Merge pull request #724 from jenkinsci/revert-720-feature/username-password-credentials

nre-ableton · web-flow · commit 32e2fda7b9e2 · 2025-09-12T16:43:46.000+02:00
Revert "fix(#532)!: Add dynamic credential handling for withCredentials"
diff --git a/README.md b/README.md
@@ -217,40 +217,6 @@ Please refer to the `BasePipelineTest` class for the list of currently supported
 Some tricky methods such as `load` and `parallel` are implemented directly in the helper.
 If you want to override those, make sure that you extend the `PipelineTestHelper` class.
 
-### Mocking Jenkins Credentials
-
-You can create mock credentials for use in the pipeline.
-The provided mock methods can be used to simulate sensitive data, such as access keys or user login details.
-
-```groovy
-// Jenkinsfile
-node {
-    stage('Process with credentials') {
-        withCredentials([usernamePassword(credentialsId: 'credentials-1', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
-            echo 'User/Password: ${USERNAME}/${PASSWORD}'
-        }
-        withCredentials([string(credentialsId: 'credentials-2', variable: 'TOKEN')]) {
-            echo 'Token: ${TOKEN}'
-        }
-    }
-}
-```
-
-```groovy
-import com.lesfurets.jenkins.unit.BasePipelineTest
-
-class TestExampleJob extends BasePipelineTest {
-    @Test
-    void exampleWithCredentialsTest() {
-        // Simulates a username and password
-        addUsernamePasswordCredential('credentials-1', 'admin', 'very-strong-password')
-
-        // Simulates a secret text
-        addStringCredential('credentials-2', 'secret-token')
-    }
-}
-```
-
 ### Mocking `readFile` and `fileExists`
 
 The `readFile` and `fileExists` steps can be mocked to return a specific result for a
diff --git a/src/main/groovy/com/lesfurets/jenkins/unit/BasePipelineTest.groovy b/src/main/groovy/com/lesfurets/jenkins/unit/BasePipelineTest.groovy
@@ -25,29 +25,20 @@ abstract class BasePipelineTest {
         addParam(desc.name, desc.defaultValue, false)
     }
 
-    def stringInterceptor = { Map desc ->
+    def stringInterceptor = { Map desc->
         if (desc) {
             // we are in context of parameters { string(...)}
             if (desc.name) {
                 addParam(desc.name, desc.defaultValue, false)
             }
             // we are in context of withCredentials([string()..]) { }
-            if(desc.credentialsId && desc.variable) {
-                return [
-                        credentialsType: 'string',
-                        credentialsId: desc.credentialsId,
-                        variable: desc.variable
-                ]
+            if(desc.variable) {
+                return desc.variable
             }
         }
     }
 
-    def usernamePasswordInterceptor = { m -> [
-            credentialsType: 'usernamePassword',
-            credentialsId: m.credentialsId,
-            usernameVariable: m.usernameVariable,
-            passwordVariable: m.passwordVariable
-    ]}
+    def usernamePasswordInterceptor = { m -> [m.usernameVariable, m.passwordVariable] }
 
     def withCredentialsInterceptor = { list, closure ->
         def previousValues = [:]
@@ -76,9 +67,6 @@ abstract class BasePipelineTest {
                     previousValues[password] = null
                 }
                 binding.setVariable(password, password)
-            } else if (creds instanceof Map && creds.get("credentialsType")) {
-                // Delegate handling of known credential types
-                handleCredentialBinding(creds, previousValues)
             } else {
                 creds.each { var ->
                     try {
@@ -572,60 +560,4 @@ abstract class BasePipelineTest {
         Map credentials = binding.getVariable('credentials') as Map
         credentials[key] = val
     }
-
-    void addUsernamePasswordCredential(String credentialId, String username, String password) {
-        addCredential(credentialId, "${username}:${password}")
-    }
-
-    void addStringCredential(String credentialId, String val) {
-        addCredential(credentialId, val)
-    }
-
-    /**
-     * Handles the processing and binding for different types of credentials dynamically.
-     */
-    void handleCredentialBinding(Map creds, Map previousValues) {
-        def credentialsId = creds.get('credentialsId')
-        def credentials = binding.getVariable('credentials')
-        if (credentials == null || !credentials.containsKey(credentialsId)) {
-            throw new AssertionError("The configuration for the credentials ID '${credentialsId}' may be missing.", null)
-        }
-
-        switch (creds.get('credentialsType')) {
-            case 'usernamePassword':
-                def usernamePassword = credentials.get(credentialsId).split(':')
-                def usernameVariable = creds.get('usernameVariable')
-                def passwordVariable = creds.get('passwordVariable')
-
-                try {
-                    previousValues[usernameVariable] = binding.getVariable(usernameVariable)
-                } catch (MissingPropertyException ignored) {
-                    previousValues[usernameVariable] = null
-                }
-                binding.setVariable(usernameVariable, usernamePassword[0])
-
-                try {
-                    previousValues[passwordVariable] = binding.getVariable(passwordVariable)
-                } catch (MissingPropertyException ignored) {
-                    previousValues[passwordVariable] = null
-                }
-                binding.setVariable(passwordVariable, usernamePassword[1])
-                break
-
-            case 'string':
-                def variable = creds.get('variable')
-                def value = credentials.get(credentialsId)
-
-                try {
-                    previousValues[variable] = binding.getVariable(variable)
-                } catch (MissingPropertyException ignored) {
-                    previousValues[variable] = null
-                }
-                binding.setVariable(variable, value)
-                break
-
-            default:
-                throw new UnsupportedOperationException("Unsupported credentials type: ${creds.get('credentialsType')}")
-        }
-    }
 }
diff --git a/src/test/groovy/com/lesfurets/jenkins/TestWithCredentialsAndParametersJob.groovy b/src/test/groovy/com/lesfurets/jenkins/TestWithCredentialsAndParametersJob.groovy
@@ -15,9 +15,6 @@ class TestWithCredentialsAndParametersJob extends BaseRegressionTest {
 
