def test_create_ssh_credential(jenkins):
creds = jenkins.credentials
cred_descr = random_string()
cred_dict = {
'description': cred_descr,
'userName': '******',
'passphrase': '',
'private_key': '-----BEGIN RSA PRIVATE KEY-----'
}
creds[cred_descr] = SSHKeyCredential(cred_dict)
assert cred_descr in creds
cred = creds[cred_descr]
assert isinstance(cred, SSHKeyCredential) is True
assert cred.description == cred_descr
del creds[cred_descr]
cred_dict = {
'description': cred_descr,
'userName': '******',
'passphrase': '',
'private_key': '/tmp/key'
}
creds[cred_descr] = SSHKeyCredential(cred_dict)
assert cred_descr in creds
cred = creds[cred_descr]
assert isinstance(cred, SSHKeyCredential) is True
assert cred.description == cred_descr
del creds[cred_descr]
cred_dict = {
'description': cred_descr,
'userName': '******',
'passphrase': '',
'private_key': '~/.ssh/key'
}
creds[cred_descr] = SSHKeyCredential(cred_dict)
assert cred_descr in creds
cred = creds[cred_descr]
assert isinstance(cred, SSHKeyCredential) is True
assert cred.description == cred_descr
del creds[cred_descr]
cred_dict = {
'description': cred_descr,
'userName': '******',
'passphrase': '',
'private_key': 'invalid'
}
with pytest.raises(ValueError):
creds[cred_descr] = SSHKeyCredential(cred_dict)
def test_create_ssh_credential(self):
creds = self.jenkins.credentials
cred_descr = random_string()
cred_dict = {
'description': cred_descr,
'userName': '******',
'passphrase': '',
'private_key': '-----BEGIN RSA PRIVATE KEY-----'
}
creds[cred_descr] = SSHKeyCredential(cred_dict)
self.assertTrue(cred_descr in creds)
cred = creds[cred_descr]
self.assertIsInstance(cred, SSHKeyCredential)
self.assertEquals(cred.description, cred_descr)
del creds[cred_descr]
cred_dict = {
'description': cred_descr,
'userName': '******',
'passphrase': '',
'private_key': '/tmp/key'
}
creds[cred_descr] = SSHKeyCredential(cred_dict)
self.assertTrue(cred_descr in creds)
cred = creds[cred_descr]
self.assertIsInstance(cred, SSHKeyCredential)
self.assertEquals(cred.description, cred_descr)
del creds[cred_descr]
cred_dict = {
'description': cred_descr,
'userName': '******',
'passphrase': '',
'private_key': '~/.ssh/key'
}
creds[cred_descr] = SSHKeyCredential(cred_dict)
self.assertTrue(cred_descr in creds)
cred = creds[cred_descr]
self.assertIsInstance(cred, SSHKeyCredential)
self.assertEquals(cred.description, cred_descr)
del creds[cred_descr]
cred_dict = {
'description': cred_descr,
'userName': '******',
'passphrase': '',
'private_key': 'invalid'
}
with self.assertRaises(ValueError):
creds[cred_descr] = SSHKeyCredential(cred_dict)
def test_create_ssh_node(jenkins):
node_name = random_string()
creds = jenkins.get_credentials()
cred_descr = random_string()
cred_dict = {
'description': cred_descr,
'userName': '******',
'passphrase': '',
'private_key': '-----BEGIN RSA PRIVATE KEY-----'
}
creds[cred_descr] = SSHKeyCredential(cred_dict)
node_dict = {
'num_executors':
1,
'node_description':
'Description %s' % node_name,
'remote_fs':
'/tmp',
'labels':
node_name,
'exclusive':
False,
'host':
'127.0.0.1',
'port':
