com.cloudbees.plugins.credentials.domains.HostnameRequirement Java Examples

/**
 * Plugins that want to refer to a {@link IdCredentials} should do so via ID string,
 * and use this method to resolve it and convert to {@link DockerRegistryToken}.
 *
 * Implements the logic {@link CredentialsProvider#findCredentialById(String, Class, Run, DomainRequirement...)}
 * but for an {@link Item}.
 *
 * @param context
 *       If you are a build step trying to access DockerHub in the context of a build/job,
 *       specify that job. Otherwise null. If you are scoped to something else, you might
 *       have to interact with {@link CredentialsProvider} directly.
 *
 * @deprecated Call {@link #getToken(Run)}
 */
@Deprecated
public @CheckForNull DockerRegistryToken getToken(Item context) {
    if (credentialsId == null) {
        return null;
    }

    // as a build step, your access to credentials are constrained by what the build
    // can access, hence Jenkins.getAuthentication()

    List<DomainRequirement> requirements = Collections.emptyList();
    try {
        requirements = Collections.<DomainRequirement>singletonList(new HostnameRequirement(getEffectiveUrl().getHost()));
    } catch (IOException e) {
        // shrug off this error and move on. We are matching with ID anyway.
        LOGGER.log(Level.FINE, "Unable to add domain requirement for endpoint URL", e);
    }

    // look for subtypes that know how to create a token, such as Google Container Registry
    return AuthenticationTokens.convert(DockerRegistryToken.class, firstOrNull(CredentialsProvider.lookupCredentials(
            IdCredentials.class, context, Jenkins.getAuthentication(), requirements),
            allOf(AuthenticationTokens.matcher(DockerRegistryToken.class), withId(credentialsId))));
}
 

/**
 * Plugins that want to refer to a {@link IdCredentials} should do so via ID string,
 * and use this method to resolve it and convert to {@link DockerRegistryToken}.
 *
 * @param context
 *       If you are a build step trying to access DockerHub in the context of a build/job,
 *       specify that build. Otherwise null. If you are scoped to something else, you might
 *       have to interact with {@link CredentialsProvider} directly.
 */
@CheckForNull DockerRegistryToken getToken(@CheckForNull Run context) {
    if (credentialsId == null) {
        return null;
    }

    List<DomainRequirement> requirements = Collections.emptyList();
    try {
        requirements = Collections.<DomainRequirement>singletonList(new HostnameRequirement(getEffectiveUrl().getHost()));
    } catch (IOException e) {
        LOGGER.log(Level.FINE, "Unable to add domain requirement for endpoint URL", e);
    }

    return AuthenticationTokens.convert(DockerRegistryToken.class,
            CredentialsProvider.findCredentialById(credentialsId, IdCredentials.class, context, requirements));
}
 

/**
 * Removes any hostname or hostname:port requirements.
 *
 * @return {@code this}.
 */
@NonNull
public GitURIRequirementsBuilder withoutHostname() {
    for (Iterator<DomainRequirement> iterator = requirements.iterator(); iterator.hasNext(); ) {
        DomainRequirement r = iterator.next();
        if (r instanceof HostnameRequirement) {
            iterator.remove();
        }
    }
    return this;
}
 

/**
 * Replace any hostname or hostname:port requirements with the supplied hostname and port.
 *
 * @param hostname the hostname to use as a requirement or (@code null} to not add any requirement
 * @param port     the port or {@code -1} to not add {@link com.cloudbees.plugins.credentials.domains.HostnamePortRequirement}s
 * @return {@code this}.
 */
@NonNull
public GitURIRequirementsBuilder withHostnamePort(@CheckForNull String hostname, int port) {
    withoutHostname();
    withoutHostnamePort();
    if (hostname != null) {
        requirements.add(new HostnameRequirement(hostname));
        if (port != -1) {
            requirements.add(new HostnamePortRequirement(hostname, port));
        }
    }
    return this;
}
 

@Test
@Issue("JENKINS-53188")
public void getCredentialsWhenUserExistedButNotAccessible() {
    PowerMockito.mockStatic(Jenkins.class);
    PowerMockito.when(Jenkins.get()).thenReturn(jenkins);
    PowerMockito.when(Jenkins.getInstance()).thenReturn(jenkins);
    PowerMockito.when(Jenkins.getActiveInstance()).thenReturn(jenkins);
    when(jenkins.getSecurityRealm()).thenReturn(SecurityRealm.NO_AUTHENTICATION);

    PowerMockito.mockStatic(User.class);
    // Make sure we return a user, cause it did once exist
    PowerMockito.when(User.get(anyString(), anyBoolean(), any())).thenReturn(user);

    Domain domain = BlueOceanCredentialsProvider.createDomain("api.github.com");
    BlueOceanCredentialsProvider blueOceanCredentialsProvider = new BlueOceanCredentialsProvider();
    BlueOceanCredentialsProvider.FolderPropertyImpl prop = new BlueOceanCredentialsProvider.FolderPropertyImpl(
        "halkeye",
        "halkeye",
        domain
    );
    when(folder.getProperties()).thenReturn(describableList);
    when(describableList.get(BlueOceanCredentialsProvider.FolderPropertyImpl.class)).thenReturn(prop);

    // Should be empty when trying to impersonate and grab credentials though
    List<StandardUsernameCredentials> credentials = blueOceanCredentialsProvider.getCredentials(
        StandardUsernameCredentials.class,
        (ItemGroup) folder,
        ACL.SYSTEM,
        new ArrayList<DomainRequirement>(Arrays.asList(
            new SchemeRequirement("https"),
            new HostnameRequirement("api.github.com"),
            new PathRequirement("/")
        ))
    );
    assertEquals(Collections.emptyList(), credentials);

    List<Credentials> storeCredentials = prop.getStore().getCredentials(domain);
    assertEquals(Collections.emptyList(), storeCredentials);


}