com.cloudbees.plugins.credentials

Class CredentialsProvider

java.lang.Object

hudson.model.Descriptor<CredentialsProvider>

com.cloudbees.plugins.credentials.CredentialsProvider

All Implemented Interfaces:

ExtensionPoint, Describable<CredentialsProvider>, Saveable, OnMaster, org.jenkins.ui.icon.IconSpec

Direct Known Subclasses:

SystemCredentialsProvider.ProviderImpl, UserCredentialsProvider

public abstract class CredentialsProvider
extends Descriptor<CredentialsProvider>
implements ExtensionPoint, Describable<CredentialsProvider>, org.jenkins.ui.icon.IconSpec

An extension point for providing Credentials.

Nested Class Summary

Nested classes/interfaces inherited from class hudson.model.Descriptor

Descriptor.FormException, Descriptor.PropertyType, Descriptor.Self

Nested classes/interfaces inherited from interface hudson.ExtensionPoint

ExtensionPoint.LegacyInstancesAreScopedToHudson

Field Summary

Fields

Modifier and Type	Field and Description
static Permission	CREATE The permission for adding credentials to a CredentialsStore.
static Permission	DELETE The permission for removing credentials from a CredentialsStore.
static PermissionGroup	GROUP The permission group for credentials.
static Permission	MANAGE_DOMAINS The permission for managing credential domains in a CredentialsStore.
static CredentialsProvider	NONE A CredentialsProvider that does nothing for use as a marker
static Permission	UPDATE The permission for updating credentials in a CredentialsStore.
static Permission	USE_ITEM Where an immediate action against a job requires that a credential be selected by the user triggering the action, this permission allows the user to select a credential from those credentials available within the scope of the job.
static Permission	USE_OWN Where an immediate action against a job requires that a credential be selected by the user triggering the action, this permission allows the user to select a credential from their private credential store.
static Permission	VIEW The permission for viewing credentials in a CredentialsStore.

Fields inherited from class hudson.model.Descriptor

clazz

Fields inherited from interface hudson.model.Saveable

NOOP

Constructor Summary

Constructors

Constructor and Description
CredentialsProvider() Default constructor.

