Merge pull request #720 from martinreck/feature/username-password-credentials

Author: nre-ableton

README.md

@@ -217,6 +217,40 @@ Please refer to the `BasePipelineTest` class for the list of currently supported
 Some tricky methods such as `load` and `parallel` are implemented directly in the helper.
 If you want to override those, make sure that you extend the `PipelineTestHelper` class.
 
+### Mocking Jenkins Credentials
+
+You can create mock credentials for use in the pipeline.
+The provided mock methods can be used to simulate sensitive data, such as access keys or user login details.
+
+```groovy
+// Jenkinsfile
+node {
+    stage('Process with credentials') {
+        withCredentials([usernamePassword(credentialsId: 'credentials-1', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
+            echo 'User/Password: ${USERNAME}/${PASSWORD}'
+        }
+        withCredentials([string(credentialsId: 'credentials-2', variable: 'TOKEN')]) {
+            echo 'Token: ${TOKEN}'
+        }
+    }
+}
+```
+
+```groovy
+import com.lesfurets.jenkins.unit.BasePipelineTest
+
+class TestExampleJob extends BasePipelineTest {
+    @Test
+    void exampleWithCredentialsTest() {
+        // Simulates a username and password
+        addUsernamePasswordCredential('credentials-1', 'admin', 'very-strong-password')
+
+        // Simulates a secret text
+        addStringCredential('credentials-2', 'secret-token')
+    }
+}
+```
+
 ### Mocking `readFile` and `fileExists`
 
 The `readFile` and `fileExists` steps can be mocked to return a specific result for a

src/main/groovy/com/lesfurets/jenkins/unit/BasePipelineTest.groovy

@@ -25,20 +25,29 @@ abstract class BasePipelineTest {
         addParam(desc.name, desc.defaultValue, false)
     }
 
-    def stringInterceptor = { Map desc->
+    def stringInterceptor = { Map desc ->
         if (desc) {
             // we are in context of parameters { string(...)}
             if (desc.name) {
                 addParam(desc.name, desc.defaultValue, false)
             }
             // we are in context of withCredentials([string()..]) { }
-            if(desc.variable) {
-                return desc.variable
+            if(desc.credentialsId && desc.variable) {
+                return [
+                        credentialsType: 'string',
+                        credentialsId: desc.credentialsId,
+                        variable: desc.variable
+                ]
             }
         }
     }
 
-    def usernamePasswordInterceptor = { m -> [m.usernameVariable, m.passwordVariable] }
+    def usernamePasswordInterceptor = { m -> [
+            credentialsType: 'usernamePassword',
+            credentialsId: m.credentialsId,
+            usernameVariable: m.usernameVariable,
+            passwordVariable: m.passwordVariable
+    ]}
 
     def withCredentialsInterceptor = { list, closure ->
         def previousValues = [:]
@@ -67,6 +76,9 @@ abstract class BasePipelineTest {
                     previousValues[password] = null
                 }
                 binding.setVariable(password, password)
+            } else if (creds instanceof Map && creds.get("credentialsType")) {
+                // Delegate handling of known credential types
+                handleCredentialBinding(creds, previousValues)
             } else {
                 creds.each { var ->
                     try {
@@ -560,4 +572,60 @@ abstract class BasePipelineTest {
         Map credentials = binding.getVariable('credentials') as Map
         credentials[key] = val
     }
+
+    void addUsernamePasswordCredential(String credentialId, String username, String password) {
+        addCredential(credentialId, "${username}:${password}")
+    }
+
+    void addStringCredential(String credentialId, String val) {
+        addCredential(credentialId, val)
+    }
+
+    /**
+     * Handles the processing and binding for different types of credentials dynamically.
+     */
+    void handleCredentialBinding(Map creds, Map previousValues) {
+        def credentialsId = creds.get('credentialsId')
+        def credentials = binding.getVariable('credentials')
+        if (credentials == null || !credentials.containsKey(credentialsId)) {
+            throw new AssertionError("The configuration for the credentials ID '${credentialsId}' may be missing.", null)
+        }
+
+        switch (creds.get('credentialsType')) {
+            case 'usernamePassword':
+                def usernamePassword = credentials.get(credentialsId).split(':')
+                def usernameVariable = creds.get('usernameVariable')
+                def passwordVariable = creds.get('passwordVariable')
+
+                try {
+                    previousValues[usernameVariable] = binding.getVariable(usernameVariable)
+                } catch (MissingPropertyException ignored) {
+                    previousValues[usernameVariable] = null
+                }
+                binding.setVariable(usernameVariable, usernamePassword[0])
+
+                try {
+                    previousValues[passwordVariable] = binding.getVariable(passwordVariable)
+                } catch (MissingPropertyException ignored) {
+                    previousValues[passwordVariable] = null
+                }
+                binding.setVariable(passwordVariable, usernamePassword[1])
+                break
+
+            case 'string':
+                def variable = creds.get('variable')
+                def value = credentials.get(credentialsId)
+
+                try {
+                    previousValues[variable] = binding.getVariable(variable)
+                } catch (MissingPropertyException ignored) {
+                    previousValues[variable] = null
+                }
+                binding.setVariable(variable, value)
+                break
+
+            default:
+                throw new UnsupportedOperationException("Unsupported credentials type: ${creds.get('credentialsType')}")
+        }
+    }
 }

