Add support for StringCredentials in credentials configuration (#326)

* Add support for StringCredentials

* Move out GitLabCredentialMatcher to new package

Author: ljackiewicz

README.md

@@ -199,7 +199,7 @@ After installing the plugin on your Jenkins instance, you need configure your Gi
 
     ii. `Server URL` - Contains the URL to your GitLab Server. By default it is set to "https://gitlab.com". User can modify it to enter their GitLab Server URL e.g. https://gitlab.gnome.org/, http://gitlab.example.com:7990. etc.
 
-    iii. `Credentials` - Contains a list of credentials entries that are of type GitLab Personal Access Token. When no credential has been added it shows "-none-". User can add a credential by clicking "Add" button.
+    iii. `Credentials` - Contains a list of credentials entries that are of type GitLab Personal Access Token or any String Credentials. When no credential has been added it shows "-none-". User can add a credential by clicking "Add" button.
 
     iv. `Mange Web Hook` - If you want the plugin to setup web hook on your GitLab project(s) to get push/mr/tag/note events then check this box.
 
@@ -213,8 +213,7 @@ After installing the plugin on your Jenkins instance, you need configure your Gi
 
    This is a manual setup. To automatically generate Personal Access Token see [next section](#creating-personal-access-token-within-jenkins).
 
-    i. User is required to add a `GitLab Personal Access Token` type credentials entry to securely persist the token
-    inside Jenkins.
+    i. User is required to add a `GitLab Personal Access Token` or any `String Credential` type credentials entry to securely persist the token inside Jenkins.
 
     ii. Generate a `Personal Access Token` on your GitLab Server
 

src/main/java/io/jenkins/plugins/gitlabbranchsource/GitLabHookCreator.java

@@ -1,10 +1,11 @@
 package io.jenkins.plugins.gitlabbranchsource;
 
+import static io.jenkins.plugins.gitlabbranchsource.helpers.GitLabHelper.getPrivateTokenAsPlainText;
 import static io.jenkins.plugins.gitlabbranchsource.helpers.GitLabHelper.getProxyConfig;
 
+import com.cloudbees.plugins.credentials.common.StandardCredentials;
 import com.damnhandy.uri.template.UriTemplate;
 import com.damnhandy.uri.template.UriTemplateBuilder;
-import io.jenkins.plugins.gitlabserverconfig.credentials.PersonalAccessToken;
 import io.jenkins.plugins.gitlabserverconfig.servers.GitLabServer;
 import io.jenkins.plugins.gitlabserverconfig.servers.GitLabServers;
 import java.net.MalformedURLException;
@@ -25,7 +26,7 @@ public class GitLabHookCreator {
 
     public static void register(
             SCMNavigatorOwner owner, GitLabSCMNavigator navigator, GitLabHookRegistration systemhookMode) {
-        PersonalAccessToken credentials;
+        StandardCredentials credentials;
         GitLabServer server = GitLabServers.get().findServer(navigator.getServerName());
         if (server == null) {
             return;
@@ -59,7 +60,7 @@ public static void register(
 
     public static void register(
             GitLabSCMSource source, GitLabHookRegistration webhookMode, GitLabHookRegistration systemhookMode) {
-        PersonalAccessToken credentials = null;
+        StandardCredentials credentials = null;
         GitLabServer server = GitLabServers.get().findServer(source.getServerName());
         if (server == null) {
             return;
@@ -98,7 +99,7 @@ public static void register(
             try {
                 GitLabApi gitLabApi = new GitLabApi(
                         server.getServerUrl(),
-                        credentials.getToken().getPlainText(),
+                        getPrivateTokenAsPlainText(credentials),
                         null,
                         getProxyConfig(server.getServerUrl()));
                 createWebHookWhenMissing(gitLabApi, source.getProjectPath(), hookUrl, secretToken);
@@ -137,12 +138,12 @@ public static void register(
         }
     }
 
