Avoid persisting intermediate job state with publisher config.

https://issues.jenkins-ci.org/browse/SECURITY-825

Author: Jmcfar

src/main/java/com/amazonaws/codedeploy/AWSCodeDeployPublisher.java

@@ -107,8 +107,6 @@ public class AWSCodeDeployPublisher extends Publisher implements SimpleBuildStep
     private final String deploymentMethod;
     private final String versionFileName;
 
-    private PrintStream logger;
-    private Map <String, String> envVars;
     // Fields in config.jelly must match the parameter names in the "DataBoundConstructor"
     @DataBoundConstructor
     public AWSCodeDeployPublisher(
@@ -184,8 +182,8 @@ public AWSCodeDeployPublisher(
 
     @Override
     public void perform(@Nonnull Run<?,?> build, @Nonnull FilePath workspace, @Nonnull Launcher launcher, @Nonnull TaskListener listener) throws IOException, InterruptedException {
-        this.logger = listener.getLogger();
-        envVars = build.getEnvironment(listener);
+        final PrintStream logger = listener.getLogger();
+        final Map<String, String> envVars = build.getEnvironment(listener);
         final boolean buildFailed = build.getResult() == Result.FAILURE;
         if (buildFailed) {
             logger.println("Skipping CodeDeploy publisher as build failed");
@@ -220,39 +218,39 @@ public void perform(@Nonnull Run<?,?> build, @Nonnull FilePath workspace, @Nonnu
 
         try {
 
-            verifyCodeDeployApplication(aws);
+            verifyCodeDeployApplication(aws, envVars);
 
             final String projectName = build.getDisplayName();
             if (workspace == null) {
                 throw new IllegalArgumentException("No workspace present for the build.");
             }
-            final FilePath sourceDirectory = getSourceDirectory(workspace);
-            final RevisionLocation revisionLocation = zipAndUpload(aws, projectName, sourceDirectory);
+            final FilePath sourceDirectory = getSourceDirectory(workspace, envVars);
+            final RevisionLocation revisionLocation = zipAndUpload(aws, projectName, sourceDirectory, logger, envVars);
 
-            registerRevision(aws, revisionLocation);
+            registerRevision(aws, revisionLocation, logger, envVars);
             if ("onlyRevision".equals(deploymentMethod)){
               success = true;
             } else {
 
-              String deploymentId = createDeployment(aws, revisionLocation);
+              String deploymentId = createDeployment(aws, revisionLocation, logger, envVars);
 
-              success = waitForDeployment(aws, deploymentId);
+              success = waitForDeployment(aws, deploymentId, logger);
             }
 
         } catch (Exception e) {
 
-            this.logger.println("Failed CodeDeploy post-build step; exception follows.");
-            this.logger.println(e.getMessage());
-            e.printStackTrace(this.logger);
+            logger.println("Failed CodeDeploy post-build step; exception follows.");
+            logger.println(e.getMessage());
+            e.printStackTrace(logger);
         }
 
         if (!success) {
             throw new AbortException();
         }
     }
 
-    private FilePath getSourceDirectory(FilePath basePath) throws IOException, InterruptedException {
-        String subdirectory = StringUtils.trimToEmpty(getSubdirectoryFromEnv());
+    private FilePath getSourceDirectory(FilePath basePath, Map<String, String> envVars) throws IOException, InterruptedException {
+        String subdirectory = StringUtils.trimToEmpty(getSubdirectoryFromEnv(envVars));
         if (!subdirectory.isEmpty() && !subdirectory.startsWith("/")) {
             subdirectory = "/" + subdirectory;
         }
@@ -275,11 +273,11 @@ private boolean isSubDirectory(FilePath parent, FilePath child) {
         return false;
     }
 
-    private void verifyCodeDeployApplication(AWSClients aws) throws IllegalArgumentException {
+    private void verifyCodeDeployApplication(AWSClients aws, Map<String, String> envVars) throws IllegalArgumentException {
         // Check that the application exists
         ListApplicationsResult applications = aws.codedeploy.listApplications();
-        String applicationName = getApplicationNameFromEnv();
-        String deploymentGroupName = getDeploymentGroupNameFromEnv();
+        String applicationName = getApplicationNameFromEnv(envVars);
+        String deploymentGroupName = getDeploymentGroupNameFromEnv(envVars);
 
         if (!applications.getApplications().contains(applicationName)) {
             throw new IllegalArgumentException("Cannot find application named '" + applicationName + "'");
@@ -296,7 +294,7 @@ private void verifyCodeDeployApplication(AWSClients aws) throws IllegalArgumentE
         }
     }
 
-    private RevisionLocation zipAndUpload(AWSClients aws, String projectName, FilePath sourceDirectory) throws IOException, InterruptedException, IllegalArgumentException {
+    private RevisionLocation zipAndUpload(AWSClients aws, String projectName, FilePath sourceDirectory, PrintStream logger, Map<String, String> envVars) throws IOException, InterruptedException, IllegalArgumentException {
 
