Merge upstream -> mainline-criteo

attributes/executor.rb

@@ -60,4 +60,11 @@
   # CLI user to pass for ssh/https protocol
   #
   # executor['cli_user'] = 'example_chef_user'
+
+  # The limits for the Java process running the slave process.
+  # Example to configure the maximum number of open file descriptors:
+  #
+  #   node.set['jenkins']['executor']['ulimits'] = { 'n' => 8192 }
+  #
+  executor['ulimits'] = nil
 end

libraries/credentials.rb

@@ -40,6 +40,7 @@ def initialize(name, run_context = nil)
 
     # Attributes
     attribute :id,
+              name_attribute: true,
               kind_of: String,
               required: true
 

libraries/credentials_password.rb

@@ -29,11 +29,9 @@ class Resource::JenkinsPasswordCredentials < Resource::JenkinsUserCredentials
 
     # Attributes
     attribute :username,
-              kind_of: String,
-              name_attribute: true
+              kind_of: String
     attribute :password,
-              kind_of: String,
-              required: true
+              kind_of: String
   end
 end
 
@@ -48,7 +46,7 @@ def load_current_resource
 
       @current_resource.password(current_credentials[:password]) if current_credentials
 
-      @current_credentials
+      @current_resource
     end
 
     private

libraries/credentials_secret_file.rb

@@ -0,0 +1,164 @@
+#
+# Cookbook:: jenkins
+# HWRP:: credentials_secret_file
+#
+# Author:: Dimitry Polyanitsa <[email protected]>
+#
+# Copyright:: 2016-2017, Criteo
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require_relative 'credentials'
+
+class Chef
+  class Resource::JenkinsSecretFileCredentials < Resource::JenkinsUserCredentials
+    attribute :description,
+              kind_of: String,
+              default: lazy { |new_resource| "Credentials for #{new_resource.filename} - created by Chef" }
+    attribute :filename,
+              kind_of: String,
+              required: true
+    attribute :data,
+              kind_of: String,
+              required: true
+  end
+end
+
+class Chef
+  class Provider::JenkinsSecretFileCredentials < Provider::JenkinsUserCredentials
+    use_inline_resources
+    provides :jenkins_secret_file_credentials
+
+    def load_current_resource
+      @current_resource ||= Resource::JenkinsSecretFileCredentials.new(new_resource.name)
+
+      super
+
+      if current_credentials
+        @current_resource.filename(current_credentials[:filename])
+        @current_resource.data(current_resource[:data])
+      end
+
+      @current_resource
+    end
+
+    private
+
+    #
+    # @see Chef::Resource::JenkinsCredentials#credentials_groovy
+    #
+    def credentials_groovy
+      <<-EOH.gsub(/ ^{8}/, '')
+        import com.cloudbees.plugins.credentials.CredentialsScope
+        import java.nio.charset.StandardCharsets
+        import org.apache.commons.codec.binary.Base64
+        import org.apache.commons.fileupload.FileItem
+        import org.apache.commons.fileupload.FileItemHeaders
+        import org.apache.commons.lang.NotImplementedException
+        import org.jenkinsci.plugins.plaincredentials.impl.FileCredentialsImpl
+
+        class VirtualFileItem implements FileItem {
+          String getName() { #{convert_to_groovy(new_resource.filename)} }
+          byte[] get() { Base64.decodeBase64('#{new_resource.data}') }
+
+          void delete() { throw new NotImplementedException() }
+          String getContentType() { throw new NotImplementedException() }
+          String getFieldName() { throw new NotImplementedException() }
+          InputStream getInputStream() { throw new NotImplementedException() }
+          OutputStream getOutputStream() { throw new NotImplementedException() }
+          long getSize() { throw new NotImplementedException() }
+          String getString() { throw new NotImplementedException() }
+          String getString(String encoding) { throw new NotImplementedException() }
+          boolean isFormField() { throw new NotImplementedException() }
+          boolean isInMemory() { throw new NotImplementedException() }
+          void setFieldName(String name) { throw new NotImplementedException() }
+          void setFormField(boolean state) { throw new NotImplementedException() }
+          void write(File file) { throw new NotImplementedException() }
+          FileItemHeaders getHeaders() { throw new NotImplementedException() }
+          void setHeaders(FileItemHeaders headers) { throw new NotImplementedException() }
+        }
+
+        credentials = new FileCredentialsImpl(
+          CredentialsScope.GLOBAL,
+          #{convert_to_groovy(new_resource.id)},
+          #{convert_to_groovy(new_resource.description)},
+          new VirtualFileItem(),
+          null,
+          (String)null
+        )
+      EOH
+    end
+
+    #
+    # @see Chef::Resource::JenkinsCredentials#fetch_existing_credentials_groovy
+    #
+    def fetch_existing_credentials_groovy(groovy_variable_name)
+      <<-EOH.gsub(/ ^{8}/, '')
+        import jenkins.model.Jenkins
+        import hudson.util.Secret
+        import com.cloudbees.plugins.credentials.common.IdCredentials
+        import com.cloudbees.plugins.credentials.CredentialsProvider
+
+        available_credentials =
+          CredentialsProvider.lookupCredentials(
+            IdCredentials.class,
+            Jenkins.getInstance(),
+            hudson.security.ACL.SYSTEM
+          ).findAll({
+            it.id == #{convert_to_groovy('credentials.id')}
+          })
+
+        #{groovy_variable_name} = available_credentials.size() > 0 ? available_credentials[0] : null
+      EOH
+    end
+
+    #
+    # @see Chef::Resource::JenkinsCredentials#resource_attributes_groovy
+    #
+    def resource_attributes_groovy(groovy_variable_name)
+      <<-EOH.gsub(/ ^{8}/, '')
+        #{groovy_variable_name} = [
+          id:credentials.id,
+          filename:credentials.fileName,
+          date:credentials.data
+        ]
+      EOH
+    end
+
+    #
+    # @see Chef::Resource::JenkinsCredentials#attribute_to_property_map
+    #
+    def attribute_to_property_map
+      {
+        filename: 'credentials.fileName',
+        data: 'credentials.data',
+      }
+    end
+
+    #
+    # @see Chef::Resource::JenkinsCredentials#correct_config?
+    #
+    def correct_config?
+      wanted_credentials = {
+        description: new_resource.description,
+        filename: new_resource.filename,
+        data: new_resource.data,
+      }
+
+      attribute_to_property_map.keys.each do |key|
+        wanted_credentials[key] = new_resource.send(key)
+      end
+    end
+  end
+end

