get AWS secret access key id, AWS secret key from credentials secret text.

.gitignore

@@ -66,4 +66,4 @@ work/
 target
 
 # Maven Release Plugin
-release.properties
+release.properties

pom.xml

@@ -3,11 +3,11 @@
 	<parent>
 		<groupId>org.jenkins-ci.plugins</groupId>
 		<artifactId>plugin</artifactId>
-		<version>1.580.1</version>
+		<version>3.19</version>
 	</parent>
 
 	<artifactId>aws-lambda</artifactId>
-	<version>0.6.0-SNAPSHOT</version>
+	<version>0.6.1-SNAPSHOT</version>
 	<packaging>hpi</packaging>
 
 	<name>AWS Lambda Plugin</name>
@@ -45,8 +45,10 @@
 	</developers>
 
     <properties>
-        <aws.version>1.11.64</aws.version>
-        <jsonpath.version>2.0.0</jsonpath.version>
+        <aws.version>1.11.160</aws.version>
+		<java.level>8</java.level>
+		<jenkins.version>2.60.3</jenkins.version>
+		<jsonpath.version>2.0.0</jsonpath.version>
     </properties>
 
     <dependencies>
@@ -55,7 +57,17 @@
             <artifactId>aws-java-sdk-core</artifactId>
             <version>${aws.version}</version>
         </dependency>
-        <dependency>
+		<dependency>
+			<groupId>org.jenkins-ci.plugins</groupId>
+			<artifactId>credentials</artifactId>
+			<version>2.1.18</version>
+		</dependency>
+		<dependency>
+			<groupId>org.jenkins-ci.plugins</groupId>
+			<artifactId>plain-credentials</artifactId>
+			<version>1.3</version>
+		</dependency>
+		<dependency>
             <groupId>com.amazonaws</groupId>
             <artifactId>aws-java-sdk-lambda</artifactId>
             <version>${aws.version}</version>
@@ -68,7 +80,7 @@
         <dependency>
             <groupId>org.jenkins-ci.plugins</groupId>
             <artifactId>structs</artifactId>
-            <version>1.6</version>
+            <version>1.7</version>
         </dependency>
         <dependency>
             <groupId>org.hamcrest</groupId>
@@ -82,6 +94,12 @@
             <version>1.10.19</version>
             <scope>test</scope>
         </dependency>
+        <!--For debugging in local: mvn hpi:run-->
+		<dependency>
+			<groupId>org.jenkins-ci.plugins</groupId>
+			<artifactId>mailer</artifactId>
+			<version>1.18</version>
+		</dependency>
     </dependencies>
 
 	<build>

src/main/java/com/xti/jenkins/plugin/awslambda/publish/LambdaPublishBuildStepVariables.java

@@ -55,7 +55,6 @@ public boolean getUseInstanceCredentials() {
         return useInstanceCredentials;
     }
 
-    @DataBoundSetter
     public void setAwsAccessKeyId(String awsAccessKeyId) {
         this.awsAccessKeyId = awsAccessKeyId;
     }
@@ -64,7 +63,6 @@ public String getAwsAccessKeyId() {
         return this.awsAccessKeyId;
     }
 
-    @DataBoundSetter
     public void setAwsSecretKey(String awsSecretKey) {
         this.awsSecretKey = Secret.fromString(awsSecretKey).getEncryptedValue();
     }

src/main/java/com/xti/jenkins/plugin/awslambda/upload/LambdaUploadBuildStep.java

@@ -26,6 +26,8 @@
  * #L%
  */
 
+import com.cloudbees.plugins.credentials.CredentialsProvider;
+import com.cloudbees.plugins.credentials.common.IdCredentials;
 import com.xti.jenkins.plugin.awslambda.callable.DeployCallable;
 import com.xti.jenkins.plugin.awslambda.util.LambdaClientConfig;
 import hudson.Extension;
@@ -41,6 +43,7 @@
 import jenkins.tasks.SimpleBuildStep;
 import net.sf.json.JSONObject;
 import org.jenkinsci.Symbol;
+import org.jenkinsci.plugins.plaincredentials.StringCredentials;
 import org.kohsuke.stapler.DataBoundConstructor;
 import org.kohsuke.stapler.StaplerRequest;
 
@@ -66,6 +69,13 @@ public void setLambdaUploadBuildStepVariables(LambdaUploadBuildStepVariables Lam
 