-    public static void createSystemHookWhenMissing(GitLabServer server, PersonalAccessToken credentials) {
+    public static void createSystemHookWhenMissing(GitLabServer server, StandardCredentials credentials) {
         String systemHookUrl = getHookUrl(server, false);
         try {
             GitLabApi gitLabApi = new GitLabApi(
                     server.getServerUrl(),
-                    credentials.getToken().getPlainText(),
+                    getPrivateTokenAsPlainText(credentials),
                     null,
                     getProxyConfig(server.getServerUrl()));
             SystemHook systemHook = gitLabApi

src/main/java/io/jenkins/plugins/gitlabbranchsource/GitLabSCMNavigator.java

@@ -3,6 +3,7 @@
 import static com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials;
 import static com.cloudbees.plugins.credentials.domains.URIRequirementBuilder.fromUri;
 import static io.jenkins.plugins.gitlabbranchsource.helpers.GitLabHelper.apiBuilder;
+import static io.jenkins.plugins.gitlabbranchsource.helpers.GitLabHelper.getPrivateTokenAsPlainText;
 import static io.jenkins.plugins.gitlabbranchsource.helpers.GitLabHelper.getProxyConfig;
 import static io.jenkins.plugins.gitlabbranchsource.helpers.GitLabHelper.getServerUrl;
 import static io.jenkins.plugins.gitlabbranchsource.helpers.GitLabHelper.getServerUrlFromName;
@@ -11,6 +12,7 @@
 
 import com.cloudbees.plugins.credentials.CredentialsMatchers;
 import com.cloudbees.plugins.credentials.CredentialsProvider;
+import com.cloudbees.plugins.credentials.common.StandardCredentials;
 import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
 import com.cloudbees.plugins.credentials.common.StandardUsernameCredentials;
 import edu.umd.cs.findbugs.annotations.CheckForNull;
@@ -30,7 +32,7 @@
 import io.jenkins.plugins.gitlabbranchsource.helpers.GitLabLink;
 import io.jenkins.plugins.gitlabbranchsource.helpers.GitLabOwner;
 import io.jenkins.plugins.gitlabbranchsource.helpers.GitLabUser;
-import io.jenkins.plugins.gitlabserverconfig.credentials.PersonalAccessToken;
+import io.jenkins.plugins.gitlabserverconfig.credentials.helpers.GitLabCredentialMatcher;
 import io.jenkins.plugins.gitlabserverconfig.servers.GitLabServer;
 import io.jenkins.plugins.gitlabserverconfig.servers.GitLabServers;
 import java.io.IOException;
@@ -247,14 +249,14 @@ public void visitSources(@NonNull final SCMSourceObserver observer) throws IOExc
             }
             int count = 0;
             observer.getListener().getLogger().format("%nChecking projects...%n");
-            PersonalAccessToken webHookCredentials = getWebHookCredentials(observer.getContext());
+            StandardCredentials webHookCredentials = getWebHookCredentials(observer.getContext());
             GitLabApi webhookGitLabApi = null;
             String webHookUrl = null;
             if (webHookCredentials != null) {
                 GitLabServer server = GitLabServers.get().findServer(serverName);
                 String serverUrl = getServerUrl(server);
                 webhookGitLabApi = new GitLabApi(
-                        serverUrl, webHookCredentials.getToken().getPlainText(), null, getProxyConfig(serverUrl));
+                        serverUrl, getPrivateTokenAsPlainText(webHookCredentials), null, getProxyConfig(serverUrl));
                 webHookUrl = GitLabHookCreator.getHookUrl(server, true);
             }
             for (Project p : projects) {
@@ -361,8 +363,8 @@ private String getProjectName(GitLabApi gitLabApi, int projectNamingStrategy, Pr
         return projectName;
     }
 
-    private PersonalAccessToken getWebHookCredentials(SCMSourceOwner owner) {
-        PersonalAccessToken credentials = null;
+    private StandardCredentials getWebHookCredentials(SCMSourceOwner owner) {
+        StandardCredentials credentials = null;
         GitLabServer server = GitLabServers.get().findServer(getServerName());
         if (server == null) {
             return null;
@@ -435,14 +437,14 @@ public void afterSave(@NonNull SCMNavigatorOwner owner) {
         GitLabHookCreator.register(owner, this, systemhookMode);
     }
 
