rework configuration of the plugin

[jtnord]

The server configuration (token URLs, scopes etc) are now in separate describable, flags to contol setting of options is removed and is based on the actual option/type

This makes the UX marginally cleaner, but helps the backend code to not need flags to know if something is set.

The configuration format is backwards compatible with previous versions, but the casc format is not.

⚠️The behaviour of overriding scopes in "auto" merge has changed. If override scopes is set then those scopes are used unconditionally. Previously the scopes where only used if they where also advertised, but this did not make sense as the provider is not required to advertise all the scopes it supported. This is a change in behaviour, but should not be breaking as we will only end up request more scopes, which the server should ignore if they are unsupported.

⚠️Users of casc will need to adapt their configuration.

configuration of the provider side has been moved into a serverConfiguration section and split to 2 different types wellKnown for configuration via a auto discovery and manual for manual configuration.

e.g.

for manual configuration:

  securityRealm:
    oic:
      serverConfiguration:
        manual:
          authorizationServerUrl: https://url.example.com/authorize
          jwksServerUrl: https://jwks.example.com/jwks
          tokenAuthMethod: client_secret_post
          tokenServerUrl: https://token.example.com/token
          scopes: scopes

and for auto configuration:

  securityRealm:
    oic:
      serverConfiguration:
        wellKnown:
          wellKnownOpenIDConfigurationUrl: https://idp.example.com:/someRealm/.well-known/openid-configuration

Screen Shots

Before

After

Testing done

• run some local tests against an IDP configured with a well-known endpoint.
• saved a manual config and manually inspected the config.xml
• ran mvn verify locally

Submitter checklist

• Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
• Ensure that the pull request title represents the desired changelog entry
• Please describe what you did
• Link to relevant issues in GitHub or Jira
• Link to relevant pull requests, esp. upstream and downstream changes
• Ensure you have provided tests - that demonstrates feature works or fixes the issue

[jtnord]

the previous did not have help=${null} but it was added here as they did (prior to the change and with this change before help=${null]) actually render with a help button, but the help was unrelated to the option.

[jtnord]

set the default here for new installs with the == null check (slightly fewer clicks for the defaults)

[jtnord]

original had Recommended. jswon webtoken which is fixed here and causing this not to show as a rename

[jtnord]

config is migrated, but the Jenkins config-as-code format is no longer compatable, so noting so users get a warning before updating.

Will need updating if anything gets merged before this

[codecov]

Codecov Report

Attention: Patch coverage is 77.02703% with 51 lines in your changes missing coverage. Please review.

Project coverage is 76.03%. Comparing base (c0be63e) to head (3e8cbca).
Report is 9 commits behind head on master.

Files with missing lines	Patch %	Lines
...i/plugins/oic/OicServerWellKnownConfiguration.java	73.33%	24 Missing and 4 partials ⚠️
...va/org/jenkinsci/plugins/oic/OicSecurityRealm.java	72.34%	7 Missing and 6 partials ⚠️
...nsci/plugins/oic/OicServerManualConfiguration.java	85.50%	9 Missing and 1 partial ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##             master     #399      +/-   ##
============================================
+ Coverage     72.47%   76.03%   +3.55%     
- Complexity      244      259      +15     
============================================
  Files            12       15       +3     
  Lines          1021     1043      +22     
  Branches        148      149       +1     
============================================
+ Hits            740      793      +53     
+ Misses          201      174      -27     
+ Partials         80       76       -4     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[jtnord]

for a future refactoring, given this is a Boolean it is obvious that this should not be a required field and moved to a @DataboundSetter

[jtnord]

I could see no need for reflection here - the field is available so we can just use it directly.

[jtnord]

https://issues.jenkins.io/browse/JENKINS-73771

[jtnord]

there are no reported OSS plugins or known private plugins that depend on this plugin, so the only backwards compatibility we need to worry about is the config.xml migration

[jtnord]

sounds like bad English, but "scopes" is the field, not a plural of "scope" so the field is singular.
Probably should be reworded so that it has something other than just "the field is required"

[jtnord]

unrelated, but noticed this was wrong when moving the tests.

[jtnord]

unrelated, but noticed this when moving the tests.

[mikecirioli]

consider making this else into an explicit if to protect against future changes? if the expected values of automanualconfigure ever change and this is not updated then you would get the default case even when you don't want it

[jtnord]

The field is dead from this version onward so there would be no issues with it changing in future.

Just here for the readRosolve and is transient so it's either "auto"``"manual" or null

[timja]

JCasC wise you would normally drop the class prefix so this field would be called openIDConfigurationUrl as its already in a well known configuration class the well known bit is implied

That way you don't get the double wellKnown in the yaml:

securityRealm:
    oic:
      serverConfiguration:
        wellKnown:
          openIDConfigurationUrl: [https://idp.example.com:/someRealm/.well-known/openid-configuration](https://idp.example.com/someRealm/.well-known/openid-configuration)

[jtnord]

is there a way to do this with an annotation so that the config.xml format stays the same or is the only choice now to fix this to use a custom piece of code(at which point I think it may be better to live with it)?

[jtnord]

@Symbol only works on types (enum, class, interfaces) not on fields or methods, so I will bear this in mind for any future work, but am not planning on adding another data migration at this time.

[timja]

Sure readResolve would be the normal approach, there's no alias via annotation.

[jimsnab]

@jtnord could you update the docs?