Package com.cloudbees.plugins.credentials

Class CredentialsProvider

java.lang.Object

hudson.model.Descriptor<CredentialsProvider>

com.cloudbees.plugins.credentials.CredentialsProvider

All Implemented Interfaces:

ExtensionPoint, Describable<CredentialsProvider>, Saveable, OnMaster, IconSpec

Direct Known Subclasses:

SystemCredentialsProvider.ProviderImpl, UserCredentialsProvider

public abstract class CredentialsProvider
extends Descriptor<CredentialsProvider>
implements ExtensionPoint, Describable<CredentialsProvider>, IconSpec

An extension point for providing Credentials.

Nested Class Summary

Nested classes/interfaces inherited from class hudson.model.Descriptor

Descriptor.FormException, Descriptor.PropertyType, Descriptor.Self

Nested classes/interfaces inherited from interface hudson.ExtensionPoint

ExtensionPoint.LegacyInstancesAreScopedToHudson

Field Summary

Fields

Modifier and Type	Field	Description
static Permission	CREATE	The permission for adding credentials to a CredentialsStore.
static Permission	DELETE	The permission for removing credentials from a CredentialsStore.
static PermissionGroup	GROUP	The permission group for credentials.
static Permission	MANAGE_DOMAINS	The permission for managing credential domains in a CredentialsStore.
static CredentialsProvider	NONE	A CredentialsProvider that does nothing for use as a marker
static Permission	UPDATE	The permission for updating credentials in a CredentialsStore.
static Permission	USE_ITEM	Where an immediate action against a job requires that a credential be selected by the user triggering the action, this permission allows the user to select a credential from those credentials available within the scope of the job.
static Permission	USE_OWN	Where an immediate action against a job requires that a credential be selected by the user triggering the action, this permission allows the user to select a credential from their private credential store.
static Permission	VIEW	The permission for viewing credentials in a CredentialsStore.

Fields inherited from class hudson.model.Descriptor

clazz

Fields inherited from interface hudson.model.Saveable

NOOP

Constructor Summary

Constructors

Constructor	Description
CredentialsProvider()	Default constructor.

