jenkinsci
diff --git a/Diff for: ‎.gitignore
+9 b/Diff for: ‎.gitignore
+9
diff --git a/Diff for: ‎LICENSE
+21 b/Diff for: ‎LICENSE
+21
diff --git a/Diff for: ‎README.md
+4 b/Diff for: ‎README.md
+4
diff --git a/Diff for: ‎pom.xml
+92 b/Diff for: ‎pom.xml
+92
diff --git a/Diff for: ‎src/main/java/com/datapipe/jenkins/vault/VaultBuildWrapper.java
+247 b/Diff for: ‎src/main/java/com/datapipe/jenkins/vault/VaultBuildWrapper.java
+247
@@ -0,0 +1,9 @@
+.idea/
+*.iml
+target/
+work/
+.classpath
+.project
+.settings/
+*.sublime*
+tmp/
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Datapipe, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
@@ -0,0 +1,4 @@
+# jenkins-vault-plugin
+
+## TODO: Write documentation
+
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <parent>
+    <groupId>org.jenkins-ci.plugins</groupId>
+    <artifactId>plugin</artifactId>
+    <version>2.3</version>
+    <relativePath/>
+  </parent>
+  <groupId>com.datapipe.jenkins.plugins</groupId>
+  <artifactId>vault</artifactId>
+  <version>1.0-SNAPSHOT</version>
+  <packaging>hpi</packaging>
+
+  <properties>
+    <!-- Baseline Jenkins version you use to build the plugin. Users must have this version or newer to run. -->
+    <jenkins.version>1.625.3</jenkins.version>
+    <!-- Java Level to use. Java 7 required when using core >= 1.612 -->
+    <java.level>7</java.level>
+    <!-- Jenkins Test Harness version you use to test the plugin. -->
+    <!-- For Jenkins version >= 1.580.1 use JTH 2.x or higher. -->
+    <jenkins-test-harness.version>2.1</jenkins-test-harness.version>
+    <!-- Other properties you may want to use:
+         ~ hpi-plugin.version: The HPI Maven Plugin version used by the plugin..
+         ~ stapler-plugin.version: The Stapler Maven plugin version required by the plugin.
+    -->
+  </properties>
+
+  <name>vault</name>
+  <description>Build Wrapper for reading secrets in a HashiCorp Vault</description>
+  <url>https://github.datapipe.net/datapipe/jenkins-vault-plugin</url>
+
+  <!-- The default licence for Jenkins OSS Plugins is MIT. Substitute for the applicable one if needed. -->
+
+  <licenses>
+    <license>
+      <name>MIT License</name>
+      <url>http://opensource.org/licenses/MIT</url>
+    </license>
+  </licenses>
+
+  <!-- If you want this to appear on the wiki page:
+  <developers>
+    <developer>
+      <id>ptierno</id>
+      <name>Peter A. Tierno</name>
+      <email>[email protected]</email>
+    </developer>
+  </developers>
+  -->
+  <!-- Assuming you want to host on @jenkinsci:
+  <scm>
+    <connection>scm:git:git://github.com/jenkinsci/${project.artifactId}-plugin.git</connection>
+    <developerConnection>scm:git:[email protected]:jenkinsci/${project.artifactId}-plugin.git</developerConnection>
+    <url>http://github.com/jenkinsci/${project.artifactId}-plugin</url>
+  </scm>
+   -->
+  <scm>
+    <connection>scm:git:</connection>
+    <developerConnection>scm:git:[email protected]/datapipe/jenkins-${project.artifactId}-plugin.git</developerConnection>
+    <url>http://github.datapipe.net/datapipe/jenkins-${project.artifactId}-plugin</url>
+  </scm>
+  <repositories>
+    <repository>
+      <id>repo.jenkins-ci.org</id>
+      <url>http://repo.jenkins-ci.org/public/</url>
+    </repository>
+  </repositories>
+  <pluginRepositories>
+    <pluginRepository>
+      <id>repo.jenkins-ci.org</id>
+      <url>http://repo.jenkins-ci.org/public/</url>
+    </pluginRepository>
+  </pluginRepositories>
+  <dependencies>
