Allow to select target publishing server - via Jenkins Credentials subsys.

To make this work, a new "Credential Domain" should be configured, with
filter by adhoc "pubapi" URL schema. Within domain, using "Username with
password" credential type. "Username" should be a publishing server though,
and password - master publishing key. Additionally, for JJB usage, in
"Advanced" section, a credential ID should be defined to have a form
pubapi-<server_host>, e.g. pubapi-snapshots.linaro.org.

Set PUBLISH_SERVER envvar based on publishing server selected by plugin.

This value can be directly passed to --server param of linaro-cp tool, thus
avoiding duplicating server name in 2 places, and confusion if they don't
match.

Also, other minor usability/diagnosing tweaks:
- Log the fact that token was requested to build log.
- If credential id for a job isn't set, use "pubapi-snapshots.linaro.org".
(For compatibility with jobs configured for older plugin version.)

Change-Id: I02d6a8fa48485c1f4ed2cb4e3b33d6c1170155ec

1 files changed, 66 insertions, 21 deletions

diff --git a/src/main/java/linaro/pubapi/LinaroPubAPIKey.java b/src/main/java/linaro/pubapi/LinaroPubAPIKey.java
index 4c80ec9..d77525d 100644
--- a/src/main/java/linaro/pubapi/LinaroPubAPIKey.java
+++ b/src/main/java/linaro/pubapi/LinaroPubAPIKey.java
@@ -1,6 +1,8 @@
 package linaro.pubapi;
 
 import java.io.IOException;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 import hudson.AbortException;
 import hudson.Extension;
@@ -9,27 +11,54 @@ import hudson.model.AbstractBuild;
 import hudson.model.AbstractProject;
 import hudson.model.BuildListener;
 import hudson.model.FreeStyleProject;
+import hudson.model.Item;
 import hudson.model.ParametersAction;
 import hudson.model.StringParameterValue;
+import hudson.security.ACL;
 import hudson.tasks.BuildStepDescriptor;
 import hudson.tasks.Builder;
+import hudson.util.ListBoxModel;
 
+import jenkins.model.Jenkins;
+
+import org.kohsuke.stapler.AncestorInPath;
 import org.kohsuke.stapler.DataBoundConstructor;
 import org.kohsuke.stapler.StaplerRequest;
 
+import com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator;
+
+import com.cloudbees.plugins.credentials.common.StandardCredentials;
+import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
+import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
+import com.cloudbees.plugins.credentials.domains.SchemeRequirement;
+import com.cloudbees.plugins.credentials.CredentialsMatcher;
+import com.cloudbees.plugins.credentials.CredentialsMatchers;
+import com.cloudbees.plugins.credentials.CredentialsProvider;
+
 import net.sf.json.JSONObject;
 
 import org.apache.commons.httpclient.*;
 import org.apache.commons.httpclient.methods.*;
 import org.apache.commons.httpclient.params.HttpMethodParams;
 
+// Solely to filter by "SSH connection" credentials type
+import com.trilead.ssh2.Connection;
+
 /**
  * @author Paul Sokolovsky
  */
 public class LinaroPubAPIKey extends Builder {
 
+    private static final SchemeRequirement SCHEME = new SchemeRequirement("pubapi");
+    private static final CredentialsMatcher CREDENTIALS_MATCHER = CredentialsMatchers.anyOf(
+            CredentialsMatchers.instanceOf(StandardUsernamePasswordCredentials.class)
+    );
+
+    public String credentialsId;
+
     @DataBoundConstructor
-    public LinaroPubAPIKey() {
+    public LinaroPubAPIKey(String credentialsId) {
+        this.credentialsId = credentialsId;
     }
 
 
@@ -41,8 +70,6 @@ public class LinaroPubAPIKey extends Builder {
     @Extension
     public static class Descriptor extends BuildStepDescriptor<Builder> {
 
-        private String secretKey;
-        private String apiURL;
         // Using public members alleviates us from creating getters/setters
         public String defaultNotBefore;
         public String defaultNotAfter;
@@ -51,22 +78,6 @@ public class LinaroPubAPIKey extends Builder {
             load();
         }
 
-        public String getPubAPIURL() {
-            return apiURL;
-        }
-
-        public void setPubAPIURL(String apiURL) {
-            this.apiURL = apiURL;
-        }
-
-        public String getPubAPISecretKey() {
-            return secretKey;
-        }
-
-        public void setPubAPISecretKey(String secretKey) {
-            this.secretKey = secretKey;
-        }
-
         @Override
         public boolean configure(StaplerRequest req, JSONObject json) throws FormException {
             req.bindJSON(this, json.getJSONObject("linaropubapi"));
@@ -86,15 +97,42 @@ public class LinaroPubAPIKey extends Builder {
             return "Linaro Publishing API Token";
         }
 
+        public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Item project) {
+            return new StandardListBoxModel().withMatching(SSHAuthenticator.matcher(Connection.class),
+                    CredentialsProvider.lookupCredentials(StandardCredentials.class, project,
+                            ACL.SYSTEM, SCHEME));
+        }
+
+    }
+
+    private static StandardUsernamePasswordCredentials lookupSystemCredentials(String credentialsId) {
+        return CredentialsMatchers.firstOrNull(
+                CredentialsProvider
+                        .lookupCredentials(StandardUsernamePasswordCredentials.class, Jenkins.getInstance(), ACL.SYSTEM,
+                                SCHEME),
+                CredentialsMatchers.withId(credentialsId)
+        );
     }
 
     @Override
     public boolean perform(AbstractBuild<?,?> build, Launcher launcher, BuildListener listener)
             throws InterruptedException, IOException {
         HttpClient client = new HttpClient();
-        String url = getDescriptor().getPubAPIURL();
+
+        if (credentialsId == null) {
+            credentialsId = "pubapi-snapshots.linaro.org";
+        }
+
+        StandardUsernamePasswordCredentials cred = lookupSystemCredentials(credentialsId);
+        if (cred == null) {
+            throw new AbortException("Unable to get publishing credentials with ID: '" + credentialsId + "'");
+        }
+
+        String url = cred.getUsername();
+        listener.getLogger().format("Requesting publishing token for %s%n", url);
+
         PostMethod method = new PostMethod(url);
-        method.setRequestHeader("AuthToken", getDescriptor().getPubAPISecretKey());
+        method.setRequestHeader("AuthToken", cred.getPassword().getPlainText());
         method.addParameter("not_valid_til", Integer.toString(Integer.parseInt(getDescriptor().defaultNotBefore) * 60));
         method.addParameter("expires", Integer.toString(Integer.parseInt(getDescriptor().defaultNotAfter) * 60));
 
@@ -133,6 +171,13 @@ public class LinaroPubAPIKey extends Builder {
         }
 
         build.addAction(new ParametersAction(new StringParameterValue("PUBLISH_TOKEN", token)));
+
+        Matcher m = Pattern.compile("(.+://.+?/)").matcher(url);
+        if (m.find()) {
+            String serverUrl = m.group(1);
+            build.addAction(new ParametersAction(new StringParameterValue("PUBLISH_SERVER", serverUrl)));
+        }
+
         return true;
     }
 }