Method Summary

Modifier and Type	Method	Description
protected boolean	_isApplicable(Descriptor<?> descriptor)	CredentialsProvider subtypes can override this method to veto some Descriptors from being available from their store.
static ExtensionList<CredentialsProvider>	all()	Returns the list of all CredentialsProvider.
static DescriptorExtensionList<Credentials,CredentialsDescriptor>	allCredentialsDescriptors()	Returns all the registered Credentials descriptors.
static List<CredentialsProvider>	enabled()	Returns only those CredentialsProvider that are isEnabled().
static List<CredentialsProvider>	enabled(Object context)	Returns only those CredentialsProvider that are isEnabled() within a specific context.
static <C extends IdCredentials> C	findCredentialById(String id, Class<C> type, Run<?,?> run)	A common requirement for plugins is to resolve a specific credential by id in the context of a specific run.
static <C extends IdCredentials> C	findCredentialById(String id, Class<C> type, Run<?,?> run, DomainRequirement... domainRequirements)	Deprecated. Use findCredentialById(String, Class, Run, List) instead.
static <C extends IdCredentials> C	findCredentialById(String id, Class<C> type, Run<?,?> run, List<DomainRequirement> domainRequirements)	A common requirement for plugins is to resolve a specific credential by id in the context of a specific run.
<C extends IdCredentials> ListBoxModel	getCredentialIds(Class<C> type, ItemGroup itemGroup, Authentication authentication, List<DomainRequirement> domainRequirements, CredentialsMatcher matcher)	Deprecated. Use getCredentialIdsInItemGroup(Class, ItemGroup, Authentication, List, CredentialsMatcher) instead.
<C extends IdCredentials> ListBoxModel	getCredentialIds(Class<C> type, Item item, Authentication authentication, List<DomainRequirement> domainRequirements, CredentialsMatcher matcher)	Deprecated. Use getCredentialIdsInItem(Class, Item, Authentication, List, CredentialsMatcher) instead.
<C extends IdCredentials> ListBoxModel	getCredentialIdsInItem(Class<C> type, Item item, org.springframework.security.core.Authentication authentication, List<DomainRequirement> domainRequirements, CredentialsMatcher matcher)	Returns a ListBoxModel of the credentials provided by this provider which are available to the specified Authentication for the specified Item and are appropriate for the specified DomainRequirements.
<C extends IdCredentials> ListBoxModel	getCredentialIdsInItemGroup(Class<C> type, ItemGroup itemGroup, org.springframework.security.core.Authentication authentication, List<DomainRequirement> domainRequirements, CredentialsMatcher matcher)	Returns a ListBoxModel of the credentials provided by this provider which are available to the specified Authentication for items in the specified ItemGroup and are appropriate for the specified DomainRequirements.
<C extends Credentials> List<C>	getCredentials(Class<C> type, ItemGroup itemGroup, Authentication authentication)	Deprecated. use getCredentialsInItem(Class, Item, Authentication, List) instead.
<C extends Credentials> List<C>	getCredentials(Class<C> type, ItemGroup itemGroup, Authentication authentication, List<DomainRequirement> domainRequirements)	Deprecated. use getCredentialsInItem(Class, Item, Authentication, List) instead.
<C extends Credentials> List<C>	getCredentials(Class<C> type, Item item, Authentication authentication)	Deprecated. Use getCredentialsInItem(Class, Item, Authentication, List) instead.
<C extends Credentials> List<C>	getCredentials(Class<C> type, Item item, Authentication authentication, List<DomainRequirement> domainRequirements)	Deprecated. Use getCredentialsInItem(Class, Item, Authentication, List) instead.
List<CredentialsDescriptor>	getCredentialsDescriptors()	Returns the list of CredentialsDescriptor instances that are applicable within this CredentialsProvider.
<C extends Credentials> List<C>	getCredentialsInItem(Class<C> type, Item item, org.springframework.security.core.Authentication authentication, List<DomainRequirement> domainRequirements)	Returns the credentials provided by this provider which are available to the specified Authentication for the specified Item and are appropriate for the specified DomainRequirements.
<C extends Credentials> List<C>	getCredentialsInItemGroup(Class<C> type, ItemGroup itemGroup, org.springframework.security.core.Authentication authentication, List<DomainRequirement> domainRequirements)	Returns the credentials provided by this provider which are available to the specified Authentication for items in the specified ItemGroup and are appropriate for the specified .plugins.credentials.domains.DomainRequirements.
Descriptor<CredentialsProvider>	getDescriptor()
String	getDisplayName()
static Fingerprint	getFingerprintOf(Credentials c)	Retrieves the Fingerprint for a specific credential.
String	getIconClassName()
static Fingerprint	getOrCreateFingerprintOf(Credentials c)	Creates a fingerprint that can be used to track the usage of a specific credential.
Set<CredentialsScope>	getScopes(ModelObject object)	Returns the scopes allowed for credentials stored within the specified object or null if the object is not relevant for scopes and the object's container should be considered instead.
CredentialsStore	getStore(ModelObject object)	Returns the CredentialsStore that this CredentialsProvider maintains specifically for this ModelObject or null if either the object is not a credentials container or this CredentialsProvider does not maintain a store specifically bound to this ModelObject.
boolean	hasCredentialsDescriptors()	Checks if there is at least one CredentialsDescriptor applicable within this CredentialsProvider.
static boolean	hasStores(ModelObject context)	Tests if the supplied context has any credentials stores associated with it.
boolean	isApplicable(Descriptor<?> descriptor)	Returns true if the supplied Descriptor is applicable to this CredentialsProvider.
boolean	isApplicable(Class<? extends Credentials> clazz)	Returns true if this CredentialsProvider can provide credentials of the supplied type.
boolean	isEnabled()	Returns true if this CredentialsProvider is enabled.
boolean	isEnabled(Object context)	Returns true if this CredentialsProvider is enabled in the specified context.
static <C extends IdCredentials> ListBoxModel	listCredentials(Class<C> type, ItemGroup itemGroup, Authentication authentication, List<DomainRequirement> domainRequirements, CredentialsMatcher matcher)	Deprecated. Use listCredentialsInItemGroup(Class, ItemGroup, Authentication, List, CredentialsMatcher) instead.
static <C extends IdCredentials> ListBoxModel	listCredentials(Class<C> type, Item item, Authentication authentication, List<DomainRequirement> domainRequirements, CredentialsMatcher matcher)	Deprecated. Use listCredentialsInItem(Class, Item, Authentication, List, CredentialsMatcher) instead.
static <C extends IdCredentials> ListBoxModel	listCredentialsInItem(Class<C> type, Item item, org.springframework.security.core.Authentication authentication, List<DomainRequirement> domainRequirements, CredentialsMatcher matcher)	Returns a ListBoxModel of all credentials which are available to the specified Authentication for use by the specified Item.
static <C extends IdCredentials> ListBoxModel	listCredentialsInItemGroup(Class<C> type, ItemGroup itemGroup, org.springframework.security.core.Authentication authentication, List<DomainRequirement> domainRequirements, CredentialsMatcher matcher)	Returns a ListBoxModel of all credentials which are available to the specified Authentication for use by the Items in the specified ItemGroup.
static <C extends Credentials> List<C>	lookupCredentials(Class<C> type)	Deprecated. use lookupCredentialsInItem(Class, Item, Authentication, List) or lookupCredentialsInItemGroup(Class, ItemGroup, Authentication, List)
static <C extends Credentials> List<C>	lookupCredentials(Class<C> type, Item item)	Deprecated. use lookupCredentialsInItem(Class, Item, Authentication, List) instead.
static <C extends Credentials> List<C>	lookupCredentials(Class<C> type, ItemGroup itemGroup)	Deprecated. use lookupCredentialsInItemGroup(Class, ItemGroup, Authentication, List) instead.
static <C extends Credentials> List<C>	lookupCredentials(Class<C> type, ItemGroup itemGroup, Authentication authentication)	Deprecated. use lookupCredentialsInItemGroup(Class, ItemGroup, Authentication) instead.
static <C extends Credentials> List<C>	lookupCredentials(Class<C> type, ItemGroup itemGroup, Authentication authentication, DomainRequirement... domainRequirements)	Deprecated. Use lookupCredentialsInItemGroup(Class, ItemGroup, Authentication) or lookupCredentialsInItemGroup(Class, ItemGroup, Authentication, List).
static <C extends Credentials> List<C>	lookupCredentials(Class<C> type, ItemGroup itemGroup, Authentication authentication, List<DomainRequirement> domainRequirements)	Deprecated. Use lookupCredentialsInItemGroup(Class, ItemGroup, Authentication, List) instead.
static <C extends Credentials> List<C>	lookupCredentials(Class<C> type, Item item, Authentication authentication)	Deprecated. use lookupCredentialsInItem(Class, Item, Authentication) instead.
static <C extends Credentials> List<C>	lookupCredentials(Class<C> type, Item item, Authentication authentication, DomainRequirement... domainRequirements)	Deprecated. use lookupCredentialsInItemGroup(Class, ItemGroup, Authentication) or lookupCredentialsInItemGroup(Class, ItemGroup, Authentication, List).
static <C extends Credentials> List<C>	lookupCredentials(Class<C> type, Item item, Authentication authentication, List<DomainRequirement> domainRequirements)	Deprecated. use lookupCredentialsInItem(Class, Item, Authentication, List)
static <C extends Credentials> List<C>	lookupCredentials(Class<C> type, Authentication authentication)	Deprecated. use lookupCredentialsInItem(Class, Item, Authentication, List), lookupCredentialsInItemGroup(Class, ItemGroup, Authentication, List)
static <C extends Credentials> List<C>	lookupCredentialsInItem(Class<C> type, Item item, org.springframework.security.core.Authentication authentication)	Returns all credentials which are available to the specified Authentication for use by the specified Item.
static <C extends Credentials> List<C>	lookupCredentialsInItem(Class<C> type, Item item, org.springframework.security.core.Authentication authentication, List<DomainRequirement> domainRequirements)	Returns all credentials which are available to the specified Authentication for use by the specified Item.
static <C extends Credentials> List<C>	lookupCredentialsInItemGroup(Class<C> type, ItemGroup itemGroup, org.springframework.security.core.Authentication authentication)	Returns all credentials which are available to the specified Authentication for use by the Items in the specified ItemGroup.
static <C extends Credentials> List<C>	lookupCredentialsInItemGroup(Class<C> type, ItemGroup itemGroup, org.springframework.security.core.Authentication authentication, List<DomainRequirement> domainRequirements)	Returns all credentials which are available to the specified Authentication for use by the Items in the specified ItemGroup.
static Set<CredentialsScope>	lookupScopes(ModelObject object)	Returns the scopes allowed for credentials stored within the specified object or null if the object is not relevant for scopes and the object's container should be considered instead.
static Iterable<CredentialsStore>	lookupStores(ModelObject context)	Returns a lazy Iterable of all the CredentialsStore instances contributing credentials to the supplied object.
static void	saveAll()	A helper method for Groovy Scripting to address use cases such as JENKINS-39317 where all credential stores need to be resaved.
static <C extends Credentials> C	snapshot(C credential)	Make a best effort to ensure that the supplied credential is a snapshot credential (i.e.
static <C extends Credentials> C	snapshot(Class<C> clazz, C credential)	Make a best effort to ensure that the supplied credential is a snapshot credential (i.e.
static <C extends Credentials> C	track(Item item, C credentials)	Track the usage of credentials in a specific item but not associated with a specific build, for example SCM polling.
static <C extends Credentials> C	track(Node node, C credentials)	Track the usage of credentials in a specific node.
static <C extends Credentials> C	track(Run build, C credentials)	Track the usage of credentials in a specific build.
static <C extends Credentials> List<C>	trackAll(Item item, C... credentials)	Track the usage of credentials in a specific item but not associated with a specific build, for example SCM polling.
static <C extends Credentials> List<C>	trackAll(Item item, List<C> credentials)	Track the usage of credentials in a specific item but not associated with a specific build, for example SCM polling.
static <C extends Credentials> List<C>	trackAll(Node node, C... credentials)	Track the usage of credentials in a specific node.
static <C extends Credentials> List<C>	trackAll(Node node, List<C> credentials)	Track the usage of credentials in a specific node.
static <C extends Credentials> List<C>	trackAll(Run build, C... credentials)	Track the usage of credentials in a specific build.
static <C extends Credentials> List<C>	trackAll(Run build, List<C> credentials)	Track the usage of credentials in a specific build.

