Add an initial version of the shared library

2017-08-09 18:51:39 -07:00 · 2017-08-09 18:51:39 -07:00 · f68141b019
commit f68141b019
7 changed files with 106 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
--- a/README.adoc
+++ b/README.adoc
@ -0,0 +1,54 @@
+= Inline Pipeline Secrets
+
+This is a link:https://jenkins.io/doc/book/pipeline/shared-libraries[Pipeline
+Shared Library] which helps support the use of user-defined inline secrets from
+within a `Jenkinsfile`.
+
+
+== Prerequisites
+
+This Shared Library requires that the
+link:https://plugins.jenkins.io/workflow-aggregator[Pipeline plugin] and
+link:https://plugins.jenkins.io/mask-passwords[Mask Passwords plugin]
+installed.
+
+
+== Using
+
+=== Decrypting Secrets
+
+A Pipeline can use secrets similar to environment variables:
+
+.Jenkinsfile
+[source,groovy]
+----
+node {
+    stage('Deploy') {
+        withSecrets(
+            AWS_SECRET_ID: '{AQAAABAAAAAQWsBycxCz0x8ouOKJLU9OTvHdsN7kt7+6RAcV2zZJTm4=}'
+        ) {
+            echo "I should be deploying something with: ${env.AWS_SECRET_ID}"
+        }
+    }
+}
+----
+
+=== Encrypting Secrets
+
+A Pipeline can be used to offer a user interface for encrypting.
+
+.Jenkinsfile
+[source,groovy]
+----
+promptUserForEncryption()
+----
+
+== API
+
+`promptUserForEncryption()`
+
+`createSecretText()`
+
+`unsafeSecretAccess()`
+
+`withSecrets()`
--- a/assets/with-screenshot.png
+++ b/assets/with-screenshot.png
--- a/vars/createSecretText.groovy
+++ b/vars/createSecretText.groovy
@ -0,0 +1,7 @@
+#!/usr/bin/env groovy
+
+import hudson.util.Secret
+
+def call(String text) {
+    return Secret.fromString(text)
+}
--- a/vars/promptUserForEncryption.groovy
+++ b/vars/promptUserForEncryption.groovy
@ -0,0 +1,10 @@
+#!/usr/bin/env groovy
+
+def call() {
+    def s = input(message: 'Text',
+                       ok: 'Encrypt',
+               parameters: [password(defaultValue: '',
+                                      description: 'Text for encryption',
+                                             name: 'Plain text')])
+    echo "Use this encrypted value in your Jenkinsfile: ${s.encryptedValue}"
+}
--- a/vars/unsafeSecretAccess.groovy
+++ b/vars/unsafeSecretAccess.groovy
@ -0,0 +1,7 @@
+#!/usr/bin/env groovy
+
+import hudson.util.Secret
+
+def call(String cipherText) {
+    return Secret.decrypt(cipherText)
+}
--- a/vars/withSecrets.groovy
+++ b/vars/withSecrets.groovy
@ -0,0 +1,28 @@
+#!/usr/bin/env groovy
+import hudson.util.Secret
+
+def call(Map ciphers, Closure body) {
+    List<Map> cipherPairs = []
+    /* https://issues.jenkins-ci.org/browse/JENKINS-27392 */
+    List cipherEnv = []
+
+    body.resolveStrategy = Closure.DELEGATE_FIRST
+
+    ciphers.each { String key, String cipherText ->
+        String plainText = Secret.decrypt(cipherText).plainText
+        cipherEnv.add("${key}=${plainText}")
+        cipherPairs.add([var: key,
+                    password: plainText])
+    }
+
+    try {
+        wrap([$class: 'MaskPasswordsBuildWrapper',
+            varPasswordPairs: cipherPairs]) {
+            withEnv(cipherEnv) { body.call() }
+        }
+
+    }
+    catch (java.lang.IllegalArgumentException e) {
+        error 'Cannot use withSecret() without installing the Mask Passwords plugin'
+    }
+}