Drop GoogleRobotPrivateKeyCredentials implementation

This implementation is broken and as preparation for 3.0.0 the code base is being reduced to working versions. If this is desired by users, a working patch should be provided.
homer-robotics · Sep 9, 2020 · 557c172 · 557c172
1 parent 7356a5d
commit 557c172
Show file tree

Hide file tree

Showing 7 changed files with 15 additions and 287 deletions.
diff --git a/NATIVE_TYPES_AND_PROVIDERS.md b/NATIVE_TYPES_AND_PROVIDERS.md
@@ -381,34 +381,6 @@ jenkins_credentials { '7e86e9fb-a8af-480f-b596-7191dc02bf38':
 }
 ```
 
-### `GoogleRobotPrivateKeyCredentials`
-
-Using this credential type requires that the jenkins `google-oauth-plugin` plugin
-has been installed.
-
-```puppet
-jenkins_credentials { '587690b0-f793-44e6-bc46-889cce58fb71':
-  ensure   => 'present',
-  impl     => 'GoogleRobotPrivateKeyCredentials',
-  json_key => @END
-  {
-    "client_email": "[email protected]",
-    "private_key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n"
-  }
-  | END
-  ,
-}
-```
-or
-```
-jenkins_credentials { '2f867d0d-e0c7-48a6-a355-1d4fd2ac6c22':
-  ensure        => 'present',
-  impl          => 'GoogleRobotPrivateKeyCredentials',
-  email_address => '[email protected]',
-  p12_key       => 'LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCg==',
-}
-```
-
 ### `jenkins_job`
 
 ```

diff --git a/files/puppet_helper.groovy b/files/puppet_helper.groovy
@@ -551,21 +551,6 @@ class Actions {
               throw new UnsupportedCredentialsClass("unsupported " + keyStoreSource)
           }
           break
-        case 'com.google.jenkins.plugins.credentials.oauth.GoogleRobotPrivateKeyCredentials':
-          info['json_key'] = null
-          info['email_address'] = null
-          info['p12_key'] = null
-
-          def serviceAccountConfig = cred.getServiceAccountConfig()
-          if (serviceAccountConfig.getClass().getName() == 'com.google.jenkins.plugins.credentials.oauth.JsonServiceAccountConfig') {
-            info['json_key'] = Secret.fromString(new File(serviceAccountConfig.getJsonKeyFile()).getText('UTF-8')).getPlainText()
-          } else if (serviceAccountConfig.getClass().getName() == 'com.google.jenkins.plugins.credentials.oauth.P12ServiceAccountConfig') {
-            info['email_address'] = serviceAccountConfig.getEmailAddress()
-            info['p12_key'] = new File(serviceAccountConfig.getP12KeyFile()).getBytes().encodeBase64().toString()
-          } else {
-            throw new UnsupportedCredentialsClass("unsupported service account config " + serviceAccountConfig.getClass().getName())
-          }
-          break
         default:
           throw new UnsupportedCredentialsClass("unsupported " + cred)
       }
@@ -678,43 +663,6 @@ class Actions {
           new Secret(conf['api_token']),
         )
         break
-      case 'GoogleRobotPrivateKeyCredentials':
-        util.requirePlugin('google-oauth-plugin')
-
-        def getFileItemFromString = { id, keyByteArray, classLoader ->
-          def fileItemFactory = classLoader.loadClass('org.apache.commons.fileupload.disk.DiskFileItemFactory').newInstance()
-          fileItemFactory.setSizeThreshold(keyByteArray.length)
-          def fileItem = fileItemFactory.createItem('tempfile', 'plain/text', false, id)
-          def outputStream = fileItem.getOutputStream()
-          outputStream.write(keyByteArray, 0 , keyByteArray.length)
-          outputStream.flush()
-          outputStream.close()
-
-          return fileItem
-        }
-
-        def serviceAccountConfig = null
-        if (conf['json_key'] != null) {
-          serviceAccountConfig = this.class.classLoader.loadClass('com.google.jenkins.plugins.credentials.oauth.JsonServiceAccountConfig').newInstance(
-            getFileItemFromString(conf['id'], conf['json_key'].getBytes(), this.class.classLoader),
-            null
-          )
-        } else if (conf['email_address'] != null && conf['p12_key'] != null) {
-          serviceAccountConfig = this.class.classLoader.loadClass('com.google.jenkins.plugins.credentials.oauth.P12ServiceAccountConfig').newInstance(
-            conf['email_address'],
-            getFileItemFromString(conf['id'], conf['p12_key'].decodeBase64(), this.class.classLoader),
-            null
-          )
-        } else {
-          throw new InvalidCredentialsId("Either 'json_key' or 'email_address' and 'p12_key' have to be defined")
-        }
-
-        cred = this.class.classLoader.loadClass('com.google.jenkins.plugins.credentials.oauth.GoogleRobotPrivateKeyCredentials').newInstance(
-          conf['id'],
-          serviceAccountConfig,
-          null
-        )
-        break
       default:
         throw new UnsupportedCredentialsClass("unsupported " + conf['impl'])
     }