Methods inherited from class hudson.model.Descriptor

addHelpFileRedirect, bindJSON, calcAutoCompleteSettings, calcFillSettings, configure, configure, doHelp, find, find, findByDescribableClassName, findById, getCategory, getCheckMethod, getCheckUrl, getConfigFile, getConfigPage, getCurrentDescriptorByNameUrl, getDescriptorFullUrl, getDescriptorUrl, getGlobalConfigPage, getGlobalPropertyType, getHelpFile, getHelpFile, getHelpFile, getId, getJsonSafeClassName, getKlass, getPlugin, getPossibleViewNames, getPropertyType, getPropertyType, getPropertyTypeOrDie, getRequiredGlobalConfigPagePermission, getT, getViewPage, isInstance, isSubTypeOf, load, newInstance, newInstance, newInstancesFromHeteroList, newInstancesFromHeteroList, save, self, toArray, toList, toMap

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

NONE

public static final CredentialsProvider NONE

A CredentialsProvider that does nothing for use as a marker

Since:

2.1.1

GROUP

public static final PermissionGroup GROUP

The permission group for credentials.

Since:

1.8

USE_OWN

public static final Permission USE_OWN

Where an immediate action against a job requires that a credential be selected by the user triggering the action, this permission allows the user to select a credential from their private credential store. Immediate actions could include: building with parameters, tagging a build, deploying artifacts, etc.

Since:

1.16

USE_ITEM

public static final Permission USE_ITEM

Where an immediate action against a job requires that a credential be selected by the user triggering the action, this permission allows the user to select a credential from those credentials available within the scope of the job. Immediate actions could include: building with parameters, tagging a build, deploying artifacts, etc. This permission is implied by Item.CONFIGURE as anyone who can configure the job can configure the job to use credentials within the item scope anyway.

Since:

1.16

CREATE

public static final Permission CREATE

The permission for adding credentials to a CredentialsStore.

Since:

1.8

UPDATE

public static final Permission UPDATE

The permission for updating credentials in a CredentialsStore.

Since:

1.8

VIEW

public static final Permission VIEW

The permission for viewing credentials in a CredentialsStore.

Since:

1.8

DELETE

public static final Permission DELETE

The permission for removing credentials from a CredentialsStore.

Since:

1.8

MANAGE_DOMAINS

public static final Permission MANAGE_DOMAINS

The permission for managing credential domains in a CredentialsStore.

Since:

1.8

Constructor Detail

CredentialsProvider

public CredentialsProvider()

Default constructor.

Method Detail

allCredentialsDescriptors

public static DescriptorExtensionList<Credentials,CredentialsDescriptor> allCredentialsDescriptors()

Returns all the registered Credentials descriptors.

