Spring Security migration recipe

[jglick]

Adapts to jenkinsci/jenkins#4848 & jenkinsci/credentials-plugin#490.

Initial commit written by Claude. Tested iteratively on a couple of CloudBees CI plugins, for which my testing protocol was

diff --git build.gradle.kts build.gradle.kts
index aa6c3f2..5f41c9c 100644
--- build.gradle.kts
+++ build.gradle.kts
@@ -6,7 +6,7 @@ plugins {
 group = "org.openrewrite.recipe"
 description = "Modernize Jenkins plugins. Automatically."
 
-val rewriteVersion = rewriteRecipe.rewriteVersion.get()
+val rewriteVersion = "8.71.0"  // Use release version for local testing instead of rewriteRecipe.rewriteVersion.get()
 dependencies {
     compileOnly("org.projectlombok:lombok:latest.release")
     compileOnly("com.google.code.findbugs:jsr305:latest.release")
@@ -18,7 +18,7 @@ dependencies {
     implementation("org.openrewrite:rewrite-java")
     implementation("org.openrewrite:rewrite-maven")
     implementation("org.openrewrite:rewrite-yaml")
-    implementation("org.openrewrite.recipe:rewrite-java-dependencies:$rewriteVersion")
+    implementation("org.openrewrite.recipe:rewrite-java-dependencies:1.49.0")
     runtimeOnly("org.openrewrite:rewrite-java-21")
 
     testImplementation("org.ow2.asm:asm:latest.release")

since otherwise there problems accessing a SNAPSHOT version of the OpenRewrite BOM (I am not a Gradle user and did not really get what was going on here)

[ERROR] Failed to execute goal org.openrewrite.maven:rewrite-maven-plugin:6.27.0:run (default-cli) on project …: Failed to resolve requested artifacts transitive dependencies. Failed to collect dependencies at org.openrewrite.recipe:rewrite-jenkins:jar:0.34.0-SNAPSHOT: Failed to read artifact descriptor for org.openrewrite.recipe:rewrite-jenkins:jar:0.34.0-SNAPSHOT: The following artifacts could not be resolved: org.openrewrite:rewrite-bom:pom:8.72.0-SNAPSHOT (absent): org.openrewrite:rewrite-bom:pom:8.72.0-SNAPSHOT was not found in …

Then

./gradlew publishToMavenLocal -x test

and from a Jenkins plugin

git reset --hard HEAD
mvnd -B org.openrewrite.maven:rewrite-maven-plugin:6.27.0:run -Drewrite.recipeArtifactCoordinates=org.openrewrite.recipe:rewrite-jenkins:0.34.0-SNAPSHOT -Drewrite.activeRecipes=org.openrewrite.jenkins.UpgradeAcegiSecurityToSpringSecurity
mvnd test-compile

If there is some easier way to do this, please do let me know. I could find jenkinsci/plugin-pom#804 (comment) but that does not cover iterative testing of a recipe under development.

Now need to go back and check https://github.com/jenkinsci/jenkins/blob/master/core/src/main/resources/META-INF/upgrade/AccessControlled.hint and https://github.com/jenkinsci/jenkins/blob/master/core/src/main/resources/META-INF/upgrade/Authentication.hint as per #6 👀

[jglick]

Rather cumbersome and error-prone. Refaster would seem nicer, if it works. Another problem with the declarative format used here is that it is limited to replacing one method call at a time, whereas the Spring Security conversions in some cases are more naturally expressed as converting a whole expression to another.

[jglick]

Recipe exists in environment but is not listed in CSV (1):
  - org.openrewrite.jenkins.UpgradeAcegiSecurityToSpringSecurity

needs to be fixed I guess