diff --git a/pom.xml b/pom.xml
index 79020a53c1..fe969dc185 100644
--- a/pom.xml
+++ b/pom.xml
@@ -53,7 +53,7 @@
2.3
2.1.11
- 0.2.0
+ 0.3.0-SNAPSHOT
1.16
2.11
1.6
diff --git a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubectlBuildWrapper.java b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubectlBuildWrapper.java
index 2d4159fee9..2c61caaa8d 100644
--- a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubectlBuildWrapper.java
+++ b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubectlBuildWrapper.java
@@ -28,6 +28,7 @@
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
import org.jenkinsci.plugins.kubernetes.credentials.TokenProducer;
+import org.jenkinsci.plugins.plaincredentials.StringCredentials;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;
@@ -112,6 +113,8 @@ public void setUp(Context context, Run build, FilePath workspace, Launcher
String login;
if (c == null) {
throw new AbortException("No credentials defined to setup Kubernetes CLI");
+ } else if (c instanceof StringCredentials) {
+ login = "--token=" + ((StringCredentials) c).getSecret().getPlainText();
} else if (c instanceof TokenProducer) {
login = "--token=" + ((TokenProducer) c).getToken(serverUrl, null, true);
} else if (c instanceof UsernamePasswordCredentials) {
diff --git a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesCloud.java b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesCloud.java
index edf03528d7..fcc2044fad 100644
--- a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesCloud.java
+++ b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesCloud.java
@@ -25,9 +25,8 @@
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
-import org.jenkinsci.plugins.kubernetes.credentials.OpenShiftBearerTokenCredentialImpl;
-import org.jenkinsci.plugins.kubernetes.credentials.OpenShiftTokenCredentialImpl;
-import org.jenkinsci.plugins.kubernetes.credentials.TokenProducer;
+import org.jenkinsci.plugins.plaincredentials.StringCredentials;
+import org.jenkinsci.plugins.plaincredentials.impl.StringCredentialsImpl;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;
@@ -518,10 +517,12 @@ public String getDisplayName() {
public static void addAliases() {
Jenkins.XSTREAM2.addCompatibilityAlias(
"org.csanchez.jenkins.plugins.kubernetes.OpenShiftBearerTokenCredentialImpl",
- OpenShiftBearerTokenCredentialImpl.class);
+ org.jenkinsci.plugins.kubernetes.credentials.BearerTokenCredentialImpl.class);
Jenkins.XSTREAM2.addCompatibilityAlias(
"org.csanchez.jenkins.plugins.kubernetes.OpenShiftTokenCredentialImpl",
- OpenShiftTokenCredentialImpl.class);
+ StringCredentialsImpl.class);
+ Jenkins.XSTREAM2.addCompatibilityAlias("org.csanchez.jenkins.plugins.kubernetes.ServiceAccountCredential",
+ org.jenkinsci.plugins.kubernetes.credentials.FileSystemServiceAccountCredential.class);
}
public FormValidation doTestConnection(@QueryParameter String name, @QueryParameter String serverUrl, @QueryParameter String credentialsId,
@@ -554,19 +555,20 @@ public FormValidation doTestConnection(@QueryParameter String name, @QueryParame
}
public ListBoxModel doFillCredentialsIdItems(@QueryParameter String serverUrl) {
- return new StandardListBoxModel()
- .withEmptySelection()
- .withMatching(
+ return new StandardListBoxModel().withEmptySelection() //
+ .withMatching( //
CredentialsMatchers.anyOf(
CredentialsMatchers.instanceOf(StandardUsernamePasswordCredentials.class),
CredentialsMatchers.instanceOf(TokenProducer.class),
- CredentialsMatchers.instanceOf(StandardCertificateCredentials.class)
- ),
- CredentialsProvider.lookupCredentials(StandardCredentials.class,
- Jenkins.getInstance(),
- ACL.SYSTEM,
+ CredentialsMatchers.instanceOf(
+ org.jenkinsci.plugins.kubernetes.credentials.TokenProducer.class),
+ CredentialsMatchers.instanceOf(StandardCertificateCredentials.class),
+ CredentialsMatchers.instanceOf(StringCredentials.class)), //
+ CredentialsProvider.lookupCredentials(StandardCredentials.class, //
+ Jenkins.getInstance(), //
+ ACL.SYSTEM, //
serverUrl != null ? URIRequirementBuilder.fromUri(serverUrl).build()
- : Collections.EMPTY_LIST
+ : Collections.EMPTY_LIST //
));
}
diff --git a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesFactoryAdapter.java b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesFactoryAdapter.java
index 5f998c1174..e6370a19a2 100644
--- a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesFactoryAdapter.java
+++ b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesFactoryAdapter.java
@@ -35,6 +35,7 @@
import io.fabric8.kubernetes.client.KubernetesClient;