Returns:

all the registered Credentials descriptors.

lookupCredentials

@Deprecated
@NonNull
public static <C extends Credentials> List<C> lookupCredentials(@NonNull
                                                                Class<C> type)

Deprecated.

use lookupCredentialsInItem(Class, Item, Authentication, List) or lookupCredentialsInItemGroup(Class, ItemGroup, Authentication, List)

lookupCredentials

@Deprecated
@NonNull
public static <C extends Credentials> List<C> lookupCredentials(@NonNull
                                                                Class<C> type,
                                                                @Nullable
                                                                Authentication authentication)

Deprecated.

use lookupCredentialsInItem(Class, Item, Authentication, List), lookupCredentialsInItemGroup(Class, ItemGroup, Authentication, List)

lookupCredentials

@Deprecated
@NonNull
public static <C extends Credentials> List<C> lookupCredentials(@NonNull
                                                                Class<C> type,
                                                                @Nullable
                                                                Item item)

Deprecated.

use lookupCredentialsInItem(Class, Item, Authentication, List) instead.

lookupCredentials

@Deprecated
@NonNull
public static <C extends Credentials> List<C> lookupCredentials(@NonNull
                                                                Class<C> type,
                                                                @Nullable
                                                                ItemGroup itemGroup)

Deprecated.

use lookupCredentialsInItemGroup(Class, ItemGroup, Authentication, List) instead.

lookupCredentials

@Deprecated
@NonNull
public static <C extends Credentials> List<C> lookupCredentials(@NonNull
                                                                Class<C> type,
                                                                @Nullable
                                                                ItemGroup itemGroup,
                                                                @Nullable
                                                                Authentication authentication)

Deprecated.

use lookupCredentialsInItemGroup(Class, ItemGroup, Authentication) instead.

lookupCredentials

@Deprecated
@NonNull
public static <C extends Credentials> List<C> lookupCredentials(@NonNull
                                                                Class<C> type,
                                                                @Nullable
                                                                Item item,
                                                                @Nullable
                                                                Authentication authentication)

Deprecated.

use lookupCredentialsInItem(Class, Item, Authentication) instead.

lookupCredentials

@Deprecated
@NonNull
public static <C extends Credentials> List<C> lookupCredentials(@NonNull
                                                                Class<C> type,
                                                                @Nullable
                                                                ItemGroup itemGroup,
                                                                @Nullable
                                                                Authentication authentication,
                                                                @Nullable
                                                                DomainRequirement... domainRequirements)

Deprecated.

Use lookupCredentialsInItemGroup(Class, ItemGroup, Authentication) or lookupCredentialsInItemGroup(Class, ItemGroup, Authentication, List).

lookupCredentialsInItemGroup

@NonNull
public static <C extends Credentials> List<C> lookupCredentialsInItemGroup(@NonNull
                                                                           Class<C> type,
                                                                           @Nullable
                                                                           ItemGroup itemGroup,
                                                                           @Nullable
                                                                           org.springframework.security.core.Authentication authentication)

Returns all credentials which are available to the specified Authentication for use by the Items in the specified ItemGroup.

Type Parameters:

C - the credentials type.

Parameters:

type - the type of credentials to get.

itemGroup - the item group.

authentication - the authentication.

Returns:

the list of credentials.

Since:

TODO

lookupCredentials

@NonNull
@Deprecated
public static <C extends Credentials> List<C> lookupCredentials(@NonNull
                                                                Class<C> type,
                                                                @Nullable
                                                                ItemGroup itemGroup,
                                                                @Nullable
                                                                Authentication authentication,
                                                                @Nullable
                                                                List<DomainRequirement> domainRequirements)

Deprecated.

Use lookupCredentialsInItemGroup(Class, ItemGroup, Authentication, List) instead.

lookupCredentialsInItemGroup

@NonNull
public static <C extends Credentials> List<C> lookupCredentialsInItemGroup(@NonNull
                                                                           Class<C> type,
                                                                           @Nullable
                                                                           ItemGroup itemGroup,
                                                                           @Nullable
                                                                           org.springframework.security.core.Authentication authentication,
                                                                           @Nullable
                                                                           List<DomainRequirement> domainRequirements)

Returns all credentials which are available to the specified Authentication for use by the Items in the specified ItemGroup.

Type Parameters:

C - the credentials type.

Parameters:

type - the type of credentials to get.

itemGroup - the item group.

authentication - the authentication.

domainRequirements - the credential domains to match.

Returns:

the list of credentials.

Since:

TODO

listCredentials

@Deprecated
public static <C extends IdCredentials> ListBoxModel listCredentials(@NonNull
                                                                     Class<C> type,
                                                                     @Nullable
                                                                     ItemGroup itemGroup,
                                                                     @Nullable
                                                                     Authentication authentication,
                                                                     @Nullable
                                                                     List<DomainRequirement> domainRequirements,
                                                                     @Nullable
                                                                     CredentialsMatcher matcher)

Deprecated.

Use listCredentialsInItemGroup(Class, ItemGroup, Authentication, List, CredentialsMatcher) instead.

listCredentialsInItemGroup

public static <C extends IdCredentials> ListBoxModel listCredentialsInItemGroup(@NonNull
                                                                                Class<C> type,
                                                                                @Nullable
                                                                                ItemGroup itemGroup,
                                                                                @Nullable
                                                                                org.springframework.security.core.Authentication authentication,
                                                                                @Nullable
                                                                                List<DomainRequirement> domainRequirements,
                                                                                @Nullable
                                                                                CredentialsMatcher matcher)

Returns a ListBoxModel of all credentials which are available to the specified Authentication for use by the Items in the specified ItemGroup.

Type Parameters:

C - the credentials type.

Parameters:

type - the type of credentials to get.

authentication - the authentication.

itemGroup - the item group.

domainRequirements - the credential domains to match.

matcher - the additional filtering to apply to the credentials

Returns:

the ListBoxModel of IdCredentials.getId() with the corresponding display names as provided by CredentialsNameProvider.