Method Summary

Modifier and Type	Method and Description
protected boolean	_isApplicable(Descriptor<?> descriptor) CredentialsProvider subtypes can override this method to veto some Descriptors from being available from their store.
static ExtensionList<CredentialsProvider>	all() Returns the list of all CredentialsProvider.
static DescriptorExtensionList<Credentials,CredentialsDescriptor>	allCredentialsDescriptors() Returns all the registered Credentials descriptors.
static List<CredentialsProvider>	enabled() Returns only those CredentialsProvider that are isEnabled().
static List<CredentialsProvider>	enabled(Object context) Returns only those CredentialsProvider that are isEnabled() within a specific context.
static <C extends IdCredentials> C	findCredentialById(String id, Class<C> type, Run<?,?> run, DomainRequirement... domainRequirements) A common requirement for plugins is to resolve a specific credential by id in the context of a specific run.
static <C extends IdCredentials> C	findCredentialById(String id, Class<C> type, Run<?,?> run, List<DomainRequirement> domainRequirements) A common requirement for plugins is to resolve a specific credential by id in the context of a specific run.
<C extends IdCredentials> ListBoxModel	getCredentialIds(Class<C> type, Item item, org.acegisecurity.Authentication authentication, List<DomainRequirement> domainRequirements, CredentialsMatcher matcher) Returns a ListBoxModel of the credentials provided by this provider which are available to the specified Authentication for the specified Item and are appropriate for the specified DomainRequirements.
<C extends IdCredentials> ListBoxModel	getCredentialIds(Class<C> type, ItemGroup itemGroup, org.acegisecurity.Authentication authentication, List<DomainRequirement> domainRequirements, CredentialsMatcher matcher) Returns a ListBoxModel of the credentials provided by this provider which are available to the specified Authentication for items in the specified ItemGroup and are appropriate for the specified DomainRequirements.
<C extends Credentials> List<C>	getCredentials(Class<C> type, Item item, org.acegisecurity.Authentication authentication) Returns the credentials provided by this provider which are available to the specified Authentication for the specified Item
<C extends Credentials> List<C>	getCredentials(Class<C> type, Item item, org.acegisecurity.Authentication authentication, List<DomainRequirement> domainRequirements) Returns the credentials provided by this provider which are available to the specified Authentication for the specified Item and are appropriate for the specified DomainRequirements.
abstract <C extends Credentials> List<C>	getCredentials(Class<C> type, ItemGroup itemGroup, org.acegisecurity.Authentication authentication) Returns the credentials provided by this provider which are available to the specified Authentication for items in the specified ItemGroup
<C extends Credentials> List<C>	getCredentials(Class<C> type, ItemGroup itemGroup, org.acegisecurity.Authentication authentication, List<DomainRequirement> domainRequirements) Returns the credentials provided by this provider which are available to the specified Authentication for items in the specified ItemGroup and are appropriate for the specified .plugins.credentials.domains.DomainRequirements.
List<CredentialsDescriptor>	getCredentialsDescriptors() Returns the list of CredentialsDescriptor instances that are applicable within this CredentialsProvider.
Descriptor<CredentialsProvider>	getDescriptor()
String	getDisplayName()
static Fingerprint	getFingerprintOf(Credentials c) Retrieves the Fingerprint for a specific credential.
String	getIconClassName()
static Fingerprint	getOrCreateFingerprintOf(Credentials c) Creates a fingerprint that can be used to track the usage of a specific credential.
Set<CredentialsScope>	getScopes(ModelObject object) Returns the scopes allowed for credentials stored within the specified object or null if the object is not relevant for scopes and the object's container should be considered instead.
CredentialsStore	getStore(ModelObject object) Returns the CredentialsStore that this CredentialsProvider maintains specifically for this ModelObject or null if either the object is not a credentials container or this CredentialsProvider does not maintain a store specifically bound to this ModelObject.
boolean	hasCredentialsDescriptors() Checks if there is at least one CredentialsDescriptor applicable within this CredentialsProvider.
static boolean	hasStores(ModelObject context) Tests if the supplied context has any credentials stores associated with it.
boolean	isApplicable(Class<? extends Credentials> clazz) Returns true if this CredentialsProvider can provide credentials of the supplied type.
boolean	isApplicable(Descriptor<?> descriptor) Returns true if the supplied Descriptor is applicable to this CredentialsProvider.
boolean	isEnabled() Returns true if this CredentialsProvider is enabled.
boolean	isEnabled(Object context) Returns true if this CredentialsProvider is enabled in the specified context.
static <C extends IdCredentials> ListBoxModel	listCredentials(Class<C> type, Item item, org.acegisecurity.Authentication authentication, List<DomainRequirement> domainRequirements, CredentialsMatcher matcher) Returns a ListBoxModel of all credentials which are available to the specified Authentication for use by the specified Item.
static <C extends IdCredentials> ListBoxModel	listCredentials(Class<C> type, ItemGroup itemGroup, org.acegisecurity.Authentication authentication, List<DomainRequirement> domainRequirements, CredentialsMatcher matcher) Returns a ListBoxModel of all credentials which are available to the specified Authentication for use by the Items in the specified ItemGroup.
static <C extends Credentials> List<C>	lookupCredentials(Class<C> type) Deprecated. use lookupCredentials(Class, Item, Authentication, List), lookupCredentials(Class, Item, Authentication, DomainRequirement...), lookupCredentials(Class, ItemGroup, Authentication, List) or lookupCredentials(Class, ItemGroup, Authentication, DomainRequirement...)
static <C extends Credentials> List<C>	lookupCredentials(Class<C> type, org.acegisecurity.Authentication authentication) Deprecated. use lookupCredentials(Class, Item, Authentication, List), lookupCredentials(Class, Item, Authentication, DomainRequirement...), lookupCredentials(Class, ItemGroup, Authentication, List) or lookupCredentials(Class, ItemGroup, Authentication, DomainRequirement...)
static <C extends Credentials> List<C>	lookupCredentials(Class<C> type, Item item) Deprecated. use lookupCredentials(Class, Item, Authentication, List) or lookupCredentials(Class, Item, Authentication, DomainRequirement...)
static <C extends Credentials> List<C>	lookupCredentials(Class<C> type, Item item, org.acegisecurity.Authentication authentication) Deprecated. use lookupCredentials(Class, Item, Authentication, List) or lookupCredentials(Class, Item, Authentication, DomainRequirement...)
static <C extends Credentials> List<C>	lookupCredentials(Class<C> type, Item item, org.acegisecurity.Authentication authentication, DomainRequirement... domainRequirements) Returns all credentials which are available to the specified Authentication for use by the specified Item.
static <C extends Credentials> List<C>	lookupCredentials(Class<C> type, Item item, org.acegisecurity.Authentication authentication, List<DomainRequirement> domainRequirements) Returns all credentials which are available to the specified Authentication for use by the specified Item.
static <C extends Credentials> List<C>	lookupCredentials(Class<C> type, ItemGroup itemGroup) Deprecated. use lookupCredentials(Class, ItemGroup, Authentication, List) or lookupCredentials(Class, ItemGroup, Authentication, DomainRequirement...)
static <C extends Credentials> List<C>	lookupCredentials(Class<C> type, ItemGroup itemGroup, org.acegisecurity.Authentication authentication) Deprecated. use lookupCredentials(Class, ItemGroup, Authentication, List) or lookupCredentials(Class, ItemGroup, Authentication, DomainRequirement...)
static <C extends Credentials> List<C>	lookupCredentials(Class<C> type, ItemGroup itemGroup, org.acegisecurity.Authentication authentication, DomainRequirement... domainRequirements) Returns all credentials which are available to the specified Authentication for use by the Items in the specified ItemGroup.
static <C extends Credentials> List<C>	lookupCredentials(Class<C> type, ItemGroup itemGroup, org.acegisecurity.Authentication authentication, List<DomainRequirement> domainRequirements) Returns all credentials which are available to the specified Authentication for use by the Items in the specified ItemGroup.
static Set<CredentialsScope>	lookupScopes(ModelObject object) Returns the scopes allowed for credentials stored within the specified object or null if the object is not relevant for scopes and the object's container should be considered instead.
static Iterable<CredentialsStore>	lookupStores(ModelObject context) Returns a lazy Iterable of all the CredentialsStore instances contributing credentials to the supplied object.
static void	saveAll() A helper method for Groovy Scripting to address use cases such as JENKINS-39317 where all credential stores need to be resaved.
static <C extends Credentials> C	snapshot(C credential) Make a best effort to ensure that the supplied credential is a snapshot credential (i.e.
static <C extends Credentials> C	snapshot(Class<C> clazz, C credential) Make a best effort to ensure that the supplied credential is a snapshot credential (i.e.
static <C extends Credentials> C	track(Item item, C credentials) Track the usage of credentials in a specific item but not associated with a specific build, for example SCM polling.
static <C extends Credentials> C	track(Node node, C credentials) Track the usage of credentials in a specific node.
static <C extends Credentials> C	track(Run build, C credentials) Track the usage of credentials in a specific build.
static <C extends Credentials> List<C>	trackAll(Item item, C... credentials) Track the usage of credentials in a specific item but not associated with a specific build, for example SCM polling.
static <C extends Credentials> List<C>	trackAll(Item item, List<C> credentials) Track the usage of credentials in a specific item but not associated with a specific build, for example SCM polling.
static <C extends Credentials> List<C>	trackAll(Node node, C... credentials) Track the usage of credentials in a specific node.
static <C extends Credentials> List<C>	trackAll(Node node, List<C> credentials) Track the usage of credentials in a specific node.
static <C extends Credentials> List<C>	trackAll(Run build, C... credentials) Track the usage of credentials in a specific build.
static <C extends Credentials> List<C>	trackAll(Run build, List<C> credentials) Track the usage of credentials in a specific build.

