Skip to content

Commit

Permalink
Use kubernetes-credentials 0.3.0
Browse files Browse the repository at this point in the history
Allow using StringCredentialsImpl as tokens

Move ServiceAccountCredential to kubernetes-credentials
  • Loading branch information
carlossg committed Jan 23, 2018
1 parent 5e8c1d0 commit eeaa029
Show file tree
Hide file tree
Showing 9 changed files with 85 additions and 66 deletions.
2 changes: 1 addition & 1 deletion pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@
<!-- jenkins plugins versions -->
<jenkins-basic-steps.version>2.3</jenkins-basic-steps.version>
<jenkins-credentials.version>2.1.11</jenkins-credentials.version>
<jenkins-kubernetes-credentials.version>0.2.0</jenkins-kubernetes-credentials.version>
<jenkins-kubernetes-credentials.version>0.3.0-SNAPSHOT</jenkins-kubernetes-credentials.version>
<jenkins-durable-task.version>1.16</jenkins-durable-task.version>
<jenkins-durable-task-step.version>2.11</jenkins-durable-task-step.version>
<jenkins-structs.version>1.6</jenkins-structs.version>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
import org.jenkinsci.plugins.kubernetes.credentials.TokenProducer;
import org.jenkinsci.plugins.plaincredentials.StringCredentials;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;
Expand Down Expand Up @@ -112,6 +113,8 @@ public void setUp(Context context, Run<?, ?> build, FilePath workspace, Launcher
String login;
if (c == null) {
throw new AbortException("No credentials defined to setup Kubernetes CLI");
} else if (c instanceof StringCredentials) {
login = "--token=" + ((StringCredentials) c).getSecret().getPlainText();
} else if (c instanceof TokenProducer) {
login = "--token=" + ((TokenProducer) c).getToken(serverUrl, null, true);
} else if (c instanceof UsernamePasswordCredentials) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,9 +25,8 @@

import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
import org.jenkinsci.plugins.kubernetes.credentials.OpenShiftBearerTokenCredentialImpl;
import org.jenkinsci.plugins.kubernetes.credentials.OpenShiftTokenCredentialImpl;
import org.jenkinsci.plugins.kubernetes.credentials.TokenProducer;
import org.jenkinsci.plugins.plaincredentials.StringCredentials;
import org.jenkinsci.plugins.plaincredentials.impl.StringCredentialsImpl;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;
Expand Down Expand Up @@ -518,10 +517,12 @@ public String getDisplayName() {
public static void addAliases() {
Jenkins.XSTREAM2.addCompatibilityAlias(
"org.csanchez.jenkins.plugins.kubernetes.OpenShiftBearerTokenCredentialImpl",
OpenShiftBearerTokenCredentialImpl.class);
org.jenkinsci.plugins.kubernetes.credentials.BearerTokenCredentialImpl.class);
Jenkins.XSTREAM2.addCompatibilityAlias(
"org.csanchez.jenkins.plugins.kubernetes.OpenShiftTokenCredentialImpl",
OpenShiftTokenCredentialImpl.class);
StringCredentialsImpl.class);
Jenkins.XSTREAM2.addCompatibilityAlias("org.csanchez.jenkins.plugins.kubernetes.ServiceAccountCredential",
org.jenkinsci.plugins.kubernetes.credentials.FileSystemServiceAccountCredential.class);
}

public FormValidation doTestConnection(@QueryParameter String name, @QueryParameter String serverUrl, @QueryParameter String credentialsId,
Expand Down Expand Up @@ -554,19 +555,20 @@ public FormValidation doTestConnection(@QueryParameter String name, @QueryParame
}

public ListBoxModel doFillCredentialsIdItems(@QueryParameter String serverUrl) {
return new StandardListBoxModel()
.withEmptySelection()
.withMatching(
return new StandardListBoxModel().withEmptySelection() //
.withMatching( //
CredentialsMatchers.anyOf(
CredentialsMatchers.instanceOf(StandardUsernamePasswordCredentials.class),
CredentialsMatchers.instanceOf(TokenProducer.class),
CredentialsMatchers.instanceOf(StandardCertificateCredentials.class)
),
CredentialsProvider.lookupCredentials(StandardCredentials.class,
Jenkins.getInstance(),
ACL.SYSTEM,
CredentialsMatchers.instanceOf(
org.jenkinsci.plugins.kubernetes.credentials.TokenProducer.class),
CredentialsMatchers.instanceOf(StandardCertificateCredentials.class),
CredentialsMatchers.instanceOf(StringCredentials.class)), //
CredentialsProvider.lookupCredentials(StandardCredentials.class, //
Jenkins.getInstance(), //
ACL.SYSTEM, //
serverUrl != null ? URIRequirementBuilder.fromUri(serverUrl).build()
: Collections.EMPTY_LIST
: Collections.EMPTY_LIST //
));