   @Test
   void should_run_script_with_parameters() {
-      // given:
-      addStringCredential('my-gitlab-api-token', 'gitlab-api-token')
-
     // when:
     runScript("job/withCredentialsAndParameters.jenkins")
 
diff --git a/src/test/groovy/com/lesfurets/jenkins/TestWithCredentialsJob.groovy b/src/test/groovy/com/lesfurets/jenkins/TestWithCredentialsJob.groovy
@@ -17,14 +17,6 @@ class TestWithCredentialsJob extends BaseRegressionTest {
 
     @Test
     void should_run_script_with_credentials() {
-        // given:
-        addUsernamePasswordCredential('my_cred_id-1', 'test-user-1', 'test-password-1')
-        addUsernamePasswordCredential('my_cred_id-2', 'test-user-2', 'test-password-2')
-        addStringCredential('docker_cred-1', 'docker-pass-1')
-        addStringCredential('docker_cred-2', 'docker-pass-2')
-        addStringCredential('ssh_cred-1', 'ssh-pass-1')
-        addStringCredential('ssh_cred-2', 'ssh-pass-2')
-
         // when:
         runScript("job/withCredentials.jenkins")
 
diff --git a/src/test/groovy/com/lesfurets/jenkins/unit/declarative/TestDeclaraticeWithCredentials.groovy b/src/test/groovy/com/lesfurets/jenkins/unit/declarative/TestDeclaraticeWithCredentials.groovy
@@ -18,32 +18,26 @@ class TestDeclaraticeWithCredentials extends DeclarativePipelineTest {
 
     @Test
     void should_run_script_with_credentials() {
-        // given:
-        addUsernamePasswordCredential('my_cred_id-1', 'test-user-1', 'test-password-1')
-        addUsernamePasswordCredential('my_cred_id-2', 'test-user-2', 'test-password-2')
-        addStringCredential('docker_cred-1', 'docker-pass-1')
-        addStringCredential('docker_cred-2', 'docker-pass-2')
-        addStringCredential('ssh_cred-1', 'ssh-pass-1')
-        addStringCredential('ssh_cred-2', 'ssh-pass-2')
-
         // when:
         runScript("withCredentials_Jenkinsfile")
 
         // then:
         assertJobStatusSuccess()
-        assertCallStack().contains("echo(User/Pass = test-user-1/test-password-1)")
-        assertCallStack().contains("echo(Nested User/Pass = test-user-2/test-password-2)")
-        assertCallStack().contains("echo(Restored User/Pass = test-user-1/test-password-1)")
+        assertCallStack().contains("echo(User/Pass = user/pass)")
+        assertCallStack().contains("echo(Nested User/Pass = user/pass)")
+        assertCallStack().contains("echo(Restored User/Pass = user/pass)")
         assertCallStack().contains("echo(Cleared User/Pass = null/null)")
 
-        assertCallStack().contains("echo(Docker = docker-pass-1)")
-        assertCallStack().contains("echo(Nested Docker = docker-pass-2)")
-        assertCallStack().contains("echo(Restored Docker = docker-pass-1)")
+        assertCallStack().contains("echo(Docker = docker_pass)")
+        assertCallStack().contains("echo(Nested Docker = docker_pass)")
+        assertCallStack().contains("echo(Restored Docker = docker_pass)")
         assertCallStack().contains("echo(Cleared Docker = null)")
 
