How to get access to configs/credentials on a UnprotectedRootAction class

[Daniel Anechitoaie]

I have a class that exposes a Webhook and I'd like to check the validity of the token from the incoming request.

On a builder class I was able to retrieve the configs trough the getDescriptor() class.

How can I do this on a UnprotectedRootAction class?

[Daniel Beck]

Create a GlobalConfiguration annotated with @Extension and use ExtensionList.lookupSingleton to access it from your UnprotectedRootAction.

> --
> You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/98852273-3def-44d6-a82f-0284cd3d021b%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[Jesse Glick]

On Thu, Apr 4, 2019 at 6:52 AM Daniel Beck <m...@beckweb.net> wrote:
> Create a GlobalConfiguration

Easiest to start with

https://github.com/jenkinsci/archetypes#usage

even if you throw away the toy plugin afterwards.


I am not sure what kind of “credentials” you are referring to here. To
validate a token you would I guess want Jenkins to store some sort of
public key, or simply a token hash (you could use
`org.mindrot.jbcrypt.BCrypt`). If you do want to protect a public
key/hash a bit more, save it as a `Secret` rather than a `String`.

When we talk about “credentials” we usually refer specifically to

https://github.com/jenkinsci/credentials-plugin/blob/master/docs/README.adoc

which should not be necessary if Jenkins itself is not retaining
anything especially secret. An `IdCredentials.id` would imply that you
expect a secret value to potentially be used in multiple places or
even loaded from Vault or a Kubernetes `Secret`, which seems unlikely
in this case.

[Daniel Anechitoaie]

Perfect. The global-configuration archetype example was super helpful. I got it working. Thank you.

Yes, using a secret makes sense more than whole credentials here.

[Daniel Anechitoaie]

One weird thing is that the settings get lost after Jenkins restart. Any idea what's going on?

package org.jenkinsci.plugins.osfbuildersuite.githubcheckruns.webhook;

import hudson.Extension;
import hudson.util.Secret;
import jenkins.model.GlobalConfiguration;
import org.kohsuke.stapler.DataBoundSetter;

@Extension
public class GitHubCheckRunConfiguration extends GlobalConfiguration {
    private Secret webhookSecret;

    public static GitHubCheckRunConfiguration get() {
        return GlobalConfiguration.all().get(GitHubCheckRunConfiguration.class);
    }

    @SuppressWarnings("unused")
    public GitHubCheckRunConfiguration() {
        load();
    }

    @SuppressWarnings("unused")
    public Secret getWebhookSecret() {
        return webhookSecret;
    }

    @SuppressWarnings("unused")
    @DataBoundSetter
    public void setWebhookSecret(Secret webhookSecret) {
        this.webhookSecret = webhookSecret;
    }
}

[Daniel Anechitoaie]

Found the issue. I forgot to implement the configure method.

[Jesse Glick]

On Fri, Apr 5, 2019 at 6:25 AM Daniel Anechitoaie <danie...@gmail.com> wrote:
> I forgot to implement the configure method.

You should not need such a method. You just forgot to call `save()`
from your setter. See the archetype.

[Daniel Anechitoaie]

Hah, yah.. makes sense.

I generated the getter and setter from IntelliJ (Command + N) and somehow missed the "save()";

I removed the configure method and added save() in the setter.

Thank you.