Package com.cloudbees.plugins.credentials

Class CredentialsProvider

    • Field Detail

      • GROUP

        public static final PermissionGroup GROUP
        The permission group for credentials.
        Since:
        1.8

      • USE_OWN

        public static final Permission USE_OWN
        Where an immediate action against a job requires that a credential be selected by the user triggering the action, this permission allows the user to select a credential from their private credential store. Immediate actions could include: building with parameters, tagging a build, deploying artifacts, etc.
        Since:
        1.16

      • USE_ITEM

        public static final Permission USE_ITEM
        Where an immediate action against a job requires that a credential be selected by the user triggering the action, this permission allows the user to select a credential from those credentials available within the scope of the job. Immediate actions could include: building with parameters, tagging a build, deploying artifacts, etc. This permission is implied by Item.CONFIGURE as anyone who can configure the job can configure the job to use credentials within the item scope anyway.
        Since:
        1.16

      • MANAGE_DOMAINS

        public static final Permission MANAGE_DOMAINS
        The permission for managing credential domains in a CredentialsStore.
        Since:
        1.8

    • Constructor Detail

      • CredentialsProvider

        public CredentialsProvider()
        Default constructor.

    • Method Detail

      • lookupCredentials

        @NonNull
public static <C extends CredentialsList<C> lookupCredentials​(@NonNull
                                                                Class<C> type,
                                                                @Nullable
                                                                ItemGroup itemGroup,
                                                                @Nullable
                                                                Authentication authentication,
                                                                @Nullable
                                                                DomainRequirement... domainRequirements)
        Returns all credentials which are available to the specified Authentication for use by the Items in the specified ItemGroup.
        Type Parameters:
        C - the credentials type.
        Parameters:
        type - the type of credentials to get.
        itemGroup - the item group.
        authentication - the authentication.
        domainRequirements - the credential domains to match.
        Returns:
        the list of credentials.
        Since:
        1.5

      • lookupCredentials

        @NonNull
public static <C extends CredentialsList<C> lookupCredentials​(@NonNull
                                                                Class<C> type,
                                                                @Nullable
                                                                ItemGroup itemGroup,
                                                                @Nullable
                                                                Authentication authentication,
                                                                @Nullable
                                                                List<DomainRequirement> domainRequirements)
        Returns all credentials which are available to the specified Authentication for use by the Items in the specified ItemGroup.
        Type Parameters:
        C - the credentials type.
        Parameters:
        type - the type of credentials to get.
        itemGroup - the item group.
        authentication - the authentication.
        domainRequirements - the credential domains to match.
        Returns:
        the list of credentials.
        Since:
        1.5

      • lookupCredentials

        @NonNull
public static <C extends CredentialsList<C> lookupCredentials​(@NonNull
                                                                Class<C> type,
                                                                @Nullable
                                                                Item item,
                                                                @Nullable
                                                                Authentication authentication,
                                                                DomainRequirement... domainRequirements)
        Returns all credentials which are available to the specified Authentication for use by the specified Item.
        Type Parameters:
        C - the credentials type.
        Parameters:
        type - the type of credentials to get.
        authentication - the authentication.
        item - the item.
        domainRequirements - the credential domains to match.
        Returns:
        the list of credentials.
        Since:
        1.5

      • lookupCredentials

        @NonNull
public static <C extends CredentialsList<C> lookupCredentials​(@NonNull
                                                                Class<C> type,
                                                                @Nullable
                                                                Item item,
                                                                @Nullable
                                                                Authentication authentication,
                                                                @Nullable
                                                                List<DomainRequirement> domainRequirements)
        Returns all credentials which are available to the specified Authentication for use by the specified Item.
        Type Parameters:
        C - the credentials type.
        Parameters:
        type - the type of credentials to get.
        authentication - the authentication.
        item - the item.
        domainRequirements - the credential domains to match.
        Returns:
        the list of credentials.
        Since:
        1.5

      • lookupScopes

        @CheckForNull
public static Set<CredentialsScope> lookupScopes​(ModelObject object)
        Returns the scopes allowed for credentials stored within the specified object or null if the object is not relevant for scopes and the object's container should be considered instead.
        Parameters:
        object - the object.
        Returns:
        the set of scopes that are relevant for the object or null if the object is not a credentials container.

