Skip to content

Commit

Permalink
Add FolderCredentialsProvider
Browse files Browse the repository at this point in the history
  • Loading branch information
@timja
timja committed Oct 30, 2021
1 parent 867845e commit 8a77411
Show file tree
Hide file tree
Showing 15 changed files with 531 additions and 52 deletions.
5 changes: 5 additions & 0 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,11 @@
<artifactId>configuration-as-code</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.jenkins-ci.plugins</groupId>
<artifactId>cloudbees-folder</artifactId>
<optional>true</optional>
</dependency>

<!-- test dependencies -->
<dependency>
Expand Down
1 change: 1 addition & 0 deletions ...main/java/org/jenkinsci/plugins/azurekeyvaultplugin/AzureKeyVaultGlobalConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
import jenkins.model.Jenkins;
import org.apache.commons.lang3.StringUtils;
import org.jenkinsci.Symbol;
import org.jenkinsci.plugins.azurekeyvaultplugin.provider.global.AzureCredentialsProvider;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/jenkinsci/plugins/azurekeyvaultplugin/AzureKeyVaultUtil.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@
import javax.xml.bind.DatatypeConverter;
import jenkins.model.Jenkins;

class AzureKeyVaultUtil {
public class AzureKeyVaultUtil {

private static final char[] EMPTY_CHAR_ARRAY = new char[0];
private static final String PKCS12 = "PKCS12";
Expand Down
4 changes: 2 additions & 2 deletions ...enkinsci/plugins/azurekeyvaultplugin/credentials/string/AzureSecretStringCredentials.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
import hudson.Extension;
import hudson.util.Secret;
import java.util.function.Supplier;
import org.jenkinsci.plugins.azurekeyvaultplugin.AzureCredentialsProvider;
import org.jenkinsci.plugins.azurekeyvaultplugin.provider.CredentialsProviderHelper;
import org.jenkinsci.plugins.plaincredentials.StringCredentials;
import org.jenkinsci.plugins.plaincredentials.impl.Messages;
import org.jvnet.localizer.ResourceBundleHolder;
Expand Down Expand Up @@ -37,7 +37,7 @@ public String getDisplayName() {

@Override
public boolean isApplicable(CredentialsProvider provider) {
return provider instanceof AzureCredentialsProvider;
return CredentialsProviderHelper.isAzureCredentialsProvider(provider);
}
}
}
4 changes: 2 additions & 2 deletions ...ns/azurekeyvaultplugin/credentials/usernamepassword/AzureUsernamePasswordCredentials.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
import hudson.Util;
import hudson.util.Secret;
import java.util.function.Supplier;
import org.jenkinsci.plugins.azurekeyvaultplugin.AzureCredentialsProvider;
import org.jenkinsci.plugins.azurekeyvaultplugin.provider.CredentialsProviderHelper;
import org.jvnet.localizer.ResourceBundleHolder;


Expand Down Expand Up @@ -62,7 +62,7 @@ public String getIconClassName() {

@Override
public boolean isApplicable(CredentialsProvider provider) {
return provider instanceof AzureCredentialsProvider;
return CredentialsProviderHelper.isAzureCredentialsProvider(provider);
}
}
}
15 changes: 15 additions & 0 deletions ...in/java/org/jenkinsci/plugins/azurekeyvaultplugin/provider/CredentialsProviderHelper.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
package org.jenkinsci.plugins.azurekeyvaultplugin.provider;

import com.cloudbees.plugins.credentials.CredentialsProvider;
import org.jenkinsci.plugins.azurekeyvaultplugin.provider.folder.FolderAzureCredentialsProvider;
import org.jenkinsci.plugins.azurekeyvaultplugin.provider.global.AzureCredentialsProvider;

public class CredentialsProviderHelper {

private CredentialsProviderHelper() {
}

public static boolean isAzureCredentialsProvider(CredentialsProvider provider) {
return provider instanceof AzureCredentialsProvider || provider instanceof FolderAzureCredentialsProvider;
}
}
44 changes: 44 additions & 0 deletions ...main/java/org/jenkinsci/plugins/azurekeyvaultplugin/provider/KeyVaultSecretRetriever.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
package org.jenkinsci.plugins.azurekeyvaultplugin.provider;

import com.azure.security.keyvault.secrets.SecretClient;
import hudson.util.Secret;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.function.Supplier;

public class KeyVaultSecretRetriever implements Supplier<Secret> {

private final transient SecretClient client;
private final String secretId;

public KeyVaultSecretRetriever(SecretClient secretClient, String secretId) {
this.client = secretClient;
this.secretId = secretId;
}

public String retrieveSecret() {
int NAME_POSITION = 2;
int VERSION_POSITION = 3;
URL secretIdentifierUrl;
try {
secretIdentifierUrl = new URL(secretId);
} catch (MalformedURLException e) {
throw new RuntimeException(e);
}

// old SDK supports secret identifier which is a full URI to the secret
// the new SDK doesn't seem to support it to we parse it to get the values we need
// https://mine.vault.azure.net/secrets/<name>/<version>
String[] split = secretIdentifierUrl.getPath().split("/");

if (split.length == NAME_POSITION + 1) {
return client.getSecret(split[NAME_POSITION]).getValue();
}
return client.getSecret(split[NAME_POSITION], split[VERSION_POSITION]).getValue();
}

@Override
public Secret get() {
return Secret.fromString(retrieveSecret());
}
}
Loading

0 comments on commit 8a77411

Please sign in to comment.