src/test/groovy/com/lesfurets/jenkins/TestWithCredentialsAndParametersJob.groovy

@@ -15,6 +15,9 @@ class TestWithCredentialsAndParametersJob extends BaseRegressionTest {
 
   @Test
   void should_run_script_with_parameters() {
+      // given:
+      addStringCredential('my-gitlab-api-token', 'gitlab-api-token')
+
     // when:
     runScript("job/withCredentialsAndParameters.jenkins")
 

src/test/groovy/com/lesfurets/jenkins/TestWithCredentialsJob.groovy

@@ -17,6 +17,14 @@ class TestWithCredentialsJob extends BaseRegressionTest {
 
     @Test
     void should_run_script_with_credentials() {
+        // given:
+        addUsernamePasswordCredential('my_cred_id-1', 'test-user-1', 'test-password-1')
+        addUsernamePasswordCredential('my_cred_id-2', 'test-user-2', 'test-password-2')
+        addStringCredential('docker_cred-1', 'docker-pass-1')
+        addStringCredential('docker_cred-2', 'docker-pass-2')
+        addStringCredential('ssh_cred-1', 'ssh-pass-1')
+        addStringCredential('ssh_cred-2', 'ssh-pass-2')
+
         // when:
         runScript("job/withCredentials.jenkins")
 

src/test/groovy/com/lesfurets/jenkins/unit/declarative/TestDeclaraticeWithCredentials.groovy

@@ -18,26 +18,32 @@ class TestDeclaraticeWithCredentials extends DeclarativePipelineTest {
 
     @Test
     void should_run_script_with_credentials() {
+        // given:
+        addUsernamePasswordCredential('my_cred_id-1', 'test-user-1', 'test-password-1')
+        addUsernamePasswordCredential('my_cred_id-2', 'test-user-2', 'test-password-2')
+        addStringCredential('docker_cred-1', 'docker-pass-1')
+        addStringCredential('docker_cred-2', 'docker-pass-2')
+        addStringCredential('ssh_cred-1', 'ssh-pass-1')
+        addStringCredential('ssh_cred-2', 'ssh-pass-2')
+
         // when:
         runScript("withCredentials_Jenkinsfile")
 
         // then:
         assertJobStatusSuccess()
-        assertCallStack().contains("echo(User/Pass = user/pass)")
-        assertCallStack().contains("echo(Nested User/Pass = user/pass)")
-        assertCallStack().contains("echo(Restored User/Pass = user/pass)")
+        assertCallStack().contains("echo(User/Pass = test-user-1/test-password-1)")
+        assertCallStack().contains("echo(Nested User/Pass = test-user-2/test-password-2)")
+        assertCallStack().contains("echo(Restored User/Pass = test-user-1/test-password-1)")
         assertCallStack().contains("echo(Cleared User/Pass = null/null)")
 
-        assertCallStack().contains("echo(Docker = docker_pass)")
-        assertCallStack().contains("echo(Nested Docker = docker_pass)")
-        assertCallStack().contains("echo(Restored Docker = docker_pass)")
+        assertCallStack().contains("echo(Docker = docker-pass-1)")
+        assertCallStack().contains("echo(Nested Docker = docker-pass-2)")
+        assertCallStack().contains("echo(Restored Docker = docker-pass-1)")
         assertCallStack().contains("echo(Cleared Docker = null)")
 
