From 787164e09a14dad727d69c3c106fa519e6ceb032 Mon Sep 17 00:00:00 2001
From: Ken Dreyer <ktdreyer@ktdreyer.com>
Date: Thu, 9 Jun 2022 16:37:50 -0400
Subject: [PATCH] wrappers: omit blank settings for ssh-user-private-key
 credential

For the ssh-user-private-key credential-wrapper, the "key-file-variable"
setting is mandatory, but the "username-variable" and
"passphrase-variable" settings are optional.

Prior to this commit, if a user omitted "username-variable" or
"passphrase-variable" settings, JJB would write empty
<usernameVariable/> or <passphraseVariable/> entries. When both were
empty, the credentials-binding plugin would crash with an error:

  IllegalArgumentException("Cannot use the same key in both secretValues and publicValues")

To resolve this, do not write XML entries for these optional parameters
when the user does not specify them.

Add a minimal test case reproducer.

Change-Id: I94a4437eee6a8fdaf655c1a3bf69d46844b225bc
---
 jenkins_jobs/modules/wrappers.py                    | 10 +++++-----
 .../fixtures/credentials-binding-ssh-minimal.xml    | 13 +++++++++++++
 .../fixtures/credentials-binding-ssh-minimal.yaml   |  5 +++++
 3 files changed, 23 insertions(+), 5 deletions(-)
 create mode 100644 tests/wrappers/fixtures/credentials-binding-ssh-minimal.xml
 create mode 100644 tests/wrappers/fixtures/credentials-binding-ssh-minimal.yaml

diff --git a/jenkins_jobs/modules/wrappers.py b/jenkins_jobs/modules/wrappers.py
index af62af016..eb91a65b6 100644
--- a/jenkins_jobs/modules/wrappers.py
+++ b/jenkins_jobs/modules/wrappers.py
@@ -2207,11 +2207,11 @@ def credentials_binding(registry, xml_parent, data):
                     binding_xml, params, mapping, fail_required=True
                 )
             elif binding_type == "ssh-user-private-key":
-                mapping = [
-                    ("key-file-variable", "keyFileVariable", None),
-                    ("username-variable", "usernameVariable", ""),
-                    ("passphrase-variable", "passphraseVariable", ""),
-                ]
+                mapping = [("key-file-variable", "keyFileVariable", None)]
+                if "username-variable" in params:
+                    mapping.append(("username-variable", "usernameVariable", None))
+                if "passphrase-variable" in params:
+                    mapping.append(("passphrase-variable", "passphraseVariable", None))
                 helpers.convert_mapping_to_xml(
                     binding_xml, params, mapping, fail_required=True
                 )
diff --git a/tests/wrappers/fixtures/credentials-binding-ssh-minimal.xml b/tests/wrappers/fixtures/credentials-binding-ssh-minimal.xml
new file mode 100644
index 000000000..ad5d31455
--- /dev/null
+++ b/tests/wrappers/fixtures/credentials-binding-ssh-minimal.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<project>
+  <buildWrappers>
+    <org.jenkinsci.plugins.credentialsbinding.impl.SecretBuildWrapper>
+      <bindings>
+        <org.jenkinsci.plugins.credentialsbinding.impl.SSHUserPrivateKeyBinding>
+          <keyFileVariable>KEY_FILE_VARIABLE</keyFileVariable>
+          <credentialsId>34eb8759-264e-4265-90f0-cb252ab1d2bf</credentialsId>
+        </org.jenkinsci.plugins.credentialsbinding.impl.SSHUserPrivateKeyBinding>
+      </bindings>
+    </org.jenkinsci.plugins.credentialsbinding.impl.SecretBuildWrapper>
+  </buildWrappers>
+</project>
diff --git a/tests/wrappers/fixtures/credentials-binding-ssh-minimal.yaml b/tests/wrappers/fixtures/credentials-binding-ssh-minimal.yaml
new file mode 100644
index 000000000..6457d80ab
--- /dev/null
+++ b/tests/wrappers/fixtures/credentials-binding-ssh-minimal.yaml
@@ -0,0 +1,5 @@
+wrappers:
+ - credentials-binding:
+     - ssh-user-private-key:
+        credential-id: 34eb8759-264e-4265-90f0-cb252ab1d2bf
+        key-file-variable: KEY_FILE_VARIABLE