Inject secrets into the services [azuredevops bintray drone jenkins jira npm sonar symfony teamcity wheelmap]

[paulmelnikow]

This is a reworking of #3410 based on some feedback @calebcartwright left on that PR.

The goals of injecting the secrets are threefold:

1. Simplify testing
2. Be consistent with all of the other config (which is injected)
3. Encapsulate the sensitive auth-related code in one place so it can be studied and tested thoroughly

• Rather than add more code to BaseService to handle authorization logic, it delegates that to an AuthHelper class.
• When the server starts, it fetches the credentials from config and injects them into BaseService.register() which passes them to invoke().
• In invoke() the service's auth configuration is checked (static get auth(), much like static get route()).
• If the auth config is present, an AuthHelper instance is created and attached to the new instance.
• Then within the service, the password, basic auth config, or bearer authentication can be accessed via e.g. this.authHelper.basicAuth and passed to this._requestJson() and friends.
• Everything is being done very explicitly, so it should be very clear where and how the configured secrets are being used.
• Testing different configurations of services can now be done by injecting the config into invoke() in .spec files instead of mocking global state in the service tests as was done before. See the new Jira spec files for a good example of this.

Ref #3393

Need adding in this PR:

• Nexus
• Symfony

I've deferred a few odds and ends to a later PR:

• Bitbucket. It has two sets of credentials in the same service so I have to think about how to solve that. (Refactor [bitbucket] secrets #3691)
• GithubConstellation etc. (Refactor GitHub OAuth credential handling #3693 + more to come)
• suggest (Refactor auth config checks within tests #3694), and various other places in the server where the secrets are used
• Wheelmap service test config check (Refactor auth config checks within tests #3694)

[shields-ci]

	Warnings
⚠️	This PR modified the server but none of its tests. That's okay so long as it's refactoring existing code.
⚠️	📚 Remember to ensure any changes to config.private in services/jenkins/jenkins-build.tester.js are reflected in the server secrets documentation
⚠️	📚 Remember to ensure any changes to config.private in services/jira/jira-sprint.tester.js are reflected in the server secrets documentation
⚠️	📚 Remember to ensure any changes to config.private in services/symfony/symfony-test-helpers.js are reflected in the server secrets documentation
⚠️	📚 Remember to ensure any changes to config.private in services/sonar/sonar-base.js are reflected in the server secrets documentation
⚠️	📚 Remember to ensure any changes to config.private in services/teamcity/teamcity-test-helpers.js are reflected in the server secrets documentation
⚠️	📚 Remember to ensure any changes to config.private in services/jira/jira-sprint.service.js are reflected in the server secrets documentation
⚠️	📚 Remember to ensure any changes to config.private in services/teamcity/teamcity-coverage.tester.js are reflected in the server secrets documentation
⚠️	📚 Remember to ensure any changes to config.private in services/nexus/nexus.tester.js are reflected in the server secrets documentation
⚠️	📚 Remember to ensure any changes to config.private in services/sonar/sonar-fortify-rating.tester.js are reflected in the server secrets documentation
⚠️	📚 Remember to ensure any changes to config.private in services/npm/npm-base.js are reflected in the server secrets documentation
⚠️	📚 Remember to ensure any changes to config.private in services/teamcity/teamcity-base.js are reflected in the server secrets documentation
⚠️	📚 Remember to ensure any changes to config.private in services/jenkins/jenkins-base.js are reflected in the server secrets documentation
⚠️	📚 Remember to ensure any changes to config.private in services/teamcity/teamcity-build.tester.js are reflected in the server secrets documentation
⚠️	📚 Remember to ensure any changes to config.private in services/wheelmap/wheelmap.service.js are reflected in the server secrets documentation
⚠️	📚 Remember to ensure any changes to config.private in services/nexus/nexus.service.js are reflected in the server secrets documentation
⚠️	📚 Remember to ensure any changes to config.private in services/drone/drone-build.service.js are reflected in the server secrets documentation
⚠️	📚 Remember to ensure any changes to config.private in core/base-service/base.js are reflected in the server secrets documentation
⚠️	📚 Remember to ensure any changes to config.private in services/azure-devops/azure-devops-helpers.js are reflected in the server secrets documentation
⚠️	📚 Remember to ensure any changes to config.private in services/jira/jira-issue.tester.js are reflected in the server secrets documentation
⚠️	📚 Remember to ensure any changes to config.private in services/jira/jira-test-helpers.js are reflected in the server secrets documentation
⚠️	📚 Remember to ensure any changes to config.private in services/symfony/symfony-insight-base.js are reflected in the server secrets documentation
⚠️	📚 Remember to ensure any changes to config.private in server.js are reflected in the server secrets documentation
⚠️	📚 Remember to ensure any changes to config.private in services/wheelmap/wheelmap.tester.js are reflected in the server secrets documentation
⚠️	📚 Remember to ensure any changes to config.private in services/bintray/bintray.service.js are reflected in the server secrets documentation
⚠️	📚 Remember to ensure any changes to config.private in services/azure-devops/azure-devops-tests.service.js are reflected in the server secrets documentation
⚠️	This PR modified service code for bintray but not its test code. That's okay so long as it's refactoring existing code.
⚠️	📚 Remember to ensure any changes to config.private in core/base-service/base.spec.js are reflected in the server secrets documentation
⚠️	This PR modified service code for azure-devops but not its test code. That's okay so long as it's refactoring existing code.
⚠️	📚 Remember to ensure any changes to config.private in services/jira/jira-issue.service.js are reflected in the server secrets documentation
⚠️	📚 Remember to ensure any changes to config.private in services/azure-devops/azure-devops-coverage.service.js are reflected in the server secrets documentation

	Messages
📖	✨ Thanks for your contribution to Shields, @paulmelnikow!

Generated by 🚫 dangerJS against c9cebbc

[calebcartwright]

Know this is still a WIP, but I just finished a quick browse through the current set of changes and wanted to say it's looking good!

[calebcartwright]

💯

[calebcartwright]

I'm ready to approve and excited about this change! Are you working on those lint errors already? If not I'll fix and add a commit

[calebcartwright]

That nexus test timeout is unrelated (it's one of more more notoriously slow tests), so i'm going to remove it from the title

[calebcartwright]

🚀

[shields-deployment]

This pull request was merged to master branch. This change is now waiting for deployment, which will usually happen within a few days. Stay tuned by joining our #ops channel on Discord!

After deployment, changes are copied to gh-pages branch:

[paulmelnikow]

Thanks for the review! This was a big one 😄