-        assertCallStack().contains("echo(SSH = ssh_pass)")
-        assertCallStack().contains("echo(Nested SSH = ssh_pass)")
-        assertCallStack().contains("echo(Restored SSH = ssh_pass)")
+        assertCallStack().contains("echo(SSH = ssh-pass-1)")
+        assertCallStack().contains("echo(Nested SSH = ssh-pass-2)")
+        assertCallStack().contains("echo(Restored SSH = ssh-pass-1)")
         assertCallStack().contains("echo(Cleared SSH = null)")
-
-
     }
 }

src/test/jenkins/jenkinsfiles/withCredentials_Jenkinsfile

@@ -4,19 +4,19 @@ pipeline {
     stages {
         stage("run") {
             withCredentials([
-                usernamePassword( credentialsId: 'my_cred_id', usernameVariable: 'user', passwordVariable: 'pass' ),
-                string( credentialsId: 'docker_cred', variable: 'docker_pass' ),
-                string( credentialsId: 'ssh_cred', variable: 'ssh_pass' )
+                usernamePassword( credentialsId: 'my_cred_id-1', usernameVariable: 'user', passwordVariable: 'pass' ),
+                string( credentialsId: 'docker_cred-1', variable: 'docker_pass' ),
+                string( credentialsId: 'ssh_cred-1', variable: 'ssh_pass' )
             ]) {
                 // Ensure values are set on entry
                 echo "User/Pass = $user/$pass"
                 echo "Docker = $docker_pass"
                 echo "SSH = $ssh_pass"
 
                 withCredentials([
-                    usernamePassword( credentialsId: 'my_cred_id', usernameVariable: 'user', passwordVariable: 'pass' ),
-                    string( credentialsId: 'docker_cred', variable: 'docker_pass' ),
-                    string( credentialsId: 'ssh_cred', variable: 'ssh_pass' )
+                    usernamePassword( credentialsId: 'my_cred_id-2', usernameVariable: 'user', passwordVariable: 'pass' ),
+                    string( credentialsId: 'docker_cred-2', variable: 'docker_pass' ),
+                    string( credentialsId: 'ssh_cred-2', variable: 'ssh_pass' )
                 ]) {
                     // Ensure nested values are in place
                     echo "Nested User/Pass = $user/$pass"

src/test/jenkins/job/withCredentials.jenkins

@@ -1,18 +1,18 @@
 node {
     withCredentials([
-        usernamePassword( credentialsId: 'my_cred_id', usernameVariable: 'user', passwordVariable: 'pass' ),
-        string( credentialsId: 'docker_cred', variable: 'docker_pass' ),
-        string( credentialsId: 'ssh_cred', variable: 'ssh_pass' )
+        usernamePassword( credentialsId: 'my_cred_id-1', usernameVariable: 'user', passwordVariable: 'pass' ),
+        string( credentialsId: 'docker_cred-1', variable: 'docker_pass' ),
+        string( credentialsId: 'ssh_cred-1', variable: 'ssh_pass' )
     ]) {
         // Ensure values are set on entry
         echo "User/Pass = $user/$pass"
         echo "Docker = $docker_pass"
         echo "SSH = $ssh_pass"
 
         withCredentials([
-            usernamePassword( credentialsId: 'my_cred_id', usernameVariable: 'user', passwordVariable: 'pass' ),
-            string( credentialsId: 'docker_cred', variable: 'docker_pass' ),
-            string( credentialsId: 'ssh_cred', variable: 'ssh_pass' )
+            usernamePassword( credentialsId: 'my_cred_id-2', usernameVariable: 'user', passwordVariable: 'pass' ),
+            string( credentialsId: 'docker_cred-2', variable: 'docker_pass' ),
+            string( credentialsId: 'ssh_cred-2', variable: 'ssh_pass' )
         ]) {
             // Ensure nested values are in place
             echo "Nested User/Pass = $user/$pass"

src/test/resources/callstacks/TestWithCredentialsAndParametersJob_withCredentialsAndParameters.txt

