public ListBoxModel doFillCredentialsIdItems( @AncestorInPath Item context, @QueryParameter String remote, @QueryParameter String credentialsId) { if (context == null && !Jenkins.getActiveInstance().hasPermission(Jenkins.ADMINISTER) || context != null && !context.hasPermission(Item.EXTENDED_READ)) { return new StandardListBoxModel().includeCurrentValue(credentialsId); } return new StandardListBoxModel() .includeEmptyValue() .includeMatchingAs( context instanceof Queue.Task ? Tasks.getAuthenticationOf((Queue.Task) context) : ACL.SYSTEM, context, StandardUsernameCredentials.class, URIRequirementBuilder.fromUri(remote).build(), GitClient.CREDENTIALS_MATCHER) .includeCurrentValue(credentialsId); }
@Restricted(NoExternalUse.class) public ListBoxModel doFillCheckoutCredentialsIdItems(@AncestorInPath SCMSourceOwner context, @QueryParameter String connectionName, @QueryParameter String checkoutCredentialsId) { if (context == null && !Jenkins.getInstance().hasPermission(Jenkins.ADMINISTER) || context != null && !context.hasPermission(Item.EXTENDED_READ)) { return new StandardListBoxModel().includeCurrentValue(checkoutCredentialsId); } StandardListBoxModel result = new StandardListBoxModel(); result.add("- anonymous -", CHECKOUT_CREDENTIALS_ANONYMOUS); return result.includeMatchingAs( context instanceof Queue.Task ? Tasks.getDefaultAuthenticationOf((Queue.Task) context) : ACL.SYSTEM, context, StandardUsernameCredentials.class, SettingsUtils.gitLabConnectionRequirements(connectionName), GitClient.CREDENTIALS_MATCHER ); }
protected boolean isUpstreamBuildVisibleByDownstreamBuildAuth(@Nonnull WorkflowJob upstreamPipeline, @Nonnull Queue.Task downstreamPipeline) { Authentication auth = Tasks.getAuthenticationOf(downstreamPipeline); Authentication downstreamPipelineAuth; if (auth.equals(ACL.SYSTEM) && !QueueItemAuthenticatorConfiguration.get().getAuthenticators().isEmpty()) { downstreamPipelineAuth = Jenkins.ANONYMOUS; // cf. BuildTrigger } else { downstreamPipelineAuth = auth; } try (ACLContext _ = ACL.as(downstreamPipelineAuth)) { WorkflowJob upstreamPipelineObtainedAsImpersonated = Jenkins.getInstance().getItemByFullName(upstreamPipeline.getFullName(), WorkflowJob.class); boolean result = upstreamPipelineObtainedAsImpersonated != null; LOGGER.log(Level.FINE, "isUpstreamBuildVisibleByDownstreamBuildAuth({0}, {1}): taskAuth: {2}, downstreamPipelineAuth: {3}, upstreamPipelineObtainedAsImpersonated:{4}, result: {5}", new Object[]{upstreamPipeline, downstreamPipeline, auth, downstreamPipelineAuth, upstreamPipelineObtainedAsImpersonated, result}); return result; } }
@SuppressFBWarnings(value="NP_NULL_PARAM_DEREF", justification="pending https://github.com/jenkinsci/credentials-plugin/pull/68") static public ListBoxModel doFillCredentialItems(Item project, String credentialsId) { if(project == null && !Jenkins.getActiveInstance().hasPermission(Jenkins.ADMINISTER) || project != null && !project.hasPermission(Item.EXTENDED_READ)) { return new StandardListBoxModel().includeCurrentValue(credentialsId); } return new StandardListBoxModel() .includeEmptyValue() .includeMatchingAs( project instanceof Queue.Task ? Tasks.getAuthenticationOf((Queue.Task) project) : ACL.SYSTEM, project, P4BaseCredentials.class, Collections.<DomainRequirement>emptyList(), CredentialsMatchers.instanceOf(P4BaseCredentials.class)); }
/** * Populates the list of credentials in the select box in CodeScene API configuration section * Inspired by git plugin: * https://github.com/jenkinsci/git-plugin/blob/f58648e9005293ab07b2389212603ff9a460b80a/src/main/java/jenkins/plugins/git/GitSCMSource.java#L239 */ public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Jenkins context, @QueryParameter String credentialsId) { if (context == null || !context.hasPermission(Item.CONFIGURE)) { return new StandardListBoxModel().includeCurrentValue(credentialsId); } return new StandardListBoxModel() .includeEmptyValue() .includeMatchingAs( context instanceof Queue.Task ? Tasks.getAuthenticationOf((Queue.Task)context) : ACL.SYSTEM, context, StandardUsernameCredentials.class, Collections.<DomainRequirement>emptyList(), CredentialsMatchers.always()) .includeCurrentValue(credentialsId); }