     @Override
     public void perform(@Nonnull Run<?, ?> run, @Nonnull FilePath workspace, @Nonnull Launcher launcher, @Nonnull TaskListener listener) throws InterruptedException, IOException {
+        IdCredentials cred = CredentialsProvider.findCredentialById(
+                lambdaUploadBuildStepVariables.getCredentialsId(),
+                IdCredentials.class,
+                run);
+        StringCredentials c = (StringCredentials)cred;
+        lambdaUploadBuildStepVariables.setAwsAccessKeyId(c.getId());
+        lambdaUploadBuildStepVariables.setAwsSecretKey(c.getSecret().getPlainText());
         perform(lambdaUploadBuildStepVariables, run, workspace, launcher, listener);
     }
 

src/main/java/com/xti/jenkins/plugin/awslambda/upload/LambdaUploadBuildStepVariables.java

@@ -26,22 +26,35 @@
  * #L%
  */
 
+import com.cloudbees.plugins.credentials.CredentialsMatchers;
+import com.cloudbees.plugins.credentials.CredentialsProvider;
+import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
+import com.cloudbees.plugins.credentials.domains.DomainRequirement;
 import com.xti.jenkins.plugin.awslambda.AWSLambdaDescriptor;
 import com.xti.jenkins.plugin.awslambda.util.ExpansionUtils;
 import com.xti.jenkins.plugin.awslambda.util.JenkinsProxy;
 import com.xti.jenkins.plugin.awslambda.util.LambdaClientConfig;
 import com.xti.jenkins.plugin.awslambda.util.Tokenizer;
 import hudson.EnvVars;
 import hudson.Extension;
+import hudson.Util;
 import hudson.model.AbstractDescribableImpl;
+import hudson.model.Item;
+import hudson.model.Queue;
+import hudson.model.queue.Tasks;
+import hudson.security.ACL;
 import hudson.util.FormValidation;
 import hudson.util.ListBoxModel;
 import hudson.util.Secret;
+import jenkins.model.Jenkins;
 import org.apache.commons.lang.StringUtils;
+import org.jenkinsci.plugins.plaincredentials.StringCredentials;
+import org.kohsuke.stapler.AncestorInPath;
 import org.kohsuke.stapler.DataBoundConstructor;
 import org.kohsuke.stapler.DataBoundSetter;
 import org.kohsuke.stapler.QueryParameter;
 
+import java.util.Collections;
 import java.util.HashMap;
 
 /**
@@ -70,6 +83,7 @@ public class LambdaUploadBuildStepVariables extends AbstractDescribableImpl<Lamb
     private EnvironmentConfiguration environmentConfiguration;
     private boolean enableDeadLetterQueue;
     private String deadLetterQueueArn;
+    private String credentialsId;
 
     @DataBoundConstructor
     public LambdaUploadBuildStepVariables(String awsRegion, String functionName, String updateMode){
@@ -113,7 +127,6 @@ public String getAwsAccessKeyId() {
         return awsAccessKeyId;
     }
 
-    @DataBoundSetter
     public void setAwsAccessKeyId(String awsAccessKeyId) {
         this.awsAccessKeyId = awsAccessKeyId;
     }
@@ -122,11 +135,15 @@ public String getAwsSecretKey() {
         return awsSecretKey;
     }
 
-    @DataBoundSetter
     public void setAwsSecretKey(String awsSecretKey) {
         this.awsSecretKey = Secret.fromString(awsSecretKey).getEncryptedValue();
     }
 
+    @DataBoundSetter
+    public void setCredentialsId(String credentialsId) {this.credentialsId = credentialsId;}
+
+    public String getCredentialsId() {return credentialsId; }
+
     public String getAwsRegion() {
         return awsRegion;
     }
@@ -294,6 +311,7 @@ public void expandVariables(EnvVars env) {
             environmentConfiguration.expandVariables(env);
         }
         deadLetterQueueArn = ExpansionUtils.expand(deadLetterQueueArn, env);
+        credentialsId = ExpansionUtils.expand(credentialsId, env);
     }
 
     public LambdaUploadBuildStepVariables getClone(){
@@ -318,6 +336,7 @@ public LambdaUploadBuildStepVariables getClone(){
         }
         lambdaUploadBuildStepVariables.setEnableDeadLetterQueue(enableDeadLetterQueue);
         lambdaUploadBuildStepVariables.setDeadLetterQueueArn(deadLetterQueueArn);
+        lambdaUploadBuildStepVariables.setCredentialsId(credentialsId);
         return lambdaUploadBuildStepVariables;
     }
 