+    <!-- possibly adding this
+    <dependency>
+      <groupId>org.jenkins-ci.plugins</groupId>
+      <artifactId>credentials</artifactId>
+      <version>1.9.4</version>
+    </dependency>
+    -->
+    <dependency>
+      <groupId>com.bettercloud</groupId>
+      <artifactId>vault-java-driver</artifactId>
+      <version>1.1.0</version>
+    </dependency>
+  </dependencies>
+
+</project>
@@ -0,0 +1,247 @@
+/**
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2016 Datapipe, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.datapipe.jenkins.vault;
+
+import java.io.IOException;
+import java.io.PrintStream;
+import java.util.List;
+import javax.annotation.CheckForNull;
+
+import com.bettercloud.vault.Vault;
+import com.bettercloud.vault.VaultConfig;
+import com.bettercloud.vault.VaultException;
+
+import hudson.EnvVars;
+import hudson.Extension;
+import hudson.FilePath;
+import hudson.Launcher;
+import hudson.model.AbstractProject;
+import hudson.model.Descriptor;
+import hudson.model.Run;
+import hudson.model.TaskListener;
+import hudson.tasks.BuildWrapper;
+import jenkins.tasks.SimpleBuildWrapper;
+import hudson.util.Secret;
+
+import net.sf.json.JSONNull;
+import net.sf.json.JSONObject;
+
+import org.kohsuke.stapler.DataBoundConstructor;
+import org.kohsuke.stapler.DataBoundSetter;
+import org.kohsuke.stapler.StaplerRequest;
+
+/**
+ * Sample {@link BuildWrapper}.
+ *
+ * <p>
+ * When the user configures the project and enables this builder,
+ * {@link DescriptorImpl#newInstance(StaplerRequest)} is invoked and a new {@link VaultBuildWrapper}
+ * is created. The created instance is persisted to the project configuration XML by using XStream,
+ * so this allows you to use instance fields (like {@link #vaultUrl}) to remember the configuration.
+ * </p>
+ *
+ * <p>
+ * When a build is performed, the {@link #preCheckout(AbstractBuild, Launcher, BuildListener)}
+ * method will be invoked.
+ * </p>
+ *
+ * @author Peter Tierno {@literal <}ptierno{@literal @}datapipe.com{@literal >}
+ */
+public class VaultBuildWrapper extends SimpleBuildWrapper {
+
+  private String vaultUrl;
+  private Secret authToken;
+  private List<VaultSecret> vaultSecrets;
+
+  // Possibly add these later
+  // private final int openTimeout;
+  // private final int readTimeout;
+
+  // Fields in config.jelly must match the parameter names in the "DataBoundConstructor"
+  @DataBoundConstructor
+  public VaultBuildWrapper(@CheckForNull List<VaultSecret> vaultSecrets) {
+    this.vaultSecrets = vaultSecrets;
+
+    // Defaults to null to allow using global configuration
+    this.vaultUrl = null;
+    this.authToken = null;
+  }
+
+  @DataBoundSetter
+  public void setVaultUrl(String vaultUrl) {
+    this.vaultUrl = vaultUrl;
+  }
+
+  public String getVaultUrl() {
+    return this.vaultUrl;
+  }
+
+  @DataBoundSetter
+  public void setAuthToken(String authToken) {
+    this.authToken = Secret.fromString(authToken);
+  }
+
+  public Secret getAuthToken() {
+    return this.authToken;
+  }
+
+  public List<VaultSecret> getVaultSecrets() {
+    return this.vaultSecrets;
+  }
+
+  private String getUrl() {
+    if (this.vaultUrl == null || this.vaultUrl.isEmpty()) {
+      return getDescriptor().getVaultUrl();
+    }
+    return this.vaultUrl;
+  }
+
+  private Secret getToken() {
+    if (this.authToken == null || Secret.toString(this.authToken).isEmpty()) {
+      return getDescriptor().getAuthToken();
+    }
+    return this.authToken;
+  }
+
+  // Overridden for better type safety.
