Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Removing remoting agent to controller logic #19

Merged
merged 1 commit into from
Jan 18, 2022
Merged

Removing remoting agent to controller logic #19

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 10 additions & 22 deletions src/main/java/org/conjur/jenkins/api/ConjurAPI.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@
import hudson.model.ItemGroup;
import hudson.model.ModelObject;
import hudson.model.Run;
import hudson.remoting.Channel;
import hudson.security.ACL;
import jenkins.model.GlobalConfiguration;
import jenkins.model.Jenkins;
Expand Down Expand Up @@ -69,29 +68,18 @@ public static String getAuthorizationToken(OkHttpClient client, ConjurConfigurat

String resultingToken = null;

Channel channel = Channel.current();

List<UsernamePasswordCredentials> availableCredentials = null;

if (channel == null) {
availableCredentials = CredentialsProvider.lookupCredentials(UsernamePasswordCredentials.class,
Jenkins.get(), ACL.SYSTEM, Collections.<DomainRequirement>emptyList());

if (context != null) {
if (context instanceof Run) {
availableCredentials.addAll(CredentialsProvider.lookupCredentials(UsernamePasswordCredentials.class,
((Run) context).getParent(), ACL.SYSTEM, Collections.<DomainRequirement>emptyList()));
} else {
availableCredentials.addAll(CredentialsProvider.lookupCredentials(UsernamePasswordCredentials.class,
(AbstractItem) context, ACL.SYSTEM, Collections.<DomainRequirement>emptyList()));
}
}
} else {
try {
availableCredentials = channel.call(new ConjurAPIUtils.NewAvailableCredentials());
} catch (InterruptedException e) {
getLogger().log(Level.FINE, "Exception getting available credentials", e);
e.printStackTrace();
availableCredentials = CredentialsProvider.lookupCredentials(UsernamePasswordCredentials.class,
Jenkins.get(), ACL.SYSTEM, Collections.<DomainRequirement>emptyList());

if (context != null) {
if (context instanceof Run) {
availableCredentials.addAll(CredentialsProvider.lookupCredentials(UsernamePasswordCredentials.class,
((Run) context).getParent(), ACL.SYSTEM, Collections.<DomainRequirement>emptyList()));
} else {
availableCredentials.addAll(CredentialsProvider.lookupCredentials(UsernamePasswordCredentials.class,
(AbstractItem) context, ACL.SYSTEM, Collections.<DomainRequirement>emptyList()));
}
}

Expand Down
163 changes: 7 additions & 156 deletions src/main/java/org/conjur/jenkins/api/ConjurAPIUtils.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,9 @@
package org.conjur.jenkins.api;

import java.io.IOException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;

import javax.net.ssl.KeyManager;
Expand All @@ -19,19 +16,12 @@
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.CertificateCredentials;
import com.cloudbees.plugins.credentials.common.UsernamePasswordCredentials;
import com.cloudbees.plugins.credentials.domains.DomainRequirement;

import org.conjur.jenkins.configuration.ConjurConfiguration;
import org.conjur.jenkins.configuration.GlobalConjurConfiguration;
import org.conjur.jenkins.conjursecrets.ConjurSecretCredentials;

import hudson.remoting.Channel;
import hudson.security.ACL;
import hudson.util.Secret;
import jenkins.model.GlobalConfiguration;
import jenkins.model.Jenkins;
import jenkins.security.SlaveToMasterCallable;
import okhttp3.OkHttpClient;

public class ConjurAPIUtils {
Expand All @@ -41,20 +31,16 @@ static Logger getLogger() {
}

static CertificateCredentials certificateFromConfiguration(ConjurConfiguration configuration) {
Channel channel = Channel.current();

