From cfcd99aecbb89e5b705c86895c11c80c88d6ca37 Mon Sep 17 00:00:00 2001 From: Ohad David Date: Sun, 13 Oct 2024 13:49:55 +0300 Subject: [PATCH] plugins and removed support for oic-realm --- README.md | 33 ------------ config-handlers/SecurityConfig.groovy | 9 ---- plugins.txt | 28 ++++++---- .../config-handlers/SecurityConfigTest.groovy | 53 ------------------- 4 files changed, 17 insertions(+), 106 deletions(-) diff --git a/README.md b/README.md index 1f2582d..5207a4a 100644 --- a/README.md +++ b/README.md @@ -350,39 +350,6 @@ security: domain: domain ``` -```yaml -# oid - openid-connect configuration must be provided -security: - realm: oic - realmConfig: - ### See https://plugins.jenkins.io/oic-auth/ - clientId: String - clientSecret: String - # auto / manual - automanualconfigure: manual - # The Well Known Configuration source URL - wellKnownOpenIDConfigurationUrl: http://xxx.yyy - # Manual Configuration (not need if you have set the wellKnownOpenIDConfigurationUrl) - tokenServerUrl: http://xxx.yyy - authorizationServerUrl: http://xxx.yyy - userInfoServerUrl: http://xxx.yyy - logoutFromOpenidProvider: true - endSessionEndpoint: http://xxx.yyy - postLogoutRedirectUrl: http://jenkins - userNameField: preferred_username - fullNameFieldName: name - emailFieldName: email - scopes: openid profile email - groupsFieldName: groups - disableSslVerification: false - tokenFieldToCheckKey: - tokenFieldToCheckValue: - escapeHatchEnabled: true - escapeHatchUsername: admin - escapeHatchSecret: password - escapeHatchGroup: -``` - ```yaml # github - github-oauth configuration must be provided security: diff --git a/config-handlers/SecurityConfig.groovy b/config-handlers/SecurityConfig.groovy index 2fd3777..bc05010 100644 --- a/config-handlers/SecurityConfig.groovy +++ b/config-handlers/SecurityConfig.groovy @@ -171,12 +171,6 @@ def setupSecurityOptions(config){ } } -def setupOpenIDConnect(config){ - def realmConfig = config.realmConfig - realmConfig.escapeHatchSecret = realmConfig.escapeHatchSecret ? hudson.util.Secret.fromString(realmConfig.escapeHatchSecret) : null - return realmConfig ? DescribableModel.of(org.jenkinsci.plugins.oic.OicSecurityRealm).instantiate(realmConfig) : null -} - def setupGithubOAuth2(config){ def realmConfig = config.realmConfig return realmConfig ? DescribableModel.of(org.jenkinsci.plugins.GithubSecurityRealm).instantiate(realmConfig) : null @@ -205,9 +199,6 @@ def setup(config){ case 'google': realm = setupGoogleOAuth2(config) break - case 'oic': - realm = setupOpenIDConnect(config) - break case 'github': realm = setupGithubOAuth2(config) break diff --git a/plugins.txt b/plugins.txt index 034d3c8..4a8e755 100644 --- a/plugins.txt +++ b/plugins.txt @@ -1,4 +1,3 @@ -ace-editor:1.1 active-directory:2.37 amazon-ecr:1.136.v914ea_5948634 amazon-ecs:1.49 @@ -9,19 +8,28 @@ antisamy-markup-formatter:162.v0e6ec0fcfcf6 apache-httpcomponents-client-4-api:4.5.14-208.v438351942757 apache-httpcomponents-client-5-api:5.4-118.v199115451c4d artifactory:4.0.8 +asm-api:9.7.1-95.v9f552033802a_ authentication-tokens:1.119.v50285141b_7e1 aws-credentials:231.v08a_59f17d742 +aws-java-sdk-api-gateway:1.12.767-467.vb_e93f0c614b_6 +aws-java-sdk-autoscaling:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-cloudformation:1.12.767-467.vb_e93f0c614b_6 +aws-java-sdk-cloudfront:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-codebuild:1.12.767-467.vb_e93f0c614b_6 +aws-java-sdk-codedeploy:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-ec2:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-ecr:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-ecs:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-efs:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-elasticbeanstalk:1.12.767-467.vb_e93f0c614b_6 +aws-java-sdk-elasticloadbalancingv2:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-iam:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-kinesis:1.12.767-467.vb_e93f0c614b_6 +aws-java-sdk-lambda:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-logs:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-minimal:1.12.767-467.vb_e93f0c614b_6 +aws-java-sdk-organizations:1.12.767-467.vb_e93f0c614b_6 +aws-java-sdk-secretsmanager:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-sns:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-sqs:1.12.767-467.vb_e93f0c614b_6 aws-java-sdk-ssm:1.12.767-467.vb_e93f0c614b_6 @@ -49,7 +57,6 @@ blueocean-rest-impl:1.27.16 blueocean-rest:1.27.16 blueocean-web:1.27.16 blueocean:1.27.16 -bootstrap4-api:4.6.0-6 bootstrap5-api:5.3.3-1 bouncycastle-api:2.30.1.78.1-248.ve27176eb_46cb_ branch-api:2.1178.v969d9eb_c728e @@ -65,12 +72,14 @@ cloudbees-folder:6.955.v81e2a_35c08d3 cobertura:1.17 code-coverage-api:4.99.0 command-launcher:115.vd8b_301cc15d0 +commons-compress-api:1.26.1-2 commons-lang3-api:3.17.0-84.vb_b_938040b_078 commons-text-api:1.12.0-129.v99a_50df237f7 conditional-buildstep:1.4.3 config-file-provider:978.v8e85886ffdc4 configuration-as-code:1850.va_a_8c31d3158b_ copyartifact:749.vfb_dca_a_9b_6549 +coverage:1.16.1 credentials-binding:681.vf91669a_32e45 credentials:1384.vf0a_2ed06f9c6 cucumber-reports:5.8.3 @@ -85,6 +94,7 @@ docker-plugin:1.6.2 docker-workflow:580.vc0c340686b_54 durable-task:577.v2a_8a_4b_7c0247 echarts-api:5.5.1-1 +eddsa-api:0.3.0-4.v84c6f0f4969e email-ext:1844.v3ea_a_b_842374a_ emailext-template:1.5 embeddable-build-status:487.va_0ef04c898a_2 @@ -114,8 +124,8 @@ golang:1.4 google-login:109.v022b_cf87b_e5b_ gradle:2.13.1 groovy-postbuild:264.vf6e02a_77d5b_c +gson-api:2.11.0-41.v019fcf6125dc h2-api:11.1.4.199-30.v1c64e772f3a_c -handlebars:3.0.8 handy-uri-templates-2-api:2.1.8-30.v7e777411b_148 htmlpublisher:1.36 http_request:1.19 @@ -138,10 +148,12 @@ jira:3.13 jjwt-api:0.11.5-112.ve82dfb_224b_a_d jnr-posix-api:3.1.19-2 job-dsl:1.89 -jquery-detached:1.2.1 +joda-time-api:2.13.0-85.vb_64d1c2921f1 jquery3-api:3.7.1-2 jquery:1.12.4-1 jsch:0.2.16-86.v42e010d9484b_ +json-api:20240303-41.v94e11e6de726 +json-path-api:2.9.0-58.v62e3e85b_a_655 junit:1304.vc85a_b_ca_96613 kubernetes-cli:1.12.1 kubernetes-client-api:6.10.0-240.v57880ce8b_0b_2 @@ -159,7 +171,6 @@ mercurial:1260.vdfb_723cdcc81 metrics:4.2.21-451.vd51df8df52ec mina-sshd-api-common:2.14.0-133.vcc091215a_358 mina-sshd-api-core:2.14.0-133.vcc091215a_358 -momentjs:1.1.1 nodejs:1.6.2 oic-auth:4.388.v4f73328eb_d2c okhttp-api:4.11.0-172.vda_da_1feeb_c6e @@ -172,6 +183,7 @@ pipeline-build-step:540.vb_e8849e1a_b_d8 pipeline-graph-analysis:216.vfd8b_ece330ca_ pipeline-groovy-lib:740.va_2701257fe8d pipeline-input-step:495.ve9c153f6067b_ +pipeline-maven-api:1457.vf7a_de13b_c0d4 pipeline-maven:1457.vf7a_de13b_c0d4 pipeline-milestone-step:119.vdfdc43fc3b_9a_ pipeline-model-api:2.2214.vb_b_34b_2ea_9b_83 @@ -184,8 +196,6 @@ pipeline-stage-view:2.34 pipeline-utility-steps:2.18.0 plain-credentials:183.va_de8f1dd5a_2b_ plugin-util-api:5.1.0 -popper-api:1.16.1-3 -popper2-api:2.11.6-5 prism-api:1.29.0-17 promoted-builds:965.vcda_c6a_e0998f pubsub-light:1.18 @@ -214,17 +224,13 @@ timestamper:1.27 token-macro:400.v35420b_922dcb_ trilead-api:2.147.vb_73cc728a_32e variant:60.v7290fc0eb_b_cd -whitesource:21.1.2 -windows-slaves:1.8.1 workflow-aggregator:600.vb_57cdd26fdd7 workflow-api:1336.vee415d95c521 workflow-basic-steps:1058.vcb_fc1e3a_21a_9 -workflow-cps-global-lib:612.v55f2f80781ef workflow-cps:3969.vdc9d3a_efcc6a_ workflow-durable-task-step:1371.vb_7cec8f3b_95e workflow-job:1436.vfa_244484591f workflow-multibranch:795.ve0cb_1f45ca_9a_ -workflow-remote-loader:1.6 workflow-scm-step:427.v4ca_6512e7df1 workflow-step-api:678.v3ee58b_469476 workflow-support:926.v9f4f9b_b_98c19 diff --git a/tests/groovy/config-handlers/SecurityConfigTest.groovy b/tests/groovy/config-handlers/SecurityConfigTest.groovy index ffd4929..ce2bc58 100644 --- a/tests/groovy/config-handlers/SecurityConfigTest.groovy +++ b/tests/groovy/config-handlers/SecurityConfigTest.groovy @@ -54,58 +54,6 @@ realmConfig: assert samlRealm.samlCustomAttributes == [new org.jenkinsci.plugins.saml.conf.Attribute('xxx', 'wierdxxx')] } -def testOIC(){ - def config = new Yaml().load(""" -realmConfig: - clientId: '111222333' - clientSecret: '33322211' - automanualconfigure: manual - wellKnownOpenIDConfigurationUrl: http://xxx1.yyy - tokenServerUrl: http://xxx2.yyy - authorizationServerUrl: http://xxx3.yyy - userInfoServerUrl: http://xxx4.yyy - logoutFromOpenidProvider: true - endSessionEndpoint: http://xxx5.yyy - postLogoutRedirectUrl: http://jenkins - userNameField: preferred_username - fullNameFieldName: name - emailFieldName: email - scopes: openid profile email - groupsFieldName: groups - disableSslVerification: false - tokenFieldToCheckKey: key1 - tokenFieldToCheckValue: value1 - escapeHatchEnabled: true - escapeHatchUsername: admin - escapeHatchSecret: password - escapeHatchGroup: test1 -""") - - def oicRealm = configHandler.setupOpenIDConnect(config) - assert oicRealm instanceof org.jenkinsci.plugins.oic.OicSecurityRealm - assert oicRealm.clientId == '111222333' - assert oicRealm.clientSecret.getPlainText().toString() == '33322211' - assert oicRealm.wellKnownOpenIDConfigurationUrl == null // relevant only in auto - assert oicRealm.tokenServerUrl == 'http://xxx2.yyy' - assert oicRealm.authorizationServerUrl == 'http://xxx3.yyy' - assert oicRealm.userInfoServerUrl == 'http://xxx4.yyy' - assert oicRealm.logoutFromOpenidProvider - assert oicRealm.endSessionEndpoint == 'http://xxx5.yyy' - assert oicRealm.postLogoutRedirectUrl == 'http://jenkins' - assert oicRealm.userNameField == 'preferred_username' - assert oicRealm.fullNameFieldName == 'name' - assert oicRealm.emailFieldName == 'email' - assert oicRealm.scopes == 'openid profile email' - assert oicRealm.groupsFieldName == 'groups' - assert !oicRealm.disableSslVerification - assert oicRealm.tokenFieldToCheckKey == 'key1' - assert oicRealm.tokenFieldToCheckValue == 'value1' - assert oicRealm.escapeHatchEnabled - assert oicRealm.escapeHatchUsername == 'admin' - //This is now a hashed password and not encrypted so can't be tested - //assert oicRealm.escapeHatchSecret.toString() == 'password' - assert oicRealm.escapeHatchGroup == 'test1' -} def testLdap(){ def config = new Yaml().load(""" @@ -322,7 +270,6 @@ markupFormatter: testGoogleLogin() testSaml() testLdap() -testOIC() testActiveDirectory() testGithubLogin() testAuthorizationStrategy()