-        assertCallStack().contains("echo(SSH = ssh-pass-1)")
-        assertCallStack().contains("echo(Nested SSH = ssh-pass-2)")
-        assertCallStack().contains("echo(Restored SSH = ssh-pass-1)")
+        assertCallStack().contains("echo(SSH = ssh_pass)")
+        assertCallStack().contains("echo(Nested SSH = ssh_pass)")
+        assertCallStack().contains("echo(Restored SSH = ssh_pass)")
         assertCallStack().contains("echo(Cleared SSH = null)")
+
+
     }
 }
diff --git a/src/test/jenkins/jenkinsfiles/withCredentials_Jenkinsfile b/src/test/jenkins/jenkinsfiles/withCredentials_Jenkinsfile
@@ -4,19 +4,19 @@ pipeline {
     stages {
         stage("run") {
             withCredentials([
-                usernamePassword( credentialsId: 'my_cred_id-1', usernameVariable: 'user', passwordVariable: 'pass' ),
-                string( credentialsId: 'docker_cred-1', variable: 'docker_pass' ),
-                string( credentialsId: 'ssh_cred-1', variable: 'ssh_pass' )
+                usernamePassword( credentialsId: 'my_cred_id', usernameVariable: 'user', passwordVariable: 'pass' ),
+                string( credentialsId: 'docker_cred', variable: 'docker_pass' ),
+                string( credentialsId: 'ssh_cred', variable: 'ssh_pass' )
             ]) {
                 // Ensure values are set on entry
                 echo "User/Pass = $user/$pass"
                 echo "Docker = $docker_pass"
                 echo "SSH = $ssh_pass"
 
                 withCredentials([
-                    usernamePassword( credentialsId: 'my_cred_id-2', usernameVariable: 'user', passwordVariable: 'pass' ),
-                    string( credentialsId: 'docker_cred-2', variable: 'docker_pass' ),
-                    string( credentialsId: 'ssh_cred-2', variable: 'ssh_pass' )
+                    usernamePassword( credentialsId: 'my_cred_id', usernameVariable: 'user', passwordVariable: 'pass' ),
+                    string( credentialsId: 'docker_cred', variable: 'docker_pass' ),
+                    string( credentialsId: 'ssh_cred', variable: 'ssh_pass' )
                 ]) {
                     // Ensure nested values are in place
                     echo "Nested User/Pass = $user/$pass"
diff --git a/src/test/jenkins/job/withCredentials.jenkins b/src/test/jenkins/job/withCredentials.jenkins
@@ -1,18 +1,18 @@
 node {
     withCredentials([
-        usernamePassword( credentialsId: 'my_cred_id-1', usernameVariable: 'user', passwordVariable: 'pass' ),
-        string( credentialsId: 'docker_cred-1', variable: 'docker_pass' ),
-        string( credentialsId: 'ssh_cred-1', variable: 'ssh_pass' )
+        usernamePassword( credentialsId: 'my_cred_id', usernameVariable: 'user', passwordVariable: 'pass' ),
+        string( credentialsId: 'docker_cred', variable: 'docker_pass' ),
+        string( credentialsId: 'ssh_cred', variable: 'ssh_pass' )
     ]) {
         // Ensure values are set on entry
         echo "User/Pass = $user/$pass"
         echo "Docker = $docker_pass"
         echo "SSH = $ssh_pass"
 