      • hasStores

        public static boolean hasStores​(ModelObject context)
        Tests if the supplied context has any credentials stores associated with it.
        Parameters:
        context - the context object.
        Returns:
        true if and only if the supplied context has at least one CredentialsStore associated with it.
        Since:
        2.1.5

      • snapshot

        public static <C extends Credentials> C snapshot​(C credential)
        Make a best effort to ensure that the supplied credential is a snapshot credential (i.e. self-contained and does not reference any external stores). WARNING: May produce unusual results if presented an exotic credential that implements multiple distinct credential types at the same time, e.g. a credential that is simultaneously a TLS certificate and a SSH key pair and a GPG key pair all at the same time... unless the author of that credential type also provides a CredentialsSnapshotTaker that can handle such a triple play.
        Type Parameters:
        C - the type of credential.
        Parameters:
        credential - the credential.
        Returns:
        the credential or a snapshot of the credential.
        Since:
        1.14

      • snapshot

        public static <C extends Credentials> C snapshot​(Class<C> clazz,
                                                 C credential)
        Make a best effort to ensure that the supplied credential is a snapshot credential (i.e. self-contained and does not reference any external stores)
        Type Parameters:
        C - the type of credential.
        Parameters:
        clazz - the type of credential that we are trying to snapshot (specified so that if there is more than one type of snapshot able credential interface implemented by the credentials, then they can be separated out.
        credential - the credential.
        Returns:
        the credential or a snapshot of the credential.
        Since:
        1.14

      • findCredentialById

        @CheckForNull
public static <C extends IdCredentials> C findCredentialById​(@NonNull
                                                             String id,
                                                             @NonNull
                                                             Class<C> type,
                                                             @NonNull
                                                             Run<?,​?> run,
                                                             DomainRequirement... domainRequirements)
        A common requirement for plugins is to resolve a specific credential by id in the context of a specific run. Given that the credential itself could be resulting from a build parameter expression and the complexities of determining the scope of items from which the credential should be resolved in a chain of builds, this method provides the correct answer.
        Type Parameters:
        C - the credentials type.
        Parameters:
        id - either the id of the credential to find or a parameter expression for the id.
        type - the type of credential to find.
        run - the Run defining the context within which to find the credential.
        domainRequirements - the domain requirements of the credential.
        Returns:
        the credential or null if either the credential cannot be found or the user triggering the run is not permitted to use the credential in the context of the run.
        Since:
        1.16

      • findCredentialById

        @CheckForNull
public static <C extends IdCredentials> C findCredentialById​(@NonNull
                                                             String id,
                                                             @NonNull
                                                             Class<C> type,
                                                             @NonNull
                                                             Run<?,​?> run,
                                                             @Nullable
                                                             List<DomainRequirement> domainRequirements)
        A common requirement for plugins is to resolve a specific credential by id in the context of a specific run. Given that the credential itself could be resulting from a build parameter expression and the complexities of determining the scope of items from which the credential should be resolved in a chain of builds, this method provides the correct answer.
        Type Parameters:
        C - the credentials type.
        Parameters:
        id - either the id of the credential to find or a parameter expression for the id.
        type - the type of credential to find.
        run - the Run defining the context within which to find the credential.
        domainRequirements - the domain requirements of the credential.
        Returns:
        the credential or null if either the credential cannot be found or the user triggering the run is not permitted to use the credential in the context of the run.
        Since:
        1.16

      • isEnabled

        public boolean isEnabled​(Object context)
        Returns true if this CredentialsProvider is enabled in the specified context.
        Parameters:
        context - the context.
        Returns:
        true if this CredentialsProvider is enabled in the specified context.
        Since:
        2.0

      • getScopes

        public Set<CredentialsScope> getScopes​(ModelObject object)
        Returns the scopes allowed for credentials stored within the specified object or null if the object is not relevant for scopes and the object's container should be considered instead.
        Parameters:
        object - the object.
        Returns:
        the set of scopes that are relevant for the object or null if the object is not a credentials container.