Since:

TODO

lookupCredentials

@Deprecated
@NonNull
public static <C extends Credentials> List<C> lookupCredentials(@NonNull
                                                                Class<C> type,
                                                                @Nullable
                                                                Item item,
                                                                @Nullable
                                                                Authentication authentication,
                                                                DomainRequirement... domainRequirements)

Deprecated.

use lookupCredentialsInItemGroup(Class, ItemGroup, Authentication) or lookupCredentialsInItemGroup(Class, ItemGroup, Authentication, List).

lookupCredentialsInItem

@NonNull
public static <C extends Credentials> List<C> lookupCredentialsInItem(@NonNull
                                                                      Class<C> type,
                                                                      @Nullable
                                                                      Item item,
                                                                      @Nullable
                                                                      org.springframework.security.core.Authentication authentication)

Returns all credentials which are available to the specified Authentication for use by the specified Item.

Type Parameters:

C - the credentials type.

Parameters:

type - the type of credentials to get.

authentication - the authentication.

item - the item.

Returns:

the list of credentials.

Since:

TODO

lookupCredentials

@NonNull
@Deprecated
public static <C extends Credentials> List<C> lookupCredentials(@NonNull
                                                                Class<C> type,
                                                                @Nullable
                                                                Item item,
                                                                @Nullable
                                                                Authentication authentication,
                                                                @Nullable
                                                                List<DomainRequirement> domainRequirements)

Deprecated.

use lookupCredentialsInItem(Class, Item, Authentication, List)

lookupCredentialsInItem

@NonNull
public static <C extends Credentials> List<C> lookupCredentialsInItem(@NonNull
                                                                      Class<C> type,
                                                                      @Nullable
                                                                      Item item,
                                                                      @Nullable
                                                                      org.springframework.security.core.Authentication authentication,
                                                                      @Nullable
                                                                      List<DomainRequirement> domainRequirements)

Returns all credentials which are available to the specified Authentication for use by the specified Item.

Type Parameters:

C - the credentials type.

Parameters:

type - the type of credentials to get.

authentication - the authentication.

item - the item.

domainRequirements - the credential domains to match.

Returns:

the list of credentials.

Since:

TODO

listCredentials

@NonNull
@Deprecated
public static <C extends IdCredentials> ListBoxModel listCredentials(@NonNull
                                                                     Class<C> type,
                                                                     @Nullable
                                                                     Item item,
                                                                     @Nullable
                                                                     Authentication authentication,
                                                                     @Nullable
                                                                     List<DomainRequirement> domainRequirements,
                                                                     @Nullable
                                                                     CredentialsMatcher matcher)

Deprecated.

Use listCredentialsInItem(Class, Item, Authentication, List, CredentialsMatcher) instead.

listCredentialsInItem

@NonNull
public static <C extends IdCredentials> ListBoxModel listCredentialsInItem(@NonNull
                                                                           Class<C> type,
                                                                           @Nullable
                                                                           Item item,
                                                                           @Nullable
                                                                           org.springframework.security.core.Authentication authentication,
                                                                           @Nullable
                                                                           List<DomainRequirement> domainRequirements,
                                                                           @Nullable
                                                                           CredentialsMatcher matcher)

Returns a ListBoxModel of all credentials which are available to the specified Authentication for use by the specified Item.

Type Parameters:

C - the credentials type.

Parameters:

type - the type of credentials to get.

authentication - the authentication.

item - the item.

domainRequirements - the credential domains to match.

matcher - the additional filtering to apply to the credentials

Returns:

the ListBoxModel of IdCredentials.getId() with the corresponding display names as provided by CredentialsNameProvider.

Since:

TODO

lookupScopes

@CheckForNull
public static Set<CredentialsScope> lookupScopes(ModelObject object)

Returns the scopes allowed for credentials stored within the specified object or null if the object is not relevant for scopes and the object's container should be considered instead.

Parameters:

object - the object.

Returns:

the set of scopes that are relevant for the object or null if the object is not a credentials container.

hasStores

public static boolean hasStores(ModelObject context)

Tests if the supplied context has any credentials stores associated with it.

Parameters:

context - the context object.

Returns:

true if and only if the supplied context has at least one CredentialsStore associated with it.

Since:

2.1.5

lookupStores

public static Iterable<CredentialsStore> lookupStores(ModelObject context)

Returns a lazy Iterable of all the CredentialsStore instances contributing credentials to the supplied object.

Parameters:

context - the Item or ItemGroup or User to get the CredentialsStores of.

Returns:

a lazy Iterable of all CredentialsStore instances.

Since:

1.8

snapshot

public static <C extends Credentials> C snapshot(C credential)

Make a best effort to ensure that the supplied credential is a snapshot credential (i.e. self-contained and does not reference any external stores). WARNING: May produce unusual results if presented an exotic credential that implements multiple distinct credential types at the same time, e.g. a credential that is simultaneously a TLS certificate and a SSH key pair and a GPG key pair all at the same time... unless the author of that credential type also provides a CredentialsSnapshotTaker that can handle such a triple play.

Type Parameters:

C - the type of credential.

Parameters:

credential - the credential.

Returns:

the credential or a snapshot of the credential.

Since:

1.14

snapshot

public static <C extends Credentials> C snapshot(Class<C> clazz,
                                                 C credential)

Make a best effort to ensure that the supplied credential is a snapshot credential (i.e. self-contained and does not reference any external stores)

Type Parameters:

C - the type of credential.

Parameters:

clazz - the type of credential that we are trying to snapshot (specified so that if there is more than one type of snapshot able credential interface implemented by the credentials, then they can be separated out.

credential - the credential.

Returns:

the credential or a snapshot of the credential.

Since:

1.14

findCredentialById

@CheckForNull
public static <C extends IdCredentials> C findCredentialById(@NonNull
                                                             String id,
                                                             @NonNull
                                                             Class<C> type,
                                                             @NonNull
                                                             Run<?,?> run)

A common requirement for plugins is to resolve a specific credential by id in the context of a specific run. Given that the credential itself could be resulting from a build parameter expression and the complexities of determining the scope of items from which the credential should be resolved in a chain of builds, this method provides the correct answer.