Methods inherited from class hudson.model.Descriptor

addHelpFileRedirect, calcAutoCompleteSettings, calcFillSettings, configure, configure, doHelp, find, find, findByDescribableClassName, findById, getCategory, getCheckMethod, getCheckUrl, getConfigFile, getConfigPage, getCurrentDescriptorByNameUrl, getDescriptorFullUrl, getDescriptorUrl, getGlobalConfigPage, getGlobalPropertyType, getHelpFile, getHelpFile, getHelpFile, getId, getJsonSafeClassName, getKlass, getPlugin, getPossibleViewNames, getPropertyType, getPropertyType, getPropertyTypeOrDie, getT, getViewPage, isInstance, isSubTypeOf, load, newInstance, newInstance, newInstancesFromHeteroList, newInstancesFromHeteroList, save, self, toArray, toList, toMap

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

NONE

public static final CredentialsProvider NONE

A CredentialsProvider that does nothing for use as a marker

Since:

2.1.1

GROUP

public static final PermissionGroup GROUP

The permission group for credentials.

Since:

1.8

USE_OWN

public static final Permission USE_OWN

Where an immediate action against a job requires that a credential be selected by the user triggering the action, this permission allows the user to select a credential from their private credential store. Immediate actions could include: building with parameters, tagging a build, deploying artifacts, etc.

Since:

1.16

USE_ITEM

public static final Permission USE_ITEM

Where an immediate action against a job requires that a credential be selected by the user triggering the action, this permission allows the user to select a credential from those credentials available within the scope of the job. Immediate actions could include: building with parameters, tagging a build, deploying artifacts, etc. This permission is implied by Item.CONFIGURE as anyone who can configure the job can configure the job to use credentials within the item scope anyway.

Since:

1.16

CREATE

public static final Permission CREATE

The permission for adding credentials to a CredentialsStore.

Since:

1.8

UPDATE

public static final Permission UPDATE

The permission for updating credentials in a CredentialsStore.

Since:

1.8

VIEW

public static final Permission VIEW

The permission for viewing credentials in a CredentialsStore.

Since:

1.8

DELETE

public static final Permission DELETE

The permission for removing credentials from a CredentialsStore.

Since:

1.8

MANAGE_DOMAINS

public static final Permission MANAGE_DOMAINS

The permission for managing credential domains in a CredentialsStore.

Since:

1.8

Constructor Detail

CredentialsProvider

public CredentialsProvider()

Default constructor.

Method Detail

allCredentialsDescriptors

public static DescriptorExtensionList<Credentials,CredentialsDescriptor> allCredentialsDescriptors()

Returns all the registered Credentials descriptors.

Returns:

all the registered Credentials descriptors.

lookupCredentials

@Deprecated
 @NonNull
public static <C extends Credentials> List<C> lookupCredentials(@NonNull
                                                                                      Class<C> type)

Deprecated. use lookupCredentials(Class, Item, Authentication, List), lookupCredentials(Class, Item, Authentication, DomainRequirement...), lookupCredentials(Class, ItemGroup, Authentication, List) or lookupCredentials(Class, ItemGroup, Authentication, DomainRequirement...)

Returns all credentials which are available to the ACL.SYSTEM Authentication within the Jenkins.get().

Type Parameters:

C - the credentials type.

Parameters:

type - the type of credentials to get.

Returns:

the list of credentials.

lookupCredentials

@Deprecated
 @NonNull
public static <C extends Credentials> List<C> lookupCredentials(@NonNull
                                                                                      Class<C> type,
                                                                                      @Nullable
                                                                                      org.acegisecurity.Authentication authentication)

Deprecated. use lookupCredentials(Class, Item, Authentication, List), lookupCredentials(Class, Item, Authentication, DomainRequirement...), lookupCredentials(Class, ItemGroup, Authentication, List) or lookupCredentials(Class, ItemGroup, Authentication, DomainRequirement...)