         File zipFile = null;
         File versionFile;
@@ -329,9 +327,9 @@ private RevisionLocation zipAndUpload(AWSClients aws, String projectName, FilePa
         String key;
         File appspec;
         File dest;
-        String deploymentGroupName = getDeploymentGroupNameFromEnv();
-        String prefix = getS3PrefixFromEnv();
-        String bucket = getS3BucketFromEnv();
+        String deploymentGroupName = getDeploymentGroupNameFromEnv(envVars);
+        String prefix = getS3PrefixFromEnv(envVars);
+        String bucket = getS3BucketFromEnv(envVars);
 
         if(bucket.indexOf("/") > 0){
             throw new IllegalArgumentException("S3 Bucket field cannot contain any subdirectories.  Bucket name only!");
@@ -395,10 +393,10 @@ private RevisionLocation zipAndUpload(AWSClients aws, String projectName, FilePa
         }
     }
 
-    private void registerRevision(AWSClients aws, RevisionLocation revisionLocation) {
+    private void registerRevision(AWSClients aws, RevisionLocation revisionLocation, PrintStream logger, Map<String, String> envVars) {
 
-        String applicationName = getApplicationNameFromEnv();
-        this.logger.println("Registering revision for application '" + applicationName + "'");
+        String applicationName = getApplicationNameFromEnv(envVars);
+        logger.println("Registering revision for application '" + applicationName + "'");
 
         aws.codedeploy.registerApplicationRevision(
                 new RegisterApplicationRevisionRequest()
@@ -408,23 +406,23 @@ private void registerRevision(AWSClients aws, RevisionLocation revisionLocation)
         );
     }
 
-    private String createDeployment(AWSClients aws, RevisionLocation revisionLocation) throws Exception {
+    private String createDeployment(AWSClients aws, RevisionLocation revisionLocation, PrintStream logger, Map<String, String> envVars) throws Exception {
 
-        this.logger.println("Creating deployment with revision at " + revisionLocation);
+        logger.println("Creating deployment with revision at " + revisionLocation);
 
         CreateDeploymentResult createDeploymentResult = aws.codedeploy.createDeployment(
                 new CreateDeploymentRequest()
-                        .withDeploymentConfigName(getDeploymentConfigFromEnv())
-                        .withDeploymentGroupName(getDeploymentGroupNameFromEnv())
-                        .withApplicationName(getApplicationNameFromEnv())
+                        .withDeploymentConfigName(getDeploymentConfigFromEnv(envVars))
+                        .withDeploymentGroupName(getDeploymentGroupNameFromEnv(envVars))
+                        .withApplicationName(getApplicationNameFromEnv(envVars))
                         .withRevision(revisionLocation)
                         .withDescription("Deployment created by Jenkins")
         );
 
         return createDeploymentResult.getDeploymentId();
     }
 
-    private boolean waitForDeployment(AWSClients aws, String deploymentId) throws InterruptedException {
+    private boolean waitForDeployment(AWSClients aws, String deploymentId, PrintStream logger) throws InterruptedException {
 
         if (!this.waitForCompletion) {
             return true;
@@ -460,7 +458,7 @@ private boolean waitForDeployment(AWSClients aws, String deploymentId) throws In
             Date now = new Date();
 
             if (now.getTime() - startTimeMillis >= pollingTimeoutMillis) {
-                this.logger.println("Exceeded maximum polling time of " + pollingTimeoutMillis + " milliseconds.");
+                logger.println("Exceeded maximum polling time of " + pollingTimeoutMillis + " milliseconds.");
                 success = false;
                 break;
             }
@@ -471,7 +469,7 @@ private boolean waitForDeployment(AWSClients aws, String deploymentId) throws In
         logger.println("Deployment status: " + deployStatus.getStatus() + "; instances: " + deployStatus.getDeploymentOverview());
 
         if (!deployStatus.getStatus().equals(DeploymentStatus.Succeeded.toString())) {
-            this.logger.println("Deployment did not succeed. Final status: " + deployStatus.getStatus());
+            logger.println("Deployment did not succeed. Final status: " + deployStatus.getStatus());
             success = false;
         }
 
@@ -726,27 +724,27 @@ public int getProxyPort() {
         return proxyPort;
     }
 
-    public String getApplicationNameFromEnv() {
+    public String getApplicationNameFromEnv(final Map<String, String> envVars) {
         return Util.replaceMacro(this.applicationName, envVars);
     }
 
-    public String getDeploymentGroupNameFromEnv() {
+    public String getDeploymentGroupNameFromEnv(final Map<String, String> envVars) {
         return Util.replaceMacro(this.deploymentGroupName, envVars);
     }
 
-    public String getDeploymentConfigFromEnv() {
+    public String getDeploymentConfigFromEnv(final Map<String, String> envVars) {
         return Util.replaceMacro(this.deploymentConfig, envVars);
     }
 
-    public String getS3BucketFromEnv() {
+    public String getS3BucketFromEnv(final Map<String, String> envVars) {
         return Util.replaceMacro(this.s3bucket, envVars);
     }
 
-    public String getS3PrefixFromEnv() {
+    public String getS3PrefixFromEnv(Map<String, String> envVars) {
         return Util.replaceMacro(this.s3prefix, envVars);
     }
 
-    public String getSubdirectoryFromEnv() {
+    public String getSubdirectoryFromEnv(Map<String, String> envVars) {
         return Util.replaceMacro(this.subdirectory, envVars);
     }
 }