[JENKINS-69081] Track credential usage

[kozell]

JENKINS-69081 Track credential usage

Calling CredentialsProvider::trackAll to track credential usage, as requested in the ticket.

• Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
• Ensure that the pull request title represents the desired changelog entry
• Please describe what you did
• Link to relevant issues in GitHub or Jira
• Link to relevant pull requests, esp. upstream and downstream changes
• Ensure you have provided tests - that demonstrates feature works or fixes the issue

[MarkEWaite]

The change looks good to me. Credential use tracking is a nice feature and this makes it even more effective.

[MarkEWaite]

@kozell I wanted to test this pull request interactively. Unfortunately, I can't find any examples that use a credential in Pipeline.

I don't understand the instructions in the documentation that talk about a centrally configured credential or authentication. My attempts to configure one have failed.

Can you provide some more guidance how I could test credentials with http_request?

I've tried and the snippet generator never offers a credential ID

httpRequest httpMode: 'POST', url: 'https://github.com/MarkEWaite/tasks.git'

[MarkEWaite]

I believe that I have created a basic example that illustrates the technique. The script looks like this:

pipeline {
    options {
        skipDefaultCheckout()
    }
    environment {
        HTTP_RESPONSE = httpRequest httpMode: 'GET',
                                    consoleLogResponseBody: false,
                                    validResponseContent: 'https://github.com/MarkEWaite', 
                                    quiet: true,
                                    authentication: 'invalid-user-and-password',
                                    url: 'https://api.github.com/users/MarkEWaite'
        URL_SUFFIX = 'manage/credentials/store/system/domain/_/credential/invalid-user-and-password/'
    }
    agent none
    stages {
        stage('Track credentials') {
            steps {
                echo HTTP_RESPONSE
                echo 'Open ' + JENKINS_URL + URL_SUFFIX + ' to confirm this job is using the credential'
            }
        }
    }
}

[MarkEWaite]

The example worked. With the current release of http_request plugin, the use of the credential is not tracked. With the pre-release built from this pull request, I can see the credential was used by that job. This pull request is ready to merge and release.

It would be nice to include documentation and examples that show how to use a credential with the httpRequest Pipeline step, but that documentation could be done in a separate pull request. It does not need to block the merge and release of this improvement.

[MarkEWaite]

I've placed a verification helper into a repository that I use to check that various behaviors are unchanged. See the Jenkinsfile in the JENKINS-69081 branch for the example

[MarkEWaite]

I added an example to the README in 91c1b5a

[kozell]

Excellent, thank you for testing!

[MarkEWaite]

@kozell I've pushed a test that asserts the credential tracking is working as expected. I was able to borrow most of the implementation from the git plugin trackCredentials() test that is checking the same behavior for the git plugin.

The 2.249.1 Jenkins version that is used as the minimum version for the plugin has a null pointer exception that the test reports. The null pointer exception does not prevent the test from completing its assigned tasks, but the message is distracting.

When the plugin updates its minimum Jenkins version to 2.332.4 or newer, it will need the addition of the java mail api plugin as a test dependency. The test passes with 2.346.3, 2.361.1, and 2.371.

I think this is ready to merge and release once the CI confirms the tests pass.

[kozell]

All right, now we just need someone who can merge :-)