wrappers: omit blank settings for ssh-user-private-key credential

For the ssh-user-private-key credential-wrapper, the "key-file-variable" setting is mandatory, but the "username-variable" and "passphrase-variable" settings are optional. Prior to this commit, if a user omitted "username-variable" or "passphrase-variable" settings, JJB would write empty <usernameVariable/> or <passphraseVariable/> entries. When both were empty, the credentials-binding plugin would crash with an error: IllegalArgumentException("Cannot use the same key in both secretValues and publicValues") To resolve this, do not write XML entries for these optional parameters when the user does not specify them. Add a minimal test case reproducer. Change-Id: I94a4437eee6a8fdaf655c1a3bf69d46844b225bc
2022-06-09 16:37:50 -04:00 · 2022-06-09 16:37:50 -04:00 · 787164e09a
commit 787164e09a
parent ce865d4b9c
3 changed files with 23 additions and 5 deletions
--- a/jenkins_jobs/modules/wrappers.py
+++ b/jenkins_jobs/modules/wrappers.py
@ -2207,11 +2207,11 @@ def credentials_binding(registry, xml_parent, data):
                    binding_xml, params, mapping, fail_required=True
                )
            elif binding_type == "ssh-user-private-key":
-                mapping = [
-                    ("key-file-variable", "keyFileVariable", None),
-                    ("username-variable", "usernameVariable", ""),
-                    ("passphrase-variable", "passphraseVariable", ""),
-                ]
+                mapping = [("key-file-variable", "keyFileVariable", None)]
+                if "username-variable" in params:
+                    mapping.append(("username-variable", "usernameVariable", None))
+                if "passphrase-variable" in params:
+                    mapping.append(("passphrase-variable", "passphraseVariable", None))
                helpers.convert_mapping_to_xml(
                    binding_xml, params, mapping, fail_required=True
                )
--- a/tests/wrappers/fixtures/credentials-binding-ssh-minimal.xml
+++ b/tests/wrappers/fixtures/credentials-binding-ssh-minimal.xml
@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<project>
+  <buildWrappers>
+    <org.jenkinsci.plugins.credentialsbinding.impl.SecretBuildWrapper>
+      <bindings>
+        <org.jenkinsci.plugins.credentialsbinding.impl.SSHUserPrivateKeyBinding>
+          <keyFileVariable>KEY_FILE_VARIABLE</keyFileVariable>
+          <credentialsId>34eb8759-264e-4265-90f0-cb252ab1d2bf</credentialsId>
+        </org.jenkinsci.plugins.credentialsbinding.impl.SSHUserPrivateKeyBinding>
+      </bindings>
+    </org.jenkinsci.plugins.credentialsbinding.impl.SecretBuildWrapper>
+  </buildWrappers>
+</project>
--- a/tests/wrappers/fixtures/credentials-binding-ssh-minimal.yaml
+++ b/tests/wrappers/fixtures/credentials-binding-ssh-minimal.yaml
@ -0,0 +1,5 @@
+wrappers:
+ - credentials-binding:
+     - ssh-user-private-key:
+        credential-id: 34eb8759-264e-4265-90f0-cb252ab1d2bf
+        key-file-variable: KEY_FILE_VARIABLE