JSON-format username + password

Author: pjdarton

src/main/java/io/jenkins/plugins/credentials/secretsmanager/factory/CredentialsFactory.java

@@ -14,6 +14,7 @@
 import io.jenkins.plugins.credentials.secretsmanager.factory.file.AwsFileCredentials;
 import io.jenkins.plugins.credentials.secretsmanager.factory.ssh_user_private_key.AwsSshUserPrivateKey;
 import io.jenkins.plugins.credentials.secretsmanager.factory.string.AwsStringCredentials;
+import io.jenkins.plugins.credentials.secretsmanager.factory.username_password.AwsJsonUsernamePasswordCredentials;
 import io.jenkins.plugins.credentials.secretsmanager.factory.username_password.AwsUsernamePasswordCredentials;
 
 import java.util.Map;
@@ -46,6 +47,8 @@ public static Optional<StandardCredentials> create(String arn, String name, Stri
                 return Optional.of(new AwsStringCredentials(name, description, new SecretSupplier(client, arn)));
             case Type.usernamePassword:
                 return Optional.of(new AwsUsernamePasswordCredentials(name, description, new SecretSupplier(client, arn), username));
+            case Type.jsonUsernamePassword:
+                return Optional.of(new AwsJsonUsernamePasswordCredentials(name, description, new SecretSupplier(client, arn)));
             case Type.sshUserPrivateKey:
                 return Optional.of(new AwsSshUserPrivateKey(name, description, new StringSupplier(client, arn), username));
             case Type.certificate:

src/main/java/io/jenkins/plugins/credentials/secretsmanager/factory/Type.java

@@ -7,6 +7,7 @@ public abstract class Type {
     public static final String certificate = "certificate";
     public static final String file = "file";
     public static final String usernamePassword = "usernamePassword";
+    public static final String jsonUsernamePassword = "jsonUsernamePassword";
     public static final String sshUserPrivateKey = "sshUserPrivateKey";
     public static final String string = "string";
 

src/main/java/io/jenkins/plugins/credentials/secretsmanager/factory/username_password/AwsJsonUsernamePasswordCredentials.java

@@ -0,0 +1,77 @@
+package io.jenkins.plugins.credentials.secretsmanager.factory.username_password;
+
+import java.util.function.Supplier;
+
+import javax.annotation.Nonnull;
+
+import org.kohsuke.accmod.Restricted;
+import org.kohsuke.accmod.restrictions.NoExternalUse;
+
+import com.cloudbees.plugins.credentials.CredentialsProvider;
+import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
+
+import edu.umd.cs.findbugs.annotations.NonNull;
+import hudson.Extension;
+import hudson.util.Secret;
+import io.jenkins.plugins.credentials.secretsmanager.AwsCredentialsProvider;
+import io.jenkins.plugins.credentials.secretsmanager.Messages;
+import io.jenkins.plugins.credentials.secretsmanager.factory.BaseAwsJsonCredentials;
+
+/**
+ * Similar to {@link AwsUsernamePasswordCredentials} but expects the AWS secret
+ * data to be JSON containing two fields, {@value #JSON_FIELDNAME_FOR_USERNAME}
+ * and {@value #JSON_FIELDNAME_FOR_PASSWORD} that provide both the username and
+ * password. The secret JSON may contain other fields too, but we'll ignore
+ * them.
+ */
+public class AwsJsonUsernamePasswordCredentials extends BaseAwsJsonCredentials
+        implements StandardUsernamePasswordCredentials {
+    /**
+     * Name of the JSON field that we expect to be present and to contain the
+     * credential's username.
+     */
+    @Restricted(NoExternalUse.class)
+    public static final String JSON_FIELDNAME_FOR_USERNAME = "username";
+    /**
+     * Name of the JSON field that we expect to be present and to contain the
+     * credential's password.
+     */
+    @Restricted(NoExternalUse.class)
+    public static final String JSON_FIELDNAME_FOR_PASSWORD = "password";
+
+    public AwsJsonUsernamePasswordCredentials(String id, String description, Supplier<Secret> usernameAndPasswordJson) {
+        super(id, description, usernameAndPasswordJson);
+    }
+
+    @NonNull
+    @Override
+    public Secret getPassword() {
+        return Secret.fromString(getFieldFromSecretJson(JSON_FIELDNAME_FOR_PASSWORD));
+    }
+
+    @NonNull
+    @Override
+    public String getUsername() {
+        return getFieldFromSecretJson(JSON_FIELDNAME_FOR_USERNAME);
+    }
+
+    @Extension
+    @SuppressWarnings("unused")
+    public static class DescriptorImpl extends BaseStandardCredentialsDescriptor {
+        @Override
+        @Nonnull
+        public String getDisplayName() {
+            return Messages.usernamePassword();
+        }
+
+        @Override
+        public String getIconClassName() {
+            return "icon-credentials-userpass";
+        }
+
+        @Override
+        public boolean isApplicable(CredentialsProvider provider) {
+            return provider instanceof AwsCredentialsProvider;
+        }
+    }
+}

src/test/java/io/jenkins/plugins/credentials/secretsmanager/factory/username_password/AwsJsonUsernamePasswordCredentialsTest.java