+  // If your plugin doesn't really define any property on Descriptor
+  // you don't have to do this.
+  @Override
+  public DescriptorImpl getDescriptor() {
+    return (DescriptorImpl) super.getDescriptor();
+  }
+
+  @Override
+  public void setUp(Context context, Run<?, ?> build, FilePath workspace,
+      Launcher launcher, TaskListener listener, EnvVars initialEnvironment)
+      throws IOException, InterruptedException {
+    // This is where you 'build' the project.
+    PrintStream logger = listener.getLogger();
+
+    String url = getUrl();
+    String token = Secret.toString(getToken());
+
+    for (VaultSecret vaultSecret : vaultSecrets) {
+      try {
+        VaultConfig vaultConfig = new VaultConfig(url, token).build();
+
+        Vault vault = new Vault(vaultConfig);
+
+        String value = vault.logical().read(vaultSecret.getPath()).getData()
+            .get(vaultSecret.getSecret());
+
+        context.env(vaultSecret.getEnvVar(), value);
+
+      } catch (VaultException e) {
+        e.printStackTrace(logger);
+        throw new InterruptedException(e.getMessage());
+      }
+    }
+  }
+
+  /**
+   * Descriptor for {@link VaultBuildWrapper}. Used as a singleton. The class is marked as public so
+   * that it can be accessed from views.
+   * 
+   * <p>
+   * See <tt>src/main/resources/com/datapipe/jenkins/vault/VaultBuildWrapper/*.jelly</tt> for the
+   * actual HTML fragment for the configuration screen.
+   */
+  @Extension // This indicates to Jenkins that this is an implementation of an extension point.
+  public static final class DescriptorImpl extends Descriptor<BuildWrapper> {
+
+    /**
+     * To persist global configuration information, simply store it in a field and call save().
+     * 
+     * <p>
+     * If you don't want fields to be persisted, use <tt>transient</tt>.
+     */
+    private String vaultUrl;
+    private Secret authToken;
+
+    /**
+     * In order to load the persisted global configuration, you have to call load() in the
+     * constructor.
+     */
+    public DescriptorImpl() {
+      super(VaultBuildWrapper.class);
+      load();
+    }
+
+    public boolean isApplicable(AbstractProject<?, ?> item) {
+      // Indicates that this builder can be used with all kinds of project types
+      return true;
+    }
+
+    /**
+     * This human readable name is used in the configuration screen.
+     */
+    @Override
+    public String getDisplayName() {
+      return "Vault Plugin";
+    }
+
+    @Override
+    public boolean configure(StaplerRequest req, JSONObject formData)
+        throws FormException {
+      // To persist global configuration information,
+      // set that to properties and call save().
+      Object vaultUrl = formData.getString("vaultUrl");
+      Object authToken = formData.getString("authToken");
+
+      if (!JSONNull.getInstance().equals(vaultUrl)) {
+        this.vaultUrl = (String) vaultUrl;
+      } else {
+        this.vaultUrl = null;
+      }
+
+      if (!JSONNull.getInstance().equals(authToken)) {
+        this.authToken = Secret.fromString((String) authToken);
+      } else {
+        this.authToken = null;
+      }
+
+      save();
+      return super.configure(req, formData);
+    }
+
+    public String getVaultUrl() {
+      return this.vaultUrl;
+    }
+
+    public Secret getAuthToken() {
+      return this.authToken;
+    }
+
+    // Required by external plugins (according to Articfactory plugin)
+    public void setVaultUrl(String vaultUrl) {
+      this.vaultUrl = vaultUrl;
+    }
+
+    public void setAuthToken(String authToken) {
+      this.authToken = Secret.fromString(authToken);
+    }
+  }
+
+}