public ListBoxModel doFillCredentialsIdItems(@AncestorInPath SCMSourceOwner context, @QueryParameter String serverUrl, @QueryParameter String credentialsId) { StandardListBoxModel result = new StandardListBoxModel(); if (context == null) { if (!Jenkins.getActiveInstance().hasPermission(Jenkins.ADMINISTER)) { // must have admin if you want the list without a context result.includeCurrentValue(credentialsId); return result; } } else { if (!context.hasPermission(Item.EXTENDED_READ) && !context.hasPermission(CredentialsProvider.USE_ITEM)) { // must be able to read the configuration or use the item credentials if you want the list result.includeCurrentValue(credentialsId); return result; } } result.includeEmptyValue(); result.includeMatchingAs( context instanceof Queue.Task ? Tasks.getDefaultAuthenticationOf((Queue.Task) context) : ACL.SYSTEM, context, StandardCredentials.class, URIRequirementBuilder.fromUri(serverUrl).build(), AuthenticationTokens.matcher(GiteaAuth.class) ); return result; }
public FormValidation doCheckCredentialsId(@AncestorInPath SCMSourceOwner context, @QueryParameter String serverUrl, @QueryParameter String value) throws IOException, InterruptedException { if (context == null) { if (!Jenkins.getActiveInstance().hasPermission(Jenkins.ADMINISTER)) { return FormValidation.ok(); } } else { if (!context.hasPermission(Item.EXTENDED_READ) && !context.hasPermission(CredentialsProvider.USE_ITEM)) { return FormValidation.ok(); } } GiteaServer server = GiteaServers.get().findServer(serverUrl); if (server == null) { return FormValidation.ok(); } if (StringUtils.isBlank(value)) { return FormValidation.ok(); } if (CredentialsProvider.listCredentials( StandardCredentials.class, context, context instanceof Queue.Task ? Tasks.getDefaultAuthenticationOf((Queue.Task) context) : ACL.SYSTEM, URIRequirementBuilder.fromUri(serverUrl).build(), CredentialsMatchers.allOf( CredentialsMatchers.withId(value), AuthenticationTokens.matcher(GiteaAuth.class) )).isEmpty()) { return FormValidation.error(Messages.GiteaSCMNavigator_selectedCredentialsMissing()); } return FormValidation.ok(); }
@Restricted(NoExternalUse.class) @SuppressWarnings("unused") // stapler form binding public ListBoxModel doFillCredentialsIdItems(@CheckForNull @AncestorInPath Item context, @QueryParameter String serverUrl, @QueryParameter String credentialsId) { StandardListBoxModel result = new StandardListBoxModel(); if (context == null) { if (!Jenkins.getActiveInstance().hasPermission(Jenkins.ADMINISTER)) { // must have admin if you want the list without a context result.includeCurrentValue(credentialsId); return result; } } else { if (!context.hasPermission(Item.EXTENDED_READ) && !context.hasPermission(CredentialsProvider.USE_ITEM)) { // must be able to read the configuration or use the item credentials if you want the list result.includeCurrentValue(credentialsId); return result; } } result.add(Messages.SSHCheckoutTrait_useAgentKey(), ""); result.includeMatchingAs( context instanceof Queue.Task ? Tasks.getDefaultAuthenticationOf((Queue.Task) context) : ACL.SYSTEM, context, StandardUsernameCredentials.class, URIRequirementBuilder.fromUri(serverUrl).build(), CredentialsMatchers.instanceOf(SSHUserPrivateKey.class) ); return result; }
/** * Validation for checkout credentials. * * @param context the context. * @param serverUrl the server url. * @param value the current selection. * @return the validation results */ @Restricted(NoExternalUse.class) @SuppressWarnings("unused") // stapler form binding public FormValidation doCheckCredentialsId(@CheckForNull @AncestorInPath Item context, @QueryParameter String serverUrl, @QueryParameter String value) { if (context == null ? !Jenkins.getActiveInstance().hasPermission(Jenkins.ADMINISTER) : !context.hasPermission(Item.EXTENDED_READ)) { return FormValidation.ok(); } if (StringUtils.isBlank(value)) { // use agent key return FormValidation.ok(); } if (CredentialsMatchers.firstOrNull(CredentialsProvider .lookupCredentials(SSHUserPrivateKey.class, context, context instanceof Queue.Task ? Tasks.getDefaultAuthenticationOf((Queue.Task) context) : ACL.SYSTEM, URIRequirementBuilder.fromUri(serverUrl).build()), CredentialsMatchers.withId(value)) != null) { return FormValidation.ok(); } if (CredentialsMatchers.firstOrNull(CredentialsProvider .lookupCredentials(StandardUsernameCredentials.class, context, context instanceof Queue.Task ? Tasks.getDefaultAuthenticationOf((Queue.Task) context) : ACL.SYSTEM, URIRequirementBuilder.fromUri(serverUrl).build()), CredentialsMatchers.withId(value)) != null) { return FormValidation.error(Messages.SSHCheckoutTrait_incompatibleCredentials()); } return FormValidation.warning(Messages.SSHCheckoutTrait_missingCredentials()); }
