainCredentials.migrateListToMap(domainCredentialsMap, credentials);
credentials = null;
}
return this;
}

public <C extends Credentials> List<C> getCredentials(Class<C> type) {
List<C> result = new ArrayList<>();
for (Credentials credential : getCredentials()) {
if (type.isInstance(credential)) {
result.add(type.cast(credential));
}
}
return result;
}

/**
* Gets all the folder's credentials.
*
* @return all the folder's credentials.
*/
@SuppressWarnings("unused") // used by stapler
public List<Credentials> getCredentials() {
return getDomainCredentialsMap().get(Domain.global());
}

/**
* Returns the {@link com.cloudbees.plugins.credentials.domains.DomainCredentials}
*
* @return the {@link com.cloudbees.plugins.credentials.domains.DomainCredentials}
* @since 3.10
*/
@SuppressWarnings("unused") // used by stapler
public List<DomainCredentials> getDomainCredentials() {
return DomainCredentials.asList(getDomainCredentialsMap());
}

/**
* The Map of domain credentials.
*
* @return The Map of domain credentials.
* @since 3.10
*/
@SuppressWarnings("deprecation")
@NonNull
public synchronized Map<Domain, List<Credentials>> getDomainCredentialsMap() {
return domainCredentialsMap = DomainCredentials.migrateListToMap(domainCredentialsMap, credentials);
}

/**
* Sets the map of domain credentials.
*
* @param domainCredentialsMap the map of domain credentials.
* @since 3.10
*/
public synchronized void setDomainCredentialsMap(Map<Domain, List<Credentials>> domainCredentialsMap) {
this.domainCredentialsMap = DomainCredentials.toCopyOnWriteMap(domainCredentialsMap);
}

/**
* Returns the {@link StoreImpl}.
* @return the {@link StoreImpl}.
*/
@NonNull
public synchronized StoreImpl getStore() {
if (store == null) {
store = new StoreImpl();
}
return store;
}

/**
* Short-cut method for checking {@link CredentialsStore#hasPermission(hudson.security.Permission)}
*
* @param p the permission to check.
*/
private void checkPermission(Permission p) {
if (!store.hasPermission(p)) {
throw new AccessDeniedException2(Jenkins.getAuthentication(), p);
throw new AccessDeniedException3(Jenkins.getAuthentication2(), p);

Check warning on line 382 in src/main/java/com/cloudbees/hudson/plugins/folder/properties/FolderCredentialsProvider.java

View check run for this annotation

ci.jenkins.io / Code Coverage

Not covered lines 

Lines 206-382 are not covered by tests
}
}

Expand All @@ -405,7 +392,7 @@
*/
private void checkedSave(Permission p) throws IOException {
checkPermission(p);
try (ACLContext oldContext = ACL.as(ACL.SYSTEM)) {
try (ACLContext oldContext = ACL.as2(ACL.SYSTEM2)) {
FolderCredentialsProperty property =
owner.getProperties().get(FolderCredentialsProperty.class);
if (property == null) {
Expand Down Expand Up @@ -651,8 +638,8 @@
* {@inheritDoc}
*/
@Override
public boolean hasPermission(@NonNull Authentication a, @NonNull Permission permission) {
return owner.getACL().hasPermission(a, permission);
public boolean hasPermission2(@NonNull Authentication a, @NonNull Permission permission) {
return owner.getACL().hasPermission2(a, permission);
}

/**
Expand Down
33 changes: 16 additions & 17 deletions ...st/java/com/cloudbees/hudson/plugins/folder/properties/FolderCredentialsProviderTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,6 @@
import hudson.model.FreeStyleBuild;
import hudson.model.FreeStyleProject;
import hudson.model.Item;
import hudson.model.ItemGroup;
import hudson.model.Result;
import hudson.model.User;
import hudson.security.ACL;
Expand Down Expand Up @@ -83,21 +82,21 @@ public void foldersHaveTheirOwnStore() throws Exception {
public void credentialsAvailableAtFolderScope() throws Exception {
Folder f = createFolder();
List<StandardUsernamePasswordCredentials> asGroup =
CredentialsProvider.lookupCredentials(StandardUsernamePasswordCredentials.class, (ItemGroup) f,
ACL.SYSTEM, Collections.emptyList());
CredentialsProvider.lookupCredentialsInItemGroup(StandardUsernamePasswordCredentials.class, f,
Comment on lines -86 to +85
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no cast needed for method resolution 👍

