[JENKINS-62820] Ability to hide credential usage in job output

README.adoc

@@ -166,6 +166,11 @@ Show the entire commit summary in changes::
   With the release of git plugin 4.0, the default was changed to show the complete change summary.
   Administrators that want to restore the old behavior may disable this setting.
 
+[[hide-credentials]]
+Hide credential usage in job output::
+
+  If checked the output will not show the credential identifier used to clone a repository.
+
 [#repository-browser]
 === Repository Browser
 

src/main/java/hudson/plugins/git/GitSCM.java

@@ -438,6 +438,11 @@ public boolean isUseExistingAccountWithSameEmail() {
         return (gitDescriptor != null && gitDescriptor.isUseExistingAccountWithSameEmail());
     }
 
+    public boolean isHideCredentials() {
+        DescriptorImpl gitDescriptor = getDescriptor();
+        return gitDescriptor != null && gitDescriptor.isHideCredentials();
+    }
+
     @Whitelisted
     public BuildChooser getBuildChooser() {
         BuildChooser bc;
@@ -860,12 +865,16 @@ public GitClient createClient(TaskListener listener, EnvVars environment, Run<?,
                 StandardUsernameCredentials credentials = CredentialsMatchers.firstOrNull(urlCredentials, idMatcher);
                 if (credentials != null) {
                     c.addCredentials(url, credentials);
-                    listener.getLogger().println(format("using credential %s", credentials.getId()));
+                    if(!isHideCredentials()) {
+                        listener.getLogger().println(format("using credential %s", credentials.getId()));
+                    }
                     if (project != null && project.getLastBuild() != null) {
                         CredentialsProvider.track(project.getLastBuild(), credentials);
                     }
                 } else {
-                    listener.getLogger().println(format("Warning: CredentialId \"%s\" could not be found.", ucCredentialsId));
+                    if(!isHideCredentials()) {
+                        listener.getLogger().println(format("Warning: CredentialId \"%s\" could not be found.", ucCredentialsId));
+                    }
                 }
             }
         }
@@ -1487,6 +1496,7 @@ public static final class DescriptorImpl extends SCMDescriptor<GitSCM> {
         private boolean useExistingAccountWithSameEmail;
 //        private GitClientType defaultClientType = GitClientType.GITCLI;
         private boolean showEntireCommitSummaryInChanges;
+        private boolean hideCredentials;
 
         public DescriptorImpl() {
             super(GitSCM.class, GitRepositoryBrowser.class);
@@ -1514,6 +1524,12 @@ public boolean isShowEntireCommitSummaryInChanges() {
             return showEntireCommitSummaryInChanges;
         }
 
+        public boolean isHideCredentials() { return hideCredentials; }
+
+        public void setHideCredentials(boolean hideCredentials) {
+            this.hideCredentials = hideCredentials;
+        }
+
         public void setShowEntireCommitSummaryInChanges(boolean showEntireCommitSummaryInChanges) {
             this.showEntireCommitSummaryInChanges = showEntireCommitSummaryInChanges;
         }

src/main/resources/hudson/plugins/git/GitSCM/global.jelly

@@ -16,6 +16,9 @@
     <f:entry field="showEntireCommitSummaryInChanges">
       <f:checkbox title="${%Show the entire commit summary in changes}" name="showEntireCommitSummaryInChanges" checked="${descriptor.showEntireCommitSummaryInChanges}"/>
     </f:entry>
+    <f:entry field="hideCredentials">
+      <f:checkbox title="${%Hide credential usage in job output}" name="hideCredentials" checked="${descriptor.hideCredentials}"/>
+    </f:entry>
     <!--
     <f:entry title="${%Default git client implementation}" field="defaultClientType">
         <select>
@@ -26,4 +29,3 @@
     -->
   </f:section>
 </j:jelly>
-

src/test/java/hudson/plugins/git/GitSCMTest.java

@@ -1455,6 +1455,37 @@ public String apply(User u)
         }
     }
 
+    @Test
+    public void testHideCredentials() throws Exception {
+        FreeStyleProject project = setupSimpleProject("master");
+        store.addCredentials(Domain.global(), createCredential(CredentialsScope.GLOBAL, "github"));
+        // setup global config
+        List<UserRemoteConfig> remoteConfigs = GitSCM.createRepoList("https://github.com/jenkinsci/git-plugin", "github");
+        project.setScm(new GitSCM(remoteConfigs,
+                Collections.singletonList(new BranchSpec("master")), false, null, null, null, null));
+
+        GitSCM scm = (GitSCM) project.getScm();
+        final DescriptorImpl descriptor = (DescriptorImpl) scm.getDescriptor();
+        assertFalse("Wrong initial value for hide credentials", scm.isHideCredentials());
+        descriptor.setHideCredentials(true);
+        assertTrue("Hide credentials not set", scm.isHideCredentials());
+
+
+        descriptor.setHideCredentials(false);
+        final String commitFile1 = "commitFile1";
+        commit(commitFile1, johnDoe, "Commit number 1");
+        build(project, Result.SUCCESS);
+        List<String> logLines = project.getLastBuild().getLog(100);
+        assertThat(logLines, hasItem("using credential github"));
+
+        descriptor.setHideCredentials(true);
+        build(project, Result.SUCCESS);
+        logLines = project.getLastBuild().getLog(100);
+        assertThat(logLines, not(hasItem("using credential github")));
+
+    }
+
+
     @Test
     public void testEmailCommitter() throws Exception {
         FreeStyleProject project = setupSimpleProject("master");
@@ -2932,4 +2963,8 @@ private boolean cleanupIsUnreliable() {
     private boolean isWindows() {
         return java.io.File.pathSeparatorChar==';';
     }
+
+    private StandardCredentials createCredential(CredentialsScope scope, String id) {
+        return new UsernamePasswordCredentialsImpl(scope, id, "desc: " + id, "username", "password");
+    }
 }