Type Parameters:

C - the credentials type.

Parameters:

id - either the id of the credential to find or a parameter expression for the id.

type - the type of credential to find.

run - the Run defining the context within which to find the credential.

Returns:

the credential or null if either the credential cannot be found or the user triggering the run is not permitted to use the credential in the context of the run.

Since:

TODO

findCredentialById

public static <C extends IdCredentials> C findCredentialById(@NonNull
                                                             String id,
                                                             @NonNull
                                                             Class<C> type,
                                                             @NonNull
                                                             Run<?,?> run,
                                                             DomainRequirement... domainRequirements)

Deprecated.

Use findCredentialById(String, Class, Run, List) instead.

findCredentialById

@CheckForNull
public static <C extends IdCredentials> C findCredentialById(@NonNull
                                                             String id,
                                                             @NonNull
                                                             Class<C> type,
                                                             @NonNull
                                                             Run<?,?> run,
                                                             @Nullable
                                                             List<DomainRequirement> domainRequirements)

A common requirement for plugins is to resolve a specific credential by id in the context of a specific run. Given that the credential itself could be resulting from a build parameter expression and the complexities of determining the scope of items from which the credential should be resolved in a chain of builds, this method provides the correct answer.

Type Parameters:

C - the credentials type.

Parameters:

id - either the id of the credential to find or a parameter expression for the id.

type - the type of credential to find.

run - the Run defining the context within which to find the credential.

domainRequirements - the domain requirements of the credential.

Returns:

the credential or null if either the credential cannot be found or the user triggering the run is not permitted to use the credential in the context of the run.

Since:

1.16

all

public static ExtensionList<CredentialsProvider> all()

Returns the list of all CredentialsProvider.

Returns:

the list of all CredentialsProvider.

enabled

public static List<CredentialsProvider> enabled()

Returns only those CredentialsProvider that are isEnabled().

Returns:

a list of CredentialsProvider that are isEnabled().

Since:

2.0

enabled

public static List<CredentialsProvider> enabled(Object context)

Returns only those CredentialsProvider that are isEnabled() within a specific context.

Parameters:

context - the context in which to get the list.

Returns:

a list of CredentialsProvider that are isEnabled().

Since:

2.0

getDescriptor

public Descriptor<CredentialsProvider> getDescriptor()

Specified by:

getDescriptor in interface Describable<CredentialsProvider>

isEnabled

public final boolean isEnabled()

Returns true if this CredentialsProvider is enabled.

Returns:

true if this CredentialsProvider is enabled.

Since:

2.0

isEnabled

public boolean isEnabled(Object context)

Returns true if this CredentialsProvider is enabled in the specified context.

Parameters:

context - the context.

Returns:

true if this CredentialsProvider is enabled in the specified context.

Since:

2.0

getDisplayName

@NonNull
public String getDisplayName()

Overrides:

getDisplayName in class Descriptor<CredentialsProvider>

getIconClassName

public String getIconClassName()

Specified by:

getIconClassName in interface IconSpec

getScopes

public Set<CredentialsScope> getScopes(ModelObject object)

Returns the scopes allowed for credentials stored within the specified object or null if the object is not relevant for scopes and the object's container should be considered instead.

Parameters:

object - the object.

Returns:

the set of scopes that are relevant for the object or null if the object is not a credentials container.

getStore

@CheckForNull
public CredentialsStore getStore(@CheckForNull
                                 ModelObject object)

Returns the CredentialsStore that this CredentialsProvider maintains specifically for this ModelObject or null if either the object is not a credentials container or this CredentialsProvider does not maintain a store specifically bound to this ModelObject.

Parameters:

object - the Item or ItemGroup or User that the store is being requested of.

Returns:

either null or a scoped CredentialsStore where CredentialsStore.getContext() == object.

Since:

1.8

getCredentials

@NonNull
@Deprecated
public <C extends Credentials> List<C> getCredentials(@NonNull
                                                      Class<C> type,
                                                      @Nullable
                                                      ItemGroup itemGroup,
                                                      @Nullable
                                                      Authentication authentication)

Deprecated.

use getCredentialsInItem(Class, Item, Authentication, List) instead.

getCredentials

@Deprecated
@NonNull
public <C extends Credentials> List<C> getCredentials(@NonNull
                                                      Class<C> type,
                                                      @Nullable
                                                      ItemGroup itemGroup,
                                                      @Nullable
                                                      Authentication authentication,
                                                      @NonNull
                                                      List<DomainRequirement> domainRequirements)

Deprecated.

use getCredentialsInItem(Class, Item, Authentication, List) instead.

getCredentialsInItemGroup

@NonNull
public <C extends Credentials> List<C> getCredentialsInItemGroup(@NonNull
                                                                 Class<C> type,
                                                                 @Nullable
                                                                 ItemGroup itemGroup,
                                                                 @Nullable
                                                                 org.springframework.security.core.Authentication authentication,
                                                                 @NonNull
                                                                 List<DomainRequirement> domainRequirements)

Returns the credentials provided by this provider which are available to the specified Authentication for items in the specified ItemGroup and are appropriate for the specified .plugins.credentials.domains.DomainRequirements.

Type Parameters:

C - the credentials type.

Parameters:

type - the type of credentials to return.

itemGroup - the item group (if null assume Jenkins.get().

authentication - the authentication (if null assume ACL.SYSTEM2.

domainRequirements - the credential domains to match (if the CredentialsProvider does not support DomainRequirements then it should assume the match is true).

Returns:

the list of credentials.

Since:

TODO

getCredentialIds

@NonNull
@Deprecated
public <C extends IdCredentials> ListBoxModel getCredentialIds(@NonNull
                                                               Class<C> type,
                                                               @Nullable
                                                               ItemGroup itemGroup,
                                                               @Nullable
                                                               Authentication authentication,
                                                               @NonNull
                                                               List<DomainRequirement> domainRequirements,
                                                               @NonNull
                                                               CredentialsMatcher matcher)

Deprecated.