ACL.SYSTEM2, Collections.emptyList());
List<StandardUsernamePasswordCredentials> asItem =
CredentialsProvider.lookupCredentials(StandardUsernamePasswordCredentials.class, (Item) f,
ACL.SYSTEM, Collections.emptyList());
CredentialsProvider.lookupCredentialsInItem(StandardUsernamePasswordCredentials.class, f,
ACL.SYSTEM2, Collections.emptyList());
assertThat(asGroup, is(asItem));
CredentialsStore folderStore = getFolderStore(f);
UsernamePasswordCredentialsImpl credentials =
new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "test-id", "description", "test-user",
"secret");
folderStore.addCredentials(Domain.global(), credentials);
asGroup = CredentialsProvider.lookupCredentials(StandardUsernamePasswordCredentials.class, (ItemGroup) f,
ACL.SYSTEM, Collections.emptyList());
asItem = CredentialsProvider.lookupCredentials(StandardUsernamePasswordCredentials.class, (Item) f,
ACL.SYSTEM, Collections.emptyList());
asGroup = CredentialsProvider.lookupCredentialsInItemGroup(StandardUsernamePasswordCredentials.class, f,
ACL.SYSTEM2, Collections.emptyList());
asItem = CredentialsProvider.lookupCredentialsInItem(StandardUsernamePasswordCredentials.class, f,
ACL.SYSTEM2, Collections.emptyList());
assertThat(asGroup, is(asItem));
assertThat(asGroup, hasItem(credentials));
assertThat(asItem, hasItem(credentials));
Expand All @@ -107,11 +106,11 @@ public void credentialsAvailableAtFolderScope() throws Exception {
public void credentialsListableAtFolderScope() throws Exception {
Folder f = createFolder();
ListBoxModel asGroup =
CredentialsProvider.listCredentials(StandardUsernamePasswordCredentials.class, (ItemGroup) f,
ACL.SYSTEM, Collections.emptyList(), CredentialsMatchers.always());
CredentialsProvider.listCredentialsInItemGroup(StandardUsernamePasswordCredentials.class, f,
ACL.SYSTEM2, Collections.emptyList(), CredentialsMatchers.always());
ListBoxModel asItem =
CredentialsProvider.listCredentials(StandardUsernamePasswordCredentials.class, (Item) f,
ACL.SYSTEM, Collections.emptyList(), CredentialsMatchers.always());
CredentialsProvider.listCredentialsInItem(StandardUsernamePasswordCredentials.class, f,
ACL.SYSTEM2, Collections.emptyList(), CredentialsMatchers.always());
assertThat(asGroup, is(asItem));
assertThat(asGroup.size(), is(0));
assertThat(asItem.size(), is(0));
Expand All @@ -120,10 +119,10 @@ public void credentialsListableAtFolderScope() throws Exception {
new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "test-id", "description", "test-user",
"secret");
folderStore.addCredentials(Domain.global(), credentials);
asGroup = CredentialsProvider.listCredentials(StandardUsernamePasswordCredentials.class, (ItemGroup) f,
ACL.SYSTEM, Collections.emptyList(), CredentialsMatchers.always());
asItem = CredentialsProvider.listCredentials(StandardUsernamePasswordCredentials.class, (Item) f,
ACL.SYSTEM, Collections.emptyList(), CredentialsMatchers.always());
asGroup = CredentialsProvider.listCredentialsInItemGroup(StandardUsernamePasswordCredentials.class, f,
ACL.SYSTEM2, Collections.emptyList(), CredentialsMatchers.always());
asItem = CredentialsProvider.listCredentialsInItem(StandardUsernamePasswordCredentials.class, f,
ACL.SYSTEM2, Collections.emptyList(), CredentialsMatchers.always());
assertThat(asGroup.size(), is(1));
assertThat(asGroup.get(0).value, is("test-id"));
assertThat(asItem.size(), is(1));
Expand Down