public_git
/
kubernetes-operator
mirror of https://github.com/jenkinsci/kubernetes-operator.git
1
0
Fork 0
Code Issues Releases Wiki Activity

#2 Add kubernetes-credentials-provider plugin to OperatorPlugins

This commit is contained in:
Tomasz Sęk 2019-03-12 17:26:03 +01:00
parent 9177fbe802
commit c170acac1d
No known key found for this signature in database
GPG Key ID: DC356D23F6A644D0
3 changed files with 66 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/controller/jenkins/configuration/base/resources/rbac.go
View File

@ -44,7 +44,11 @@ func NewRole(meta metav1.ObjectMeta) *v1.Role {
Resources: []string{"pods/log"}, Resources: []string{"pods/log"},
Verbs: []string{getVerb, listVerb, watchVerb}, Verbs: []string{getVerb, listVerb, watchVerb},
}, },
//TODO get secrets ??? {
APIGroups: []string{""},
Resources: []string{"secrets"},
Verbs: []string{getVerb, listVerb, watchVerb},
},
}, },
} }
} }

5
pkg/controller/jenkins/plugins/base_plugins.go
View File

@ -121,6 +121,11 @@ var BasePluginsMap = map[string][]Plugin{
Must(New("configuration-as-code:1.7")).String(): { Must(New("configuration-as-code:1.7")).String(): {
Must(New("configuration-as-code-support:1.7")), Must(New("configuration-as-code-support:1.7")),
}, },
Must(New("kubernetes-credentials-provider:0.12.1")).String(): {
Must(New(credentialsPlugin)),
Must(New(structsPlugin)),
Must(New(variantPlugin)),
},
} }
// BasePlugins returns map of plugins to install by operator // BasePlugins returns map of plugins to install by operator

56
test/e2e/configuration_test.go
View File

@ -33,12 +33,14 @@ func TestConfiguration(t *testing.T) {
numberOfExecutors := 6 numberOfExecutors := 6
systemMessage := "Configuration as Code integration works!!!" systemMessage := "Configuration as Code integration works!!!"
systemMessageEnvName := "SYSTEM_MESSAGE" systemMessageEnvName := "SYSTEM_MESSAGE"
jenkinsCredentialName := "kubernetes-credentials-provider-plugin"
// base // base
createUserConfigurationSecret(t, jenkinsCRName, namespace, systemMessageEnvName, systemMessage) createUserConfigurationSecret(t, jenkinsCRName, namespace, systemMessageEnvName, systemMessage)
createUserConfigurationConfigMap(t, jenkinsCRName, namespace, numberOfExecutors, fmt.Sprintf("${%s}", systemMessageEnvName)) createUserConfigurationConfigMap(t, jenkinsCRName, namespace, numberOfExecutors, fmt.Sprintf("${%s}", systemMessageEnvName))
jenkins := createJenkinsCR(t, jenkinsCRName, namespace) jenkins := createJenkinsCR(t, jenkinsCRName, namespace)
createDefaultLimitsForContainersInNamespace(t, namespace) createDefaultLimitsForContainersInNamespace(t, namespace)
createKubernetesCredentialsProviderSecret(t, namespace, jenkinsCredentialName)
waitForJenkinsBaseConfigurationToComplete(t, jenkins) waitForJenkinsBaseConfigurationToComplete(t, jenkins)
verifyJenkinsMasterPodAttributes(t, jenkins) verifyJenkinsMasterPodAttributes(t, jenkins)
@ -49,6 +51,7 @@ func TestConfiguration(t *testing.T) {
waitForJenkinsUserConfigurationToComplete(t, jenkins) waitForJenkinsUserConfigurationToComplete(t, jenkins)
verifyJenkinsSeedJobs(t, client, jenkins) verifyJenkinsSeedJobs(t, client, jenkins)
verifyUserConfiguration(t, client, numberOfExecutors, systemMessage) verifyUserConfiguration(t, client, numberOfExecutors, systemMessage)
verifyIfJenkinsCredentialExists(t, client, jenkinsCredentialName)
} }
func createUserConfigurationSecret(t *testing.T, jenkinsCRName string, namespace string, systemMessageEnvName, systemMessage string) { func createUserConfigurationSecret(t *testing.T, jenkinsCRName string, namespace string, systemMessageEnvName, systemMessage string) {
@ -68,6 +71,30 @@ func createUserConfigurationSecret(t *testing.T, jenkinsCRName string, namespace
} }
} }
func createKubernetesCredentialsProviderSecret(t *testing.T, namespace, name string) {
secret := &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: name,
Namespace: namespace,
Annotations: map[string]string{
"jenkins.io/credentials-description": "credentials from Kubernetes",
},
Labels: map[string]string{
"jenkins.io/credentials-type": "usernamePassword",
},
},
StringData: map[string]string{
"username": "user",
"password": "pass",
},
}
t.Logf("Secret for Kubernetes credentials provider plugin %+v", *secret)
if err := framework.Global.Client.Create(context.TODO(), secret, nil); err != nil {
t.Fatal(err)
}
}
func createUserConfigurationConfigMap(t *testing.T, jenkinsCRName string, namespace string, numberOfExecutors int, systemMessage string) { func createUserConfigurationConfigMap(t *testing.T, jenkinsCRName string, namespace string, numberOfExecutors int, systemMessage string) {
userConfiguration := &corev1.ConfigMap{ userConfiguration := &corev1.ConfigMap{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
@ -248,3 +275,32 @@ if (!"%s".equals(Jenkins.instance.systemMessage)) {
logs, err = jenkinsClient.ExecuteScript(checkConfigurationAsCode) logs, err = jenkinsClient.ExecuteScript(checkConfigurationAsCode)
assert.NoError(t, err, logs) assert.NoError(t, err, logs)
} }
func verifyIfJenkinsCredentialExists(t *testing.T, jenkinsClient jenkinsclient.Jenkins, credentialName string) {
groovyScriptFmt := `import com.cloudbees.plugins.credentials.Credentials
Set<Credentials> allCredentials = new HashSet<Credentials>();
def creds = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials(
com.cloudbees.plugins.credentials.Credentials.class
);
allCredentials.addAll(creds)
Jenkins.instance.getAllItems(com.cloudbees.hudson.plugins.folder.Folder.class).each{ f ->
creds = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials(
com.cloudbees.plugins.credentials.Credentials.class, f)
allCredentials.addAll(creds)
}
def found = false
for (c in allCredentials) {
if("%s".equals(c.id)) found = true
}
if(!found) {
throw new Exception("Expected credential not found")
}`
groovyScript := fmt.Sprintf(groovyScriptFmt, credentialName)
logs, err := jenkinsClient.ExecuteScript(groovyScript)
assert.NoError(t, err, logs)
}