-    public PersonalAccessToken credentials(SCMSourceOwner owner) {
+    public StandardCredentials credentials(SCMSourceOwner owner) {
         return CredentialsMatchers.firstOrNull(
                 lookupCredentials(
-                        PersonalAccessToken.class,
+                        StandardCredentials.class,
                         owner,
                         Jenkins.getAuthentication(),
                         fromUri(getServerUrlFromName(serverName)).build()),
-                credentials -> credentials instanceof PersonalAccessToken);
+                new GitLabCredentialMatcher());
     }
 
     @Symbol("gitlab")

src/main/java/io/jenkins/plugins/gitlabbranchsource/helpers/GitLabHelper.java

@@ -1,5 +1,6 @@
 package io.jenkins.plugins.gitlabbranchsource.helpers;
 
+import com.cloudbees.plugins.credentials.common.StandardCredentials;
 import com.damnhandy.uri.template.UriTemplate;
 import com.damnhandy.uri.template.UriTemplateBuilder;
 import com.damnhandy.uri.template.impl.Operator;
@@ -17,18 +18,21 @@
 import org.eclipse.jgit.annotations.NonNull;
 import org.gitlab4j.api.GitLabApi;
 import org.gitlab4j.api.ProxyClientConfig;
+import org.jenkinsci.plugins.plaincredentials.StringCredentials;
 
 public class GitLabHelper {
 
     public static GitLabApi apiBuilder(AccessControlled context, String serverName) {
         GitLabServer server = GitLabServers.get().findServer(serverName);
         if (server != null) {
-            PersonalAccessToken credentials = server.getCredentials(context);
+            StandardCredentials credentials = server.getCredentials(context);
             String serverUrl = server.getServerUrl();
-            if (credentials != null) {
-                return new GitLabApi(serverUrl, credentials.getToken().getPlainText(), null, getProxyConfig(serverUrl));
+            String privateToken = getPrivateTokenAsPlainText(credentials);
+            if (privateToken.equals(GitLabServer.EMPTY_TOKEN)) {
+                return new GitLabApi(serverUrl, GitLabServer.EMPTY_TOKEN, null, getProxyConfig(serverUrl));
+            } else {
+                return new GitLabApi(serverUrl, privateToken, null, getProxyConfig(serverUrl));
             }
-            return new GitLabApi(serverUrl, GitLabServer.EMPTY_TOKEN, null, getProxyConfig(serverUrl));
         }
         throw new IllegalStateException(String.format("No server found with the name: %s", serverName));
     }
@@ -96,6 +100,19 @@ private static String sanitizeUrlValue(String url) {
         return url;
     }
 
+    public static String getPrivateTokenAsPlainText(StandardCredentials credentials) {
+        String privateToken = "";
+        if (credentials != null) {
+            if (credentials instanceof PersonalAccessToken) {
+                privateToken = ((PersonalAccessToken) credentials).getToken().getPlainText();
+            }
+            if (credentials instanceof StringCredentials) {
+                privateToken = ((StringCredentials) credentials).getSecret().getPlainText();
+            }
+        }
+        return privateToken;
+    }
+
     public static UriTemplateBuilder getUriTemplateFromServer(String server) {
         return UriTemplate.buildFromTemplate(getServerUrl(server));
     }

src/main/java/io/jenkins/plugins/gitlabserverconfig/credentials/helpers/GitLabCredentialMatcher.java

