plugins and removed support for oic-realm

README.md

@@ -350,39 +350,6 @@ security:
     domain: domain
 ```
 
-```yaml
-# oid - openid-connect configuration must be provided
-security:
-  realm: oic
-  realmConfig:
-    ### See https://plugins.jenkins.io/oic-auth/
-    clientId: String
-    clientSecret: String
-    # auto / manual
-    automanualconfigure: manual
-    # The Well Known Configuration source URL
-    wellKnownOpenIDConfigurationUrl: http://xxx.yyy
-    # Manual Configuration (not need if you have set the wellKnownOpenIDConfigurationUrl)
-    tokenServerUrl: http://xxx.yyy
-    authorizationServerUrl: http://xxx.yyy
-    userInfoServerUrl: http://xxx.yyy
-    logoutFromOpenidProvider: true
-    endSessionEndpoint: http://xxx.yyy
-    postLogoutRedirectUrl: http://jenkins
-    userNameField: preferred_username
-    fullNameFieldName: name
-    emailFieldName: email
-    scopes: openid profile email
-    groupsFieldName: groups
-    disableSslVerification: false
-    tokenFieldToCheckKey:
-    tokenFieldToCheckValue:
-    escapeHatchEnabled: true
-    escapeHatchUsername: admin
-    escapeHatchSecret: password
-    escapeHatchGroup:
-```
-
 ```yaml
 # github - github-oauth configuration must be provided
 security:

config-handlers/SecurityConfig.groovy

@@ -171,12 +171,6 @@ def setupSecurityOptions(config){
     }
 }
 
-def setupOpenIDConnect(config){
-    def realmConfig = config.realmConfig
-    realmConfig.escapeHatchSecret = realmConfig.escapeHatchSecret ? hudson.util.Secret.fromString(realmConfig.escapeHatchSecret) : null
-    return realmConfig ? DescribableModel.of(org.jenkinsci.plugins.oic.OicSecurityRealm).instantiate(realmConfig) : null
-}
-
 def setupGithubOAuth2(config){
     def realmConfig = config.realmConfig
     return realmConfig ? DescribableModel.of(org.jenkinsci.plugins.GithubSecurityRealm).instantiate(realmConfig) : null
@@ -205,9 +199,6 @@ def setup(config){
         case 'google':
             realm = setupGoogleOAuth2(config)
             break
-        case 'oic':
-            realm = setupOpenIDConnect(config)
-            break
         case 'github':
             realm = setupGithubOAuth2(config)
             break

