jenkins_credentials: new module to manage Jenkins credentials (#10170)

* Added Jenkins credentials module to manage Jenkins credentials

* Added Jenkins credentials module to manage Jenkins credentials

* Added import error detection, adjusted indentation, and general enhancements.

* Added py3 requirement and set files value to avoid errors

* Added username to BOTMETA. Switched to format() instead of f strings to support py 2.7, improved delete function, and added function to read private key

* Remove redundant message

Co-authored-by: Felix Fontein <felix@fontein.de>

* Replaced requests with ansible.module_utils.urls, merged check domain and credential functions, and made minor adjustments to documentation

* Adjusted for py 2.7 compatibility

* Replaced command with state.

* Added managing credentials within a folder and made adjustments to documentation

* Added unit and integration tests, added token managament, and adjusted documentation.

* Added unit and integration tests, added token management, and adjusted documentation.(fix)

* Fix BOTMETA.yml

* Removed files and generate them at runtime.

* moved id and token checks to required_if

* Documentation changes, different test setup, and switched to Ansible testing tools

* Fixed typos

* Correct indentation.

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Felix Fontein <felix@fontein.de>

tests/integration/targets/jenkins_credential/README.md

@@ -0,0 +1,16 @@
+<!--
+Copyright (c) Ansible Project
+GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+SPDX-License-Identifier: GPL-3.0-or-later
+-->
+
+The integration test can be performed as follows:
+
+```
+# 1. Start docker-compose:
+docker-compose -f tests/integration/targets/jenkins_credential/docker-compose.yml down
+docker-compose -f tests/integration/targets/jenkins_credential/docker-compose.yml up -d
+
+# 2. Run the integration tests:
+ansible-test integration jenkins_credential --allow-unsupported -v
+```

tests/integration/targets/jenkins_credential/aliases

@@ -0,0 +1,5 @@
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+unsupported

tests/integration/targets/jenkins_credential/docker-compose.yml

@@ -0,0 +1,21 @@
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+version: "3.8"
+
+services:
+  jenkins:
+    image: bitnami/jenkins
+    container_name: jenkins-test
+    ports:
+      - "8080:8080"
+    environment:
+      JENKINS_USERNAME: "FishLegs"
+      JENKINS_PASSWORD: "MeatLug"
+      JENKINS_PLUGINS: "credentials,cloudbees-folder,plain-credentials,github-branch-source,github-api,scm-api,workflow-step-api"
+    healthcheck:
+      test: curl -s http://localhost:8080/login || exit 1
+      interval: 10s
+      timeout: 10s
+      retries: 10

