[JENKINS-38830] Added support for tracking credentials.

Author: iwarapter

pom.xml

@@ -122,7 +122,7 @@
     <dependency>
       <groupId>org.jenkins-ci.plugins</groupId>
       <artifactId>credentials</artifactId>
-      <version>2.1.0</version>
+      <version>2.1.1</version>
     </dependency>
     <dependency>
       <groupId>org.jenkins-ci.plugins</groupId>

src/main/java/com/cloudbees/jenkins/plugins/sshagent/SSHAgentBuildWrapper.java

@@ -204,6 +204,7 @@ public void preCheckout(AbstractBuild build, Launcher launcher, BuildListener li
                     SSHUserPrivateKey.class,
                     build
             );
+            CredentialsProvider.track(build, c);
             if (c == null && !ignoreMissing) {
                 IOException ioe = new IOException(Messages.SSHAgentBuildWrapper_CredentialsNotFound());
                 ioe.printStackTrace(listener.fatalError(""));

src/main/java/com/cloudbees/jenkins/plugins/sshagent/SSHAgentStepExecution.java

@@ -142,6 +142,7 @@ private void initRemoteAgent() throws IOException {
         List<SSHUserPrivateKey> userPrivateKeys = new ArrayList<SSHUserPrivateKey>();
         for (String id : new LinkedHashSet<String>(step.getCredentials())) {
             final SSHUserPrivateKey c = CredentialsProvider.findCredentialById(id, SSHUserPrivateKey.class, build);
+            CredentialsProvider.track(build, c);
             if (c == null && !step.isIgnoreMissing()) {
                 listener.fatalError(Messages.SSHAgentBuildWrapper_CredentialsNotFound());
             }

src/test/java/com/cloudbees/jenkins/plugins/sshagent/SSHAgentBuildWrapperTest.java

@@ -2,8 +2,10 @@
 
 import com.cloudbees.jenkins.plugins.sshcredentials.SSHUserPrivateKey;
 import com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey;
+import com.cloudbees.plugins.credentials.CredentialsProvider;
 import com.cloudbees.plugins.credentials.CredentialsScope;
 import com.cloudbees.plugins.credentials.SystemCredentialsProvider;
+import hudson.model.Fingerprint;
 import hudson.model.FreeStyleProject;
 import hudson.model.Result;
 import hudson.tasks.Shell;
@@ -13,8 +15,15 @@
 import org.junit.Rule;
 import org.junit.Test;
 import org.jvnet.hudson.test.BuildWatcher;
+import org.jvnet.hudson.test.Issue;
 import org.jvnet.hudson.test.JenkinsRule;
 
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.core.IsCollectionContaining.hasItem;
+import static org.hamcrest.core.IsNull.notNullValue;
+import static org.hamcrest.core.IsNull.nullValue;
+
 public class SSHAgentBuildWrapperTest extends SSHAgentBase {
 
     @Rule
@@ -138,4 +147,43 @@ public void sshAgentWithInvalidCredentials() throws Exception {
 
         stopMockSSHServer();
     }
+
+    @Issue("JENKINS-38830")
+    @Test
+    public void testTrackingOfCredential() throws Exception {
+        startMockSSHServer();
+
+        List<String> credentialIds = new ArrayList<String>();
+        credentialIds.add(CREDENTIAL_ID);
+
+        SSHUserPrivateKey key = new BasicSSHUserPrivateKey(CredentialsScope.GLOBAL, credentialIds.get(0), "cloudbees",
+          new BasicSSHUserPrivateKey.DirectEntryPrivateKeySource(getPrivateKey()), "cloudbees", "test");
+        SystemCredentialsProvider.getInstance().getCredentials().add(key);
+        SystemCredentialsProvider.getInstance().save();
+
+        Fingerprint fingerprint = CredentialsProvider.getFingerprintOf(key);
+        assertThat("No fingerprint created until first use", fingerprint, nullValue());
+
+        FreeStyleProject job = r.createFreeStyleProject();
+
+        SSHAgentBuildWrapper sshAgent = new SSHAgentBuildWrapper(credentialIds, false);
+        job.getBuildWrappersList().add(sshAgent);
+
+        Shell shell = new Shell("set | grep SSH_AUTH_SOCK "
+          + "&& ssh-add -l "
+          + "&& ssh -o NoHostAuthenticationForLocalhost=yes -o StrictHostKeyChecking=no -p " + getAssignedPort()
+          + " -v -l cloudbees " + SSH_SERVER_HOST);
+        job.getBuildersList().add(shell);
+
+        r.assertBuildStatusSuccess(job.scheduleBuild2(0));
+
+        fingerprint = CredentialsProvider.getFingerprintOf(key);
+        assertThat(fingerprint, notNullValue());
+        assertThat(fingerprint.getJobs(), hasItem(is(job.getFullName())));
+        Fingerprint.RangeSet rangeSet = fingerprint.getRangeSet(job);
+        assertThat(rangeSet, notNullValue());
+        assertThat(rangeSet.includes(job.getLastBuild().getNumber()), is(true));
+
+        stopMockSSHServer();
+    }
 }