@@ -0,0 +1,21 @@
+package io.jenkins.plugins.gitlabserverconfig.credentials.helpers;
+
+import com.cloudbees.plugins.credentials.Credentials;
+import com.cloudbees.plugins.credentials.CredentialsMatcher;
+import edu.umd.cs.findbugs.annotations.NonNull;
+import io.jenkins.plugins.gitlabserverconfig.credentials.PersonalAccessToken;
+import org.jenkinsci.plugins.plaincredentials.StringCredentials;
+
+public class GitLabCredentialMatcher implements CredentialsMatcher {
+
+    private static final long serialVersionUID = 1;
+
+    @Override
+    public boolean matches(@NonNull Credentials credentials) {
+        try {
+            return credentials instanceof PersonalAccessToken || credentials instanceof StringCredentials;
+        } catch (Exception e) {
+            return false;
+        }
+    }
+}

src/main/java/io/jenkins/plugins/gitlabserverconfig/servers/GitLabServer.java

@@ -3,6 +3,7 @@
 import static com.cloudbees.plugins.credentials.CredentialsMatchers.withId;
 import static com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials;
 import static com.cloudbees.plugins.credentials.domains.URIRequirementBuilder.fromUri;
+import static io.jenkins.plugins.gitlabbranchsource.helpers.GitLabHelper.getPrivateTokenAsPlainText;
 import static io.jenkins.plugins.gitlabbranchsource.helpers.GitLabHelper.getProxyConfig;
 import static org.apache.commons.lang.StringUtils.defaultIfBlank;
 
@@ -27,7 +28,7 @@
 import hudson.util.FormValidation;
 import hudson.util.ListBoxModel;
 import hudson.util.Secret;
-import io.jenkins.plugins.gitlabserverconfig.credentials.PersonalAccessToken;
+import io.jenkins.plugins.gitlabserverconfig.credentials.helpers.GitLabCredentialMatcher;
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.security.SecureRandom;
@@ -59,10 +60,9 @@
 public class GitLabServer extends AbstractDescribableImpl<GitLabServer> {
 
     /**
-     * The credentials matcher for GitLab Personal Access Token
+     * The credentials matcher for PersonalAccessToken and StringCredentials
      */
-    public static final CredentialsMatcher CREDENTIALS_MATCHER =
-            CredentialsMatchers.instanceOf(PersonalAccessToken.class);
+    public static final CredentialsMatcher CREDENTIALS_MATCHER = new GitLabCredentialMatcher();
     /**
      * Default name for community SaaS version server
      */
@@ -115,7 +115,7 @@ public class GitLabServer extends AbstractDescribableImpl<GitLabServer> {
     private boolean manageSystemHooks;
 
     /**
-     * The {@link PersonalAccessToken#getId()} of the credentials to use for
+     * The {@link StandardCredentials#getId()} of the credentials to use for
      * auto-management of
      * hooks.
      */
@@ -165,7 +165,7 @@ public class GitLabServer extends AbstractDescribableImpl<GitLabServer> {
      * @param name          A unique name to use to describe the end-point, if empty
      *                      replaced with a random
      *                      name
-     * @param credentialsId The {@link PersonalAccessToken#getId()} of the
+     * @param credentialsId The {@link StandardCredentials#getId()} of the
      *                      credentials to use for
      *                      GitLab Server Authentication to access GitLab APIs
      */
@@ -252,11 +252,11 @@ public void setManageSystemHooks(boolean manageSystemHooks) {
     }
 
     /**
-     * Returns The {@link PersonalAccessToken#getId()} of the credentials to use for
+     * Returns The {@link StandardCredentials#getId()} of the credentials to use for
      * GitLab Server
      * Authentication to access GitLab APIs.
      *
-     * @return The {@link PersonalAccessToken#getId()} of the credentials to use for
+     * @return The {@link StandardCredentials#getId()} of the credentials to use for
      *         GitLab Server
      *         Authentication to access GitLab APIs.
      */
@@ -266,11 +266,11 @@ public String getCredentialsId() {
     }
 