tests/integration/targets/jenkins_credential/tasks/add.yml

@@ -0,0 +1,169 @@
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+- name: Add CUSTOM scope (run {{ run_number }})
+  community.general.jenkins_credential:
+    id: "CUSTOM"
+    type: "scope"
+    jenkins_user: "{{ jenkins_username }}"
+    token: "{{ token }}"
+    description: "Custom scope credential"
+    inc_path:
+      - "include/path"
+      - "include/path2"
+    exc_path:
+      - "exclude/path"
+      - "exclude/path2"
+    inc_hostname:
+      - "included-hostname"
+      - "included-hostname2"
+    exc_hostname:
+      - "excluded-hostname"
+      - "excluded-hostname2"
+    schemes:
+      - "http"
+      - "https"
+    inc_hostname_port:
+      - "included-hostname:7000"
+      - "included-hostname2:7000"
+    exc_hostname_port:
+      - "excluded-hostname:7000"
+      - "excluded-hostname2:7000"
+  register: custom_scope
+
+- name: Assert CUSTOM scope changed value
+  assert:
+    that:
+      - custom_scope.changed == (run_number == 1)
+    fail_msg: "CUSTOM scope changed status incorrect on run {{ run_number }}"
+    success_msg: "CUSTOM scope behaved correctly on run {{ run_number }}"
+
+- name: Add user_and_pass credential (run {{ run_number }})
+  community.general.jenkins_credential:
+    id: "userpass-id"
+    type: "user_and_pass"
+    jenkins_user: "{{ jenkins_username }}"
+    token: "{{ token }}"
+    description: "User and password credential"
+    username: "user1"
+    password: "pass1"
+  register: userpass_cred
+
+- name: Assert user_and_pass changed value
+  assert:
+    that:
+      - userpass_cred.changed == (run_number == 1)
+    fail_msg: "user_and_pass credential changed status incorrect on run {{ run_number }}"
+    success_msg: "user_and_pass credential behaved correctly on run {{ run_number }}"
+
+- name: Add file credential to custom scope (run {{ run_number }})
+  community.general.jenkins_credential:
+    id: "file-id"
+    type: "file"
+    jenkins_user: "{{ jenkins_username }}"
+    token: "{{ token }}"
+    scope: "CUSTOM"
+    description: "File credential"
+    file_path: "{{ output_dir }}/my-secret.pem"
+  register: file_cred
+
+- name: Assert file credential changed value
+  assert:
+    that:
+      - file_cred.changed == (run_number == 1)
+    fail_msg: "file credential changed status incorrect on run {{ run_number }}"
+    success_msg: "file credential behaved correctly on run {{ run_number }}"
+
+- name: Add text credential to folder (run {{ run_number }})
+  community.general.jenkins_credential:
+    id: "text-id"
+    type: "text"
+    jenkins_user: "{{ jenkins_username }}"
+    token: "{{ token }}"
+    description: "Text credential"
+    secret: "mysecrettext"
+    location: "folder"
+    url: "http://localhost:8080/job/test"
+  register: text_cred
+
+- name: Assert text credential changed value
+  assert:
+    that:
+      - text_cred.changed == (run_number == 1)
+    fail_msg: "text credential changed status incorrect on run {{ run_number }}"
+    success_msg: "text credential behaved correctly on run {{ run_number }}"
+
+- name: Add githubApp credential (run {{ run_number }})
+  community.general.jenkins_credential:
+    id: "githubapp-id"
+    type: "github_app"
+    jenkins_user: "{{ jenkins_username }}"
+    token: "{{ token }}"
+    description: "GitHub app credential"
+    appID: "12345"
+    private_key_path: "{{ output_dir }}/github.pem"
+    owner: "github_owner"
+  register: githubapp_cred
+
+- name: Assert githubApp credential changed value
+  assert:
+    that:
+      - githubapp_cred.changed == (run_number == 1)
+    fail_msg: "githubApp credential changed status incorrect on run {{ run_number }}"
+    success_msg: "githubApp credential behaved correctly on run {{ run_number }}"
+
+- name: Add sshKey credential (run {{ run_number }})
+  community.general.jenkins_credential:
+    id: "sshkey-id"
+    type: "ssh_key"
+    jenkins_user: "{{ jenkins_username }}"
+    token: "{{ token }}"
+    description: "SSH key credential"
+    username: "sshuser"
+    private_key_path: "{{ output_dir }}/ssh_key"
+    passphrase: 1234
+  register: sshkey_cred
+
+- name: Assert sshKey credential changed value
+  assert:
+    that:
+      - sshkey_cred.changed == (run_number == 1)
+    fail_msg: "sshKey credential changed status incorrect on run {{ run_number }}"
+    success_msg: "sshKey credential behaved correctly on run {{ run_number }}"
+
+- name: Add certificate (p12) credential (run {{ run_number }})
+  community.general.jenkins_credential:
+    id: "certificate-id"
+    type: "certificate"
+    jenkins_user: "{{ jenkins_username }}"
+    token: "{{ token }}"
+    description: "Certificate credential"
+    password: "12345678901234"
+    file_path: "{{ output_dir }}/certificate.p12"
+  register: cert_p12_cred
+
+- name: Assert certificate (p12) credential changed value
+  assert:
+    that:
+      - cert_p12_cred.changed == (run_number == 1)
+    fail_msg: "certificate (p12) credential changed status incorrect on run {{ run_number }}"
+    success_msg: "certificate (p12) credential behaved correctly on run {{ run_number }}"
+
+- name: Add certificate (pem) credential (run {{ run_number }})
+  community.general.jenkins_credential:
+    id: "certificate-id-pem"
+    type: "certificate"
+    jenkins_user: "{{ jenkins_username }}"
+    token: "{{ token }}"
+    description: "Certificate credential (pem)"
+    file_path: "{{ output_dir }}/cert.pem"
+    private_key_path: "{{ output_dir }}/private.key"
+  register: cert_pem_cred
+
+- name: Assert certificate (pem) credential changed value
+  assert:
+    that:
+      - cert_pem_cred.changed == (run_number == 1)
+    fail_msg: "certificate (pem) credential changed status incorrect on run {{ run_number }}"
+    success_msg: "certificate (pem) credential behaved correctly on run {{ run_number }}"

