Package com.google.jenkins.plugins.credentials.oauth

package com.google.jenkins.plugins.credentials.oauth

This package implements Jenkins plugins providing Google-specific OAuth2 Credentials, Domain Requirements and Specifications.

For OAuth2, these are inherently a provider-specific triple because each provider (e.g. Google, Facebook, GitHub) may only provide tokens for their own credentials and scopes. In a nutshell, an OAuth2 access token is like "limited power of attorney". You are giving the bearer of that token permission to interact with the set of limited scopes as the user who provided it.

This package provides the following Google-specific triple:

1. GoogleOAuth2ScopeRequirement
     extends OAuth2ScopeRequirement
     extends DomainRequirement

2. GoogleOAuth2ScopeSpecification
     extends OAuth2ScopeSpecification<GoogleOAuth2ScopeRequirement>
     extends DomainSpecification

3. GoogleOAuth2Credentials
     extends OAuth2Credentials<GoogleOAuth2ScopeRequirement>
     extends Credentials

As the set of scopes determine what you may do with a credential, each plugin asks for an access token by providing a provider-specific OAuth2ScopeRequirement to OAuth2Credentials.getAccessToken(OAuth2ScopeRequirement).

When enumerating credentials suitable for use with a given plugin, we only want to show those that allow a suitable set of scopes. This is where OAuth2ScopeRequirement pairs with OAuth2ScopeSpecification. An OAuth2ScopeSpecification is attached to a Domain and is the superset of scopes to which the contained Credentials may be applied.

However, since entering OAuth2 scopes is unwieldy, we provide the necessary concepts to make it multiple choice. Enter DomainRequirementProvider, a new ExtensionPoint that allows OAuth2ScopeSpecification to automatically discover the set of OAuth2 scopes required by installed plugins.

For Example:

 @RequiredDomain(value = MyGoogleOAuth2Requirement.class)
 public class Foo extends SomeDescribable
 

In this example, the DescribableDomainRequirementProvider would discover that Foo required the set of scopes specified by MyGoogleOAuth2Requirement. These would be aggregated with any other required scopes and presented in the UI for any OAuth2ScopeSpecification whose type parameter is a super-type of MyGoogleOAuth2Requirement.

So for instance if MyGoogleOAuth2Requirement extends GoogleOAuth2ScopeRequirement then GoogleOAuth2ScopeSpecification, which extends OAuth2ScopeSpecification<GoogleOAuth2ScopeRequirement>, would have MyGoogleOAuth2Requirement's scopes appear in its UI.

This package provides two types of GoogleOAuth2Credentials:

• GoogleRobotMetadataCredentials: a robot credential that utilizes the Google Compute Engine "metadata" service attached to a virtual machine for providing access tokens.
• GoogleRobotPrivateKeyCredentials: a robot credential that retrieves access tokens for a robot account using its client_secrets.json and private key file.

Class	Description
GoogleOAuth2Credentials	Google-specific username / access token combination.
GoogleOAuth2ScopeRequirement	Used to type filter Google-specific OAuth2ScopeRequirements.
GoogleOAuth2ScopeSpecification	A Google-specific implementation of the OAuth2ScopeSpecification that limits its application to Google-specific OAuth2ScopeRequirement
GoogleOAuth2ScopeSpecification.DescriptorImpl	Denoted this class is a DomainSpecification plugin, in particular for OAuth2ScopeSpecification
GoogleRobotCredentials	The base implementation of service account (aka robot) credentials using OAuth2.
GoogleRobotCredentials.AbstractGoogleRobotCredentialsDescriptor	The descriptor for Google robot account credential extensions
GoogleRobotCredentials.CredentialsListBoxModel	A trivial tuple for wrapping the list box of matched credentials with the requirements that were used to filter them.
GoogleRobotCredentialsModule	An abstraction interface for instantiating the dependencies of the GoogleRobotCredentials.
GoogleRobotMetadataCredentials	An implementation of GoogleRobotCredentials that produces OAuth2 access tokens using the metadata service attached to Google Compute instances.
GoogleRobotMetadataCredentials.Descriptor	Descriptor for our unlimited service account extension.
GoogleRobotMetadataCredentialsModule	An abstraction interface for instantiating the dependencies of the GoogleRobotMetadataCredentials.
GoogleRobotNameProvider	Retrieve a user-friendly name to be used when listing the credential for use by plugins.
GoogleRobotPrivateKeyCredentials	A set of Google service account credentials for a cloud project to use for authenticating against Google service APIs.
GoogleRobotPrivateKeyCredentials.AccountIdNotSetException	Exception that gets thrown if AccountId is not set.
GoogleRobotPrivateKeyCredentials.Descriptor	Descriptor for our unlimited service account extension.
GoogleRobotPrivateKeyCredentials.InvalidSecretsFileException	Exception that gets thrown if an invalid SecretsFile is set while upgrading legacy GoogleRobotPrivateKeyCredentials
GoogleRobotPrivateKeyCredentials.KeyTypeNotSetException	Exception that gets thrown if ServiceAccountConfig is not set.
GoogleRobotPrivateKeyCredentials.MissingSecretsFileException	Exception that gets thrown if SecretsFile is not set while upgrading legacy GoogleRobotPrivateKeyCredentials
GoogleRobotPrivateKeyCredentials.PrivateKeyNotSetException	Exception that gets thrown if PrivateKey is not set.
GoogleRobotPrivateKeyCredentials.SecretsFileNotFoundException	Exception that gets thrown if SecretsFile could not be found while upgrading legacy GoogleRobotPrivateKeyCredentials
JsonKey	The Google Developer Console provides private keys for service accounts in two different ways.
JsonServiceAccountConfig	Provides authentication mechanism for a service account by setting a JSON private key file.
JsonServiceAccountConfig.DescriptorImpl	Descriptor for JSON service account authentication.
KeyUtils	Deprecated. Consider to use SecretBytes instead.
LegacyJsonKey	Deprecated.
LegacyJsonKey.Details	Container for our new field, modeled after: GoogleClientSecrets.Details
Messages	Generated localization support class.
P12ServiceAccountConfig	Provides authentication mechanism for a service account by setting a service account email address and P12 private key file.
P12ServiceAccountConfig.DescriptorImpl	Descriptor for P12 service account authentication.
ServiceAccountConfig	general abstraction for providing google service account authentication mechanism.
ServiceAccountConfig.Descriptor	abstract descriptor for service account authentication