import jenkins.model.Jenkins;
import org.jenkinsci.plugins.kubernetes.credentials.TokenProducer;
+import org.jenkinsci.plugins.plaincredentials.StringCredentials;
/**
* @author Nicolas De Loof
@@ -117,7 +118,10 @@ public KubernetesClient createClient() throws NoSuchAlgorithmException, Unrecove
builder.withNamespace("default");
}
- if (credentials instanceof TokenProducer) {
+ if (credentials instanceof StringCredentials) {
+ final String token = ((StringCredentials) credentials).getSecret().getPlainText();
+ builder.withOauthToken(token);
+ } else if (credentials instanceof TokenProducer) {
final String token = ((TokenProducer) credentials).getToken(serviceAddress, caCertData, skipTlsVerify);
builder.withOauthToken(token);
} else if (credentials instanceof UsernamePasswordCredentials) {
diff --git a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/OpenShiftBearerTokenCredentialImpl.java b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/OpenShiftBearerTokenCredentialImpl.java
index df947f7fbd..7d98d71113 100644
--- a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/OpenShiftBearerTokenCredentialImpl.java
+++ b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/OpenShiftBearerTokenCredentialImpl.java
@@ -1,18 +1,15 @@
package org.csanchez.jenkins.plugins.kubernetes;
+import org.jenkinsci.plugins.kubernetes.credentials.BearerTokenCredentialImpl;
import org.kohsuke.stapler.DataBoundConstructor;
import com.cloudbees.plugins.credentials.CredentialsScope;
-import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
-
/**
* @author Nicolas De Loof
*/
@Deprecated
-@SuppressFBWarnings("NM_SAME_SIMPLE_NAME_AS_SUPERCLASS")
-public class OpenShiftBearerTokenCredentialImpl
- extends org.jenkinsci.plugins.kubernetes.credentials.OpenShiftBearerTokenCredentialImpl {
+public class OpenShiftBearerTokenCredentialImpl extends BearerTokenCredentialImpl {
private static final long serialVersionUID = -3725963485838773012L;
diff --git a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/OpenShiftTokenCredentialImpl.java b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/OpenShiftTokenCredentialImpl.java
index e05beb1ca7..9fa5ee62b9 100644
--- a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/OpenShiftTokenCredentialImpl.java
+++ b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/OpenShiftTokenCredentialImpl.java
@@ -1,22 +1,45 @@
package org.csanchez.jenkins.plugins.kubernetes;
+import org.jenkinsci.plugins.plaincredentials.StringCredentials;
import org.kohsuke.stapler.DataBoundConstructor;
import com.cloudbees.plugins.credentials.CredentialsScope;
+import com.cloudbees.plugins.credentials.impl.BaseStandardCredentials;
-import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
+import hudson.Extension;
import hudson.util.Secret;
/**
+ * @deprecated Use {@link StringCredentials}
* @author Andrew Block
*/
@Deprecated
-@SuppressFBWarnings("NM_SAME_SIMPLE_NAME_AS_SUPERCLASS")
-public class OpenShiftTokenCredentialImpl
- extends org.jenkinsci.plugins.kubernetes.credentials.OpenShiftTokenCredentialImpl {
+public class OpenShiftTokenCredentialImpl extends BaseStandardCredentials implements TokenProducer {
+
+ private final Secret secret;
@DataBoundConstructor
public OpenShiftTokenCredentialImpl(CredentialsScope scope, String id, String description, Secret secret) {
- super(scope, id, description, secret);
+ super(scope, id, description);
+ this.secret = secret;
+ }
+
+ @Override
+ public String getToken(String serviceAddress, String caCertData, boolean skipTlsVerify) {
+ return secret.getPlainText();
+ }
+
+ public Secret getSecret() {
+ return secret;
}
+
+ @Extension
+ public static class DescriptorImpl extends BaseStandardCredentialsDescriptor {
+
+ @Override
+ public String getDisplayName() {
+ return "OpenShift OAuth token";
+ }
+ }
+
}
diff --git a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/ServiceAccountCredential.java b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/ServiceAccountCredential.java
index c866c7aea7..167cf1c439 100644
--- a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/ServiceAccountCredential.java
+++ b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/ServiceAccountCredential.java
@@ -1,16 +1,10 @@
package org.csanchez.jenkins.plugins.kubernetes;
-import com.cloudbees.plugins.credentials.CredentialsScope;
-import com.cloudbees.plugins.credentials.impl.BaseStandardCredentials;
-
-import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
-import hudson.Extension;
-import org.apache.commons.io.FileUtils;