tests/integration/targets/jenkins_credential/tasks/del.yml

@@ -0,0 +1,128 @@
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+- name: Delete user_and_pass credential (run {{ run_number }})
+  community.general.jenkins_credential:
+    id: "userpass-id"
+    jenkins_user: "{{ jenkins_username }}"
+    token: "{{ token }}"
+    state: "absent"
+  register: userpass_cred
+
+- name: Assert user_and_pass changed value
+  assert:
+    that:
+      - userpass_cred.changed == (run_number == 1)
+    fail_msg: "user_and_pass credential changed status incorrect on run {{ run_number }}"
+    success_msg: "user_and_pass credential behaved correctly on run {{ run_number }}"
+
+- name: Delete file credential to custom scope (run {{ run_number }})
+  community.general.jenkins_credential:
+    id: "file-id"
+    jenkins_user: "{{ jenkins_username }}"
+    token: "{{ token }}"
+    scope: "CUSTOM"
+    state: "absent"
+  register: file_cred
+
+- name: Assert file credential changed value
+  assert:
+    that:
+      - file_cred.changed == (run_number == 1)
+    fail_msg: "file credential changed status incorrect on run {{ run_number }}"
+    success_msg: "file credential behaved correctly on run {{ run_number }}"
+
+- name: Delete CUSTOM scope credential (run {{ run_number}})
+  community.general.jenkins_credential:
+    id: "CUSTOM"
+    type: "scope"
+    jenkins_user: "{{ jenkins_username }}"
+    token: "{{ token }}"
+    state: "absent"
+  register: custom_scope
+
+- name: Assert CUSTOM scope changed value
+  assert:
+    that:
+      - custom_scope.changed == (run_number == 1)
+    fail_msg: "CUSTOM scope changed status incorrect on run {{ run_number }}"
+    success_msg: "CUSTOM scope behaved correctly on run {{ run_number }}"
+
+- name: Delete text credential to folder (run {{ run_number }})
+  community.general.jenkins_credential:
+    id: "text-id"
+    jenkins_user: "{{ jenkins_username }}"
+    token: "{{ token }}"
+    state: "absent"
+    location: "folder"
+    url: "http://localhost:8080/job/test"
+  register: text_cred
+
+- name: Assert text credential changed value
+  assert:
+    that:
+      - text_cred.changed == (run_number == 1)
+    fail_msg: "text credential changed status incorrect on run {{ run_number }}"
+    success_msg: "text credential behaved correctly on run {{ run_number }}"
+
+- name: Delete githubApp credential (run {{ run_number }})
+  community.general.jenkins_credential:
+    id: "githubapp-id"
+    jenkins_user: "{{ jenkins_username }}"
+    token: "{{ token }}"
+    state: "absent"
+  register: githubapp_cred
+
+- name: Assert githubApp credential changed value
+  assert:
+    that:
+      - githubapp_cred.changed == (run_number == 1)
+    fail_msg: "githubApp credential changed status incorrect on run {{ run_number }}"
+    success_msg: "githubApp credential behaved correctly on run {{ run_number }}"
+
+- name: Delete sshKey credential (run {{ run_number }})
+  community.general.jenkins_credential:
+    id: "sshkey-id"
+    jenkins_user: "{{ jenkins_username }}"
+    token: "{{ token }}"
+    description: "SSH key credential"
+    state: "absent"
+  register: sshkey_cred
+
+- name: Assert sshKey credential changed value
+  assert:
+    that:
+      - sshkey_cred.changed == (run_number == 1)
+    fail_msg: "sshKey credential changed status incorrect on run {{ run_number }}"
+    success_msg: "sshKey credential behaved correctly on run {{ run_number }}"
+
+- name: Delete certificate credential (p12) (run {{ run_number }})
+  community.general.jenkins_credential:
+    id: "certificate-id"
+    jenkins_user: "{{ jenkins_username }}"
+    token: "{{ token }}"
+    state: "absent"
+  register: cert_p12_cred
+
+- name: Assert certificate (p12) credential changed value
+  assert:
+    that:
+      - cert_p12_cred.changed == (run_number == 1)
+    fail_msg: "certificate (p12) credential changed status incorrect on run {{ run_number }}"
+    success_msg: "certificate (p12) credential behaved correctly on run {{ run_number }}"
+
+- name: Delete certificate credential (pem) (run {{ run_number }})
+  community.general.jenkins_credential:
+    id: "certificate-id-pem"
+    jenkins_user: "{{ jenkins_username }}"
+    token: "{{ token }}"
+    state: "absent"
+  register: cert_pem_cred
+
+- name: Assert certificate (pem) credential changed value
+  assert:
+    that:
+      - cert_pem_cred.changed == (run_number == 1)
+    fail_msg: "certificate (pem) credential changed status incorrect on run {{ run_number }}"
+    success_msg: "certificate (pem) credential behaved correctly on run {{ run_number }}"

