From bdfe90ed492ce8d02765363cf206d04d13acc9e6 Mon Sep 17 00:00:00 2001
From: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
Date: Fri, 23 Oct 2020 13:57:22 +0200
Subject: [PATCH] feat(hadolint): enable authentication when fetching config
 file (#2225)

* use httpRequest to fetch config file

* set default

* provide authentication for config url

* adjust test case
---
 test/groovy/HadolintExecuteTest.groovy | 10 ++++++++--
 vars/hadolintExecute.groovy            | 11 ++++++++++-
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/test/groovy/HadolintExecuteTest.groovy b/test/groovy/HadolintExecuteTest.groovy
index 37bdfc4c7..67b063bfe 100644
--- a/test/groovy/HadolintExecuteTest.groovy
+++ b/test/groovy/HadolintExecuteTest.groovy
@@ -12,6 +12,7 @@ import util.JenkinsLoggingRule
 import util.JenkinsReadYamlRule
 import util.JenkinsShellCallRule
 import util.JenkinsStepRule
+import util.JenkinsWriteFileRule
 import util.Rules
 
 import static org.junit.Assert.assertThat
@@ -27,6 +28,7 @@ class HadolintExecuteTest extends BasePiperTest {
     private JenkinsStepRule stepRule = new JenkinsStepRule(this)
     private JenkinsReadYamlRule yamlRule = new JenkinsReadYamlRule(this)
     private JenkinsLoggingRule loggingRule = new JenkinsLoggingRule(this)
+    private JenkinsWriteFileRule writeFileRule = new JenkinsWriteFileRule(this)
 
     @Rule
     public RuleChain ruleChain = Rules
@@ -37,6 +39,7 @@ class HadolintExecuteTest extends BasePiperTest {
         .around(shellRule)
         .around(stepRule)
         .around(loggingRule)
+        .around(writeFileRule)
 
     @Before
     void init() {
@@ -45,6 +48,9 @@ class HadolintExecuteTest extends BasePiperTest {
         helper.registerAllowedMethod 'checkStyle', [Map], { m -> assertThat(m.pattern, is('hadolint.xml')); return 'checkstyle' }
         helper.registerAllowedMethod 'recordIssues', [Map], { m -> assertThat(m.tools, hasItem('checkstyle')) }
         helper.registerAllowedMethod 'archiveArtifacts', [String], { String p -> assertThat('hadolint.xml', is(p)) }
+        helper.registerAllowedMethod('httpRequest', [Map.class] , {
+            return [content: "empty", status: 200]
+        })
         Utils.metaClass.echo = { def m -> }
     }
 
@@ -55,15 +61,15 @@ class HadolintExecuteTest extends BasePiperTest {
 
     @Test
     void testHadolintExecute() {
-        stepRule.step.hadolintExecute(script: nullScript, juStabUtils: utils, dockerImage: 'hadolint/hadolint:latest-debian', configurationUrl: 'https://github.com/raw/SGS/Hadolint-Dockerfile/master/.hadolint.yaml')
+        stepRule.step.hadolintExecute(script: nullScript, juStabUtils: utils, dockerImage: 'hadolint/hadolint:latest-debian', configurationUrl: 'https://github.com/raw/SAP/jenkins-library/master/.hadolint.yaml')
         assertThat(dockerExecuteRule.dockerParams.dockerImage, is('hadolint/hadolint:latest-debian'))
         assertThat(loggingRule.log, containsString("Unstash content: buildDescriptor"))
         assertThat(shellRule.shell,
             hasItems(
-                "curl --fail --location --output .hadolint.yaml https://github.com/raw/SGS/Hadolint-Dockerfile/master/.hadolint.yaml",
                 "hadolint ./Dockerfile --config .hadolint.yaml --format checkstyle > hadolint.xml"
             )
         )
+        assertThat(writeFileRule.files['.hadolint.yaml'], is('empty'))
     }
 
     @Test
diff --git a/vars/hadolintExecute.groovy b/vars/hadolintExecute.groovy
index 40327f921..21336a5c1 100644
--- a/vars/hadolintExecute.groovy
+++ b/vars/hadolintExecute.groovy
@@ -24,6 +24,10 @@ import groovy.transform.Field
      * URL pointing to the .hadolint.yaml exclude configuration to be used for linting. Also have a look at `configurationFile` which could avoid central configuration download in case the file is part of your repository.
      */
     'configurationUrl',
+    /**
+     * If the url provided as configurationUrl is protected, this Jenkins credential can be used to authenticate the request.
+     */
+    'configurationCredentialsId',
     /**
      * Docker options to be set when starting the container.
      */
@@ -75,7 +79,7 @@ void call(Map parameters = [:]) {
         }
 
         if(!fileExists(configuration.configurationFile) && configuration.configurationUrl) {
-            sh "curl --fail --location --output ${configuration.configurationFile} ${configuration.configurationUrl}"
+            downloadFile(configuration.configurationUrl, configuration.configurationFile, configuration.configurationCredentialsId)
             if(existingStashes) {
                 def stashName = 'hadolintConfiguration'
                 stash name: stashName, includes: configuration.configurationFile
@@ -120,3 +124,8 @@ void call(Map parameters = [:]) {
         }
     }
 }
+
+void downloadFile(url, target, authentication = null){
+        def response = httpRequest url: url, authentication: authentication, timeout: 20
+        writeFile text: response.content, file: target
+}