+import org.jenkinsci.plugins.kubernetes.credentials.FileSystemServiceAccountCredential;
import org.jenkinsci.plugins.kubernetes.credentials.TokenProducer;
import org.kohsuke.stapler.DataBoundConstructor;
-import java.io.File;
-import java.io.IOException;
+import com.cloudbees.plugins.credentials.CredentialsScope;
/**
* Read the OAuth bearer token from service account file provisioned by kubernetes
@@ -19,38 +13,14 @@
*
* @author Nicolas De Loof
*/
-public class ServiceAccountCredential extends BaseStandardCredentials implements TokenProducer {
+@Deprecated
+public class ServiceAccountCredential extends FileSystemServiceAccountCredential implements TokenProducer {
- private static final String SERVICEACCOUNT_TOKEN_PATH = "/var/run/secrets/kubernetes.io/serviceaccount/token";
+ private static final long serialVersionUID = 2739355565227800401L;
@DataBoundConstructor
public ServiceAccountCredential(CredentialsScope scope, String id, String description) {
super(scope, id, description);
}
- @Override
- @SuppressFBWarnings("DMI_HARDCODED_ABSOLUTE_FILENAME")
- public String getToken(String serviceAddress, String caCertData, boolean skipTlsVerify) {
- try {
- return FileUtils.readFileToString(new File(SERVICEACCOUNT_TOKEN_PATH));
- } catch (IOException e) {
- return null;
- }
- }
-
- @Extension(optional = true)
- public static class DescriptorImpl extends BaseStandardCredentialsDescriptor {
-
- @SuppressFBWarnings("DMI_HARDCODED_ABSOLUTE_FILENAME")
- public DescriptorImpl() {
- if (!new File(SERVICEACCOUNT_TOKEN_PATH).exists()) {
- throw new RuntimeException("Jenkins isn't running inside Kubernetes with Admission Controller.");
- }
- }
-
- @Override
- public String getDisplayName() {
- return "Kubernetes Service Account";
- }
- }
}
diff --git a/src/test/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesTest.java b/src/test/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesTest.java
index 3d5d36f738..7e8a859359 100644
--- a/src/test/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesTest.java
+++ b/src/test/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesTest.java
@@ -32,16 +32,22 @@
import org.csanchez.jenkins.plugins.kubernetes.model.KeyValueEnvVar;
import org.csanchez.jenkins.plugins.kubernetes.volumes.EmptyDirVolume;
import org.csanchez.jenkins.plugins.kubernetes.volumes.HostPathVolume;
+import org.jenkinsci.plugins.kubernetes.credentials.FileSystemServiceAccountCredential;
+import org.jenkinsci.plugins.plaincredentials.impl.StringCredentialsImpl;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.jvnet.hudson.test.JenkinsRule;
import org.jvnet.hudson.test.recipes.LocalData;
+import com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey;
import com.cloudbees.plugins.credentials.Credentials;
+import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.SystemCredentialsProvider;
import com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl;
+import hudson.util.Secret;
+
/**
* @author Carlos Sanchez
* @since 0.9
@@ -64,10 +70,13 @@ public void before() throws Exception {
@LocalData()
public void upgradeFrom_1_1() throws Exception {
List credentials = SystemCredentialsProvider.getInstance().getCredentials();
- assertFalse(credentials.isEmpty());
- UsernamePasswordCredentialsImpl cred = (UsernamePasswordCredentialsImpl) credentials.get(0);
- assertEquals("token", cred.getId());
- assertEquals("myusername", cred.getUsername());
+ assertEquals(3, credentials.size());
+ UsernamePasswordCredentialsImpl cred0 = (UsernamePasswordCredentialsImpl) credentials.get(0);
+ assertEquals("token", cred0.getId());
+ assertEquals("myusername", cred0.getUsername());
+ FileSystemServiceAccountCredential cred1 = (FileSystemServiceAccountCredential) credentials.get(1);
+ StringCredentialsImpl cred2 = (StringCredentialsImpl) credentials.get(2);
+ assertEquals("mytoken", Secret.toString(cred2.getSecret()));
}
@Test
diff --git a/src/test/resources/org/csanchez/jenkins/plugins/kubernetes/KubernetesTest/upgradeFrom_1_1/credentials.xml b/src/test/resources/org/csanchez/jenkins/plugins/kubernetes/KubernetesTest/upgradeFrom_1_1/credentials.xml
index fd320d516c..bc608ab99a 100644
--- a/src/test/resources/org/csanchez/jenkins/plugins/kubernetes/KubernetesTest/upgradeFrom_1_1/credentials.xml
+++ b/src/test/resources/org/csanchez/jenkins/plugins/kubernetes/KubernetesTest/upgradeFrom_1_1/credentials.xml
@@ -6,13 +6,24 @@
-
+
GLOBAL
token
myusername
TBRF5XYf8ZzxjIllyloGBQ==
+
+ GLOBAL
+ kubernetes-service-account
+
+
+
+ GLOBAL
+ openshift-oauth-token
+
+ mytoken
+