public_git
/
kubernetes-operator
mirror of https://github.com/jenkinsci/kubernetes-operator.git
1
0
Fork 0
Code Issues Releases Wiki Activity
kubernetes-operator/pkg/configuration/base/resources/init_configuration_configma...

86 lines
2.9 KiB
Go
Raw Blame History

package resources
import (
"fmt"
"text/template"
"github.com/jenkinsci/kubernetes-operator/api/v1alpha2"
"github.com/jenkinsci/kubernetes-operator/internal/render"
"github.com/jenkinsci/kubernetes-operator/pkg/constants"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
const createOperatorUserFileName = "createOperatorUser.groovy"
var createOperatorUserGroovyFmtTemplate = template.Must(template.New(createOperatorUserFileName).Parse(`
import hudson.security.*
{{- if .Enable }}
def jenkins = jenkins.model.Jenkins.getInstance()
def operatorUserCreatedFile = new File('{{ .OperatorUserCreatedFilePath }}')
if (!operatorUserCreatedFile.exists()) {
def hudsonRealm = new HudsonPrivateSecurityRealm(false)
hudsonRealm.createAccount(
new File('{{ .OperatorCredentialsPath }}/{{ .OperatorUserNameFile }}').text,
new File('{{ .OperatorCredentialsPath }}/{{ .OperatorPasswordFile }}').text)
jenkins.setSecurityRealm(hudsonRealm)
def strategy = new FullControlOnceLoggedInAuthorizationStrategy()
strategy.setAllowAnonymousRead(false)
jenkins.setAuthorizationStrategy(strategy)
jenkins.save()
operatorUserCreatedFile.createNewFile()
}
{{- end }}
`))
func buildCreateJenkinsOperatorUserGroovyScript(jenkins *v1alpha2.Jenkins) (*string, error) {
data := struct {
Enable bool
OperatorCredentialsPath string
OperatorUserNameFile string
OperatorPasswordFile string
OperatorUserCreatedFilePath string
}{
Enable: jenkins.Spec.JenkinsAPISettings.AuthorizationStrategy == v1alpha2.CreateUserAuthorizationStrategy,
OperatorCredentialsPath: jenkinsOperatorCredentialsVolumePath,
OperatorUserNameFile: OperatorCredentialsSecretUserNameKey,
OperatorPasswordFile: OperatorCredentialsSecretPasswordKey,
OperatorUserCreatedFilePath: getJenkinsHomePath(jenkins) + "/operatorUserCreated",
}
output, err := render.Render(createOperatorUserGroovyFmtTemplate, data)
if err != nil {
return nil, err
}
return &output, nil
}
// GetInitConfigurationConfigMapName returns name of Kubernetes config map used to init configuration
func GetInitConfigurationConfigMapName(jenkins *v1alpha2.Jenkins) string {
return fmt.Sprintf("%s-init-configuration-%s", constants.OperatorName, jenkins.ObjectMeta.Name)
}
// NewInitConfigurationConfigMap builds Kubernetes config map used to init configuration
func NewInitConfigurationConfigMap(meta metav1.ObjectMeta, jenkins *v1alpha2.Jenkins) (*corev1.ConfigMap, error) {
meta.Name = GetInitConfigurationConfigMapName(jenkins)
createJenkinsOperatorUserGroovy, err := buildCreateJenkinsOperatorUserGroovyScript(jenkins)
if err != nil {
return nil, err
}
return &corev1.ConfigMap{
TypeMeta: buildConfigMapTypeMeta(),
ObjectMeta: meta,
Data: map[string]string{
createOperatorUserFileName: *createJenkinsOperatorUserGroovy,
},
}, nil
}
Reference in New Issue View Git Blame Copy Permalink