-
Notifications
You must be signed in to change notification settings - Fork 140
/
VaultFileCredentialImpl.java
131 lines (104 loc) · 4 KB
/
VaultFileCredentialImpl.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
package com.datapipe.jenkins.vault.credentials.common;
import com.cloudbees.plugins.credentials.CredentialsScope;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Extension;
import hudson.model.Item;
import hudson.model.ItemGroup;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.util.Map;
import java.util.UUID;
import jenkins.model.Jenkins;
import net.sf.json.JSONObject;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;
import static com.datapipe.jenkins.vault.configuration.VaultConfiguration.engineVersions;
import static com.datapipe.jenkins.vault.credentials.common.VaultHelper.getVaultSecret;
import static com.datapipe.jenkins.vault.credentials.common.VaultHelper.getVaultSecretKey;
public class VaultFileCredentialImpl extends AbstractVaultBaseStandardCredentials implements VaultFileCredential {
private static final long serialVersionUID = 1L;
private String fileName;
private Boolean useKey;
private String vaultKey;
@DataBoundConstructor
public VaultFileCredentialImpl(CredentialsScope scope, String id,
String description) {
super(scope, id, description);
this.fileName = UUID.randomUUID().toString();
}
@NonNull
public String getVaultKey() {
return vaultKey;
}
@DataBoundSetter
public void setVaultKey(String vaultKey) {
this.vaultKey = vaultKey;
}
@NonNull
public Boolean getUseKey() {
return useKey;
}
@DataBoundSetter
public void setUseKey(Boolean useKey) {
this.useKey = useKey;
}
@NonNull
public String getFileName() {
return fileName;
}
@NonNull
@Override
public InputStream getContent() {
String content;
if (useKey != null && useKey) {
content = getVaultSecretKeyValue(vaultKey);
} else {
Map<String, String> s = getVaultSecretValue();
content = JSONObject.fromObject(s).toString();
}
return new ByteArrayInputStream(content.getBytes(StandardCharsets.UTF_8));
}
@Extension
public static class DescriptorImpl extends BaseStandardCredentialsDescriptor {
@Override
public String getDisplayName() {
return "Vault Secret File Credential";
}
public FormValidation doTestConnection(
@AncestorInPath ItemGroup<Item> context,
@QueryParameter("path") String path,
@QueryParameter("useKey") Boolean useKey,
@QueryParameter("vaultKey") String vaultKey,
@QueryParameter("prefixPath") String prefixPath,
@QueryParameter("namespace") String namespace,
@QueryParameter("engineVersion") Integer engineVersion) {
Jenkins.get().checkPermission(Jenkins.ADMINISTER);
String okMessage = "Successfully retrieved secret " + path;
if(useKey) {
try {
getVaultSecretKey(path, vaultKey, prefixPath, namespace, engineVersion, context);
} catch (Exception e) {
return FormValidation.error("FAILED to retrieve key '" + vaultKey + "' Vault secret: \n" + e);
}
okMessage += " with key " + vaultKey;
} else {
try {
getVaultSecret(path, prefixPath, namespace, engineVersion, context);
} catch (Exception e) {
return FormValidation.error("FAILED to retrieve Vault secret: \n" + e);
}
}
return FormValidation
.ok(okMessage);
}
@SuppressWarnings("unused") // used by stapler
public ListBoxModel doFillEngineVersionItems(@AncestorInPath Item context) {
return engineVersions(context);
}
}
}