tests/integration/targets/jenkins_credential/tasks/edit.yml

@@ -0,0 +1,192 @@
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+- name: Generate token
+  community.general.jenkins_credential:
+    id: "{{ tokenUuid}}"
+    name: "test-token-2"
+    jenkins_user: "{{ jenkins_username }}"
+    jenkins_password: "{{ jenkins_password }}"
+    type: "token"
+    force: yes
+  register: token_result
+
+- name: Set token in vars
+  set_fact:
+    token: "{{ token_result.token }}"
+    tokenUuid: "{{ token_result.token_uuid }}"
+
+- name: Edit CUSTOM scope credential
+  community.general.jenkins_credential:
+    id: "CUSTOM"
+    type: "scope"
+    jenkins_user: "{{ jenkins_username }}"
+    token: "{{ token }}"
+    description: "New custom scope credential"
+    inc_path:
+      - "new_include/path"
+      - "new_include/path2"
+    exc_path:
+      - "new_exclude/path"
+      - "new_exclude/path2"
+    inc_hostname:
+      - "new_included-hostname"
+      - "new_included-hostname2"
+    exc_hostname:
+      - "new_excluded-hostname"
+      - "new_excluded-hostname2"
+    schemes:
+      - "new_http"
+      - "new_https"
+    inc_hostname_port:
+      - "new_included-hostname:7000"
+      - "new_included-hostname2:7000"
+    exc_hostname_port:
+      - "new_excluded-hostname:7000"
+      - "new_excluded-hostname2:7000"
+    force: yes
+  register: custom_scope
+
+- name: Assert CUSTOM scope changed value
+  assert:
+    that:
+      - custom_scope.changed == true
+    fail_msg: "CUSTOM scope changed status when it shouldn't"
+    success_msg: "CUSTOM scope behaved correctly"
+
+- name: Edit user_and_pass credential
+  community.general.jenkins_credential:
+    id: "userpass-id"
+    type: "user_and_pass"
+    jenkins_user: "{{ jenkins_username }}"
+    token: "{{ token }}"
+    description: "new user and password credential"
+    username: "user2"
+    password: "pass2"
+    force: yes
+  register: userpass_cred
+
+- name: Assert user_and_pass changed value
+  assert:
+    that:
+      - userpass_cred.changed == true
+    fail_msg: "user_and_pass credential changed status incorrect"
+    success_msg: "user_and_pass credential behaved correctly"
+
+- name: Edit file credential to custom scope
+  community.general.jenkins_credential:
+    id: "file-id"
+    type: "file"
+    jenkins_user: "{{ jenkins_username }}"
+    token: "{{ token }}"
+    scope: "CUSTOM"
+    description: "New file credential"
+    file_path: "{{ output_dir }}/my-secret.pem"
+    force: yes
+  register: file_cred
+
+- name: Assert file credential changed value
+  assert:
+    that:
+      - file_cred.changed == true
+    fail_msg: "file credential changed status incorrect"
+    success_msg: "file credential behaved correctly"
+
+- name: Edit text credential to folder
+  community.general.jenkins_credential:
+    id: "text-id"
+    type: "text"
+    jenkins_user: "{{ jenkins_username }}"
+    token: "{{ token }}"
+    description: "New text credential"
+    secret: "mynewsecrettext"
+    location: "folder"
+    url: "http://localhost:8080/job/test"
+    force: yes
+  register: text_cred
+
+- name: Assert text credential changed value
+  assert:
+    that:
+      - text_cred.changed == true
+    fail_msg: "text credential changed status incorrect"
+    success_msg: "text credential behaved correctly"
+
+- name: Edit githubApp credential
+  community.general.jenkins_credential:
+    id: "githubapp-id"
+    type: "github_app"
+    jenkins_user: "{{ jenkins_username }}"
+    token: "{{ token }}"
+    description: "New GitHub app credential"
+    appID: "12345678"
+    private_key_path: "{{ output_dir }}/github.pem"
+    owner: "new_github_owner"
+    force: yes
+  register: githubapp_cred
+
+- name: Assert githubApp credential changed value
+  assert:
+    that:
+      - githubapp_cred.changed == true
+    fail_msg: "githubApp credential changed status incorrect"
+    success_msg: "githubApp credential behaved correctly"
+
+- name: Edit sshKey credential
+  community.general.jenkins_credential:
+    id: "sshkey-id"
+    type: "ssh_key"
+    jenkins_user: "{{ jenkins_username }}"
+    token: "{{ token }}"
+    description: "New SSH key credential"
+    username: "new_sshuser"
+    private_key_path: "{{ output_dir }}/ssh_key"
+    passphrase: 1234
+    force: yes
+  register: sshkey_cred
+
+- name: Assert sshKey credential changed value
+  assert:
+    that:
+      - sshkey_cred.changed == true
+    fail_msg: "sshKey credential changed status incorrect"
+    success_msg: "sshKey credential behaved correctly"
+
+- name: Edit certificate credential (p12)
+  community.general.jenkins_credential:
+    id: "certificate-id"
+    type: "certificate"
+    jenkins_user: "{{ jenkins_username }}"
+    token: "{{ token }}"
+    description: "New certificate credential"
+    password: "12345678901234"
+    file_path: "{{ output_dir }}/certificate.p12"
+    force: yes
+  register: cert_p12_cred
+
+- name: Assert certificate (p12) credential changed value
+  assert:
+    that:
+      - cert_p12_cred.changed == true
+    fail_msg: "certificate (p12) credential changed status incorrect"
+    success_msg: "certificate (p12) credential behaved correctly"
+
+- name: Edit certificate credential (pem)
+  community.general.jenkins_credential:
+    id: "certificate-id-pem"
+    type: "certificate"
+    jenkins_user: "{{ jenkins_username }}"
+    token: "{{ token }}"
+    description: "New certificate credential (pem)"
+    file_path: "{{ output_dir }}/cert.pem"
+    private_key_path: "{{ output_dir }}/private.key"
+    force: yes
+  register: cert_pem_cred
+
+- name: Assert certificate (pem) credential changed value
+  assert:
+    that:
+      - cert_pem_cred.changed == true
+    fail_msg: "certificate (pem) credential changed status incorrect"
+    success_msg: "certificate (pem) credential behaved correctly"