Returns all credentials which are available to the specified Authentication within the Jenkins.get().

Type Parameters:

C - the credentials type.

Parameters:

type - the type of credentials to get.

authentication - the authentication.

Returns:

the list of credentials.

lookupCredentials

@Deprecated
 @NonNull
public static <C extends Credentials> List<C> lookupCredentials(@NonNull
                                                                                      Class<C> type,
                                                                                      @Nullable
                                                                                      Item item)

Deprecated. use lookupCredentials(Class, Item, Authentication, List) or lookupCredentials(Class, Item, Authentication, DomainRequirement...)

Returns all credentials which are available to the ACL.SYSTEM Authentication for use by the specified Item.

Type Parameters:

C - the credentials type.

Parameters:

type - the type of credentials to get.

item - the item.

Returns:

the list of credentials.

lookupCredentials

@Deprecated
 @NonNull
public static <C extends Credentials> List<C> lookupCredentials(@NonNull
                                                                                      Class<C> type,
                                                                                      @Nullable
                                                                                      ItemGroup itemGroup)

Deprecated. use lookupCredentials(Class, ItemGroup, Authentication, List) or lookupCredentials(Class, ItemGroup, Authentication, DomainRequirement...)

Returns all credentials which are available to the ACL.SYSTEM Authentication for use by the Items in the specified ItemGroup.

Type Parameters:

C - the credentials type.

Parameters:

type - the type of credentials to get.

itemGroup - the item group.

Returns:

the list of credentials.

lookupCredentials

@Deprecated
 @NonNull
public static <C extends Credentials> List<C> lookupCredentials(@NonNull
                                                                                      Class<C> type,
                                                                                      @Nullable
                                                                                      ItemGroup itemGroup,
                                                                                      @Nullable
                                                                                      org.acegisecurity.Authentication authentication)

Deprecated. use lookupCredentials(Class, ItemGroup, Authentication, List) or lookupCredentials(Class, ItemGroup, Authentication, DomainRequirement...)

Returns all credentials which are available to the specified Authentication for use by the Items in the specified ItemGroup.

Type Parameters:

C - the credentials type.

Parameters:

type - the type of credentials to get.

itemGroup - the item group.

authentication - the authentication.

Returns:

the list of credentials.

lookupCredentials

@Deprecated
 @NonNull
public static <C extends Credentials> List<C> lookupCredentials(@NonNull
                                                                                      Class<C> type,
                                                                                      @Nullable
                                                                                      Item item,
                                                                                      @Nullable
                                                                                      org.acegisecurity.Authentication authentication)

Deprecated. use lookupCredentials(Class, Item, Authentication, List) or lookupCredentials(Class, Item, Authentication, DomainRequirement...)

Returns all credentials which are available to the specified Authentication for use by the specified Item.

Type Parameters:

C - the credentials type.

Parameters:

type - the type of credentials to get.

authentication - the authentication.

item - the item.

Returns:

the list of credentials.

lookupCredentials

@NonNull
public static <C extends Credentials> List<C> lookupCredentials(@NonNull
                                                                         Class<C> type,
                                                                         @Nullable
                                                                         ItemGroup itemGroup,
                                                                         @Nullable
                                                                         org.acegisecurity.Authentication authentication,
                                                                         @Nullable
                                                                         DomainRequirement... domainRequirements)

Returns all credentials which are available to the specified Authentication for use by the Items in the specified ItemGroup.

Type Parameters:

C - the credentials type.

Parameters:

type - the type of credentials to get.

itemGroup - the item group.

authentication - the authentication.

domainRequirements - the credential domains to match.

Returns:

the list of credentials.

Since:

1.5

lookupCredentials

@NonNull
public static <C extends Credentials> List<C> lookupCredentials(@NonNull
                                                                         Class<C> type,
                                                                         @Nullable
                                                                         ItemGroup itemGroup,
                                                                         @Nullable
                                                                         org.acegisecurity.Authentication authentication,
                                                                         @Nullable
                                                                         List<DomainRequirement> domainRequirements)

Returns all credentials which are available to the specified Authentication for use by the Items in the specified ItemGroup.

Type Parameters:

C - the credentials type.

Parameters:

type - the type of credentials to get.

itemGroup - the item group.

authentication - the authentication.

domainRequirements - the credential domains to match.

Returns:

the list of credentials.

Since:

1.5

listCredentials

public static <C extends IdCredentials> ListBoxModel listCredentials(@NonNull
                                                                     Class<C> type,
                                                                     @Nullable
                                                                     ItemGroup itemGroup,
                                                                     @Nullable
                                                                     org.acegisecurity.Authentication authentication,
                                                                     @Nullable
                                                                     List<DomainRequirement> domainRequirements,
                                                                     @Nullable
                                                                     CredentialsMatcher matcher)

Returns a ListBoxModel of all credentials which are available to the specified Authentication for use by the Items in the specified ItemGroup.

Type Parameters:

C - the credentials type.

