public interface CredentialStorePlugin extends ExecContextPlugin
Used by classes that need to pass credentials to external systems such as Jenkins.
Provides only read access to credentials. This interface is not meant to allow managing the credentials (adding, updating, removing) as it is not expected that callers within Dragom need to manage credentials. However, nothing prevents an implementation class to provide such facilities that a corresponding tool class can use. DefaultCredentialStoarePluginImpl from dragom-core does, and CredentialManagerTool from dragom-cli-tools is a CLI tool that allows the user to manage credentials.
If requested credentials do not exist, the implementation class can interact
with the user (through UserInteractionCallbackPlugin) to obtain the
missing credentials if UserInteractionCallbackPlugin.isBatchMode()
returns false.
This interface supports the concept of resource to which credentials are associated. The meaning of resources is not defined by this interface. But it is expected that resources be URL of external systems. It is the responsibility of the implementing class to implement the mapping logic between credentials and resources. Generally such mapping is not one to one since there may be multiple resources requiring the same credentials. In such cases, the implementation class can classify resources by realms and map credentials to realms. But this is purely an implementation detail.
Only password-type credentials are supported, or credentials that can be stored as a simple String.
| Modifier and Type | Interface and Description |
|---|---|
static class |
CredentialStorePlugin.Credentials
Holds credentials.
|
static interface |
CredentialStorePlugin.CredentialValidator
Validates credentials.
|
| Modifier and Type | Method and Description |
|---|---|
CredentialStorePlugin.Credentials |
getCredentials(String resource,
String user,
CredentialStorePlugin.CredentialValidator credentialValidator)
Returns the credentials for the specified resource and user.
|
boolean |
isCredentialsExist(String resource,
String user,
CredentialStorePlugin.CredentialValidator credentialValidator)
Indicates if the credentials are available for the specified resource and user.
|
void |
resetCredentials(String resource,
String user)
Resets the credentials for the specified resource and user.
|
boolean isCredentialsExist(String resource, String user, CredentialStorePlugin.CredentialValidator credentialValidator)
If user is null it means the caller does not know the user and expects the
CredentialStorePlugin to provide it or extract it from the resource. It is up
to the implementation to support extracting the user from the resource (e.g.,
https://<user>@<server>/...) and/or mapping default users to resources,
potentially interacting with the user to obtain that information.
If user is not null and the implementation supports extracting the user from the resource, it should validate that the user is the same as that specified by the resource, if any. If they do not match, an exception should be raised since if the caller specified the user it presumably comes from some configuration and is not designed to be overridden.
If there is no credentials stored for the specified resource and user, and the
implementation supports interacting with the user to obtain missing
credentials, this method should perform that interaction since although not
stored, credentials are conceptually available since they can be obtained from
the user. If true is returned, getCredentials(java.lang.String, java.lang.String, org.azyva.dragom.execcontext.plugin.CredentialStorePlugin.CredentialValidator) is expected to be called
next to get them which should not cause any interaction since already performed
by this method.
If credentialValidator is not null, the method should validate the credentials before returning them. This includes both the cases where the credentials are already available (since they may be invalid) and when the method interacts with the user to obtain them. It is appropriate for the implementation to optimize credential validation and not always validate them, if they have already been validated once during a tool execution for instance.
resource - Resource.user - User. Can be null (see above).credentialValidator - CredentialValidator. Can be null (see above).CredentialStorePlugin.Credentials getCredentials(String resource, String user, CredentialStorePlugin.CredentialValidator credentialValidator)
isCredentialsExist(java.lang.String, java.lang.String, org.azyva.dragom.execcontext.plugin.CredentialStorePlugin.CredentialValidator) should be used before calling this
method.
If user is null it means the caller does not know the user and expects the
CredentialStorePlugin to provide it or extract it from the resource. It is up
to the implementation to support extracting the user from the resource (e.g.,
https://<user>@<server>/...) and/or mapping default users to resources,
potentially interacting with the user to obtain that information.
If user is not null and the implementation supports extracting the user from the resource, it should validate that the user is the same as that specified by the resource, if any. If they do not match, an exception should be raised since if the caller specified the user it presumably comes from some configuration and is not designed to be overridden.
If there is no credentials stored for the specified resource and user, the implementation can interact with the user to obtain the missing credentials.
If credentialValidator is not null, the method should validate the credentials before returning them. This includes both the cases where the credentials are already available (since they may be invalid) and when the method interacts with the user to obtain them. It is appropriate for the implementation to optimize credential validation and not always validate them, if they have already been validated once during a tool execution for instance.
resource - Resource.user - User. Can be null (see above).credentialValidator - CredentialValidator. Can be null (see above).void resetCredentials(String resource, String user)
This method allows the caller to implement credential validation logic without
using CredentialStorePlugin.CredentialValidator. The caller would call
getCredentials(java.lang.String, java.lang.String, org.azyva.dragom.execcontext.plugin.CredentialStorePlugin.CredentialValidator) (which could cause interaction with the user) and
validate the obtained (non validated) credentials. If invalid, the caller would
call this method and loop.
If user is null it means the caller does not know the user and expects the
CredentialStorePlugin to provide it or extract it from the resource. It is up
to the implementation to support extracting the user from the resource (e.g.,
https://<user>@<server>/...) and/or mapping default users to resources.
If no user can be determined, the method should do nothing. It should not
attempt to interact with the user.
If user is not null and the implementation supports extracting the user from the resource, it should validate that the user is the same as that specified by the resource, if any. If they do not match, an exception should be raised since if the caller specified the user it presumably comes from some configuration and is not designed to be overridden.
resource - Resource.user - User. Can be null (see above).Copyright © 2015–2017 AZYVA INC.. All rights reserved.