CertificateCredentials certificate = null;

if (channel == null) {
if (configuration.getCertificateCredentialID() == null ) { return null; }
certificate = CredentialsMatchers.firstOrNull(
CredentialsProvider.lookupCredentials(CertificateCredentials.class, Jenkins.get(), ACL.SYSTEM,
Collections.<DomainRequirement>emptyList()),
CredentialsMatchers.withId(configuration.getCertificateCredentialID()));
} else {
certificate = (CertificateCredentials) objectFromMaster(channel,
new ConjurAPIUtils.NewCertificateCredentials(configuration));
}
if (configuration.getCertificateCredentialID() == null ) { return null; }

certificate = CredentialsMatchers.firstOrNull(
CredentialsProvider.lookupCredentials(CertificateCredentials.class, Jenkins.get(), ACL.SYSTEM,
Collections.<DomainRequirement>emptyList()),
CredentialsMatchers.withId(configuration.getCertificateCredentialID()));

return certificate;
}

Expand Down Expand Up @@ -103,140 +89,5 @@ public static OkHttpClient getHttpClient(ConjurConfiguration configuration) {
return new OkHttpClient.Builder().build();
}

static class NewCertificateCredentials extends SlaveToMasterCallable<CertificateCredentials, IOException> {
/**
* Standardize serialization.
*/
private static final long serialVersionUID = 1L;

ConjurConfiguration configuration;
// Run<?, ?> context;

public NewCertificateCredentials(ConjurConfiguration configuration) {
super();
this.configuration = configuration;
// this.context = context;
}

/**
* {@inheritDoc}
*/
public CertificateCredentials call() throws IOException {
CertificateCredentials certificate = CredentialsMatchers.firstOrNull(
CredentialsProvider.lookupCredentials(CertificateCredentials.class, Jenkins.get(), ACL.SYSTEM,
Collections.<DomainRequirement>emptyList()),
CredentialsMatchers.withId(this.configuration.getCertificateCredentialID()));

return certificate;
}
}

static class NewAvailableCredentials extends SlaveToMasterCallable<List<UsernamePasswordCredentials>, IOException> {
/**
* Standardize serialization.
*/
private static final long serialVersionUID = 1L;

// Run<?, ?> context;

// public NewAvailableCredentials(Run<?, ?> context) {
// super();
// this.context = context;
// }

/**
* {@inheritDoc}
*/
public List<UsernamePasswordCredentials> call() throws IOException {

List<UsernamePasswordCredentials> availableCredentials = CredentialsProvider.lookupCredentials(
UsernamePasswordCredentials.class, Jenkins.get(), ACL.SYSTEM,
Collections.<DomainRequirement>emptyList());

// if (context != null) {
// availableCredentials.addAll(CredentialsProvider.lookupCredentials(UsernamePasswordCredentials.class,
// context.getParent(), ACL.SYSTEM,
// Collections.<DomainRequirement>emptyList()));
// }

return availableCredentials;
}
}

public static class NewGlobalConfiguration extends SlaveToMasterCallable<GlobalConjurConfiguration, IOException> {
/**
* Standardize serialization.
*/
private static final long serialVersionUID = 1L;

/**
* {@inheritDoc}
*/
public GlobalConjurConfiguration call() throws IOException {
GlobalConjurConfiguration result = GlobalConfiguration.all().get(GlobalConjurConfiguration.class);
return result;
}
}

public static class NewConjurSecretCredentials extends SlaveToMasterCallable<ConjurSecretCredentials, IOException> {
/**
* Standardize serialization.
*/
private static final long serialVersionUID = 1L;

String credentialID;
// Run<?, ?> context;

public NewConjurSecretCredentials(String credentialID) {
super();
this.credentialID = credentialID;
// this.context = context;
}

/**
* {@inheritDoc}
*/
public ConjurSecretCredentials call() throws IOException {
ConjurSecretCredentials credential = CredentialsMatchers
.firstOrNull(
CredentialsProvider.lookupCredentials(ConjurSecretCredentials.class, Jenkins.get(),
ACL.SYSTEM, Collections.<DomainRequirement>emptyList()),
CredentialsMatchers.withId(this.credentialID));

return credential;
}
}

public static <T> Object objectFromMaster(Channel channel, SlaveToMasterCallable<T, IOException> callable) {
// Running from a slave, Get credential entry from master
try {
return channel.call(callable);
} catch (Exception e) {
getLogger().log(Level.WARNING, "Exception getting object from Master", e);
e.printStackTrace();
}
return null;
}

public static class NewSecretFromString extends SlaveToMasterCallable<Secret, IOException> {
/**
* Standardize serialization.
*/
private static final long serialVersionUID = 1L;