tests/integration/targets/jenkins_credential/tasks/main.yml

@@ -0,0 +1,79 @@
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+- name: Prepare the test environment
+  include_tasks: pre.yml
+  vars:
+    output_dir: "{{ playbook_dir }}/generated"
+
+- name: Generate token
+  community.general.jenkins_credential:
+    name: "test-token"
+    jenkins_user: "{{ jenkins_username }}"
+    jenkins_password: "{{ jenkins_password }}"
+    type: "token"
+  no_log: yes
+  register: token_result
+
+- name: Assert token and tokenUuid are returned
+  assert:
+    that:
+      - token_result.token is defined
+      - token_result.token_uuid is defined
+    fail_msg: "Token generation failed"
+    success_msg: "Token and tokenUuid successfully returned"
+
+- name: Set token facts
+  set_fact:
+    token: "{{ token_result.token }}"
+    tokenUuid: "{{ token_result.token_uuid }}"
+
+- name: Test adding new credentials and scopes
+  include_tasks: add.yml
+  vars:
+    run_number: 1
+    output_dir: "{{ playbook_dir }}/generated"
+
+- name: Test adding credentials and scopes when they already exist
+  include_tasks: add.yml
+  vars:
+    run_number: 2
+    output_dir: "{{ playbook_dir }}/generated"
+
+- name: Test editing credentials
+  include_tasks: edit.yml
+  vars:
+    output_dir: "{{ playbook_dir }}/generated"
+
+- name: Test deleting credentials and scopes
+  include_tasks: del.yml
+  vars:
+    run_number: 1
+
+- name: Test deleting credentials and scopes when they don't exist
+  include_tasks: del.yml
+  vars:
+    run_number: 2
+
+- name: Delete token
+  community.general.jenkins_credential:
+    id: "{{ tokenUuid }}"
+    name: "test-token-2"
+    jenkins_user: "{{ jenkins_username }}"
+    jenkins_password: "{{ jenkins_password }}"
+    state: "absent"
+    type: "token"
+  register: delete_token_result
+
+- name: Assert token deletion
+  assert:
+    that:
+      - delete_token_result.changed is true
+    fail_msg: "Token deletion failed"
+    success_msg: "Token successfully deleted"
+
+- name: Remove generated test files
+  ansible.builtin.file:
+    path: "{{ playbook_dir }}/generated"
+    state: absent