@@ -0,0 +1,102 @@
+package io.jenkins.plugins.credentials.secretsmanager.factory.username_password;
+
+import static io.jenkins.plugins.credentials.secretsmanager.factory.BaseAwsJsonCredentialsTest.mkJson;
+import static io.jenkins.plugins.credentials.secretsmanager.factory.BaseAwsJsonCredentialsTest.assertThatJsonCredentialsDescriptorIsTheSameAsTheDescriptorForNonJsonCredentials;
+import static org.assertj.core.api.Assertions.assertThat;
+
+import java.util.function.Supplier;
+
+import org.junit.Test;
+
+import com.cloudbees.plugins.credentials.CredentialsUnavailableException;
+
+import hudson.util.Secret;
+import io.jenkins.plugins.credentials.secretsmanager.Messages;
+import io.jenkins.plugins.credentials.secretsmanager.factory.BaseAwsJsonCredentialsTest.StubSupplier;
+
+public class AwsJsonUsernamePasswordCredentialsTest {
+    @Test
+    public void getPasswordGivenValidJsonThenReturnsSecretPassword() {
+        // Given
+        final String id = "testId";
+        final String description = "some test description";
+        final String expected = "mySecretPassword";
+        final String usernamePasswordJson = mkUsernameAndPasswordJson("myUsername", expected);
+        final Secret stubSecret = Secret.fromString(usernamePasswordJson);
+        final Supplier<Secret> stubSupplier = new StubSupplier<>(stubSecret);
+        final AwsJsonUsernamePasswordCredentials instance = new AwsJsonUsernamePasswordCredentials(id, description,
+                stubSupplier);
+
+        // When
+        final Secret actualSecret = instance.getPassword();
+        final String actualPassword = actualSecret.getPlainText();
+
+        // Then
+        assertThat(actualPassword).isEqualTo(expected);
+    }
+
+    @Test
+    public void getUsernameGivenValidJsonThenReturnsUsername() {
+        // Given
+        final String id = "testId";
+        final String description = "some test description";
+        final String expected = "myUsername";
+        final String usernamePasswordJson = mkUsernameAndPasswordJson(expected, "mySecretPassword");
+        final Secret stubSecret = Secret.fromString(usernamePasswordJson);
+        final Supplier<Secret> stubSupplier = new StubSupplier<>(stubSecret);
+        final AwsJsonUsernamePasswordCredentials instance = new AwsJsonUsernamePasswordCredentials(id, description,
+                stubSupplier);
+
+        // When
+        final String actual = instance.getUsername();
+
+        // Then
+        assertThat(actual).isEqualTo(expected);
+    }
+
+    @Test
+    public void getUsernameGivenInvalidJsonThenReturnsThrows() {
+        // Given
+        final String id = "testId";
+        final String description = "some test description";
+        final String unexpectedFieldName = "potentiallySecretFieldName";
+        final String unexpectedValue = "potentiallySecretValue";
+        final String usernamePasswordJson = mkJson(unexpectedFieldName, unexpectedValue, unexpectedFieldName + "2",
+                unexpectedValue);
+        final Secret stubSecret = Secret.fromString(usernamePasswordJson);
+        final Supplier<Secret> stubSupplier = new StubSupplier<>(stubSecret);
+        final AwsJsonUsernamePasswordCredentials instance = new AwsJsonUsernamePasswordCredentials(id, description,
+                stubSupplier);
+
+        // When
+        CredentialsUnavailableException actual = null;
+        try {
+            instance.getUsername();
+        } catch (CredentialsUnavailableException ex) {
+            actual = ex;
+        }
+
+        // Then
+        assertThat(actual).isNotNull();
+        assertThat(actual.getProperty()).isEqualTo("secret");
+        assertThat(actual.getMessage()).contains(id);
+        assertThat(actual.getMessage()).contains(AwsJsonUsernamePasswordCredentials.JSON_FIELDNAME_FOR_USERNAME);
+        assertThat(actual.getMessage())
+                .contains(Messages.wrongJsonError(id, AwsJsonUsernamePasswordCredentials.JSON_FIELDNAME_FOR_USERNAME));
+        assertThat(actual.getMessage()).doesNotContain(unexpectedFieldName);
+        assertThat(actual.getMessage()).doesNotContain(unexpectedValue);
+    }
+
+    @Test
+    public void ourDescriptorIsTheSameAsDescriptorForNonJsonCredentials() {
+        // Given
+        final AwsUsernamePasswordCredentials.DescriptorImpl expected = new AwsUsernamePasswordCredentials.DescriptorImpl();
+        final AwsJsonUsernamePasswordCredentials.DescriptorImpl instance = new AwsJsonUsernamePasswordCredentials.DescriptorImpl();
+        assertThatJsonCredentialsDescriptorIsTheSameAsTheDescriptorForNonJsonCredentials(instance, expected);
+    }
+
+    private static String mkUsernameAndPasswordJson(String username, String password) {
+        return mkJson(AwsJsonUsernamePasswordCredentials.JSON_FIELDNAME_FOR_USERNAME, username,
+                AwsJsonUsernamePasswordCredentials.JSON_FIELDNAME_FOR_PASSWORD, password);
+    }
+}