Add UI to configure short lived token expiry

jenkinsci · Apr 10, 2024 · 3cc404b · 3cc404b
1 parent e1b12b3
commit 3cc404b
Show file tree

Hide file tree

Showing 8 changed files with 68 additions and 9 deletions.
diff --git a/src/main/java/hudson/plugins/gradle/injection/BuildScanEnvironmentContributor.java b/src/main/java/hudson/plugins/gradle/injection/BuildScanEnvironmentContributor.java
@@ -45,7 +45,9 @@ public void buildEnvironmentFor(@Nonnull Run run, @Nonnull EnvVars envs, @Nonnul
         Secret shortLivedToken = null;
         DevelocityLogger logger = new DevelocityLogger(listener);
         if (secretKey != null && DevelocityAccessKey.isValid(secretKey.getPlainText())) {
-            shortLivedToken = tokenClient.get(InjectionConfig.get().getServer(), DevelocityAccessKey.parse(secretKey.getPlainText()))
+            shortLivedToken = tokenClient.get(InjectionConfig.get().getServer(),
+                    DevelocityAccessKey.parse(secretKey.getPlainText()),
+                    InjectionConfig.get().getShortLivedTokenExpiry())
                 .map(k -> Secret.fromString(k.getRawAccessKey()))
                 .orElse(null);
         } else {

diff --git a/src/main/java/hudson/plugins/gradle/injection/InjectionConfig.java b/src/main/java/hudson/plugins/gradle/injection/InjectionConfig.java
@@ -12,6 +12,7 @@
 import hudson.util.VersionNumber;
 import jenkins.model.GlobalConfiguration;
 import net.sf.json.JSONObject;
+import org.apache.commons.lang3.StringUtils;
 import org.kohsuke.accmod.Restricted;
 import org.kohsuke.accmod.restrictions.NoExternalUse;
 import org.kohsuke.stapler.DataBoundSetter;
@@ -54,6 +55,7 @@ public class InjectionConfig extends GlobalConfiguration {
     private String server;
     private boolean allowUntrusted;
     private Secret accessKey;
+    private Integer shortLivedTokenExpiry;
 
     private String gradlePluginVersion;
     private String ccudPluginVersion;
@@ -154,6 +156,16 @@ public void setAccessKey(Secret accessKey) {
         }
     }
 
+    @CheckForNull
+    public Integer getShortLivedTokenExpiry() {
+        return shortLivedTokenExpiry;
+    }
+
+    @DataBoundSetter
+    public void setShortLivedTokenExpiry(Integer shortLivedTokenExpiry) {
+        this.shortLivedTokenExpiry = shortLivedTokenExpiry;
+    }
+
     @CheckForNull
     public String getGradlePluginRepositoryUsername() {
         return gradlePluginRepositoryUsername;
@@ -401,6 +413,19 @@ public FormValidation doCheckAccessKey(@QueryParameter String value) {
             : FormValidation.error(Messages.InjectionConfig_InvalidAccessKey());
     }
 
+    @Restricted(NoExternalUse.class)
+    @POST
+    public FormValidation doCheckShortLivedTokenExpiry(@QueryParameter String value) {
+        String shortLivedTokenExpiry = Util.fixEmptyAndTrim(value);
+        if (shortLivedTokenExpiry == null) {
+            return FormValidation.ok();
+        }
+
+        return StringUtils.isNumeric(shortLivedTokenExpiry) && new Integer(shortLivedTokenExpiry) <= 24
+            ? FormValidation.ok()
+            : FormValidation.error(Messages.InjectionConfig_InvalidShortLivedTokenExpiry());
+    }
+
     @Restricted(NoExternalUse.class)
     @POST
     public FormValidation doCheckMavenExtensionCustomCoordinates(@QueryParameter String value) {

diff --git a/src/main/java/hudson/plugins/gradle/injection/token/ShortLivedTokenClient.java b/src/main/java/hudson/plugins/gradle/injection/token/ShortLivedTokenClient.java
@@ -29,8 +29,11 @@ public ShortLivedTokenClient() {
     }
 
     @SuppressFBWarnings("NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE")
-    public Optional<DevelocityAccessKey> get(String server, DevelocityAccessKey accessKey) {
+    public Optional<DevelocityAccessKey> get(String server, DevelocityAccessKey accessKey, Integer expiry) {
         String url = normalize(server) + "api/auth/token";
+        if (expiry != null) {
+            url = url + "?expiry=" + expiry;
+        }
 
         Request request = new Request.Builder()
             .url(url)

diff --git a/src/main/resources/hudson/plugins/gradle/Messages.properties b/src/main/resources/hudson/plugins/gradle/Messages.properties
@@ -6,5 +6,6 @@ InjectionConfig.Required=Required.
 InjectionConfig.InvalidUrl=Not a valid URL.
 InjectionConfig.InvalidVersion=Not a valid version.
 InjectionConfig.InvalidAccessKey=Not a valid access key.
+InjectionConfig.InvalidShortLivedTokenExpiry=Should be a integer between 1 and 24.
 