diff --git a/lib/puppet/provider/jenkins_credentials/cli.rb b/lib/puppet/provider/jenkins_credentials/cli.rb
@@ -64,11 +64,6 @@ def self.from_hash(info)
       [:description, :username, :access_key].each { |k| copy_key(params, info, k) }
     when 'GitLabApiTokenImpl'
       [:description, :api_token].each { |k| copy_key(params, info, k) }
-    when 'GoogleRobotPrivateKeyCredentials'
-      [:json_key, :email_address, :p12_key].each { |k| copy_key(params, info, k) }
-      # Since the plugin does not allow to configure the description of the credentials,
-      # we will just hardcode it to the default value.
-      params[:description] = 'Managed by Puppet'
     when 'ConduitCredentialsImpl'
       [:description, :token, :url].each { |k| copy_key(params, info, k) }
 

diff --git a/lib/puppet/type/jenkins_credentials.rb b/lib/puppet/type/jenkins_credentials.rb
@@ -37,7 +37,6 @@
               :FileCredentialsImpl,
               :AWSCredentialsImpl,
               :GitLabApiTokenImpl,
-              :GoogleRobotPrivateKeyCredentials,
               :BrowserStackCredentials)
   end
 
@@ -102,18 +101,6 @@
     desc 'URL of phabriactor installation - ConduitCredentialsImpl'
   end
 
-  newproperty(:json_key) do
-    desc 'Prettified JSON key string - GoogleRobotPrivateKeyCredentials'
-  end
-
-  newproperty(:email_address) do
-    desc 'Email address used with a P12 key - GoogleRobotPrivateKeyCredentials'
-  end
-
-  newproperty(:p12_key) do
-    desc 'P12 key string in Base64 format without line wrapping - GoogleRobotPrivateKeyCredentials'
-  end
-
   # require all authentication & authorization related types
   [
     :jenkins_user,

diff --git a/spec/acceptance/xtypes/jenkins_credentials_spec.rb b/spec/acceptance/xtypes/jenkins_credentials_spec.rb
@@ -238,75 +238,6 @@
         end
       end
 
-      context 'GoogleRobotPrivateKeyCredentials with json_key' do
-        it 'works with no errors and idempotently' do
-          pending('jenkins plugin tests are not consistently failing or succeeding: https://github.com/voxpupuli/puppet-jenkins/issues/839')
-          pp = base_manifest + <<-EOS
-            jenkins::plugin { [
-              'google-oauth-plugin',
-              'oauth-credentials',
-            ]: }
-
-            jenkins_credentials { '587690b0-f793-44e6-bc46-889cce58fb71':
-              ensure   => 'present',
-              impl     => 'GoogleRobotPrivateKeyCredentials',
-              json_key => @(END)
-              {
-                "client_email": "[email protected]",
-                "private_key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n"
-              }
-              | END
-              ,
-            }
-          EOS
-
-          apply(pp, catch_failures: true)
-          apply(pp, catch_changes: true)
-        end
-
-        describe file('/var/lib/jenkins/credentials.xml') do
-          # XXX need to properly compare the XML doc
-          # trying to match anything other than the id this way might match other
-          # credentails
-          it {
-            pending('jenkins plugin tests are not consistently failing or succeeding: https://github.com/voxpupuli/puppet-jenkins/issues/839')
-            is_expected.to contain '<projectId>587690b0-f793-44e6-bc46-889cce58fb71</projectId>'
-          }
-        end
-      end
-
-      context 'GoogleRobotPrivateKeyCredentials with email_address and p12_key' do
-        it 'works with no errors and idempotently' do
-          pending('jenkins plugin tests are not consistently failing or succeeding: https://github.com/voxpupuli/puppet-jenkins/issues/839')
-          pp = base_manifest + <<-EOS
-            jenkins::plugin { [
-              'google-oauth-plugin',
-              'oauth-credentials',
-            ]: }
-
-            jenkins_credentials { '2f867d0d-e0c7-48a6-a355-1d4fd2ac6c22':
-              ensure        => 'present',
-              impl          => 'GoogleRobotPrivateKeyCredentials',
-              email_address => '[email protected]',
-              p12_key       => 'LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCg==',
-            }
-          EOS
-
-          apply(pp, catch_failures: true)
-          apply(pp, catch_changes: true)
-        end
-
-        describe file('/var/lib/jenkins/credentials.xml') do
-          # XXX need to properly compare the XML doc
-          # trying to match anything other than the id this way might match other
-          # credentails
-          it {
-            pending('jenkins plugin tests are not consistently failing or succeeding: https://github.com/voxpupuli/puppet-jenkins/issues/839')
-            is_expected.to contain '<projectId>2f867d0d-e0c7-48a6-a355-1d4fd2ac6c22</projectId>'
-          }
-        end
-      end
-
       context 'BrowserStackCredentials' do
         it 'works with no errors and idempotently' do
           pending('jenkins plugin tests are not consistently failing or succeeding: https://github.com/voxpupuli/puppet-jenkins/issues/839')