libraries/credentials_secret_text.rb

@@ -31,8 +31,7 @@ class Resource::JenkinsSecretTextCredentials < Resource::JenkinsCredentials
 
     # Attributes
     attribute :description,
-              kind_of: String,
-              name_attribute: true
+              kind_of: String
     attribute :secret,
               kind_of: String,
               required: true
@@ -50,7 +49,7 @@ def load_current_resource
 
       @current_resource.secret(current_credentials[:secret]) if current_credentials
 
-      @current_credentials
+      @current_resource
     end
 
     private

libraries/slave.rb

@@ -76,6 +76,8 @@ class Resource::JenkinsSlave < Resource::LWRPBase
               kind_of: String
     attribute :java_path,
               kind_of: String
+    attribute :checksum,
+              kind_of: String
 
     attr_writer :exists
     attr_writer :connected

libraries/slave_jnlp.rb

@@ -213,6 +213,15 @@ def slave_jar_url
       @slave_jar_url ||= uri_join(endpoint, 'jnlpJars', 'slave.jar')
     end
 
+    #
+    # The checksum of the +slave.jar+.
+    #
+    # @return [String]
+    #
+    def slave_jar_checksum
+      @slave_jar_checksum ||= new_resource.checksum
+    end
+
     #
     # The path to the +slave.jar+ on disk (which may or may not exist).
     #

test/fixtures/cookbooks/jenkins_credentials/recipes/create.rb

@@ -8,18 +8,19 @@
 jenkins_password_credentials 'schisamo' do
   id 'schisamo'
   description 'passwords are for suckers'
+  username 'schisamo'
   password 'superseekret'
 end
 
 # Test specifying a UUID-based ID
-jenkins_password_credentials 'schisamo2' do
-  id '63e11302-d446-4ba0-8aa4-f5821f74d36f'
+jenkins_password_credentials '63e11302-d446-4ba0-8aa4-f5821f74d36f' do
+  username 'schisamo2'
   password 'superseekret'
 end
 
 # Test specifying a string-based ID
 jenkins_password_credentials 'schisamo3' do
-  id 'schisamo3'
+  username 'schisamo3'
   password 'superseekret'
 end
 
@@ -67,7 +68,7 @@
 
 # Plugin required for Secret Text credentials
 jenkins_plugin 'plain-credentials' do
-  install_deps true
+  ignore_deps_versions true
   notifies :restart, 'service[jenkins]', :immediately
 end
 

test/fixtures/cookbooks/jenkins_server_wrapper/recipes/default.rb

@@ -22,6 +22,7 @@
 
 jenkins_plugins.each do |plugin|
   jenkins_plugin plugin do
+    ignore_deps_versions true
     notifies :execute, 'jenkins_command[safe-restart]', :immediately
   end
 end

test/fixtures/cookbooks/jenkins_slave/recipes/create_ssh.rb

@@ -8,6 +8,8 @@
   not_if { platform?('windows') }
 end
 
+return if docker? # SSH slave doesn't work in docker
+
 # Load user data from a data bag item. This should be an encrypted data
 # bag item in real deployments.
 jenkins_user_data = data_bag_item('keys', 'jenkins-ssh')