     /**
-     * Looks up for Personal Access Token
+     * Looks up for PersonalAccessToken and StringCredentials
      *
-     * @return {@link PersonalAccessToken}
+     * @return {@link StandardCredentials}
      */
-    public PersonalAccessToken getCredentials(AccessControlled context) {
+    public StandardCredentials getCredentials(AccessControlled context) {
         Jenkins jenkins = Jenkins.get();
         if (context == null) {
             jenkins.checkPermission(CredentialsProvider.USE_OWN);
@@ -281,7 +281,7 @@ public PersonalAccessToken getCredentials(AccessControlled context) {
                 ? null
                 : CredentialsMatchers.firstOrNull(
                         lookupCredentials(
-                                PersonalAccessToken.class,
+                                StandardCredentials.class,
                                 jenkins,
                                 ACL.SYSTEM,
                                 fromUri(defaultIfBlank(serverUrl, GITLAB_SERVER_URL))
@@ -576,11 +576,8 @@ public String getDisplayName() {
         @Restricted(DoNotUse.class)
         @SuppressWarnings("unused")
         public FormValidation doTestConnection(@QueryParameter String serverUrl, @QueryParameter String credentialsId) {
-            PersonalAccessToken credentials = getCredentials(serverUrl, credentialsId);
-            String privateToken = "";
-            if (credentials != null) {
-                privateToken = credentials.getToken().getPlainText();
-            }
+            StandardCredentials credentials = getCredentials(serverUrl, credentialsId);
+            String privateToken = getPrivateTokenAsPlainText(credentials);
             if (privateToken.equals(EMPTY_TOKEN)) {
                 GitLabApi gitLabApi = new GitLabApi(serverUrl, EMPTY_TOKEN, null, getProxyConfig(serverUrl));
                 try {
@@ -598,7 +595,6 @@ public FormValidation doTestConnection(@QueryParameter String serverUrl, @QueryP
                             Messages.GitLabServer_credentialsNotResolved(Util.escape(credentialsId)));
                 }
             } else {
-
                 GitLabApi gitLabApi = new GitLabApi(serverUrl, privateToken, null, getProxyConfig(serverUrl));
                 try {
                     User user = gitLabApi.getUserApi().getCurrentUser();
@@ -662,14 +658,14 @@ public ListBoxModel doFillWebhookSecretCredentialsIdItems(
                             WEBHOOK_SECRET_CREDENTIALS_MATCHER);
         }
 
-        private PersonalAccessToken getCredentials(String serverUrl, String credentialsId) {
+        private StandardCredentials getCredentials(String serverUrl, String credentialsId) {
             Jenkins jenkins = Jenkins.get();
             jenkins.checkPermission(Jenkins.ADMINISTER);
             return StringUtils.isBlank(credentialsId)
                     ? null
                     : CredentialsMatchers.firstOrNull(
                             lookupCredentials(
-                                    PersonalAccessToken.class,
+                                    StandardCredentials.class,
                                     jenkins,
                                     ACL.SYSTEM,
                                     fromUri(defaultIfBlank(serverUrl, GITLAB_SERVER_URL))

src/main/resources/io/jenkins/plugins/gitlabserverconfig/servers/GitLabServer/help-credentialsId.html

@@ -12,13 +12,17 @@
     </li>
   </ul>
 
-  In Jenkins, create a token credential as «<b>GitLab Personal Access Token</b>». Human readable id
-  and description is recommended.
+  In Jenkins, create a token credential as «<b>GitLab Personal Access Token</b>» or any
+  «<b>StringCredentials</b>» type credential (e.g. «<b>"Secret text"</b>» provided by
+  <a href="https://plugins.jenkins.io/plain-credentials">Plain Credentials plugin</a> or
+  «<b>"Vault Secret Text Credential"</b>» provided by
+  <a href="https://plugins.jenkins.io/hashicorp-vault-plugin">HashiCorp Vault plugin</a>).
+  Human-readable id and description is recommended.
   <br/>
 
   <p>
     If you have an existing GitLab login and password you can convert it to a token automatically
-    with the help of <br>
-    «<b>Manage additional GitLab actions</b>» in Advanced section of GitLab Servers.
+    with the help of «<b>Manage additional GitLab actions</b>» in Advanced section of
+    GitLab Servers.
   </p>
 </div>