public FormValidation doCheckCredentialsId(@AncestorInPath SCMSourceOwner context, @QueryParameter String serverUrl, @QueryParameter String value) throws IOException, InterruptedException{ if (context == null) { if (!Jenkins.getActiveInstance().hasPermission(Jenkins.ADMINISTER)) { return FormValidation.ok(); } } else { if (!context.hasPermission(Item.EXTENDED_READ) && !context.hasPermission(CredentialsProvider.USE_ITEM)) { return FormValidation.ok(); } } GiteaServer server = GiteaServers.get().findServer(serverUrl); if (server == null) { return FormValidation.ok(); } if (StringUtils.isBlank(value)) { return FormValidation.ok(); } if (CredentialsProvider.listCredentials( StandardCredentials.class, context, context instanceof Queue.Task ? Tasks.getDefaultAuthenticationOf((Queue.Task) context) : ACL.SYSTEM, URIRequirementBuilder.fromUri(serverUrl).build(), CredentialsMatchers.allOf( CredentialsMatchers.withId(value), AuthenticationTokens.matcher(GiteaAuth.class) )).isEmpty()) { return FormValidation.error(Messages.GiteaSCMSource_selectedCredentialsMissing()); } return FormValidation.ok(); }
public FormValidation doCheckCredentialsId( @AncestorInPath Item context, @QueryParameter String remote, @QueryParameter String value) { if (context == null && !Jenkins.getActiveInstance().hasPermission(Jenkins.ADMINISTER) || context != null && !context.hasPermission(Item.EXTENDED_READ)) { return FormValidation.ok(); } value = Util.fixEmptyAndTrim(value); if (value == null) { return FormValidation.ok(); } remote = Util.fixEmptyAndTrim(remote); if (remote == null) // not set, can't check { return FormValidation.ok(); } for (ListBoxModel.Option o : CredentialsProvider.listCredentials( StandardUsernameCredentials.class, context, context instanceof Queue.Task ? Tasks.getAuthenticationOf((Queue.Task) context) : ACL.SYSTEM, URIRequirementBuilder.fromUri(remote).build(), GitClient.CREDENTIALS_MATCHER)) { if (StringUtils.equals(value, o.value)) { // TODO check if this type of credential is acceptable to the Git client or does it merit warning // NOTE: we would need to actually lookup the credential to do the check, which may require // fetching the actual credential instance from a remote credentials store. Perhaps this is // not required return FormValidation.ok(); } } // no credentials available, can't check return FormValidation.warning("Cannot find any credentials with id " + value); }
public ListBoxModel doFillRepositoryItems(@AncestorInPath SCMSourceOwner context, @QueryParameter String serverUrl, @QueryParameter String credentialsId, @QueryParameter String repoOwner, @QueryParameter String repository) throws IOException, InterruptedException { ListBoxModel result = new ListBoxModel(); if (context == null) { if (!Jenkins.getActiveInstance().hasPermission(Jenkins.ADMINISTER)) { // must have admin if you want the list without a context result.add(repository); return result; } } else { if (!context.hasPermission(Item.EXTENDED_READ) && !context.hasPermission(CredentialsProvider.USE_ITEM)) { // must be able to read the configuration or use the item credentials if you want the list result.add(repository); return result; } } if (StringUtils.isBlank(repoOwner)) { result.add(repository); return result; } GiteaServer server = GiteaServers.get().findServer(serverUrl); if (server == null) { // you can only get the list for registered servers result.add(repository); return result; } StandardCredentials credentials = CredentialsMatchers.firstOrNull( CredentialsProvider.lookupCredentials( StandardCredentials.class, context, context instanceof Queue.Task ? Tasks.getDefaultAuthenticationOf((Queue.Task) context) : ACL.SYSTEM, URIRequirementBuilder.fromUri(serverUrl).build() ), CredentialsMatchers.allOf( AuthenticationTokens.matcher(GiteaAuth.class), CredentialsMatchers.withId(credentialsId) ) ); try (GiteaConnection c = Gitea.server(serverUrl) .as(AuthenticationTokens.convert(GiteaAuth.class, credentials)) .open()) { for (GiteaRepository r : c.fetchRepositories(repoOwner)) { result.add(r.getName()); } return result; } catch (IOException e) { // TODO once enhanced <f:select> that can handle error responses, just throw LOGGER.log(Level.FINE, "Could not populate repositories", e); if (result.isEmpty()) { result.add(repository); } return result; } }