}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@
import io.fabric8.kubernetes.client.KubernetesClient;
import jenkins.model.Jenkins;
import org.jenkinsci.plugins.kubernetes.credentials.TokenProducer;
import org.jenkinsci.plugins.plaincredentials.StringCredentials;

/**
* @author <a href="mailto:nicolas.deloof@gmail.com">Nicolas De Loof</a>
Expand Down Expand Up @@ -117,7 +118,10 @@ public KubernetesClient createClient() throws NoSuchAlgorithmException, Unrecove
builder.withNamespace("default");
}

if (credentials instanceof TokenProducer) {
if (credentials instanceof StringCredentials) {
final String token = ((StringCredentials) credentials).getSecret().getPlainText();
builder.withOauthToken(token);
} else if (credentials instanceof TokenProducer) {
final String token = ((TokenProducer) credentials).getToken(serviceAddress, caCertData, skipTlsVerify);
builder.withOauthToken(token);
} else if (credentials instanceof UsernamePasswordCredentials) {
Expand Down
Original file line number Diff line number Diff line change
@@ -1,18 +1,15 @@
package org.csanchez.jenkins.plugins.kubernetes;

import org.jenkinsci.plugins.kubernetes.credentials.BearerTokenCredentialImpl;
import org.kohsuke.stapler.DataBoundConstructor;

import com.cloudbees.plugins.credentials.CredentialsScope;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;

/**
* @author <a href="mailto:nicolas.deloof@gmail.com">Nicolas De Loof</a>
*/
@Deprecated
@SuppressFBWarnings("NM_SAME_SIMPLE_NAME_AS_SUPERCLASS")
public class OpenShiftBearerTokenCredentialImpl
extends org.jenkinsci.plugins.kubernetes.credentials.OpenShiftBearerTokenCredentialImpl {
public class OpenShiftBearerTokenCredentialImpl extends BearerTokenCredentialImpl {

private static final long serialVersionUID = -3725963485838773012L;

Expand Down
Original file line number Diff line number Diff line change
@@ -1,22 +1,45 @@
package org.csanchez.jenkins.plugins.kubernetes;

import org.jenkinsci.plugins.plaincredentials.StringCredentials;
import org.kohsuke.stapler.DataBoundConstructor;

import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.impl.BaseStandardCredentials;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.Extension;
import hudson.util.Secret;

/**
* @deprecated Use {@link StringCredentials}
* @author <a href="mailto:andy.block@gmail.com">Andrew Block</a>
*/
@Deprecated
@SuppressFBWarnings("NM_SAME_SIMPLE_NAME_AS_SUPERCLASS")
public class OpenShiftTokenCredentialImpl
extends org.jenkinsci.plugins.kubernetes.credentials.OpenShiftTokenCredentialImpl {
public class OpenShiftTokenCredentialImpl extends BaseStandardCredentials implements TokenProducer {

private final Secret secret;

@DataBoundConstructor
public OpenShiftTokenCredentialImpl(CredentialsScope scope, String id, String description, Secret secret) {
super(scope, id, description, secret);
super(scope, id, description);
this.secret = secret;
}

@Override
public String getToken(String serviceAddress, String caCertData, boolean skipTlsVerify) {
return secret.getPlainText();
}

public Secret getSecret() {
return secret;
}

@Extension
public static class DescriptorImpl extends BaseStandardCredentialsDescriptor {

@Override
public String getDisplayName() {
return "OpenShift OAuth token";
}
}

}
Original file line number Diff line number Diff line change
@@ -1,16 +1,10 @@
package org.csanchez.jenkins.plugins.kubernetes;

import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.impl.BaseStandardCredentials;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.Extension;
import org.apache.commons.io.FileUtils;
import org.jenkinsci.plugins.kubernetes.credentials.FileSystemServiceAccountCredential;
import org.jenkinsci.plugins.kubernetes.credentials.TokenProducer;
import org.kohsuke.stapler.DataBoundConstructor;

import java.io.File;
import java.io.IOException;
import com.cloudbees.plugins.credentials.CredentialsScope;

/**
* Read the OAuth bearer token from service account file provisioned by kubernetes
Expand All @@ -19,38 +13,14 @@
*
* @author <a href="mailto:nicolas.deloof@gmail.com">Nicolas De Loof</a>
*/
public class ServiceAccountCredential extends BaseStandardCredentials implements TokenProducer {
@Deprecated
public class ServiceAccountCredential extends FileSystemServiceAccountCredential implements TokenProducer {

private static final String SERVICEACCOUNT_TOKEN_PATH = "/var/run/secrets/kubernetes.io/serviceaccount/token";
private static final long serialVersionUID = 2739355565227800401L;