Use getCredentialIdsInItemGroup(Class, ItemGroup, Authentication, List, CredentialsMatcher) instead.

getCredentialIdsInItemGroup

@NonNull
public <C extends IdCredentials> ListBoxModel getCredentialIdsInItemGroup(@NonNull
                                                                          Class<C> type,
                                                                          @Nullable
                                                                          ItemGroup itemGroup,
                                                                          @Nullable
                                                                          org.springframework.security.core.Authentication authentication,
                                                                          @NonNull
                                                                          List<DomainRequirement> domainRequirements,
                                                                          @NonNull
                                                                          CredentialsMatcher matcher)

Returns a ListBoxModel of the credentials provided by this provider which are available to the specified Authentication for items in the specified ItemGroup and are appropriate for the specified DomainRequirements. NOTE: implementations are recommended to override this method if the actual secret information is being stored external from Jenkins and the non-secret information can be accessed with lesser traceability requirements. The default implementation just uses getCredentialsInItem(Class, Item, Authentication, List) to build the ListBoxModel. Handling the CredentialsMatcher may require standing up a proxy instance to apply the matcher against if CredentialsMatchers.describe(CredentialsMatcher) returns null

Type Parameters:

C - the credentials type.

Parameters:

type - the type of credentials to return.

itemGroup - the item group (if null assume Jenkins.get().

authentication - the authentication (if null assume ACL.SYSTEM2.

domainRequirements - the credential domain to match.

matcher - the additional filtering to apply to the credentials

Returns:

the ListBoxModel of IdCredentials.getId() with names provided by CredentialsNameProvider.

Since:

TODO

getCredentials

@Deprecated
@NonNull
public <C extends Credentials> List<C> getCredentials(@NonNull
                                                      Class<C> type,
                                                      @NonNull
                                                      Item item,
                                                      @Nullable
                                                      Authentication authentication)

Deprecated.

Use getCredentialsInItem(Class, Item, Authentication, List) instead.

getCredentials

@Deprecated
@NonNull
public <C extends Credentials> List<C> getCredentials(@NonNull
                                                      Class<C> type,
                                                      @NonNull
                                                      Item item,
                                                      @Nullable
                                                      Authentication authentication,
                                                      @NonNull
                                                      List<DomainRequirement> domainRequirements)

Deprecated.

Use getCredentialsInItem(Class, Item, Authentication, List) instead.

getCredentialsInItem

@NonNull
public <C extends Credentials> List<C> getCredentialsInItem(@NonNull
                                                            Class<C> type,
                                                            @NonNull
                                                            Item item,
                                                            @Nullable
                                                            org.springframework.security.core.Authentication authentication,
                                                            @NonNull
                                                            List<DomainRequirement> domainRequirements)

Returns the credentials provided by this provider which are available to the specified Authentication for the specified Item and are appropriate for the specified DomainRequirements.

Type Parameters:

C - the credentials type.

Parameters:

type - the type of credentials to return.

item - the item.

authentication - the authentication (if null assume ACL.SYSTEM2.

domainRequirements - the credential domain to match.

Returns:

the list of credentials.

Since:

TODO

getCredentialIds

@NonNull
@Deprecated
public <C extends IdCredentials> ListBoxModel getCredentialIds(@NonNull
                                                               Class<C> type,
                                                               @NonNull
                                                               Item item,
                                                               @Nullable
                                                               Authentication authentication,
                                                               @NonNull
                                                               List<DomainRequirement> domainRequirements,
                                                               @NonNull
                                                               CredentialsMatcher matcher)

Deprecated.

Use getCredentialIdsInItem(Class, Item, Authentication, List, CredentialsMatcher) instead.

getCredentialIdsInItem

@NonNull
public <C extends IdCredentials> ListBoxModel getCredentialIdsInItem(@NonNull
                                                                     Class<C> type,
                                                                     @NonNull
                                                                     Item item,
                                                                     @Nullable
                                                                     org.springframework.security.core.Authentication authentication,
                                                                     @NonNull
                                                                     List<DomainRequirement> domainRequirements,
                                                                     @NonNull
                                                                     CredentialsMatcher matcher)

Returns a ListBoxModel of the credentials provided by this provider which are available to the specified Authentication for the specified Item and are appropriate for the specified DomainRequirements. NOTE: implementations are recommended to override this method if the actual secret information is being stored external from Jenkins and the non-secret information can be accessed with lesser traceability requirements. The default implementation just uses getCredentialsInItem(Class, Item, Authentication, List) to build the ListBoxModel. Handling the CredentialsMatcher may require standing up a proxy instance to apply the matcher against.

Type Parameters:

C - the credentials type.

Parameters:

type - the type of credentials to return.

item - the item.

authentication - the authentication (if null assume ACL.SYSTEM2.

domainRequirements - the credential domain to match.

matcher - the additional filtering to apply to the credentials

Returns:

the ListBoxModel of IdCredentials.getId() with names provided by CredentialsNameProvider.

Since:

TODO

isApplicable

public final boolean isApplicable(Class<? extends Credentials> clazz)

Returns true if this CredentialsProvider can provide credentials of the supplied type.

Parameters:

clazz - the base type of Credentials to check.

Returns:

true if and only if there is at least one CredentialsDescriptor matching the required Credentials interface that isApplicable(Descriptor).

Since:

2.0

isApplicable

public final boolean isApplicable(Descriptor<?> descriptor)

Returns true if the supplied Descriptor is applicable to this CredentialsProvider.

Parameters:

descriptor - the Descriptor to check.

Returns:

true if and only if the supplied Descriptor is applicable in this CredentialsProvider.

Since:

2.0

_isApplicable

protected boolean _isApplicable(Descriptor<?> descriptor)

CredentialsProvider subtypes can override this method to veto some Descriptors from being available from their store. This is often useful when you are building a custom store that holds a specific type of credentials or where you want to limit the number of choices given to the users.

