-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #277 from jenkinsci/credentials-0.3.0
Use kubernetes-credentials 0.3.0
- Loading branch information
Showing
8 changed files
with
83 additions
and
62 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -35,6 +35,7 @@ | |
import io.fabric8.kubernetes.client.KubernetesClient; | ||
import jenkins.model.Jenkins; | ||
import org.jenkinsci.plugins.kubernetes.credentials.TokenProducer; | ||
import org.jenkinsci.plugins.plaincredentials.StringCredentials; | ||
|
||
/** | ||
* @author <a href="mailto:[email protected]">Nicolas De Loof</a> | ||
|
@@ -117,7 +118,10 @@ public KubernetesClient createClient() throws NoSuchAlgorithmException, Unrecove | |
builder.withNamespace("default"); | ||
} | ||
|
||
if (credentials instanceof TokenProducer) { | ||
if (credentials instanceof StringCredentials) { | ||
final String token = ((StringCredentials) credentials).getSecret().getPlainText(); | ||
builder.withOauthToken(token); | ||
} else if (credentials instanceof TokenProducer) { | ||
final String token = ((TokenProducer) credentials).getToken(serviceAddress, caCertData, skipTlsVerify); | ||
builder.withOauthToken(token); | ||
} else if (credentials instanceof UsernamePasswordCredentials) { | ||
|
33 changes: 28 additions & 5 deletions
33
src/main/java/org/csanchez/jenkins/plugins/kubernetes/OpenShiftTokenCredentialImpl.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,22 +1,45 @@ | ||
package org.csanchez.jenkins.plugins.kubernetes; | ||
|
||
import org.jenkinsci.plugins.plaincredentials.StringCredentials; | ||
import org.kohsuke.stapler.DataBoundConstructor; | ||
|
||
import com.cloudbees.plugins.credentials.CredentialsScope; | ||
import com.cloudbees.plugins.credentials.impl.BaseStandardCredentials; | ||
|
||
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; | ||
import hudson.Extension; | ||
import hudson.util.Secret; | ||
|
||
/** | ||
* @deprecated Use {@link StringCredentials} | ||
* @author <a href="mailto:[email protected]">Andrew Block</a> | ||
*/ | ||
@Deprecated | ||
@SuppressFBWarnings("NM_SAME_SIMPLE_NAME_AS_SUPERCLASS") | ||
public class OpenShiftTokenCredentialImpl | ||
extends org.jenkinsci.plugins.kubernetes.credentials.OpenShiftTokenCredentialImpl { | ||
public class OpenShiftTokenCredentialImpl extends BaseStandardCredentials implements TokenProducer { | ||
|
||
private final Secret secret; | ||
|
||
@DataBoundConstructor | ||
public OpenShiftTokenCredentialImpl(CredentialsScope scope, String id, String description, Secret secret) { | ||
super(scope, id, description, secret); | ||
super(scope, id, description); | ||
this.secret = secret; | ||
} | ||
|
||
@Override | ||
public String getToken(String serviceAddress, String caCertData, boolean skipTlsVerify) { | ||
return secret.getPlainText(); | ||
} | ||
|
||
public Secret getSecret() { | ||
return secret; | ||
} | ||
|
||
@Extension | ||
public static class DescriptorImpl extends BaseStandardCredentialsDescriptor { | ||
|
||
@Override | ||
public String getDisplayName() { | ||
return "OpenShift OAuth token"; | ||
} | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,16 +1,10 @@ | ||
package org.csanchez.jenkins.plugins.kubernetes; | ||
|
||
import com.cloudbees.plugins.credentials.CredentialsScope; | ||
import com.cloudbees.plugins.credentials.impl.BaseStandardCredentials; | ||
|
||
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; | ||