Parameters:

type - the type of credentials to get.

authentication - the authentication.

itemGroup - the item group.

domainRequirements - the credential domains to match.

matcher - the additional filtering to apply to the credentials

Returns:

the ListBoxModel of IdCredentials.getId() with the corresponding display names as provided by CredentialsNameProvider.

Since:

2.1.0

lookupCredentials

@NonNull
public static <C extends Credentials> List<C> lookupCredentials(@NonNull
                                                                         Class<C> type,
                                                                         @Nullable
                                                                         Item item,
                                                                         @Nullable
                                                                         org.acegisecurity.Authentication authentication,
                                                                         DomainRequirement... domainRequirements)

Returns all credentials which are available to the specified Authentication for use by the specified Item.

Type Parameters:

C - the credentials type.

Parameters:

type - the type of credentials to get.

authentication - the authentication.

item - the item.

domainRequirements - the credential domains to match.

Returns:

the list of credentials.

Since:

1.5

lookupCredentials

@NonNull
public static <C extends Credentials> List<C> lookupCredentials(@NonNull
                                                                         Class<C> type,
                                                                         @Nullable
                                                                         Item item,
                                                                         @Nullable
                                                                         org.acegisecurity.Authentication authentication,
                                                                         @Nullable
                                                                         List<DomainRequirement> domainRequirements)

Returns all credentials which are available to the specified Authentication for use by the specified Item.

Type Parameters:

C - the credentials type.

Parameters:

type - the type of credentials to get.

authentication - the authentication.

item - the item.

domainRequirements - the credential domains to match.

Returns:

the list of credentials.

Since:

1.5

listCredentials

@NonNull
public static <C extends IdCredentials> ListBoxModel listCredentials(@NonNull
                                                                              Class<C> type,
                                                                              @Nullable
                                                                              Item item,
                                                                              @Nullable
                                                                              org.acegisecurity.Authentication authentication,
                                                                              @Nullable
                                                                              List<DomainRequirement> domainRequirements,
                                                                              @Nullable
                                                                              CredentialsMatcher matcher)

Returns a ListBoxModel of all credentials which are available to the specified Authentication for use by the specified Item.

Type Parameters:

C - the credentials type.

Parameters:

type - the type of credentials to get.

authentication - the authentication.

item - the item.

domainRequirements - the credential domains to match.

matcher - the additional filtering to apply to the credentials

Returns:

the ListBoxModel of IdCredentials.getId() with the corresponding display names as provided by CredentialsNameProvider.

Since:

2.1.0

lookupScopes

@CheckForNull
public static Set<CredentialsScope> lookupScopes(ModelObject object)

Returns the scopes allowed for credentials stored within the specified object or null if the object is not relevant for scopes and the object's container should be considered instead.

Parameters:

object - the object.

Returns:

the set of scopes that are relevant for the object or null if the object is not a credentials container.

hasStores

public static boolean hasStores(ModelObject context)

Tests if the supplied context has any credentials stores associated with it.

Parameters:

context - the context object.

Returns:

true if and only if the supplied context has at least one CredentialsStore associated with it.

Since:

2.1.5

lookupStores

public static Iterable<CredentialsStore> lookupStores(ModelObject context)

Returns a lazy Iterable of all the CredentialsStore instances contributing credentials to the supplied object.

Parameters:

context - the Item or ItemGroup or User to get the CredentialsStores of.

Returns:

a lazy Iterable of all CredentialsStore instances.

Since:

1.8

snapshot

public static <C extends Credentials> C snapshot(C credential)

Make a best effort to ensure that the supplied credential is a snapshot credential (i.e. self-contained and does not reference any external stores). WARNING: May produce unusual results if presented an exotic credential that implements multiple distinct credential types at the same time, e.g. a credential that is simultaneously a TLS certificate and a SSH key pair and a GPG key pair all at the same time... unless the author of that credential type also provides a CredentialsSnapshotTaker that can handle such a triple play.

Type Parameters:

C - the type of credential.

Parameters:

credential - the credential.

Returns:

the credential or a snapshot of the credential.

Since:

1.14

snapshot

public static <C extends Credentials> C snapshot(Class<C> clazz,
                                                 C credential)

Make a best effort to ensure that the supplied credential is a snapshot credential (i.e. self-contained and does not reference any external stores)

Type Parameters:

C - the type of credential.

Parameters:

clazz - the type of credential that we are trying to snapshot (specified so that if there is more than one type of snapshot able credential interface implemented by the credentials, then they can be separated out.

credential - the credential.

Returns:

the credential or a snapshot of the credential.

Since:

1.14

findCredentialById

@CheckForNull
public static <C extends IdCredentials> C findCredentialById(@NonNull
                                                                           String id,
                                                                           @NonNull
                                                                           Class<C> type,
                                                                           @NonNull
                                                                           Run<?,?> run,
                                                                           DomainRequirement... domainRequirements)

A common requirement for plugins is to resolve a specific credential by id in the context of a specific run. Given that the credential itself could be resulting from a build parameter expression and the complexities of determining the scope of items from which the credential should be resolved in a chain of builds, this method provides the correct answer.

Type Parameters:

C - the credentials type.

Parameters:

id - either the id of the credential to find or a parameter expression for the id.

type - the type of credential to find.

run - the Run defining the context within which to find the credential.

domainRequirements - the domain requirements of the credential.