tests/integration/targets/jenkins_credential/tasks/pre.yml

@@ -0,0 +1,92 @@
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+- name: Include Jenkins user variables
+  include_vars: "{{ role_path }}/vars/credentials.yml"
+
+- name: Make sure Jenkins is ready
+  uri:
+    url: http://localhost:8080/login
+    status_code: 200
+    return_content: no
+    timeout: 30
+  register: result
+  retries: 10
+  delay: 5
+  until: result.status == 200
+
+- name: Get Jenkins crumb and save cookie
+  shell: |
+    curl -s -c cookies.txt -u FishLegs:MeatLug http://localhost:8080/crumbIssuer/api/json > crumb.json
+  args:
+    executable: /bin/bash
+
+- name: Read crumb value
+  set_fact:
+    crumb_data: "{{ lookup('file', 'crumb.json') | from_json }}"
+
+- name: Create Jenkins folder 'test'
+  shell: |
+    curl -b cookies.txt -u {{ jenkins_username }}:{{ jenkins_password }} \
+      -H "{{ crumb_data.crumbRequestField }}: {{ crumb_data.crumb }}" \
+      -H "Content-Type: application/xml" \
+      --data-binary @- http://localhost:8080/createItem?name=test <<EOF
+    <com.cloudbees.hudson.plugins.folder.Folder plugin="cloudbees-folder@6.15">
+      <description>Test Folder</description>
+      <properties/>
+    </com.cloudbees.hudson.plugins.folder.Folder>
+    EOF
+  args:
+    executable: /bin/bash
+
+- name: Create output directory
+  ansible.builtin.file:
+    path: "{{ output_dir }}"
+    state: directory
+    mode: "0755"
+
+- name: Generate private key
+  community.crypto.openssl_privatekey:
+    path: "{{ output_dir }}/private.key"
+    size: 2048
+    type: RSA
+
+- name: Generate CSR (certificate signing request)
+  community.crypto.openssl_csr:
+    path: "{{ output_dir }}/request.csr"
+    privatekey_path: "{{ output_dir }}/private.key"
+    common_name: "dummy.local"
+
+- name: Generate self-signed certificate
+  community.crypto.x509_certificate:
+    path: "{{ output_dir }}/cert.pem"
+    privatekey_path: "{{ output_dir }}/private.key"
+    csr_path: "{{ output_dir }}/request.csr"
+    provider: selfsigned
+
+- name: Create PKCS#12 (.p12) file
+  community.crypto.openssl_pkcs12:
+    path: "{{ output_dir }}/certificate.p12"
+    privatekey_path: "{{ output_dir }}/private.key"
+    certificate_path: "{{ output_dir }}/cert.pem"
+    friendly_name: "dummy-cert"
+    passphrase: "12345678901234"
+
+- name: Copy cert.pem to github.pem
+  ansible.builtin.copy:
+    src: "{{ output_dir }}/cert.pem"
+    dest: "{{ output_dir }}/github.pem"
+    remote_src: true
+
+- name: Copy private.key to my-secret.pem
+  ansible.builtin.copy:
+    src: "{{ output_dir }}/private.key"
+    dest: "{{ output_dir }}/my-secret.pem"
+    remote_src: true
+
+- name: Generate dummy SSH key
+  community.crypto.openssh_keypair:
+    path: "{{ output_dir }}/ssh_key"
+    type: rsa
+    size: 2048

tests/integration/targets/jenkins_credential/vars/credentials.yml

@@ -0,0 +1,6 @@
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+jenkins_username: FishLegs
+jenkins_password: MeatLug