      • getCredentials

        @NonNull
public abstract <C extends CredentialsList<C> getCredentials​(@NonNull
                                                               Class<C> type,
                                                               @Nullable
                                                               ItemGroup itemGroup,
                                                               @Nullable
                                                               Authentication authentication)
        Returns the credentials provided by this provider which are available to the specified Authentication for items in the specified ItemGroup
        Type Parameters:
        C - the credentials type.
        Parameters:
        type - the type of credentials to return.
        itemGroup - the item group (if null assume Jenkins.get().
        authentication - the authentication (if null assume ACL.SYSTEM.
        Returns:
        the list of credentials.

      • getCredentials

        @NonNull
public <C extends CredentialsList<C> getCredentials​(@NonNull
                                                      Class<C> type,
                                                      @Nullable
                                                      ItemGroup itemGroup,
                                                      @Nullable
                                                      Authentication authentication,
                                                      @NonNull
                                                      List<DomainRequirement> domainRequirements)
        Returns the credentials provided by this provider which are available to the specified Authentication for items in the specified ItemGroup and are appropriate for the specified .plugins.credentials.domains.DomainRequirements.
        Type Parameters:
        C - the credentials type.
        Parameters:
        type - the type of credentials to return.
        itemGroup - the item group (if null assume Jenkins.get().
        authentication - the authentication (if null assume ACL.SYSTEM.
        domainRequirements - the credential domains to match (if the CredentialsProvider does not support DomainRequirements then it should assume the match is true).
        Returns:
        the list of credentials.
        Since:
        1.5

      • getCredentials

        @NonNull
public <C extends CredentialsList<C> getCredentials​(@NonNull
                                                      Class<C> type,
                                                      @NonNull
                                                      Item item,
                                                      @Nullable
                                                      Authentication authentication)
        Returns the credentials provided by this provider which are available to the specified Authentication for the specified Item
        Type Parameters:
        C - the credentials type.
        Parameters:
        type - the type of credentials to return.
        item - the item.
        authentication - the authentication (if null assume ACL.SYSTEM.
        Returns:
        the list of credentials.

      • getCredentials

        @NonNull
public <C extends CredentialsList<C> getCredentials​(@NonNull
                                                      Class<C> type,
                                                      @NonNull
                                                      Item item,
                                                      @Nullable
                                                      Authentication authentication,
                                                      @NonNull
                                                      List<DomainRequirement> domainRequirements)
        Returns the credentials provided by this provider which are available to the specified Authentication for the specified Item and are appropriate for the specified DomainRequirements.
        Type Parameters:
        C - the credentials type.
        Parameters:
        type - the type of credentials to return.
        item - the item.
        authentication - the authentication (if null assume ACL.SYSTEM.
        domainRequirements - the credential domain to match.
        Returns:
        the list of credentials.
        Since:
        1.5

      • _isApplicable

        protected boolean _isApplicable​(Descriptor<?> descriptor)
        CredentialsProvider subtypes can override this method to veto some Descriptors from being available from their store. This is often useful when you are building a custom store that holds a specific type of credentials or where you want to limit the number of choices given to the users.
        Parameters:
        descriptor - the Descriptor to check.
        Returns:
        true if the supplied Descriptor is applicable in this CredentialsProvider
        Since:
        2.0

      • getFingerprintOf

        @CheckForNull
public static Fingerprint getFingerprintOf​(@NonNull
                                           Credentials c)
                                    throws IOException
        Retrieves the Fingerprint for a specific credential.
        Parameters:
        c - the credential.
        Returns:
        the Fingerprint or null if the credential has no fingerprint associated with it.
        Throws:
        IOException - if the credential's fingerprint hash could not be computed.
        Since:
        2.1.1

      • getOrCreateFingerprintOf

        @NonNull
public static Fingerprint getOrCreateFingerprintOf​(@NonNull
                                                   Credentials c)
                                            throws IOException
        Creates a fingerprint that can be used to track the usage of a specific credential.
        Parameters:
        c - the credential to fingerprint.
        Returns:
        the Fingerprint.
        Throws:
        IOException - if the credential's fingerprint hash could not be computed.
        Since:
        2.1.1

      • track

        @CheckForNull
public static <C extends Credentials> C track​(@NonNull
                                              Run build,
                                              @CheckForNull
                                              C credentials)
        Track the usage of credentials in a specific build.
        Type Parameters:
        C - the credentials type.
        Parameters:
        build - the run to tag the fingerprint
        credentials - the credentials to fingerprint.
        Returns:
        the supplied credentials for method chaining.
        Since:
        2.1.1