@DataBoundConstructor
public ServiceAccountCredential(CredentialsScope scope, String id, String description) {
super(scope, id, description);
}

@Override
@SuppressFBWarnings("DMI_HARDCODED_ABSOLUTE_FILENAME")
public String getToken(String serviceAddress, String caCertData, boolean skipTlsVerify) {
try {
return FileUtils.readFileToString(new File(SERVICEACCOUNT_TOKEN_PATH));
} catch (IOException e) {
return null;
}
}

@Extension(optional = true)
public static class DescriptorImpl extends BaseStandardCredentialsDescriptor {

@SuppressFBWarnings("DMI_HARDCODED_ABSOLUTE_FILENAME")
public DescriptorImpl() {
if (!new File(SERVICEACCOUNT_TOKEN_PATH).exists()) {
throw new RuntimeException("Jenkins isn't running inside Kubernetes with Admission Controller.");
}
}

@Override
public String getDisplayName() {
return "Kubernetes Service Account";
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -32,16 +32,22 @@
import org.csanchez.jenkins.plugins.kubernetes.model.KeyValueEnvVar;
import org.csanchez.jenkins.plugins.kubernetes.volumes.EmptyDirVolume;
import org.csanchez.jenkins.plugins.kubernetes.volumes.HostPathVolume;
import org.jenkinsci.plugins.kubernetes.credentials.FileSystemServiceAccountCredential;
import org.jenkinsci.plugins.plaincredentials.impl.StringCredentialsImpl;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.jvnet.hudson.test.JenkinsRule;
import org.jvnet.hudson.test.recipes.LocalData;

import com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey;
import com.cloudbees.plugins.credentials.Credentials;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.SystemCredentialsProvider;
import com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl;

import hudson.util.Secret;

/**
* @author Carlos Sanchez
* @since 0.9
Expand All @@ -64,10 +70,13 @@ public void before() throws Exception {
@LocalData()
public void upgradeFrom_1_1() throws Exception {
List<Credentials> credentials = SystemCredentialsProvider.getInstance().getCredentials();
assertFalse(credentials.isEmpty());
UsernamePasswordCredentialsImpl cred = (UsernamePasswordCredentialsImpl) credentials.get(0);
assertEquals("token", cred.getId());
assertEquals("myusername", cred.getUsername());
assertEquals(3, credentials.size());
UsernamePasswordCredentialsImpl cred0 = (UsernamePasswordCredentialsImpl) credentials.get(0);
assertEquals("token", cred0.getId());
assertEquals("myusername", cred0.getUsername());
FileSystemServiceAccountCredential cred1 = (FileSystemServiceAccountCredential) credentials.get(1);
StringCredentialsImpl cred2 = (StringCredentialsImpl) credentials.get(2);
assertEquals("mytoken", Secret.toString(cred2.getSecret()));
}

@Test
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,24 @@
<specifications/>
</com.cloudbees.plugins.credentials.domains.Domain>
<java.util.concurrent.CopyOnWriteArrayList>
<org.csanchez.jenkins.plugins.kubernetes.OpenShiftBearerTokenCredentialImpl plugin="kubernetes@1.1.3-SNAPSHOT">
<org.csanchez.jenkins.plugins.kubernetes.OpenShiftBearerTokenCredentialImpl plugin="kubernetes@1.1.3">
<scope>GLOBAL</scope>
<id>token</id>
<description></description>
<username>myusername</username>
<password>TBRF5XYf8ZzxjIllyloGBQ==</password>
</org.csanchez.jenkins.plugins.kubernetes.OpenShiftBearerTokenCredentialImpl>
<org.csanchez.jenkins.plugins.kubernetes.ServiceAccountCredential plugin="kubernetes@1.1.3">
<scope>GLOBAL</scope>
<id>kubernetes-service-account</id>
<description></description>
</org.csanchez.jenkins.plugins.kubernetes.ServiceAccountCredential>
<org.csanchez.jenkins.plugins.kubernetes.OpenShiftTokenCredentialImpl plugin="kubernetes@1.1.3">
<scope>GLOBAL</scope>
<id>openshift-oauth-token</id>
<description></description>
<secret>mytoken</secret>
</org.csanchez.jenkins.plugins.kubernetes.OpenShiftTokenCredentialImpl>
</java.util.concurrent.CopyOnWriteArrayList>
</entry>
</domainCredentialsMap>
Expand Down

0 comments on commit eeaa029

Please sign in to comment.