String secretString;

public NewSecretFromString(String secretString) {
super();
this.secretString = secretString;
}

/**
* {@inheritDoc}
*/
public Secret call() throws IOException {
return Secret.fromString(secretString);
}
}

}
14 changes: 3 additions & 11 deletions src/main/java/org/conjur/jenkins/configuration/GlobalConjurConfiguration.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,20 +1,16 @@
package org.conjur.jenkins.configuration;

import java.io.Serializable;
import java.util.logging.Level;
import java.util.logging.Logger;

import javax.annotation.Nonnull;

import org.conjur.jenkins.api.ConjurAPIUtils;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.interceptor.RequirePOST;

import hudson.Extension;
import hudson.model.AbstractItem;
import hudson.remoting.Channel;
import hudson.util.FormValidation;
import jenkins.model.GlobalConfiguration;

Expand Down Expand Up @@ -67,15 +63,11 @@ public FormValidation doCheckTokenDurarionInSeconds(@AncestorInPath AbstractItem
/** @return the singleton instance */
@Nonnull
public static GlobalConjurConfiguration get() {
Channel channel = Channel.current();

GlobalConjurConfiguration result = null;
if (channel == null) {
result = GlobalConfiguration.all().get(GlobalConjurConfiguration.class);
} else {
result = (GlobalConjurConfiguration) ConjurAPIUtils.objectFromMaster(channel,
new ConjurAPIUtils.NewGlobalConfiguration());
}

result = GlobalConfiguration.all().get(GlobalConjurConfiguration.class);

if (result == null) {
throw new IllegalStateException();
}
Expand Down
21 changes: 6 additions & 15 deletions src/main/java/org/conjur/jenkins/conjursecrets/ConjurSecretCredentials.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,15 +11,13 @@
import com.cloudbees.plugins.credentials.common.StandardCredentials;
import com.cloudbees.plugins.credentials.domains.DomainRequirement;

import org.conjur.jenkins.api.ConjurAPIUtils;
import org.conjur.jenkins.configuration.ConjurConfiguration;
import org.conjur.jenkins.exceptions.InvalidConjurSecretException;

import hudson.model.AbstractItem;
import hudson.model.Item;
import hudson.model.ModelObject;
import hudson.model.Run;
import hudson.remoting.Channel;
import hudson.security.ACL;
import hudson.util.Secret;
import jenkins.model.Jenkins;
Expand Down Expand Up @@ -83,20 +81,13 @@ static ConjurSecretCredentials credentialWithID(String credentialID, ModelObject

ConjurSecretCredentials credential = null;

Channel channel = Channel.current();
credential = CredentialsMatchers
.firstOrNull(
CredentialsProvider.lookupCredentials(ConjurSecretCredentials.class, Jenkins.get(),
ACL.SYSTEM, Collections.<DomainRequirement>emptyList()),
CredentialsMatchers.withId(credentialID));

if (channel == null) {
credential = CredentialsMatchers
.firstOrNull(
CredentialsProvider.lookupCredentials(ConjurSecretCredentials.class, Jenkins.get(),
ACL.SYSTEM, Collections.<DomainRequirement>emptyList()),
CredentialsMatchers.withId(credentialID));

credential = credentialFromContextIfNeeded(credential, credentialID, context);
} else {
credential = (ConjurSecretCredentials) ConjurAPIUtils.objectFromMaster(channel,
new ConjurAPIUtils.NewConjurSecretCredentials(credentialID));
}
credential = credentialFromContextIfNeeded(credential, credentialID, context);


if (credential == null) {
Expand Down
7 changes: 0 additions & 7 deletions src/main/java/org/conjur/jenkins/conjursecrets/ConjurSecretCredentialsImpl.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,13 +67,6 @@ public String getDisplayName() {
}

static Secret secretFromString(String secretString) {
Channel channel = Channel.current();

if (channel != null) {
return (Secret) ConjurAPIUtils.objectFromMaster(channel,
new ConjurAPIUtils.NewSecretFromString(secretString));
}

return Secret.fromString(secretString);
}

Expand Down