 InjectionConfig.InvalidMavenExtensionCustomCoordinates=Not a valid Maven groupId:artifactId(:version).
diff --git a/src/main/resources/hudson/plugins/gradle/injection/InjectionConfig/config.jelly b/src/main/resources/hudson/plugins/gradle/injection/InjectionConfig/config.jelly
@@ -41,6 +41,9 @@
                     </div>
                     <f:password/>
                 </f:entry>
+                <f:entry title="${%Develocity short-lived access tokens expiry}" field="shortLivedTokenExpiry">
+                    <f:textbox checkMethod="post"/>
+                </f:entry>
             </f:section>
 
             <f:section title="${%General settings}">

diff --git a/...resources/hudson/plugins/gradle/injection/InjectionConfig/help-shortLivedTokenExpiry.html b/...resources/hudson/plugins/gradle/injection/InjectionConfig/help-shortLivedTokenExpiry.html
@@ -0,0 +1,4 @@
+<div>
+    The short-lived token expiry in hours. Default is 2 hours.
+    See <a href="https://docs.gradle.com/enterprise/api-manual/#short_lived_access_tokens">docs</a>.
+</div>
diff --git a/src/test/groovy/hudson/plugins/gradle/injection/BuildScanEnvironmentContributorTest.groovy b/src/test/groovy/hudson/plugins/gradle/injection/BuildScanEnvironmentContributorTest.groovy
@@ -85,7 +85,7 @@ class BuildScanEnvironmentContributorTest extends BaseJenkinsIntegrationTest {
         config.setAccessKey(Secret.fromString(accessKey))
         config.save()
 
-        shortLivedTokenClient.get(config.getServer(), DevelocityAccessKey.parse(accessKey)) >> Optional.of(DevelocityAccessKey.of('localhost', 'xyz'))
+        shortLivedTokenClient.get(config.getServer(), DevelocityAccessKey.parse(accessKey), null) >> Optional.of(DevelocityAccessKey.of('localhost', 'xyz'))
 
         when:
         buildScanEnvironmentContributor.buildEnvironmentFor(run, new EnvVars(), TaskListener.NULL)
@@ -126,7 +126,7 @@ class BuildScanEnvironmentContributorTest extends BaseJenkinsIntegrationTest {
         config.setGradlePluginRepositoryPassword(Secret.fromString("foo"))
         config.save()
 
-        shortLivedTokenClient.get(config.getServer(), DevelocityAccessKey.parse(accessKey)) >> Optional.of(DevelocityAccessKey.of('localhost', 'xyz'))
+        shortLivedTokenClient.get(config.getServer(), DevelocityAccessKey.parse(accessKey), null) >> Optional.of(DevelocityAccessKey.of('localhost', 'xyz'))
 
 
         when:

diff --git a/src/test/groovy/hudson/plugins/gradle/injection/token/ShortLivedTokenClientTest.groovy b/src/test/groovy/hudson/plugins/gradle/injection/token/ShortLivedTokenClientTest.groovy
@@ -10,15 +10,36 @@ class ShortLivedTokenClientTest extends Specification {
         given:
         def mockDevelocity = GroovyEmbeddedApp.of {
             handlers {
-                post("/api/auth/token") {
+                post("api/auth/token") {
                     response.status(200)
                     response.send('some-token')
                 }
             }
         }
 
         when:
-        def token = new ShortLivedTokenClient().get(mockDevelocity.address.toString(), DevelocityAccessKey.parse('localhost=xyz'))
+        def token = new ShortLivedTokenClient().get(mockDevelocity.address.toString(), DevelocityAccessKey.parse('localhost=xyz'), null)
+
+        then:
+        token.get().key == 'some-token'
+        token.get().hostname == mockDevelocity.address.host
+    }
+
+    def "get token with expiry"() {
+        given:
+        def mockDevelocity = GroovyEmbeddedApp.of {
+            handlers {
+                post("api/auth/token") {
+                    if (request.queryParams.get('expiry') == '3') {
+                        response.status(200)
+                        response.send('some-token')
+                    }
+                }
+            }
+        }
+
+        when:
+        def token = new ShortLivedTokenClient().get(mockDevelocity.address.toString(), DevelocityAccessKey.parse('localhost=xyz'), 3)
 
         then:
         token.get().key == 'some-token'
@@ -29,23 +50,23 @@ class ShortLivedTokenClientTest extends Specification {
         given:
         def mockDevelocity = GroovyEmbeddedApp.of {
             handlers {
-                post("/api/auth/token") {
+                post("api/auth/token") {
                     response.status(401)
                     response.send('{"status":401,"type":"urn:gradle:develocity:api:problems:client-error","title":"Something was wrong with the request."}')
                 }
             }
         }
 
         when:
-        def token = new ShortLivedTokenClient().get(mockDevelocity.address.toString(), DevelocityAccessKey.parse('localhost=xyz'))
+        def token = new ShortLivedTokenClient().get(mockDevelocity.address.toString(), DevelocityAccessKey.parse('localhost=xyz'), null)
 
         then:
         !token.isPresent()
     }
 
     def "get token sever fails with exception"() {
         when:
-        def token = new ShortLivedTokenClient().get('http://localhost:8888', DevelocityAccessKey.parse('localhost=xyz'))
+        def token = new ShortLivedTokenClient().get('http://localhost:8888', DevelocityAccessKey.parse('localhost=xyz'), null)
 
         then:
         !token.isPresent()