From 0db5e2baedea3dabff9fcac4a4509ccc4c25be78 Mon Sep 17 00:00:00 2001 From: Cole Mickens Date: Mon, 12 Mar 2018 20:35:12 -0700 Subject: [PATCH] support KUBECONFIG from secretFile credentials --- .../kubernetes/KubectlBuildWrapper.java | 25 ++++++++++++++-- .../plugins/kubernetes/KubernetesCloud.java | 2 ++ .../kubernetes/KubernetesFactoryAdapter.java | 30 +++++++++++++------ 3 files changed, 46 insertions(+), 11 deletions(-) diff --git a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubectlBuildWrapper.java b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubectlBuildWrapper.java index 2c61caaa8d..4bd472591a 100644 --- a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubectlBuildWrapper.java +++ b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubectlBuildWrapper.java @@ -28,13 +28,18 @@ import org.apache.commons.codec.binary.Base64; import org.apache.commons.lang.StringUtils; import org.jenkinsci.plugins.kubernetes.credentials.TokenProducer; +import org.jenkinsci.plugins.plaincredentials.FileCredentials; import org.jenkinsci.plugins.plaincredentials.StringCredentials; import org.kohsuke.stapler.AncestorInPath; import org.kohsuke.stapler.DataBoundConstructor; import org.kohsuke.stapler.QueryParameter; import javax.annotation.Nonnull; +import java.io.BufferedReader; +import java.io.InputStream; +import java.io.InputStreamReader; import java.io.IOException; +import java.nio.charset.StandardCharsets; import java.security.Key; import java.security.KeyStore; import java.security.KeyStoreException; @@ -44,6 +49,7 @@ import java.security.cert.X509Certificate; import java.util.Collections; import java.util.Set; +import java.util.stream.Collectors; import static com.google.common.collect.Sets.newHashSet; @@ -113,7 +119,21 @@ public void setUp(Context context, Run build, FilePath workspace, Launcher String login; if (c == null) { throw new AbortException("No credentials defined to setup Kubernetes CLI"); - } else if (c instanceof StringCredentials) { + } + + if (c instanceof FileCredentials) { + InputStream configStream = ((FileCredentials) c).getContent(); + BufferedReader reader = new BufferedReader(new InputStreamReader(configStream, StandardCharsets.UTF_8)); + String kubeconfigContents = reader.lines().collect(Collectors.joining("\n")); + configFile.write(kubeconfigContents, null); + reader.close(); + + context.setDisposer(new CleanupDisposer(tempFiles)); + context.env("KUBECONFIG", configFile.getRemote()); + return; + } + + if (c instanceof StringCredentials) { login = "--token=" + ((StringCredentials) c).getSecret().getPlainText(); } else if (c instanceof TokenProducer) { login = "--token=" + ((TokenProducer) c).getToken(serverUrl, null, true); @@ -223,7 +243,8 @@ public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Item item, @QueryPa CredentialsMatchers.anyOf( CredentialsMatchers.instanceOf(StandardUsernamePasswordCredentials.class), CredentialsMatchers.instanceOf(TokenProducer.class), - CredentialsMatchers.instanceOf(StandardCertificateCredentials.class) + CredentialsMatchers.instanceOf(StandardCertificateCredentials.class), + CredentialsMatchers.instanceOf(FileCredentials.class) ), CredentialsProvider.lookupCredentials( StandardCredentials.class, diff --git a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesCloud.java b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesCloud.java index 47e787808a..136a1ed2bf 100644 --- a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesCloud.java +++ b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesCloud.java @@ -26,6 +26,7 @@ import org.apache.commons.codec.binary.Base64; import org.apache.commons.lang.StringUtils; import org.jenkinsci.plugins.plaincredentials.StringCredentials; +import org.jenkinsci.plugins.plaincredentials.FileCredentials; import org.jenkinsci.plugins.plaincredentials.impl.StringCredentialsImpl; import org.kohsuke.stapler.DataBoundConstructor; import org.kohsuke.stapler.DataBoundSetter; @@ -593,6 +594,7 @@ public ListBoxModel doFillCredentialsIdItems(@QueryParameter String serverUrl) { .withMatching( // CredentialsMatchers.anyOf( CredentialsMatchers.instanceOf(StandardUsernamePasswordCredentials.class), + CredentialsMatchers.instanceOf(FileCredentials.class), CredentialsMatchers.instanceOf(TokenProducer.class), CredentialsMatchers.instanceOf( org.jenkinsci.plugins.kubernetes.credentials.TokenProducer.class), diff --git a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesFactoryAdapter.java b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesFactoryAdapter.java index dcc07a687d..3cb911e9bf 100644 --- a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesFactoryAdapter.java +++ b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesFactoryAdapter.java @@ -2,6 +2,9 @@ import static java.nio.charset.StandardCharsets.*; +import java.io.BufferedReader; +import java.io.InputStream; +import java.io.InputStreamReader; import java.io.IOException; import java.nio.charset.StandardCharsets; import java.security.Key; @@ -14,6 +17,7 @@ import java.util.Collections; import static java.util.logging.Level.*; import java.util.logging.Logger; +import java.util.stream.Collectors; import javax.annotation.CheckForNull; @@ -35,6 +39,7 @@ import io.fabric8.kubernetes.client.KubernetesClient; import jenkins.model.Jenkins; import org.jenkinsci.plugins.kubernetes.credentials.TokenProducer; +import org.jenkinsci.plugins.plaincredentials.FileCredentials; import org.jenkinsci.plugins.plaincredentials.StringCredentials; /** @@ -110,15 +115,14 @@ public KubernetesClient createClient() throws NoSuchAlgorithmException, Unrecove builder = new ConfigBuilder().withMasterUrl(serviceAddress); } - builder = builder.withRequestTimeout(readTimeout * 1000).withConnectionTimeout(connectTimeout * 1000); - - if (!StringUtils.isBlank(namespace)) { - builder.withNamespace(namespace); - } else if (StringUtils.isBlank(builder.getNamespace())) { - builder.withNamespace("default"); - } - - if (credentials instanceof StringCredentials) { + if (credentials instanceof FileCredentials) { + InputStream configStream = ((FileCredentials) credentials).getContent(); + BufferedReader reader = new BufferedReader(new InputStreamReader(configStream, StandardCharsets.UTF_8)); + String kubeconfigContents = reader.lines().collect(Collectors.joining("\n")); + Config config = Config.fromKubeconfig(kubeconfigContents); + builder = new ConfigBuilder(config); + reader.close(); + } else if (credentials instanceof StringCredentials) { final String token = ((StringCredentials) credentials).getSecret().getPlainText(); builder.withOauthToken(token); } else if (credentials instanceof TokenProducer) { @@ -147,8 +151,16 @@ public KubernetesClient createClient() throws NoSuchAlgorithmException, Unrecove // JENKINS-38829 CaCertData expects a Base64 encoded certificate builder.withCaCertData(Base64.encodeBase64String(caCertData.getBytes(UTF_8))); } + + builder = builder.withRequestTimeout(readTimeout * 1000).withConnectionTimeout(connectTimeout * 1000); builder.withMaxConcurrentRequestsPerHost(maxRequestsPerHost); + if (!StringUtils.isBlank(namespace)) { + builder.withNamespace(namespace); + } else if (StringUtils.isBlank(builder.getNamespace())) { + builder.withNamespace("default"); + } + LOGGER.log(FINE, "Creating Kubernetes client: {0}", this.toString()); return new DefaultKubernetesClient(builder.build()); }