22,
'credential_description':
cred_descr,
'jvm_options':
'',
'java_path':
'',
'prefix_start_slave_cmd':
'',
'suffix_start_slave_cmd':
'',
'retention':
'ondemand',
'ondemand_delay':
0,
'ondemand_idle_delay':
5,
'tool_location': [
{
"key":
"hudson.tasks.Maven$MavenInstallation$DescriptorImpl@Maven 3.0.5",
"home": "/home/apache-maven-3.0.5/"
},
]
}
node = jenkins.nodes.create_node(node_name, node_dict)
assert isinstance(node, Node) is True
del jenkins.nodes[node_name]
jenkins.nodes[node_name] = node_dict
assert isinstance(jenkins.nodes[node_name], Node) is True
del jenkins.nodes[node_name]
def _make_credential(self, cred_dict):
if cred_dict['typeName'] == 'Username with password':
cr = UsernamePasswordCredential(cred_dict)
elif cred_dict['typeName'] == 'SSH Username with private key':
cr = SSHKeyCredential(cred_dict)
else:
cr = Credential(cred_dict)
return cr
def test_create_ssh_node(jenkins):
node_name = random_string()
creds = jenkins.get_credentials()
cred_descr = random_string()
cred_dict = {
'description': cred_descr,
'userName': '******',
'passphrase': '',
'private_key': '~'
}
creds[cred_descr] = SSHKeyCredential(cred_dict)
node_dict = {
'num_executors': 1,
'node_description': 'Description %s' % node_name,
'remote_fs': '/tmp',
'labels': node_name,
'exclusive': False,
'host': 'localhost',
'port': 22,
'credential_description': cred_descr,
'jvm_options': '',
'java_path': '',
'prefix_start_slave_cmd': '',
'suffix_start_slave_cmd': '',
'retention': 'ondemand',
'ondemand_delay': 0,
'ondemand_idle_delay': 5
}
node = jenkins.nodes.create_node(node_name, node_dict)
assert isinstance(node, Node) is True
del jenkins.nodes[node_name]
jenkins.nodes[node_name] = node_dict
assert isinstance(jenkins.nodes[node_name], Node) is True
del jenkins.nodes[node_name]
# In your code it is adviced to read it from file
# For simplicity of this example reading key from file is not shown here
def get_private_key_from_file():
return '-----BEGIN RSA PRIVATE KEY-----'
my_private_key = get_private_key_from_file()
creds_description2 = 'My_ssh_cred1'
cred_dict = {
'description': creds_description2,
'userName': '******',
'passphrase': '',
'private_key': my_private_key
}
creds[creds_description2] = SSHKeyCredential(cred_dict)
# Create ssh key credential that uses private key from path on Jenkins server
my_private_key = '/home/jenkins/.ssh/special_key'
creds_description3 = 'My_ssh_cred2'
cred_dict = {
'description': creds_description3,
'userName': '******',
'passphrase': '',
'private_key': my_private_key
}
creds[creds_description3] = SSHKeyCredential(cred_dict)
# Remove credentials
# We use credential description to find specific credential. This is the only
def processSecret(namespace, name, annotation_value=None):
if not annotation_value:
print("secret {}/{} is not applicable to Jenkins".format(
namespace, name))
return
config.load_incluster_config()
core_instance = client.CoreV1Api()
try:
secret = core_instance.read_namespaced_secret(name, namespace)
except ApiException as e:
print("Exception when calling CoreV1Api->read_namespaced_secret: {}\n".
