support KUBECONFIG from secretFile credentials

jenkinsci · Mar 17, 2018 · 0db5e2b · 0db5e2b
1 parent 479ccd3
commit 0db5e2b
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 11 deletions.
diff --git a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubectlBuildWrapper.java b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubectlBuildWrapper.java
@@ -28,13 +28,18 @@
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.lang.StringUtils;
 import org.jenkinsci.plugins.kubernetes.credentials.TokenProducer;
+import org.jenkinsci.plugins.plaincredentials.FileCredentials;
 import org.jenkinsci.plugins.plaincredentials.StringCredentials;
 import org.kohsuke.stapler.AncestorInPath;
 import org.kohsuke.stapler.DataBoundConstructor;
 import org.kohsuke.stapler.QueryParameter;
 
 import javax.annotation.Nonnull;
+import java.io.BufferedReader;
+import java.io.InputStream;
+import java.io.InputStreamReader;
 import java.io.IOException;
+import java.nio.charset.StandardCharsets;
 import java.security.Key;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
@@ -44,6 +49,7 @@
 import java.security.cert.X509Certificate;
 import java.util.Collections;
 import java.util.Set;
+import java.util.stream.Collectors;
 
 import static com.google.common.collect.Sets.newHashSet;
 
@@ -113,7 +119,21 @@ public void setUp(Context context, Run<?, ?> build, FilePath workspace, Launcher
         String login;
         if (c == null) {
             throw new AbortException("No credentials defined to setup Kubernetes CLI");
-        } else if (c instanceof StringCredentials) {
+        }
+
+        if (c instanceof FileCredentials) {
+            InputStream configStream = ((FileCredentials) c).getContent();
+            BufferedReader reader = new BufferedReader(new InputStreamReader(configStream, StandardCharsets.UTF_8));
+            String kubeconfigContents = reader.lines().collect(Collectors.joining("\n"));
+            configFile.write(kubeconfigContents, null);
+            reader.close();
+
+            context.setDisposer(new CleanupDisposer(tempFiles));
+            context.env("KUBECONFIG", configFile.getRemote());
+            return;
+        }
+
+        if (c instanceof StringCredentials) {
             login = "--token=" + ((StringCredentials) c).getSecret().getPlainText();
         } else if (c instanceof TokenProducer) {
             login = "--token=" + ((TokenProducer) c).getToken(serverUrl, null, true);
@@ -223,7 +243,8 @@ public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Item item, @QueryPa
                             CredentialsMatchers.anyOf(
                                     CredentialsMatchers.instanceOf(StandardUsernamePasswordCredentials.class),
                                     CredentialsMatchers.instanceOf(TokenProducer.class),
-                                    CredentialsMatchers.instanceOf(StandardCertificateCredentials.class)
+                                    CredentialsMatchers.instanceOf(StandardCertificateCredentials.class),
+                                    CredentialsMatchers.instanceOf(FileCredentials.class)
                             ),
                             CredentialsProvider.lookupCredentials(
                                     StandardCredentials.class,

diff --git a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesCloud.java b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesCloud.java
@@ -26,6 +26,7 @@
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.lang.StringUtils;
 import org.jenkinsci.plugins.plaincredentials.StringCredentials;
+import org.jenkinsci.plugins.plaincredentials.FileCredentials;
 import org.jenkinsci.plugins.plaincredentials.impl.StringCredentialsImpl;
 import org.kohsuke.stapler.DataBoundConstructor;
 import org.kohsuke.stapler.DataBoundSetter;
@@ -593,6 +594,7 @@ public ListBoxModel doFillCredentialsIdItems(@QueryParameter String serverUrl) {
                     .withMatching( //
                             CredentialsMatchers.anyOf(
                                     CredentialsMatchers.instanceOf(StandardUsernamePasswordCredentials.class),
+                                    CredentialsMatchers.instanceOf(FileCredentials.class),
                                     CredentialsMatchers.instanceOf(TokenProducer.class),
                                     CredentialsMatchers.instanceOf(
                                             org.jenkinsci.plugins.kubernetes.credentials.TokenProducer.class),

diff --git a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesFactoryAdapter.java b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesFactoryAdapter.java
@@ -2,6 +2,9 @@
 
 import static java.nio.charset.StandardCharsets.*;
 
+import java.io.BufferedReader;
+import java.io.InputStream;
+import java.io.InputStreamReader;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
 import java.security.Key;
@@ -14,6 +17,7 @@
 import java.util.Collections;
 import static java.util.logging.Level.*;
 import java.util.logging.Logger;
+import java.util.stream.Collectors;
 
 import javax.annotation.CheckForNull;
 
@@ -35,6 +39,7 @@
 import io.fabric8.kubernetes.client.KubernetesClient;
 import jenkins.model.Jenkins;
 import org.jenkinsci.plugins.kubernetes.credentials.TokenProducer;
+import org.jenkinsci.plugins.plaincredentials.FileCredentials;
 import org.jenkinsci.plugins.plaincredentials.StringCredentials;
 
 /**
@@ -110,15 +115,14 @@ public KubernetesClient createClient() throws NoSuchAlgorithmException, Unrecove
             builder = new ConfigBuilder().withMasterUrl(serviceAddress);
         }
 
-        builder = builder.withRequestTimeout(readTimeout * 1000).withConnectionTimeout(connectTimeout * 1000);
-
-        if (!StringUtils.isBlank(namespace)) {
-            builder.withNamespace(namespace);
-        } else if (StringUtils.isBlank(builder.getNamespace())) {
-            builder.withNamespace("default");
-        }
-
-        if (credentials instanceof StringCredentials) {
+        if (credentials instanceof FileCredentials) {
+            InputStream configStream = ((FileCredentials) credentials).getContent();
+            BufferedReader reader = new BufferedReader(new InputStreamReader(configStream, StandardCharsets.UTF_8));
+            String kubeconfigContents = reader.lines().collect(Collectors.joining("\n"));
+            Config config = Config.fromKubeconfig(kubeconfigContents);
+            builder = new ConfigBuilder(config);
+            reader.close();
+        } else if (credentials instanceof StringCredentials) {
             final String token = ((StringCredentials) credentials).getSecret().getPlainText();
             builder.withOauthToken(token);
         } else if (credentials instanceof TokenProducer) {
@@ -147,8 +151,16 @@ public KubernetesClient createClient() throws NoSuchAlgorithmException, Unrecove
             // JENKINS-38829 CaCertData expects a Base64 encoded certificate
             builder.withCaCertData(Base64.encodeBase64String(caCertData.getBytes(UTF_8)));
         }
+
+        builder = builder.withRequestTimeout(readTimeout * 1000).withConnectionTimeout(connectTimeout * 1000);
         builder.withMaxConcurrentRequestsPerHost(maxRequestsPerHost);
 
+        if (!StringUtils.isBlank(namespace)) {
+            builder.withNamespace(namespace);
+        } else if (StringUtils.isBlank(builder.getNamespace())) {
+            builder.withNamespace("default");
+        }
+
         LOGGER.log(FINE, "Creating Kubernetes client: {0}", this.toString());
         return new DefaultKubernetesClient(builder.build());
     }