plugins.txt

@@ -1,4 +1,3 @@
-ace-editor:1.1
 active-directory:2.37
 amazon-ecr:1.136.v914ea_5948634
 amazon-ecs:1.49
@@ -9,19 +8,28 @@ antisamy-markup-formatter:162.v0e6ec0fcfcf6
 apache-httpcomponents-client-4-api:4.5.14-208.v438351942757
 apache-httpcomponents-client-5-api:5.4-118.v199115451c4d
 artifactory:4.0.8
+asm-api:9.7.1-95.v9f552033802a_
 authentication-tokens:1.119.v50285141b_7e1
 aws-credentials:231.v08a_59f17d742
+aws-java-sdk-api-gateway:1.12.767-467.vb_e93f0c614b_6
+aws-java-sdk-autoscaling:1.12.767-467.vb_e93f0c614b_6
 aws-java-sdk-cloudformation:1.12.767-467.vb_e93f0c614b_6
+aws-java-sdk-cloudfront:1.12.767-467.vb_e93f0c614b_6
 aws-java-sdk-codebuild:1.12.767-467.vb_e93f0c614b_6
+aws-java-sdk-codedeploy:1.12.767-467.vb_e93f0c614b_6
 aws-java-sdk-ec2:1.12.767-467.vb_e93f0c614b_6
 aws-java-sdk-ecr:1.12.767-467.vb_e93f0c614b_6
 aws-java-sdk-ecs:1.12.767-467.vb_e93f0c614b_6
 aws-java-sdk-efs:1.12.767-467.vb_e93f0c614b_6
 aws-java-sdk-elasticbeanstalk:1.12.767-467.vb_e93f0c614b_6
+aws-java-sdk-elasticloadbalancingv2:1.12.767-467.vb_e93f0c614b_6
 aws-java-sdk-iam:1.12.767-467.vb_e93f0c614b_6
 aws-java-sdk-kinesis:1.12.767-467.vb_e93f0c614b_6
+aws-java-sdk-lambda:1.12.767-467.vb_e93f0c614b_6
 aws-java-sdk-logs:1.12.767-467.vb_e93f0c614b_6
 aws-java-sdk-minimal:1.12.767-467.vb_e93f0c614b_6
+aws-java-sdk-organizations:1.12.767-467.vb_e93f0c614b_6
+aws-java-sdk-secretsmanager:1.12.767-467.vb_e93f0c614b_6
 aws-java-sdk-sns:1.12.767-467.vb_e93f0c614b_6
 aws-java-sdk-sqs:1.12.767-467.vb_e93f0c614b_6
 aws-java-sdk-ssm:1.12.767-467.vb_e93f0c614b_6
@@ -49,7 +57,6 @@ blueocean-rest-impl:1.27.16
 blueocean-rest:1.27.16
 blueocean-web:1.27.16
 blueocean:1.27.16
-bootstrap4-api:4.6.0-6
 bootstrap5-api:5.3.3-1
 bouncycastle-api:2.30.1.78.1-248.ve27176eb_46cb_
 branch-api:2.1178.v969d9eb_c728e
@@ -65,12 +72,14 @@ cloudbees-folder:6.955.v81e2a_35c08d3
 cobertura:1.17
 code-coverage-api:4.99.0
 command-launcher:115.vd8b_301cc15d0
+commons-compress-api:1.26.1-2
 commons-lang3-api:3.17.0-84.vb_b_938040b_078
 commons-text-api:1.12.0-129.v99a_50df237f7
 conditional-buildstep:1.4.3
 config-file-provider:978.v8e85886ffdc4
 configuration-as-code:1850.va_a_8c31d3158b_
 copyartifact:749.vfb_dca_a_9b_6549
+coverage:1.16.1
 credentials-binding:681.vf91669a_32e45
 credentials:1384.vf0a_2ed06f9c6
 cucumber-reports:5.8.3
@@ -85,6 +94,7 @@ docker-plugin:1.6.2
 docker-workflow:580.vc0c340686b_54
 durable-task:577.v2a_8a_4b_7c0247
 echarts-api:5.5.1-1
+eddsa-api:0.3.0-4.v84c6f0f4969e
 email-ext:1844.v3ea_a_b_842374a_
 emailext-template:1.5
 embeddable-build-status:487.va_0ef04c898a_2
@@ -114,8 +124,8 @@ golang:1.4
 google-login:109.v022b_cf87b_e5b_
 gradle:2.13.1
 groovy-postbuild:264.vf6e02a_77d5b_c
+gson-api:2.11.0-41.v019fcf6125dc
 h2-api:11.1.4.199-30.v1c64e772f3a_c
-handlebars:3.0.8
 handy-uri-templates-2-api:2.1.8-30.v7e777411b_148
 htmlpublisher:1.36
 http_request:1.19
@@ -138,10 +148,12 @@ jira:3.13
 jjwt-api:0.11.5-112.ve82dfb_224b_a_d
 jnr-posix-api:3.1.19-2
 job-dsl:1.89
-jquery-detached:1.2.1
+joda-time-api:2.13.0-85.vb_64d1c2921f1
 jquery3-api:3.7.1-2
 jquery:1.12.4-1
 jsch:0.2.16-86.v42e010d9484b_
+json-api:20240303-41.v94e11e6de726
+json-path-api:2.9.0-58.v62e3e85b_a_655
 junit:1304.vc85a_b_ca_96613
 kubernetes-cli:1.12.1
 kubernetes-client-api:6.10.0-240.v57880ce8b_0b_2
@@ -159,7 +171,6 @@ mercurial:1260.vdfb_723cdcc81
 metrics:4.2.21-451.vd51df8df52ec
 mina-sshd-api-common:2.14.0-133.vcc091215a_358
 mina-sshd-api-core:2.14.0-133.vcc091215a_358
-momentjs:1.1.1
 nodejs:1.6.2
 oic-auth:4.388.v4f73328eb_d2c
 okhttp-api:4.11.0-172.vda_da_1feeb_c6e
@@ -172,6 +183,7 @@ pipeline-build-step:540.vb_e8849e1a_b_d8
 pipeline-graph-analysis:216.vfd8b_ece330ca_
 pipeline-groovy-lib:740.va_2701257fe8d
 pipeline-input-step:495.ve9c153f6067b_
+pipeline-maven-api:1457.vf7a_de13b_c0d4
 pipeline-maven:1457.vf7a_de13b_c0d4
 pipeline-milestone-step:119.vdfdc43fc3b_9a_
 pipeline-model-api:2.2214.vb_b_34b_2ea_9b_83
@@ -184,8 +196,6 @@ pipeline-stage-view:2.34
 pipeline-utility-steps:2.18.0
 plain-credentials:183.va_de8f1dd5a_2b_
 plugin-util-api:5.1.0
-popper-api:1.16.1-3
-popper2-api:2.11.6-5
 prism-api:1.29.0-17
 promoted-builds:965.vcda_c6a_e0998f
 pubsub-light:1.18
@@ -214,17 +224,13 @@ timestamper:1.27
 token-macro:400.v35420b_922dcb_
 trilead-api:2.147.vb_73cc728a_32e
 variant:60.v7290fc0eb_b_cd
-whitesource:21.1.2
-windows-slaves:1.8.1
 workflow-aggregator:600.vb_57cdd26fdd7
 workflow-api:1336.vee415d95c521
 workflow-basic-steps:1058.vcb_fc1e3a_21a_9
-workflow-cps-global-lib:612.v55f2f80781ef
 workflow-cps:3969.vdc9d3a_efcc6a_
 workflow-durable-task-step:1371.vb_7cec8f3b_95e
 workflow-job:1436.vfa_244484591f
 workflow-multibranch:795.ve0cb_1f45ca_9a_
-workflow-remote-loader:1.6
 workflow-scm-step:427.v4ca_6512e7df1
 workflow-step-api:678.v3ee58b_469476
 workflow-support:926.v9f4f9b_b_98c19