format(e))
exit(1)
j = oc_common.connect_to_jenkins()
# Create/update a secret in the Jenkins server
name = "_openshift/{}/{}".format(namespace, name)
if secret.type == "kubernetes.io/basic-auth" or secret.type == "ci.openshift.io/user-pass":
user_name = base64.b64decode(secret.data['username'])
user_pass = base64.b64decode(secret.data['password'])
cred = {
'credential_id': annotation_value,
'description': name,
'userName': user_name,
'password': user_pass
}
creds = j.credentials
if name in creds:
print("replacing existing secret {}".format(name))
del creds[name]
print("creating secret {} of type username-password".format(name))
creds[name] = UsernamePasswordCredential(cred)
elif secret.type == "ci.openshift.io/token" or secret.type == "ci.openshift.io/secret-text":
token = ""
if "secret" in secret.data:
token = base64.b64decode(secret.data["secret"])
elif "token" in secret.data:
token = base64.b64decode(secret.data["token"])
if secret:
cred = {
'credential_id': annotation_value,
'description': name,
'secret': token
}
creds = j.credentials
if name in creds:
print("replacing existing secret {}".format(name))
del creds[name]
print("creating secret {} of type secret-text".format(name))
creds[name] = SecretTextCredential(cred)
elif secret.type == "kubernetes.io/ssh-auth" or secret.type == "ci.openshift.io/secret-ssh":
key = ""
if "private_key" in secret.data:
key = base64.b64decode(secret.data["private_key"])
elif "ssh-privatekey" in secret.data:
key = base64.b64decode(secret.data["ssh-privatekey"])
passphrase = ""
if "passphrase" in secret.data:
passphrase = base64.b64decode(secret.data["passphrase"])
username = ""
if "username" in secret.data:
username = base64.b64decode(secret.data["username"])
cred = {
'credential_id': annotation_value,
'description': name,
'userName': username,
'passphrase': passphrase,
'private_key': key,
}
creds = j.credentials
if name in creds:
print("replacing existing secret {}".format(name))
del creds[name]
print("creating secret {} of type ssh-key".format(name))
creds[name] = SSHKeyCredential(cred)
def configure_master(settings, docker_url, cert_path) -> bool:
print("Setting up docker")
docker = utils.setup_docker_client(docker_url, cert_path)
containers = docker.containers.list(filters={"name": MASTER_IMAGE})
if len(containers) > 0:
container = containers[0]
print("Finding IP of container...")
ip = utils.get_ip(container, docker, settings)
while len(ip) == 0:
ip = utils.get_ip(container, docker, settings)
container.reload()
jenkins_url = "http://{ip}:8080".format(ip=ip)
while True:
try:
jenkins = Jenkins(jenkins_url)
except:
print("Waiting for jenkins to start...")
time.sleep(5)
else:
break
creds = jenkins.credentials
print("Storing container credentials")
env = govc.build_env(settings)
env = utils.populate_env(env, container)
env["GOVC_GUEST_LOGIN"] = container.id
env["GOVC_VM"] = container.name + "-" + container.id[:12]
files = os.listdir(cert_path)
files = [os.path.join(cert_path, file) for file in files]
destination = "/var/jenkins_home/docker_certs"
govc.run(settings.gopath, env, ["guest.mkdir", destination])
govc.upload(settings.gopath, env, destination, files)
with open("jenkins-ssh-keys/jenkins_ssh") as f:
private_key = f.read()
cred_dict = {
'description': utils.CREDS_DESCRIPTION,
'userName': '******',
'passphrase': '',
'private_key': private_key
}
if utils.CREDS_DESCRIPTION in creds:
print("Deleting existing credentials.")
del creds[utils.CREDS_DESCRIPTION]
print("Uploading new credentials")
creds[utils.CREDS_DESCRIPTION] = SSHKeyCredential(cred_dict)
esx_settings = settings.integration_esx_settings
vch_settings = populate_vch_template_settings(settings)
if not populate_integration_esx_settings(esx_settings):
return False
xml = config_template_integration.format(**esx_settings)
if INTEGRATION_JOB_NAME in jenkins:
print("Updating integration job")
job = jenkins[INTEGRATION_JOB_NAME]
job.update_config(xml)
else:
print("Creating integration job")
job = jenkins.create_job(jobname=INTEGRATION_JOB_NAME, xml=xml)
pprint(job)
xml = config_template_vch.format(**vch_settings)
if VCH_JOB_NAME in jenkins:
print("Updating vch job")
job = jenkins[VCH_JOB_NAME]
job.update_config(xml)
else:
print("Creating vch job")
job = jenkins.create_job(jobname=VCH_JOB_NAME, xml=xml)
pprint(job)
return True
else:
print("Failed to find the container to configure.")
return False