src/test/java/com/cloudbees/jenkins/plugins/sshagent/SSHAgentStepWorkflowTest.java

@@ -2,9 +2,13 @@
 
 import com.cloudbees.jenkins.plugins.sshcredentials.SSHUserPrivateKey;
 import com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey;
+import com.cloudbees.plugins.credentials.CredentialsProvider;
 import com.cloudbees.plugins.credentials.CredentialsScope;
 import com.cloudbees.plugins.credentials.SystemCredentialsProvider;
+import com.cloudbees.plugins.credentials.domains.Domain;
 import hudson.Util;
+import hudson.model.Fingerprint;
+import hudson.util.Secret;
 import org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition;
 import org.jenkinsci.plugins.workflow.cps.CpsFlowExecution;
 import org.jenkinsci.plugins.workflow.job.WorkflowJob;
@@ -15,6 +19,7 @@
 import org.junit.Test;
 import org.junit.runners.model.Statement;
 import org.jvnet.hudson.test.BuildWatcher;
+import org.jvnet.hudson.test.Issue;
 import org.jvnet.hudson.test.JenkinsRule;
 import org.jvnet.hudson.test.RestartableJenkinsRule;
 
@@ -24,6 +29,10 @@
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.core.IsCollectionContaining.hasItem;
+import static org.hamcrest.core.IsNull.notNullValue;
+import static org.hamcrest.core.IsNull.nullValue;
 import static org.junit.Assert.*;
 
 public class SSHAgentStepWorkflowTest extends SSHAgentBase {
@@ -141,4 +150,45 @@ public void evaluate() throws Throwable {
 
     }
 
+    @Issue("JENKINS-38830")
+    @Test
+    public void testTrackingOfCredential() {
+
+
+        story.addStep(new Statement() {
+            @Override
+            public void evaluate() throws Throwable {
+                startMockSSHServer();
+
+                List<String> credentialIds = new ArrayList<String>();
+                credentialIds.add(CREDENTIAL_ID);
+
+                SSHUserPrivateKey key = new BasicSSHUserPrivateKey(CredentialsScope.GLOBAL, credentialIds.get(0), "cloudbees",
+                  new BasicSSHUserPrivateKey.DirectEntryPrivateKeySource(getPrivateKey()), "cloudbees", "test");
+                SystemCredentialsProvider.getInstance().getCredentials().add(key);
+                SystemCredentialsProvider.getInstance().save();
+
+                Fingerprint fingerprint = CredentialsProvider.getFingerprintOf(key);
+
+                WorkflowJob job = story.j.jenkins.createProject(WorkflowJob.class, "sshAgentAvailable");
+                job.setDefinition(new CpsFlowDefinition(""
+                  + "node {\n"
+                  + "  sshagent (credentials: ['" + CREDENTIAL_ID + "']) {\n"
+                  + "    sh 'ls -l $SSH_AUTH_SOCK && ssh -o StrictHostKeyChecking=no -p " + getAssignedPort() + " -v -l cloudbees " + SSH_SERVER_HOST + "'\n"
+                  + "  }\n"
+                  + "}\n", true)
+                );
+
+                assertThat("No fingerprint created until first use", fingerprint, nullValue());
+
+                story.j.assertBuildStatusSuccess(job.scheduleBuild2(0));
+
+                fingerprint = CredentialsProvider.getFingerprintOf(key);
+                assertThat(fingerprint, notNullValue());
+                assertThat(fingerprint.getJobs(), hasItem(is(job.getFullName())));
+
+                stopMockSSHServer();
+            }
+        });
+    }
 }