Skip to content

Commit

Permalink
Merge pull request jenkinsci#166 from jonesbusy/feature/expand-creden…
Browse files Browse the repository at this point in the history
…tials-id

Fix jenkinsci#138 by expanding credentials ID
  • Loading branch information
jonesbusy authored Dec 21, 2023
2 parents e6759d5 + 8247eaf commit 29a7f9b
Show file tree
Hide file tree
Showing 4 changed files with 99 additions and 5 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -274,12 +274,17 @@ public void perform(
invocation.setCredentials(
StringUtils.isNotBlank(credentialsId)
? CredentialsProvider.findCredentialById(
credentialsId, StandardUsernameCredentials.class, run)
run.getEnvironment(listener).expand(credentialsId),
StandardUsernameCredentials.class,
run)
: null,
copyCredentialsInWorkspace);
invocation.setVaultCredentials(
StringUtils.isNotBlank(vaultCredentialsId)
? CredentialsProvider.findCredentialById(vaultCredentialsId, StandardCredentials.class, run)
? CredentialsProvider.findCredentialById(
run.getEnvironment(listener).expand(vaultCredentialsId),
StandardCredentials.class,
run)
: null);
invocation.setVaultTmpPath(
StringUtils.isNotBlank(vaultTmpPath) ? new FilePath(new File(vaultTmpPath)) : null);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -131,12 +131,17 @@ public void perform(
invocation.setAction(action);
invocation.setVaultCredentials(
StringUtils.isNotBlank(vaultCredentialsId)
? CredentialsProvider.findCredentialById(vaultCredentialsId, StandardCredentials.class, run)
? CredentialsProvider.findCredentialById(
run.getEnvironment(listener).expand(vaultCredentialsId),
StandardCredentials.class,
run)
: null);
invocation.setNewVaultCredentials(
StringUtils.isNotBlank(newVaultCredentialsId)
? CredentialsProvider.findCredentialById(
newVaultCredentialsId, StandardCredentials.class, run)
run.getEnvironment(listener).expand(newVaultCredentialsId),
StandardCredentials.class,
run)
: null);
invocation.setVaultTmpPath(
StringUtils.isNotBlank(vaultTmpPath) ? new FilePath(new File(vaultTmpPath)) : null);
Expand Down
Original file line number Diff line number Diff line change
@@ -1,16 +1,34 @@
package org.jenkinsci.plugins.ansible.jobdsl;

import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.allOf;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.isA;
import static org.hamcrest.Matchers.notNullValue;

import static org.junit.Assume.assumeFalse;

import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.CredentialsStore;
import com.cloudbees.plugins.credentials.domains.Domain;
import hudson.model.FreeStyleBuild;
import hudson.model.FreeStyleProject;
import hudson.model.ParameterValue;
import hudson.model.ParametersAction;
import hudson.model.StringParameterValue;
import hudson.util.Secret;
import java.util.ArrayList;
import java.util.List;
import org.apache.commons.lang3.SystemUtils;
import org.hamcrest.Matcher;
import org.jenkinsci.plugins.ansible.AnsibleAdHocCommandBuilder;
import org.jenkinsci.plugins.ansible.AnsiblePlaybookBuilder;
import org.jenkinsci.plugins.ansible.AnsibleVaultBuilder;
import org.jenkinsci.plugins.ansible.InventoryContent;
import org.jenkinsci.plugins.ansible.InventoryPath;
import org.jenkinsci.plugins.plaincredentials.StringCredentials;
import org.jenkinsci.plugins.plaincredentials.impl.StringCredentialsImpl;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.RuleChain;
Expand All @@ -21,6 +39,7 @@
*/
public class JobDslIntegrationTest {
public static final String ANSIBLE_DSL_GROOVY_PLAYBOOK = "jobdsl/playbook.groovy";
public static final String ANSIBLE_DSL_GROOVY_EXPANDER = "jobdsl/expander.groovy";
public static final String ANSIBLE_DSL_GROOVY_SECURITY_630 = "jobdsl/security630.groovy";
public static final String ANSIBLE_DSL_GROOVY_PLAYBOOK_LEGACY = "jobdsl/legacyPlaybook.groovy";
public static final String ANSIBLE_DSL_GROOVY_ADHOC = "jobdsl/adhoc.groovy";
Expand Down Expand Up @@ -69,6 +88,48 @@ public void shouldCreateJobWithPlaybookDsl() throws Exception {
assertThat("extraVar.hidden", step.extraVars.get(0).isHidden(), is(true));
}

@Test
@DslJobRule.WithJobDsl(ANSIBLE_DSL_GROOVY_EXPANDER)
public void shouldCreateJobWithVarExpander() throws Exception {

assumeFalse(SystemUtils.IS_OS_WINDOWS);

// Add credentials
StringCredentials vaultCredentials = new StringCredentialsImpl(
CredentialsScope.GLOBAL,
"vaultCredentialsString",
"test username password",
Secret.fromString("test-secret"));
StringCredentials credentials = new StringCredentialsImpl(
CredentialsScope.GLOBAL, "credentialsString", "test credentials", Secret.fromString("test"));
CredentialsStore store =
CredentialsProvider.lookupStores(jenkins.jenkins).iterator().next();
store.addCredentials(Domain.global(), vaultCredentials);
store.addCredentials(Domain.global(), credentials);

// Create job via jobdsl with var expander
AnsiblePlaybookBuilder step = dsl.getGeneratedJob().getBuildersList().get(AnsiblePlaybookBuilder.class);
assertThat("Should add playbook builder", step, notNullValue());
assertThat("playbook", step.playbook, is("playbook.yml"));
assertThat("inventory", step.inventory, (Matcher) isA(InventoryPath.class));
assertThat("vaultCredentialsId", step.vaultCredentialsId, is("${vault_credentials_id}"));
assertThat("credentialsId", step.credentialsId, is("${credentials_id}"));

List<ParameterValue> parameters = new ArrayList<>();
parameters.add(new StringParameterValue("inventory_repository", "inventory"));
parameters.add(new StringParameterValue("vault_credentials_id", "vaultCredentialsString"));
parameters.add(new StringParameterValue("credentials_id", "credentialsString"));
ParametersAction parametersAction = new ParametersAction(parameters);

FreeStyleProject freeStyleProject = jenkins.getInstance().getItemByFullName("ansible", FreeStyleProject.class);
FreeStyleBuild build =
freeStyleProject.scheduleBuild2(0, parametersAction).get();
assertThat(
build.getLog(),
allOf(containsString(
"ansible-playbook playbook.yml -i inventory/inventory.yml -f 5 --vault-password-file ")));
}

@Test
@DslJobRule.WithJobDsl(ANSIBLE_DSL_GROOVY_PLAYBOOK_LEGACY)
public void shouldCreateJobWithLegacyPlaybookDsl() throws Exception {
Expand Down
23 changes: 23 additions & 0 deletions src/test/resources/jobdsl/expander.groovy
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
job('ansible') {
steps {
shell('''cat > playbook.yml << EOL
- hosts: localhost
connection: local
gather_facts: no
tasks:
- debug: msg=test
EOL
''')
shell('mkdir -p inventory')
ansiblePlaybook('playbook.yml') {
inventoryPath('${inventory_repository}/inventory.yml')
vaultCredentialsId('${vault_credentials_id}')
credentialsId('${credentials_id}')
}
}
parameters {
stringParam('inventory_repository')
stringParam('vault_credentials_id')
stringParam('credentials_id')
}
}

0 comments on commit 29a7f9b

Please sign in to comment.