Parameters:

descriptor - the Descriptor to check.

Returns:

true if the supplied Descriptor is applicable in this CredentialsProvider

Since:

2.0

getCredentialsDescriptors

public final List<CredentialsDescriptor> getCredentialsDescriptors()

Returns the list of CredentialsDescriptor instances that are applicable within this CredentialsProvider.

Returns:

the list of CredentialsDescriptor instances that are applicable within this CredentialsProvider.

Since:

2.0

hasCredentialsDescriptors

public final boolean hasCredentialsDescriptors()

Checks if there is at least one CredentialsDescriptor applicable within this CredentialsProvider.

Returns:

true if and ony if there is at least one CredentialsDescriptor applicable within this CredentialsProvider.

Since:

2.0

getFingerprintOf

@CheckForNull
public static Fingerprint getFingerprintOf(@NonNull
                                           Credentials c)
                                    throws IOException

Retrieves the Fingerprint for a specific credential.

Parameters:

c - the credential.

Returns:

the Fingerprint or null if the credential has no fingerprint associated with it.

Throws:

IOException - if the credential's fingerprint hash could not be computed.

Since:

2.1.1

getOrCreateFingerprintOf

@NonNull
public static Fingerprint getOrCreateFingerprintOf(@NonNull
                                                   Credentials c)
                                            throws IOException

Creates a fingerprint that can be used to track the usage of a specific credential.

Parameters:

c - the credential to fingerprint.

Returns:

the Fingerprint.

Throws:

IOException - if the credential's fingerprint hash could not be computed.

Since:

2.1.1

track

@CheckForNull
public static <C extends Credentials> C track(@NonNull
                                              Run build,
                                              @CheckForNull
                                              C credentials)

Track the usage of credentials in a specific build.

Type Parameters:

C - the credentials type.

Parameters:

build - the run to tag the fingerprint

credentials - the credentials to fingerprint.

Returns:

the supplied credentials for method chaining.

Since:

2.1.1

trackAll

@SafeVarargs
@NonNull
public static <C extends Credentials> List<C> trackAll(@NonNull
                                                       Run build,
                                                       C... credentials)

Track the usage of credentials in a specific build.

Type Parameters:

C - the credentials type.

Parameters:

build - the run to tag the fingerprint

credentials - the credentials to fingerprint.

Returns:

the supplied credentials for method chaining.

Since:

2.1.1

trackAll

@NonNull
public static <C extends Credentials> List<C> trackAll(@NonNull
                                                       Run build,
                                                       @NonNull
                                                       List<C> credentials)

Track the usage of credentials in a specific build.

Type Parameters:

C - the credentials type.

Parameters:

build - the run to tag the fingerprint

credentials - the credentials to fingerprint.

Returns:

the supplied credentials for method chaining.

Since:

2.1.1

track

@CheckForNull
public static <C extends Credentials> C track(@NonNull
                                              Node node,
                                              @CheckForNull
                                              C credentials)

Track the usage of credentials in a specific node. Would be used for example when launching an agent.

Type Parameters:

C - the credentials type.

Parameters:

node - the node to tag the fingerprint

credentials - the credentials to fingerprint.

Returns:

the supplied credentials for method chaining.

Since:

2.1.1

trackAll

@SafeVarargs
@NonNull
public static <C extends Credentials> List<C> trackAll(@NonNull
                                                       Node node,
                                                       C... credentials)

Track the usage of credentials in a specific node. Would be used for example when launching an agent.

Type Parameters:

C - the credentials type.

Parameters:

node - the node to tag the fingerprint

credentials - the credentials to fingerprint.

Returns:

the supplied credentials for method chaining.

Since:

2.1.1

trackAll

@NonNull
public static <C extends Credentials> List<C> trackAll(@NonNull
                                                       Node node,
                                                       @NonNull
                                                       List<C> credentials)

Track the usage of credentials in a specific node. Would be used for example when launching an agent.

Type Parameters:

C - the credentials type.

Parameters:

node - the node to tag the fingerprint

credentials - the credentials to fingerprint.

Returns:

the supplied credentials for method chaining.

Since:

2.1.1

track

@CheckForNull
public static <C extends Credentials> C track(@NonNull
                                              Item item,
                                              @CheckForNull
                                              C credentials)

Track the usage of credentials in a specific item but not associated with a specific build, for example SCM polling.

Type Parameters:

C - the credentials type.

Parameters:

item - the item to tag the fingerprint against

credentials - the credentials to fingerprint.

Returns:

the supplied credentials for method chaining.

Since:

2.1.1

trackAll

@SafeVarargs
@NonNull
public static <C extends Credentials> List<C> trackAll(@NonNull
                                                       Item item,
                                                       C... credentials)

Track the usage of credentials in a specific item but not associated with a specific build, for example SCM polling.

Type Parameters:

C - the credentials type.

Parameters:

item - the item to tag the fingerprint against

credentials - the credentials to fingerprint.

Returns:

the supplied credentials for method chaining.

Since:

2.1.1

trackAll

@NonNull
public static <C extends Credentials> List<C> trackAll(@NonNull
                                                       Item item,
                                                       @NonNull
                                                       List<C> credentials)

Track the usage of credentials in a specific item but not associated with a specific build, for example SCM polling.

Type Parameters:

C - the credentials type.

Parameters:

item - the item to tag the fingerprint against

credentials - the credentials to fingerprint.

Returns:

the supplied credentials for method chaining.

Since:

2.1.1

saveAll

@Restricted(org.kohsuke.accmod.restrictions.DoNotUse.class)
public static void saveAll()

A helper method for Groovy Scripting to address use cases such as JENKINS-39317 where all credential stores need to be resaved. As this is a potentially very expensive operation the method has been marked DoNotUse in order to ensure that no plugin attempts to call this method. If invoking this method from an init.d Groovy script, ensure that the call is guarded by a marker file such that