      • trackAll

        @SafeVarargs
@NonNull
public static <C extends CredentialsList<C> trackAll​(@NonNull
                                                       Run build,
                                                       C... credentials)
        Track the usage of credentials in a specific build.
        Type Parameters:
        C - the credentials type.
        Parameters:
        build - the run to tag the fingerprint
        credentials - the credentials to fingerprint.
        Returns:
        the supplied credentials for method chaining.
        Since:
        2.1.1

      • trackAll

        @NonNull
public static <C extends CredentialsList<C> trackAll​(@NonNull
                                                       Run build,
                                                       @NonNull
                                                       List<C> credentials)
        Track the usage of credentials in a specific build.
        Type Parameters:
        C - the credentials type.
        Parameters:
        build - the run to tag the fingerprint
        credentials - the credentials to fingerprint.
        Returns:
        the supplied credentials for method chaining.
        Since:
        2.1.1

      • track

        @CheckForNull
public static <C extends Credentials> C track​(@NonNull
                                              Node node,
                                              @CheckForNull
                                              C credentials)
        Track the usage of credentials in a specific node. Would be used for example when launching an agent.
        Type Parameters:
        C - the credentials type.
        Parameters:
        node - the node to tag the fingerprint
        credentials - the credentials to fingerprint.
        Returns:
        the supplied credentials for method chaining.
        Since:
        2.1.1

      • trackAll

        @SafeVarargs
@NonNull
public static <C extends CredentialsList<C> trackAll​(@NonNull
                                                       Node node,
                                                       C... credentials)
        Track the usage of credentials in a specific node. Would be used for example when launching an agent.
        Type Parameters:
        C - the credentials type.
        Parameters:
        node - the node to tag the fingerprint
        credentials - the credentials to fingerprint.
        Returns:
        the supplied credentials for method chaining.
        Since:
        2.1.1

      • trackAll

        @NonNull
public static <C extends CredentialsList<C> trackAll​(@NonNull
                                                       Node node,
                                                       @NonNull
                                                       List<C> credentials)
        Track the usage of credentials in a specific node. Would be used for example when launching an agent.
        Type Parameters:
        C - the credentials type.
        Parameters:
        node - the node to tag the fingerprint
        credentials - the credentials to fingerprint.
        Returns:
        the supplied credentials for method chaining.
        Since:
        2.1.1

      • track

        @CheckForNull
public static <C extends Credentials> C track​(@NonNull
                                              Item item,
                                              @CheckForNull
                                              C credentials)
        Track the usage of credentials in a specific item but not associated with a specific build, for example SCM polling.
        Type Parameters:
        C - the credentials type.
        Parameters:
        item - the item to tag the fingerprint against
        credentials - the credentials to fingerprint.
        Returns:
        the supplied credentials for method chaining.
        Since:
        2.1.1

      • trackAll

        @SafeVarargs
@NonNull
public static <C extends CredentialsList<C> trackAll​(@NonNull
                                                       Item item,
                                                       C... credentials)
        Track the usage of credentials in a specific item but not associated with a specific build, for example SCM polling.
        Type Parameters:
        C - the credentials type.
        Parameters:
        item - the item to tag the fingerprint against
        credentials - the credentials to fingerprint.
        Returns:
        the supplied credentials for method chaining.
        Since:
        2.1.1

      • trackAll

        @NonNull
public static <C extends CredentialsList<C> trackAll​(@NonNull
                                                       Item item,
                                                       @NonNull
                                                       List<C> credentials)
        Track the usage of credentials in a specific item but not associated with a specific build, for example SCM polling.
        Type Parameters:
        C - the credentials type.
        Parameters:
        item - the item to tag the fingerprint against
        credentials - the credentials to fingerprint.
        Returns:
        the supplied credentials for method chaining.
        Since:
        2.1.1

      • saveAll

        @Restricted(org.kohsuke.accmod.restrictions.DoNotUse.class)
public static void saveAll()
        A helper method for Groovy Scripting to address use cases such as JENKINS-39317 where all credential stores need to be resaved. As this is a potentially very expensive operation the method has been marked DoNotUse in order to ensure that no plugin attempts to call this method. If invoking this method from an init.d Groovy script, ensure that the call is guarded by a marker file such that