import hudson.Extension; | ||
import org.apache.commons.io.FileUtils; | ||
import org.jenkinsci.plugins.kubernetes.credentials.FileSystemServiceAccountCredential; | ||
import org.jenkinsci.plugins.kubernetes.credentials.TokenProducer; | ||
import org.kohsuke.stapler.DataBoundConstructor; | ||
|
||
import java.io.File; | ||
import java.io.IOException; | ||
import com.cloudbees.plugins.credentials.CredentialsScope; | ||
|
||
/** | ||
* Read the OAuth bearer token from service account file provisioned by kubernetes | ||
|
@@ -19,38 +13,14 @@ | |
* | ||
* @author <a href="mailto:[email protected]">Nicolas De Loof</a> | ||
*/ | ||
public class ServiceAccountCredential extends BaseStandardCredentials implements TokenProducer { | ||
@Deprecated | ||
public class ServiceAccountCredential extends FileSystemServiceAccountCredential implements TokenProducer { | ||
|
||
private static final String SERVICEACCOUNT_TOKEN_PATH = "/var/run/secrets/kubernetes.io/serviceaccount/token"; | ||
private static final long serialVersionUID = 2739355565227800401L; | ||
|
||
@DataBoundConstructor | ||
public ServiceAccountCredential(CredentialsScope scope, String id, String description) { | ||
super(scope, id, description); | ||
} | ||
|
||
@Override | ||
@SuppressFBWarnings("DMI_HARDCODED_ABSOLUTE_FILENAME") | ||
public String getToken(String serviceAddress, String caCertData, boolean skipTlsVerify) { | ||
try { | ||
return FileUtils.readFileToString(new File(SERVICEACCOUNT_TOKEN_PATH)); | ||
} catch (IOException e) { | ||
return null; | ||
} | ||
} | ||
|
||
@Extension(optional = true) | ||
public static class DescriptorImpl extends BaseStandardCredentialsDescriptor { | ||
|
||
@SuppressFBWarnings("DMI_HARDCODED_ABSOLUTE_FILENAME") | ||
public DescriptorImpl() { | ||
if (!new File(SERVICEACCOUNT_TOKEN_PATH).exists()) { | ||
throw new RuntimeException("Jenkins isn't running inside Kubernetes with Admission Controller."); | ||
} | ||
} | ||
|
||
@Override | ||
public String getDisplayName() { | ||
return "Kubernetes Service Account"; | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -6,13 +6,24 @@ | |
<specifications/> | ||
</com.cloudbees.plugins.credentials.domains.Domain> | ||
<java.util.concurrent.CopyOnWriteArrayList> | ||
<org.csanchez.jenkins.plugins.kubernetes.OpenShiftBearerTokenCredentialImpl plugin="[email protected]-SNAPSHOT"> | ||
<org.csanchez.jenkins.plugins.kubernetes.OpenShiftBearerTokenCredentialImpl plugin="[email protected]"> | ||
<scope>GLOBAL</scope> | ||
<id>token</id> | ||
<description></description> | ||
<username>myusername</username> | ||
<password>TBRF5XYf8ZzxjIllyloGBQ==</password> | ||
</org.csanchez.jenkins.plugins.kubernetes.OpenShiftBearerTokenCredentialImpl> | ||
<org.csanchez.jenkins.plugins.kubernetes.ServiceAccountCredential plugin="[email protected]"> | ||
<scope>GLOBAL</scope> | ||
<id>kubernetes-service-account</id> | ||
<description></description> | ||
</org.csanchez.jenkins.plugins.kubernetes.ServiceAccountCredential> | ||
<org.csanchez.jenkins.plugins.kubernetes.OpenShiftTokenCredentialImpl plugin="[email protected]"> | ||
<scope>GLOBAL</scope> | ||
<id>openshift-oauth-token</id> | ||
<description></description> | ||
<secret>mytoken</secret> | ||
</org.csanchez.jenkins.plugins.kubernetes.OpenShiftTokenCredentialImpl> | ||
</java.util.concurrent.CopyOnWriteArrayList> | ||
</entry> | ||
</domainCredentialsMap> | ||
|