@@ -5,5 +5,5 @@
       withCredentialsAndParameters.properties([null])
       withCredentialsAndParameters.echo('myStringParam' value is default: my default value)
       withCredentialsAndParameters.string({credentialsId=my-gitlab-api-token, variable=GITLAB_API_TOKEN})
-      withCredentialsAndParameters.withCredentials([GITLAB_API_TOKEN], groovy.lang.Closure)
-         withCredentialsAndParameters.echo('my-gitlab-api-token' credential variable value: GITLAB_API_TOKEN)
+      withCredentialsAndParameters.withCredentials([{credentialsType=string, credentialsId=my-gitlab-api-token, variable=GITLAB_API_TOKEN}], groovy.lang.Closure)
+         withCredentialsAndParameters.echo('my-gitlab-api-token' credential variable value: gitlab-api-token)

src/test/resources/callstacks/TestWithCredentialsJob_withCredentials.txt

@@ -1,22 +1,22 @@
    withCredentials.run()
       withCredentials.node(groovy.lang.Closure)
-         withCredentials.usernamePassword({credentialsId=my_cred_id, usernameVariable=user, passwordVariable=pass})
-         withCredentials.string({credentialsId=docker_cred, variable=docker_pass})
-         withCredentials.string({credentialsId=ssh_cred, variable=ssh_pass})
-         withCredentials.withCredentials([[user, pass], docker_pass, ssh_pass], groovy.lang.Closure)
-            withCredentials.echo(User/Pass = user/pass)
-            withCredentials.echo(Docker = docker_pass)
-            withCredentials.echo(SSH = ssh_pass)
-            withCredentials.usernamePassword({credentialsId=my_cred_id, usernameVariable=user, passwordVariable=pass})
-            withCredentials.string({credentialsId=docker_cred, variable=docker_pass})
-            withCredentials.string({credentialsId=ssh_cred, variable=ssh_pass})
-            withCredentials.withCredentials([[user, pass], docker_pass, ssh_pass], groovy.lang.Closure)
-               withCredentials.echo(Nested User/Pass = user/pass)
-               withCredentials.echo(Nested Docker = docker_pass)
-               withCredentials.echo(Nested SSH = ssh_pass)
-            withCredentials.echo(Restored User/Pass = user/pass)
-            withCredentials.echo(Restored Docker = docker_pass)
-            withCredentials.echo(Restored SSH = ssh_pass)
+         withCredentials.usernamePassword({credentialsId=my_cred_id-1, usernameVariable=user, passwordVariable=pass})
+         withCredentials.string({credentialsId=docker_cred-1, variable=docker_pass})
+         withCredentials.string({credentialsId=ssh_cred-1, variable=ssh_pass})
+         withCredentials.withCredentials([{credentialsType=usernamePassword, credentialsId=my_cred_id-1, usernameVariable=user, passwordVariable=pass}, {credentialsType=string, credentialsId=docker_cred-1, variable=docker_pass}, {credentialsType=string, credentialsId=ssh_cred-1, variable=ssh_pass}], groovy.lang.Closure)
+            withCredentials.echo(User/Pass = test-user-1/test-password-1)
+            withCredentials.echo(Docker = docker-pass-1)
+            withCredentials.echo(SSH = ssh-pass-1)
+            withCredentials.usernamePassword({credentialsId=my_cred_id-2, usernameVariable=user, passwordVariable=pass})
+            withCredentials.string({credentialsId=docker_cred-2, variable=docker_pass})
+            withCredentials.string({credentialsId=ssh_cred-2, variable=ssh_pass})
+            withCredentials.withCredentials([{credentialsType=usernamePassword, credentialsId=my_cred_id-2, usernameVariable=user, passwordVariable=pass}, {credentialsType=string, credentialsId=docker_cred-2, variable=docker_pass}, {credentialsType=string, credentialsId=ssh_cred-2, variable=ssh_pass}], groovy.lang.Closure)
+               withCredentials.echo(Nested User/Pass = test-user-2/test-password-2)
+               withCredentials.echo(Nested Docker = docker-pass-2)
+               withCredentials.echo(Nested SSH = ssh-pass-2)
+            withCredentials.echo(Restored User/Pass = test-user-1/test-password-1)
+            withCredentials.echo(Restored Docker = docker-pass-1)
+            withCredentials.echo(Restored SSH = ssh-pass-1)
          withCredentials.echo(Cleared User/Pass = null/null)
          withCredentials.echo(Cleared Docker = null)
          withCredentials.echo(Cleared SSH = null)