Returns:

the credential or null if either the credential cannot be found or the user triggering the run is not permitted to use the credential in the context of the run.

Since:

1.16

findCredentialById

@CheckForNull
public static <C extends IdCredentials> C findCredentialById(@NonNull
                                                                           String id,
                                                                           @NonNull
                                                                           Class<C> type,
                                                                           @NonNull
                                                                           Run<?,?> run,
                                                                           @Nullable
                                                                           List<DomainRequirement> domainRequirements)

A common requirement for plugins is to resolve a specific credential by id in the context of a specific run. Given that the credential itself could be resulting from a build parameter expression and the complexities of determining the scope of items from which the credential should be resolved in a chain of builds, this method provides the correct answer.

Type Parameters:

C - the credentials type.

Parameters:

id - either the id of the credential to find or a parameter expression for the id.

type - the type of credential to find.

run - the Run defining the context within which to find the credential.

domainRequirements - the domain requirements of the credential.

Returns:

the credential or null if either the credential cannot be found or the user triggering the run is not permitted to use the credential in the context of the run.

Since:

1.16

all

public static ExtensionList<CredentialsProvider> all()

Returns the list of all CredentialsProvider.

Returns:

the list of all CredentialsProvider.

enabled

public static List<CredentialsProvider> enabled()

Returns only those CredentialsProvider that are isEnabled().

Returns:

a list of CredentialsProvider that are isEnabled().

Since:

2.0

enabled

public static List<CredentialsProvider> enabled(Object context)

Returns only those CredentialsProvider that are isEnabled() within a specific context.

Parameters:

context - the context in which to get the list.

Returns:

a list of CredentialsProvider that are isEnabled().

Since:

2.0

getDescriptor

public Descriptor<CredentialsProvider> getDescriptor()

Specified by:

getDescriptor in interface Describable<CredentialsProvider>

isEnabled

public final boolean isEnabled()

Returns true if this CredentialsProvider is enabled.

Returns:

true if this CredentialsProvider is enabled.

Since:

2.0

isEnabled

public boolean isEnabled(Object context)

Returns true if this CredentialsProvider is enabled in the specified context.

Parameters:

context - the context.

Returns:

true if this CredentialsProvider is enabled in the specified context.

Since:

2.0

getDisplayName

public String getDisplayName()

Overrides:

getDisplayName in class Descriptor<CredentialsProvider>

getIconClassName

public String getIconClassName()

Specified by:

getIconClassName in interface org.jenkins.ui.icon.IconSpec

getScopes

public Set<CredentialsScope> getScopes(ModelObject object)

Returns the scopes allowed for credentials stored within the specified object or null if the object is not relevant for scopes and the object's container should be considered instead.

Parameters:

object - the object.

Returns:

the set of scopes that are relevant for the object or null if the object is not a credentials container.

getStore

@CheckForNull
public CredentialsStore getStore(@CheckForNull
                                               ModelObject object)

Returns the CredentialsStore that this CredentialsProvider maintains specifically for this ModelObject or null if either the object is not a credentials container or this CredentialsProvider does not maintain a store specifically bound to this ModelObject.

Parameters:

object - the Item or ItemGroup or User that the store is being requested of.

Returns:

either null or a scoped CredentialsStore where CredentialsStore.getContext() == object.

Since:

1.8

getCredentials

@NonNull
public abstract <C extends Credentials> List<C> getCredentials(@NonNull
                                                                        Class<C> type,
                                                                        @Nullable
                                                                        ItemGroup itemGroup,
                                                                        @Nullable
                                                                        org.acegisecurity.Authentication authentication)

Returns the credentials provided by this provider which are available to the specified Authentication for items in the specified ItemGroup

Type Parameters:

C - the credentials type.

Parameters:

type - the type of credentials to return.

itemGroup - the item group (if null assume Jenkins.get().

authentication - the authentication (if null assume ACL.SYSTEM.

Returns:

the list of credentials.

getCredentials

@NonNull
public <C extends Credentials> List<C> getCredentials(@NonNull
                                                               Class<C> type,
                                                               @Nullable
                                                               ItemGroup itemGroup,
                                                               @Nullable
                                                               org.acegisecurity.Authentication authentication,
                                                               @NonNull
                                                               List<DomainRequirement> domainRequirements)

Returns the credentials provided by this provider which are available to the specified Authentication for items in the specified ItemGroup and are appropriate for the specified .plugins.credentials.domains.DomainRequirements.

Type Parameters:

C - the credentials type.

Parameters:

type - the type of credentials to return.

itemGroup - the item group (if null assume Jenkins.get().

authentication - the authentication (if null assume ACL.SYSTEM.

domainRequirements - the credential domains to match (if the CredentialsProvider does not support DomainRequirements then it should assume the match is true).

Returns:

the list of credentials.

