package io.jenkins.plugins.gitlabbranchsource; import com.cloudbees.jenkins.plugins.sshcredentials.SSHUserPrivateKey; import com.cloudbees.plugins.credentials.CredentialsMatchers; import com.cloudbees.plugins.credentials.CredentialsProvider; import com.cloudbees.plugins.credentials.common.StandardListBoxModel; import com.cloudbees.plugins.credentials.common.StandardUsernameCredentials; import com.cloudbees.plugins.credentials.domains.URIRequirementBuilder; import edu.umd.cs.findbugs.annotations.CheckForNull; import edu.umd.cs.findbugs.annotations.NonNull; import hudson.Extension; import hudson.Util; import hudson.model.Item; import hudson.model.Queue; import hudson.plugins.git.GitSCM; import hudson.scm.SCM; import hudson.security.ACL; import hudson.util.ListBoxModel; import jenkins.model.Jenkins; import jenkins.plugins.git.GitSCMBuilder; import jenkins.scm.api.SCMSource; import jenkins.scm.api.trait.SCMBuilder; import jenkins.scm.api.trait.SCMSourceContext; import jenkins.scm.api.trait.SCMSourceTrait; import jenkins.scm.api.trait.SCMSourceTraitDescriptor; import org.kohsuke.accmod.Restricted; import org.kohsuke.accmod.restrictions.NoExternalUse; import org.kohsuke.stapler.AncestorInPath; import org.kohsuke.stapler.DataBoundConstructor; import org.kohsuke.stapler.QueryParameter; public class SSHCheckoutTrait extends SCMSourceTrait { @CheckForNull private final String credentialsId; @DataBoundConstructor public SSHCheckoutTrait(String credentialsId) { this.credentialsId = Util.fixEmpty(credentialsId); } @CheckForNull public final String getCredentialsId() { return credentialsId; } @Override protected void decorateBuilder(SCMBuilder<?, ?> builder) { ((GitSCMBuilder<?>) builder).withCredentials(credentialsId); } @Extension public static class DescriptorImpl extends SCMSourceTraitDescriptor { @NonNull @Override public String getDisplayName() { return "Checkout over SSH"; } @Override public Class<? extends SCMBuilder> getBuilderClass() { return GitSCMBuilder.class; } @Override public Class<? extends SCMSourceContext> getContextClass() { return GitLabSCMSourceContext.class; } @Override public Class<? extends SCMSource> getSourceClass() { return GitLabSCMSource.class; } @Override public Class<? extends SCM> getScmClass() { return GitSCM.class; } @Restricted(NoExternalUse.class) @SuppressWarnings("unused") // stapler form binding public ListBoxModel doFillCredentialsIdItems(@CheckForNull @AncestorInPath Item context, @QueryParameter String serverUrl, @QueryParameter String credentialsId) { StandardListBoxModel result = new StandardListBoxModel(); if (context == null) { if (!Jenkins.get().hasPermission(Jenkins.ADMINISTER)) { // must have admin if you want the list without a context result.includeCurrentValue(credentialsId); return result; } } else { if (!context.hasPermission(Item.EXTENDED_READ) && !context.hasPermission(CredentialsProvider.USE_ITEM)) { // must be able to read the configuration or use the item credentials if you want the list result.includeCurrentValue(credentialsId); return result; } } result.includeEmptyValue(); result.includeMatchingAs( context instanceof Queue.Task ? ((Queue.Task) context).getDefaultAuthentication() : ACL.SYSTEM, context, StandardUsernameCredentials.class, URIRequirementBuilder.fromUri(serverUrl).build(), CredentialsMatchers.instanceOf(SSHUserPrivateKey.class) ); return result; } } }