@@ -385,6 +404,53 @@ public ListBoxModel doFillUpdateModeItems(@QueryParameter String updateMode) {
             return items;
         }
 
+        public ListBoxModel doFillCredentialsIdItems(
+                @AncestorInPath Item item,
+                @QueryParameter String credentialsId
+        ){
+            if (item == null && !Jenkins.getInstance().hasPermission(Jenkins.ADMINISTER) ||
+                    item != null && !item.hasPermission(Item.EXTENDED_READ)) {
+                return new StandardListBoxModel().includeCurrentValue(credentialsId);
+            }
+
+            return new StandardListBoxModel()
+                    .includeMatchingAs(
+                            item instanceof Queue.Task
+                                    ? Tasks.getAuthenticationOf((Queue.Task) item)
+                                    : ACL.SYSTEM,
+                            item,
+                            StringCredentials.class,
+                            Collections.<DomainRequirement> emptyList(),
+                            CredentialsMatchers.anyOf(CredentialsMatchers.instanceOf(StringCredentials.class)))
+                    .includeCurrentValue(credentialsId);
+        }
+
+        public FormValidation doCheckCredentialsId(@AncestorInPath Item item,
+                                                   @QueryParameter String value) {
+            if (item == null && !Jenkins.getInstance().hasPermission(Jenkins.ADMINISTER) ||
+                    item != null && !item.hasPermission(Item.EXTENDED_READ)) {
+                return FormValidation.ok();
+            }
+
+            value = Util.fixEmptyAndTrim(value);
+            if (value == null) {
+                return FormValidation.ok();
+            }
+
+            for (ListBoxModel.Option o : CredentialsProvider
+                    .listCredentials(StringCredentials.class, item, item instanceof Queue.Task
+                                    ? Tasks.getAuthenticationOf((Queue.Task) item)
+                                    : ACL.SYSTEM,
+                            Collections.<DomainRequirement> emptyList(),
+                            CredentialsMatchers.anyOf(CredentialsMatchers.instanceOf(StringCredentials.class)))) {
+                if (StringUtils.equals(value, o.value)) {
+                    return FormValidation.ok();
+                }
+            }
+            // no credentials available, can't check
+            return FormValidation.warning("Cannot find any credentials with id " + value);
+        }
+
         /**
          * This human readable name is used in the configuration screen.
          */

src/main/java/com/xti/jenkins/plugin/awslambda/upload/LambdaUploadPublisher.java

@@ -26,11 +26,14 @@
  * #L%
  */
 
+import com.cloudbees.plugins.credentials.CredentialsProvider;
+import com.cloudbees.plugins.credentials.common.IdCredentials;
 import com.xti.jenkins.plugin.awslambda.callable.DeployCallable;
 import com.xti.jenkins.plugin.awslambda.upload.LambdaUploadAction;
 import com.xti.jenkins.plugin.awslambda.upload.DeployConfig;
 import com.xti.jenkins.plugin.awslambda.upload.LambdaUploadVariables;
 import com.xti.jenkins.plugin.awslambda.util.LambdaClientConfig;
+import hudson.EnvVars;
 import hudson.Extension;
 import hudson.FilePath;
 import hudson.Launcher;
@@ -40,6 +43,7 @@
 import hudson.tasks.Notifier;
 import hudson.tasks.Publisher;
 import net.sf.json.JSONObject;
+import org.jenkinsci.plugins.plaincredentials.StringCredentials;
 import org.kohsuke.stapler.DataBoundConstructor;
 import org.kohsuke.stapler.StaplerRequest;
 
@@ -63,9 +67,22 @@ public List<LambdaUploadVariables> getLambdaVariablesList() {
     public boolean perform(AbstractBuild<?, ?> build, Launcher launcher,
                            BuildListener listener) {
         boolean returnValue = true;
+        EnvVars environment;
+        try{environment = build.getEnvironment(listener);}
+        catch(Exception e){
+            e.printStackTrace();
+        }
 
         if (lambdaVariablesList != null){
             for (LambdaUploadVariables lambdaVariables : lambdaVariablesList) {
+                IdCredentials cred = CredentialsProvider.findCredentialById(
+                        lambdaVariables.getCredentialsId(),
+                        IdCredentials.class,
+                        build);
+                StringCredentials c = (StringCredentials)cred;
+                lambdaVariables.setAwsAccessKeyId(c.getId());
+                lambdaVariables.setAwsSecretKey(c.getSecret().getPlainText());
+
                 returnValue = returnValue && perform(lambdaVariables, build, launcher, listener);
             }
         }