         withCredentials([
-            usernamePassword( credentialsId: 'my_cred_id-2', usernameVariable: 'user', passwordVariable: 'pass' ),
-            string( credentialsId: 'docker_cred-2', variable: 'docker_pass' ),
-            string( credentialsId: 'ssh_cred-2', variable: 'ssh_pass' )
+            usernamePassword( credentialsId: 'my_cred_id', usernameVariable: 'user', passwordVariable: 'pass' ),
+            string( credentialsId: 'docker_cred', variable: 'docker_pass' ),
+            string( credentialsId: 'ssh_cred', variable: 'ssh_pass' )
         ]) {
             // Ensure nested values are in place
             echo "Nested User/Pass = $user/$pass"
diff --git a/src/test/resources/callstacks/TestWithCredentialsAndParametersJob_withCredentialsAndParameters.txt b/src/test/resources/callstacks/TestWithCredentialsAndParametersJob_withCredentialsAndParameters.txt
@@ -5,5 +5,5 @@
       withCredentialsAndParameters.properties([null])
       withCredentialsAndParameters.echo('myStringParam' value is default: my default value)
       withCredentialsAndParameters.string({credentialsId=my-gitlab-api-token, variable=GITLAB_API_TOKEN})
-      withCredentialsAndParameters.withCredentials([{credentialsType=string, credentialsId=my-gitlab-api-token, variable=GITLAB_API_TOKEN}], groovy.lang.Closure)
-         withCredentialsAndParameters.echo('my-gitlab-api-token' credential variable value: gitlab-api-token)
+      withCredentialsAndParameters.withCredentials([GITLAB_API_TOKEN], groovy.lang.Closure)
+         withCredentialsAndParameters.echo('my-gitlab-api-token' credential variable value: GITLAB_API_TOKEN)
diff --git a/src/test/resources/callstacks/TestWithCredentialsJob_withCredentials.txt b/src/test/resources/callstacks/TestWithCredentialsJob_withCredentials.txt
@@ -1,22 +1,22 @@
    withCredentials.run()
       withCredentials.node(groovy.lang.Closure)
-         withCredentials.usernamePassword({credentialsId=my_cred_id-1, usernameVariable=user, passwordVariable=pass})
-         withCredentials.string({credentialsId=docker_cred-1, variable=docker_pass})
-         withCredentials.string({credentialsId=ssh_cred-1, variable=ssh_pass})
-         withCredentials.withCredentials([{credentialsType=usernamePassword, credentialsId=my_cred_id-1, usernameVariable=user, passwordVariable=pass}, {credentialsType=string, credentialsId=docker_cred-1, variable=docker_pass}, {credentialsType=string, credentialsId=ssh_cred-1, variable=ssh_pass}], groovy.lang.Closure)
-            withCredentials.echo(User/Pass = test-user-1/test-password-1)
-            withCredentials.echo(Docker = docker-pass-1)
-            withCredentials.echo(SSH = ssh-pass-1)
-            withCredentials.usernamePassword({credentialsId=my_cred_id-2, usernameVariable=user, passwordVariable=pass})
-            withCredentials.string({credentialsId=docker_cred-2, variable=docker_pass})
-            withCredentials.string({credentialsId=ssh_cred-2, variable=ssh_pass})
-            withCredentials.withCredentials([{credentialsType=usernamePassword, credentialsId=my_cred_id-2, usernameVariable=user, passwordVariable=pass}, {credentialsType=string, credentialsId=docker_cred-2, variable=docker_pass}, {credentialsType=string, credentialsId=ssh_cred-2, variable=ssh_pass}], groovy.lang.Closure)
-               withCredentials.echo(Nested User/Pass = test-user-2/test-password-2)
-               withCredentials.echo(Nested Docker = docker-pass-2)
-               withCredentials.echo(Nested SSH = ssh-pass-2)
-            withCredentials.echo(Restored User/Pass = test-user-1/test-password-1)
-            withCredentials.echo(Restored Docker = docker-pass-1)
-            withCredentials.echo(Restored SSH = ssh-pass-1)
+         withCredentials.usernamePassword({credentialsId=my_cred_id, usernameVariable=user, passwordVariable=pass})
+         withCredentials.string({credentialsId=docker_cred, variable=docker_pass})
+         withCredentials.string({credentialsId=ssh_cred, variable=ssh_pass})
+         withCredentials.withCredentials([[user, pass], docker_pass, ssh_pass], groovy.lang.Closure)
+            withCredentials.echo(User/Pass = user/pass)
+            withCredentials.echo(Docker = docker_pass)
+            withCredentials.echo(SSH = ssh_pass)
+            withCredentials.usernamePassword({credentialsId=my_cred_id, usernameVariable=user, passwordVariable=pass})
+            withCredentials.string({credentialsId=docker_cred, variable=docker_pass})
+            withCredentials.string({credentialsId=ssh_cred, variable=ssh_pass})
+            withCredentials.withCredentials([[user, pass], docker_pass, ssh_pass], groovy.lang.Closure)
+               withCredentials.echo(Nested User/Pass = user/pass)
+               withCredentials.echo(Nested Docker = docker_pass)
+               withCredentials.echo(Nested SSH = ssh_pass)
+            withCredentials.echo(Restored User/Pass = user/pass)
+            withCredentials.echo(Restored Docker = docker_pass)
+            withCredentials.echo(Restored SSH = ssh_pass)
          withCredentials.echo(Cleared User/Pass = null/null)
          withCredentials.echo(Cleared Docker = null)
          withCredentials.echo(Cleared SSH = null)
