diff options
author | Paul Sokolovsky <pfalcon@users.sourceforge.net> | 2015-04-14 16:20:46 +0300 |
---|---|---|
committer | Paul Sokolovsky <paul.sokolovsky@linaro.org> | 2015-04-24 17:18:38 +0300 |
commit | 11f165401e4b4a942abe85c9053c673f8cacdeb5 (patch) | |
tree | 03bfe4805efdc26e1e2b9b6c9554702e6c255147 /src/main/java/linaro/pubapi/LinaroPubAPIKey.java | |
parent | fa1912fa32757806947790ab5eee36572ec93294 (diff) |
Allow to select target publishing server - via Jenkins Credentials subsys.
To make this work, a new "Credential Domain" should be configured, with
filter by adhoc "pubapi" URL schema. Within domain, using "Username with
password" credential type. "Username" should be a publishing server though,
and password - master publishing key. Additionally, for JJB usage, in
"Advanced" section, a credential ID should be defined to have a form
pubapi-<server_host>, e.g. pubapi-snapshots.linaro.org.
Set PUBLISH_SERVER envvar based on publishing server selected by plugin.
This value can be directly passed to --server param of linaro-cp tool, thus
avoiding duplicating server name in 2 places, and confusion if they don't
match.
Also, other minor usability/diagnosing tweaks:
- Log the fact that token was requested to build log.
- If credential id for a job isn't set, use "pubapi-snapshots.linaro.org".
(For compatibility with jobs configured for older plugin version.)
Change-Id: I02d6a8fa48485c1f4ed2cb4e3b33d6c1170155ec
Diffstat (limited to 'src/main/java/linaro/pubapi/LinaroPubAPIKey.java')
-rw-r--r-- | src/main/java/linaro/pubapi/LinaroPubAPIKey.java | 87 |
1 files changed, 66 insertions, 21 deletions
diff --git a/src/main/java/linaro/pubapi/LinaroPubAPIKey.java b/src/main/java/linaro/pubapi/LinaroPubAPIKey.java index 4c80ec9..d77525d 100644 --- a/src/main/java/linaro/pubapi/LinaroPubAPIKey.java +++ b/src/main/java/linaro/pubapi/LinaroPubAPIKey.java @@ -1,6 +1,8 @@ package linaro.pubapi; import java.io.IOException; +import java.util.regex.Matcher; +import java.util.regex.Pattern; import hudson.AbortException; import hudson.Extension; @@ -9,27 +11,54 @@ import hudson.model.AbstractBuild; import hudson.model.AbstractProject; import hudson.model.BuildListener; import hudson.model.FreeStyleProject; +import hudson.model.Item; import hudson.model.ParametersAction; import hudson.model.StringParameterValue; +import hudson.security.ACL; import hudson.tasks.BuildStepDescriptor; import hudson.tasks.Builder; +import hudson.util.ListBoxModel; +import jenkins.model.Jenkins; + +import org.kohsuke.stapler.AncestorInPath; import org.kohsuke.stapler.DataBoundConstructor; import org.kohsuke.stapler.StaplerRequest; +import com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator; + +import com.cloudbees.plugins.credentials.common.StandardCredentials; +import com.cloudbees.plugins.credentials.common.StandardListBoxModel; +import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials; +import com.cloudbees.plugins.credentials.domains.SchemeRequirement; +import com.cloudbees.plugins.credentials.CredentialsMatcher; +import com.cloudbees.plugins.credentials.CredentialsMatchers; +import com.cloudbees.plugins.credentials.CredentialsProvider; + import net.sf.json.JSONObject; import org.apache.commons.httpclient.*; import org.apache.commons.httpclient.methods.*; import org.apache.commons.httpclient.params.HttpMethodParams; +// Solely to filter by "SSH connection" credentials type +import com.trilead.ssh2.Connection; + /** * @author Paul Sokolovsky */ public class LinaroPubAPIKey extends Builder { + private static final SchemeRequirement SCHEME = new SchemeRequirement("pubapi"); + private static final CredentialsMatcher CREDENTIALS_MATCHER = CredentialsMatchers.anyOf( + CredentialsMatchers.instanceOf(StandardUsernamePasswordCredentials.class) + ); + + public String credentialsId; + @DataBoundConstructor - public LinaroPubAPIKey() { + public LinaroPubAPIKey(String credentialsId) { + this.credentialsId = credentialsId; } @@ -41,8 +70,6 @@ public class LinaroPubAPIKey extends Builder { @Extension public static class Descriptor extends BuildStepDescriptor<Builder> { - private String secretKey; - private String apiURL; // Using public members alleviates us from creating getters/setters public String defaultNotBefore; public String defaultNotAfter; @@ -51,22 +78,6 @@ public class LinaroPubAPIKey extends Builder { load(); } - public String getPubAPIURL() { - return apiURL; - } - - public void setPubAPIURL(String apiURL) { - this.apiURL = apiURL; - } - - public String getPubAPISecretKey() { - return secretKey; - } - - public void setPubAPISecretKey(String secretKey) { - this.secretKey = secretKey; - } - @Override public boolean configure(StaplerRequest req, JSONObject json) throws FormException { req.bindJSON(this, json.getJSONObject("linaropubapi")); @@ -86,15 +97,42 @@ public class LinaroPubAPIKey extends Builder { return "Linaro Publishing API Token"; } + public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Item project) { + return new StandardListBoxModel().withMatching(SSHAuthenticator.matcher(Connection.class), + CredentialsProvider.lookupCredentials(StandardCredentials.class, project, + ACL.SYSTEM, SCHEME)); + } + + } + + private static StandardUsernamePasswordCredentials lookupSystemCredentials(String credentialsId) { + return CredentialsMatchers.firstOrNull( + CredentialsProvider + .lookupCredentials(StandardUsernamePasswordCredentials.class, Jenkins.getInstance(), ACL.SYSTEM, + SCHEME), + CredentialsMatchers.withId(credentialsId) + ); } @Override public boolean perform(AbstractBuild<?,?> build, Launcher launcher, BuildListener listener) throws InterruptedException, IOException { HttpClient client = new HttpClient(); - String url = getDescriptor().getPubAPIURL(); + + if (credentialsId == null) { + credentialsId = "pubapi-snapshots.linaro.org"; + } + + StandardUsernamePasswordCredentials cred = lookupSystemCredentials(credentialsId); + if (cred == null) { + throw new AbortException("Unable to get publishing credentials with ID: '" + credentialsId + "'"); + } + + String url = cred.getUsername(); + listener.getLogger().format("Requesting publishing token for %s%n", url); + PostMethod method = new PostMethod(url); - method.setRequestHeader("AuthToken", getDescriptor().getPubAPISecretKey()); + method.setRequestHeader("AuthToken", cred.getPassword().getPlainText()); method.addParameter("not_valid_til", Integer.toString(Integer.parseInt(getDescriptor().defaultNotBefore) * 60)); method.addParameter("expires", Integer.toString(Integer.parseInt(getDescriptor().defaultNotAfter) * 60)); @@ -133,6 +171,13 @@ public class LinaroPubAPIKey extends Builder { } build.addAction(new ParametersAction(new StringParameterValue("PUBLISH_TOKEN", token))); + + Matcher m = Pattern.compile("(.+://.+?/)").matcher(url); + if (m.find()) { + String serverUrl = m.group(1); + build.addAction(new ParametersAction(new StringParameterValue("PUBLISH_SERVER", serverUrl))); + } + return true; } } |