tests/groovy/config-handlers/SecurityConfigTest.groovy

@@ -54,58 +54,6 @@ realmConfig:
     assert samlRealm.samlCustomAttributes == [new org.jenkinsci.plugins.saml.conf.Attribute('xxx', 'wierdxxx')]
 }
 
-def testOIC(){
-	def config = new Yaml().load("""
-realmConfig:
-  clientId: '111222333'
-  clientSecret: '33322211'
-  automanualconfigure: manual
-  wellKnownOpenIDConfigurationUrl: http://xxx1.yyy
-  tokenServerUrl: http://xxx2.yyy
-  authorizationServerUrl: http://xxx3.yyy
-  userInfoServerUrl: http://xxx4.yyy
-  logoutFromOpenidProvider: true
-  endSessionEndpoint: http://xxx5.yyy
-  postLogoutRedirectUrl: http://jenkins
-  userNameField: preferred_username
-  fullNameFieldName: name
-  emailFieldName: email
-  scopes: openid profile email
-  groupsFieldName: groups
-  disableSslVerification: false
-  tokenFieldToCheckKey: key1
-  tokenFieldToCheckValue: value1
-  escapeHatchEnabled: true
-  escapeHatchUsername: admin
-  escapeHatchSecret: password
-  escapeHatchGroup: test1
-""")
-
-    def oicRealm = configHandler.setupOpenIDConnect(config)
-    assert oicRealm instanceof org.jenkinsci.plugins.oic.OicSecurityRealm
-    assert oicRealm.clientId == '111222333'
-    assert oicRealm.clientSecret.getPlainText().toString() == '33322211'
-    assert oicRealm.wellKnownOpenIDConfigurationUrl == null // relevant only in auto
-    assert oicRealm.tokenServerUrl == 'http://xxx2.yyy'
-    assert oicRealm.authorizationServerUrl == 'http://xxx3.yyy'
-    assert oicRealm.userInfoServerUrl == 'http://xxx4.yyy'
-    assert oicRealm.logoutFromOpenidProvider
-    assert oicRealm.endSessionEndpoint == 'http://xxx5.yyy'
-    assert oicRealm.postLogoutRedirectUrl == 'http://jenkins'
-    assert oicRealm.userNameField == 'preferred_username'
-    assert oicRealm.fullNameFieldName == 'name'
-    assert oicRealm.emailFieldName == 'email'
-    assert oicRealm.scopes == 'openid profile email'
-    assert oicRealm.groupsFieldName == 'groups'
-    assert !oicRealm.disableSslVerification
-    assert oicRealm.tokenFieldToCheckKey == 'key1'
-    assert oicRealm.tokenFieldToCheckValue == 'value1'
-    assert oicRealm.escapeHatchEnabled
-    assert oicRealm.escapeHatchUsername == 'admin'
-    //This is now a hashed password and not encrypted so can't be tested
-    //assert oicRealm.escapeHatchSecret.toString() == 'password'
-    assert oicRealm.escapeHatchGroup == 'test1'
-}
 
 def testLdap(){
 	def config = new Yaml().load("""
@@ -322,7 +270,6 @@ markupFormatter:
 testGoogleLogin()
 testSaml()
 testLdap()
-testOIC()
 testActiveDirectory()
 testGithubLogin()
 testAuthorizationStrategy()