Since:

1.5

getCredentialIds

@NonNull
public <C extends IdCredentials> ListBoxModel getCredentialIds(@NonNull
                                                                        Class<C> type,
                                                                        @Nullable
                                                                        ItemGroup itemGroup,
                                                                        @Nullable
                                                                        org.acegisecurity.Authentication authentication,
                                                                        @NonNull
                                                                        List<DomainRequirement> domainRequirements,
                                                                        @NonNull
                                                                        CredentialsMatcher matcher)

Returns a ListBoxModel of the credentials provided by this provider which are available to the specified Authentication for items in the specified ItemGroup and are appropriate for the specified DomainRequirements. NOTE: implementations are recommended to override this method if the actual secret information is being stored external from Jenkins and the non-secret information can be accessed with lesser traceability requirements. The default implementation just uses getCredentials(Class, Item, Authentication, List) to build the ListBoxModel. Handling the CredentialsMatcher may require standing up a proxy instance to apply the matcher against if CredentialsMatchers.describe(CredentialsMatcher) returns null

Type Parameters:

C - the credentials type.

Parameters:

type - the type of credentials to return.

itemGroup - the item group (if null assume Jenkins.get().

authentication - the authentication (if null assume ACL.SYSTEM.

domainRequirements - the credential domain to match.

matcher - the additional filtering to apply to the credentials

Returns:

the ListBoxModel of IdCredentials.getId() with names provided by CredentialsNameProvider.

Since:

2.1.0

getCredentials

@NonNull
public <C extends Credentials> List<C> getCredentials(@NonNull
                                                               Class<C> type,
                                                               @NonNull
                                                               Item item,
                                                               @Nullable
                                                               org.acegisecurity.Authentication authentication)

Returns the credentials provided by this provider which are available to the specified Authentication for the specified Item

Type Parameters:

C - the credentials type.

Parameters:

type - the type of credentials to return.

item - the item.

authentication - the authentication (if null assume ACL.SYSTEM.

Returns:

the list of credentials.

getCredentials

@NonNull
public <C extends Credentials> List<C> getCredentials(@NonNull
                                                               Class<C> type,
                                                               @NonNull
                                                               Item item,
                                                               @Nullable
                                                               org.acegisecurity.Authentication authentication,
                                                               @NonNull
                                                               List<DomainRequirement> domainRequirements)

Returns the credentials provided by this provider which are available to the specified Authentication for the specified Item and are appropriate for the specified DomainRequirements.

Type Parameters:

C - the credentials type.

Parameters:

type - the type of credentials to return.

item - the item.

authentication - the authentication (if null assume ACL.SYSTEM.

domainRequirements - the credential domain to match.

Returns:

the list of credentials.

Since:

1.5

getCredentialIds

@NonNull
public <C extends IdCredentials> ListBoxModel getCredentialIds(@NonNull
                                                                        Class<C> type,
                                                                        @NonNull
                                                                        Item item,
                                                                        @Nullable
                                                                        org.acegisecurity.Authentication authentication,
                                                                        @NonNull
                                                                        List<DomainRequirement> domainRequirements,
                                                                        @NonNull
                                                                        CredentialsMatcher matcher)

Returns a ListBoxModel of the credentials provided by this provider which are available to the specified Authentication for the specified Item and are appropriate for the specified DomainRequirements. NOTE: implementations are recommended to override this method if the actual secret information is being stored external from Jenkins and the non-secret information can be accessed with lesser traceability requirements. The default implementation just uses getCredentials(Class, Item, Authentication, List) to build the ListBoxModel. Handling the CredentialsMatcher may require standing up a proxy instance to apply the matcher against.

Type Parameters:

C - the credentials type.

Parameters:

type - the type of credentials to return.

item - the item.

authentication - the authentication (if null assume ACL.SYSTEM.

domainRequirements - the credential domain to match.

matcher - the additional filtering to apply to the credentials

Returns:

the ListBoxModel of IdCredentials.getId() with names provided by CredentialsNameProvider.

Since:

2.1.0

isApplicable

public final boolean isApplicable(Class<? extends Credentials> clazz)

Returns true if this CredentialsProvider can provide credentials of the supplied type.

Parameters:

clazz - the base type of Credentials to check.

Returns:

true if and only if there is at least one CredentialsDescriptor matching the required Credentials interface that isApplicable(Descriptor).

Since:

2.0

isApplicable

public final boolean isApplicable(Descriptor<?> descriptor)

Returns true if the supplied Descriptor is applicable to this CredentialsProvider.

Parameters:

descriptor - the Descriptor to check.

Returns:

true if and only if the supplied Descriptor is applicable in this CredentialsProvider.

Since:

2.0

_isApplicable

protected boolean _isApplicable(Descriptor<?> descriptor)

CredentialsProvider subtypes can override this method to veto some Descriptors from being available from their store. This is often useful when you are building a custom store that holds a specific type of credentials or where you want to limit the number of choices given to the users.

Parameters:

descriptor - the Descriptor to check.

Returns:

true if the supplied Descriptor is applicable in this CredentialsProvider

Since:

2.0

getCredentialsDescriptors

public final List<CredentialsDescriptor> getCredentialsDescriptors()

Returns the list of CredentialsDescriptor instances that are applicable within this CredentialsProvider.

Returns:

the list of CredentialsDescriptor instances that are applicable within this CredentialsProvider.

Since:

2.0

hasCredentialsDescriptors

public final boolean hasCredentialsDescriptors()

Checks if there is at least one CredentialsDescriptor applicable within this CredentialsProvider.

Returns:

true if and ony if there is at least one CredentialsDescriptor applicable within this CredentialsProvider.

