Package org.jenkinsci.plugins.github_branch_source

Class GitHubAppCredentials

java.lang.Object

com.cloudbees.plugins.credentials.BaseCredentials

com.cloudbees.plugins.credentials.impl.BaseStandardCredentials

org.jenkinsci.plugins.github_branch_source.GitHubAppCredentials

All Implemented Interfaces:

com.cloudbees.plugins.credentials.common.IdCredentials, com.cloudbees.plugins.credentials.common.PasswordCredentials, com.cloudbees.plugins.credentials.common.StandardCredentials, com.cloudbees.plugins.credentials.common.StandardUsernameCredentials, com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials, com.cloudbees.plugins.credentials.common.UsernameCredentials, com.cloudbees.plugins.credentials.common.UsernamePasswordCredentials, com.cloudbees.plugins.credentials.Credentials, ExtensionPoint, Describable<com.cloudbees.plugins.credentials.Credentials>, Serializable

public class GitHubAppCredentials
extends com.cloudbees.plugins.credentials.impl.BaseStandardCredentials
implements com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials

See Also:

• Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	GitHubAppCredentials.DescriptorImpl

Nested classes/interfaces inherited from class com.cloudbees.plugins.credentials.impl.BaseStandardCredentials

com.cloudbees.plugins.credentials.impl.BaseStandardCredentials.BaseStandardCredentialsDescriptor

Nested classes/interfaces inherited from interface hudson.ExtensionPoint

ExtensionPoint.LegacyInstancesAreScopedToHudson

Nested classes/interfaces inherited from interface com.cloudbees.plugins.credentials.common.IdCredentials

com.cloudbees.plugins.credentials.common.IdCredentials.Helpers

Nested classes/interfaces inherited from interface com.cloudbees.plugins.credentials.common.StandardCredentials

com.cloudbees.plugins.credentials.common.StandardCredentials.NameProvider

Nested classes/interfaces inherited from interface com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials

com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials.NameProvider

Field Summary

Fields

Modifier and Type	Field	Description
static boolean	ALLOW_UNSAFE_REPOSITORY_INFERENCE	Controls whether GithubProjectProperty is considered by forRun(hudson.model.Run<?, ?>) for Pipeline builds.

Constructor Summary

Constructors

Constructor	Description
GitHubAppCredentials(com.cloudbees.plugins.credentials.CredentialsScope scope, String id, String description, String appID, Secret privateKey)

Method Summary

Modifier and Type	Method	Description
GitHubAppCredentials	contextualize(GitHubAppUsageContext context)
com.cloudbees.plugins.credentials.Credentials	forRun(Run<?,?> context)
String	getApiUri()
String	getAppID()
DefaultPermissionsStrategy	getDefaultPermissionsStrategy()
String	getOwner()	Deprecated. Use getRepositoryAccessStrategy().
Secret	getPassword()
Secret	getPrivateKey()
RepositoryAccessStrategy	getRepositoryAccessStrategy()
String	getUsername()
boolean	isUsernameSecret()
void	setApiUri(String apiUri)
void	setDefaultPermissionsStrategy(DefaultPermissionsStrategy strategy)
void	setOwner(String owner)	Do not call this method, use setRepositoryAccessStrategy(org.jenkinsci.plugins.github_branch_source.app_credentials.RepositoryAccessStrategy) instead.
void	setRepositoryAccessStrategy(RepositoryAccessStrategy strategy)
protected Object	writeReplace()	Ensures that the credentials state as serialized via Remoting to an agent calls back to the controller.

Methods inherited from class com.cloudbees.plugins.credentials.impl.BaseStandardCredentials

equals, getDescription, getId, hashCode

Methods inherited from class com.cloudbees.plugins.credentials.BaseCredentials

getDescriptor, getScope

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.cloudbees.plugins.credentials.Credentials

getDescriptor, getScope

Methods inherited from interface com.cloudbees.plugins.credentials.common.IdCredentials

getId

Methods inherited from interface com.cloudbees.plugins.credentials.common.StandardCredentials

getDescription

Field Details

ALLOW_UNSAFE_REPOSITORY_INFERENCE

public static boolean ALLOW_UNSAFE_REPOSITORY_INFERENCE

Controls whether GithubProjectProperty is considered by forRun(hudson.model.Run<?, ?>) for Pipeline builds.

RepositoryAccessStrategy is intended to prevent users with the ability to edit a Jenkinsfile in a single repository from being able to use GitHub app credentials available to that Pipeline to access other repositories. The existence of the properties step means that job properties may not be trusted for Pipeline repository inference.

Constructor Details

GitHubAppCredentials

@DataBoundConstructor
public GitHubAppCredentials(com.cloudbees.plugins.credentials.CredentialsScope scope,
 String id,
 @CheckForNull
 String description,
 @NonNull
 String appID,
 @NonNull
 Secret privateKey)

Method Details

getApiUri

public String getApiUri()

setApiUri

@DataBoundSetter
public void setApiUri(String apiUri)

getAppID

@NonNull
public String getAppID()

getPrivateKey

@NonNull
public Secret getPrivateKey()

getOwner

@Deprecated
@CheckForNull
public String getOwner()

Deprecated.

Use getRepositoryAccessStrategy().

setOwner

public void setOwner(String owner)

Do not call this method, use setRepositoryAccessStrategy(org.jenkinsci.plugins.github_branch_source.app_credentials.RepositoryAccessStrategy) instead.

getRepositoryAccessStrategy

@NonNull
public RepositoryAccessStrategy getRepositoryAccessStrategy()

setRepositoryAccessStrategy

@DataBoundSetter
public void setRepositoryAccessStrategy(@NonNull
 RepositoryAccessStrategy strategy)

getDefaultPermissionsStrategy

@NonNull
public DefaultPermissionsStrategy getDefaultPermissionsStrategy()

setDefaultPermissionsStrategy

@DataBoundSetter
public void setDefaultPermissionsStrategy(@NonNull
 DefaultPermissionsStrategy strategy)

getPassword

@NonNull
public Secret getPassword()

Specified by:

getPassword in interface com.cloudbees.plugins.credentials.common.PasswordCredentials

getUsername

@NonNull
public String getUsername()

Specified by:

getUsername in interface com.cloudbees.plugins.credentials.common.UsernameCredentials

isUsernameSecret

public boolean isUsernameSecret()

Specified by:

isUsernameSecret in interface com.cloudbees.plugins.credentials.common.UsernameCredentials

contextualize

@NonNull
public GitHubAppCredentials contextualize(GitHubAppUsageContext context)

forRun

@NonNull
public com.cloudbees.plugins.credentials.Credentials forRun(Run<?,?> context)

Specified by:

forRun in interface com.cloudbees.plugins.credentials.Credentials

writeReplace

protected Object writeReplace()

Ensures that the credentials state as serialized via Remoting to an agent calls back to the controller. Benefits:

• The token is cached locally and used until it is stale.
• The agent never needs to have access to the plaintext private key.
• We avoid the considerable amount of class loading associated with the JWT library, Jackson data binding, Bouncy Castle, etc.
• The agent need not be able to contact GitHub.