Since:

2.0

getFingerprintOf

@CheckForNull
public static Fingerprint getFingerprintOf(@NonNull
                                                         Credentials c)
                                                  throws IOException

Retrieves the Fingerprint for a specific credential.

Parameters:

c - the credential.

Returns:

the Fingerprint or null if the credential has no fingerprint associated with it.

Throws:

IOException - if the credential's fingerprint hash could not be computed.

Since:

2.1.1

getOrCreateFingerprintOf

@NonNull
public static Fingerprint getOrCreateFingerprintOf(@NonNull
                                                            Credentials c)
                                                     throws IOException

Creates a fingerprint that can be used to track the usage of a specific credential.

Parameters:

c - the credential to fingerprint.

Returns:

the Fingerprint.

Throws:

IOException - if the credential's fingerprint hash could not be computed.

Since:

2.1.1

track

@CheckForNull
public static <C extends Credentials> C track(@NonNull
                                                            Run build,
                                                            @CheckForNull
                                                            C credentials)

Track the usage of credentials in a specific build.

Type Parameters:

C - the credentials type.

Parameters:

build - the run to tag the fingerprint

credentials - the credentials to fingerprint.

Returns:

the supplied credentials for method chaining.

Since:

2.1.1

trackAll

@NonNull
public static <C extends Credentials> List<C> trackAll(@NonNull
                                                                Run build,
                                                                C... credentials)

Track the usage of credentials in a specific build.

Type Parameters:

C - the credentials type.

Parameters:

build - the run to tag the fingerprint

credentials - the credentials to fingerprint.

Returns:

the supplied credentials for method chaining.

Since:

2.1.1

trackAll

@NonNull
public static <C extends Credentials> List<C> trackAll(@NonNull
                                                                Run build,
                                                                @NonNull
                                                                List<C> credentials)

Track the usage of credentials in a specific build.

Type Parameters:

C - the credentials type.

Parameters:

build - the run to tag the fingerprint

credentials - the credentials to fingerprint.

Returns:

the supplied credentials for method chaining.

Since:

2.1.1

track

@CheckForNull
public static <C extends Credentials> C track(@NonNull
                                                            Node node,
                                                            @CheckForNull
                                                            C credentials)

Track the usage of credentials in a specific node. Would be used for example when launching an agent.

Type Parameters:

C - the credentials type.

Parameters:

node - the node to tag the fingerprint

credentials - the credentials to fingerprint.

Returns:

the supplied credentials for method chaining.

Since:

2.1.1

trackAll

@NonNull
public static <C extends Credentials> List<C> trackAll(@NonNull
                                                                Node node,
                                                                C... credentials)

Track the usage of credentials in a specific node. Would be used for example when launching an agent.

Type Parameters:

C - the credentials type.

Parameters:

node - the node to tag the fingerprint

credentials - the credentials to fingerprint.

Returns:

the supplied credentials for method chaining.

Since:

2.1.1

trackAll

@NonNull
public static <C extends Credentials> List<C> trackAll(@NonNull
                                                                Node node,
                                                                @NonNull
                                                                List<C> credentials)

Track the usage of credentials in a specific node. Would be used for example when launching an agent.

Type Parameters:

C - the credentials type.

Parameters:

node - the node to tag the fingerprint

credentials - the credentials to fingerprint.

Returns:

the supplied credentials for method chaining.

Since:

2.1.1

track

@CheckForNull
public static <C extends Credentials> C track(@NonNull
                                                            Item item,
                                                            @CheckForNull
                                                            C credentials)

Track the usage of credentials in a specific item but not associated with a specific build, for example SCM polling.

Type Parameters:

C - the credentials type.

Parameters:

item - the item to tag the fingerprint against

credentials - the credentials to fingerprint.

Returns:

the supplied credentials for method chaining.

Since:

2.1.1

trackAll

@NonNull
public static <C extends Credentials> List<C> trackAll(@NonNull
                                                                Item item,
                                                                C... credentials)

Track the usage of credentials in a specific item but not associated with a specific build, for example SCM polling.

Type Parameters:

C - the credentials type.

Parameters:

item - the item to tag the fingerprint against

credentials - the credentials to fingerprint.

Returns:

the supplied credentials for method chaining.

Since:

2.1.1

trackAll

@NonNull
public static <C extends Credentials> List<C> trackAll(@NonNull
                                                                Item item,
                                                                @NonNull
                                                                List<C> credentials)

Track the usage of credentials in a specific item but not associated with a specific build, for example SCM polling.

Type Parameters:

C - the credentials type.

Parameters:

item - the item to tag the fingerprint against

credentials - the credentials to fingerprint.

Returns:

the supplied credentials for method chaining.

Since:

2.1.1

saveAll

@Restricted(value=org.kohsuke.accmod.restrictions.DoNotUse.class)
public static void saveAll()
                                                                                      throws IOException

A helper method for Groovy Scripting to address use cases such as JENKINS-39317 where all credential stores need to be resaved. As this is a potentially very expensive operation the method has been marked DoNotUse in order to ensure that no plugin attempts to call this method. If invoking this method from an init.d Groovy script, ensure that the call is guarded by a marker file such that

Throws:

IOException - if things go wrong.