Merge pull request #2 from Vlatombe/authentication-tokens

Complete implementation

Author: Alexander

src/main/java/org/jenkinsci/plugins/kubernetes/auth/AbstractKubernetesAuth.java

@@ -3,8 +3,24 @@
 import com.fasterxml.jackson.core.JsonProcessingException;
 import io.fabric8.kubernetes.client.ConfigBuilder;
 
+/**
+ * Abstracts away a Kubernetes authentication either through kubeconfig format or {@link ConfigBuilder}.
+ */
 public interface KubernetesAuth {
-    ConfigBuilder decorate(ConfigBuilder builder) throws KubernetesAuthException;
+    /**
+     * Decorates a {@link ConfigBuilder} to connect using the current authentication object.
+     * @param builder the configuration to decorate
+     * @return the decorated configuration
+     * @throws KubernetesAuthException if anything fails during the processing of the authentication configuration
+     */
+    ConfigBuilder decorate(ConfigBuilder builder, KubernetesAuthConfig config) throws KubernetesAuthException;
 
-    String buildKubeConfig(String serverUrl, String caCertificate) throws JsonProcessingException;
+    /**
+     * Builds a kube config file content based on the current authentication object.
+     *
+     * @return Kubeconfig file content corresponding to this authentication object.
+     * @throws JsonProcessingException if something fails while generating the json document for kubeconfig
+     * @throws KubernetesAuthException if something fails while dealing with credentials
+     */
+    String buildKubeConfig(KubernetesAuthConfig config) throws JsonProcessingException, KubernetesAuthException;
 }

src/main/java/org/jenkinsci/plugins/kubernetes/auth/KubernetesAuth.java

@@ -0,0 +1,37 @@
+package org.jenkinsci.plugins.kubernetes.auth;
+
+/**
+ * Configuration object for {@link KubernetesAuth} operations.
+ */
+public class KubernetesAuthConfig {
+    /**
+     * Server URL of the API endpoint
+     */
+    private final String serverUrl;
+    /**
+     * Server certificate
+     */
+    private final String caCertificate;
+    /**
+     * Set to true to skip TLS verification
+     */
+    private final boolean skipTlsVerify;
+
+    public KubernetesAuthConfig(String serverUrl, String caCertificate, boolean skipTlsVerify) {
+        this.serverUrl = serverUrl;
+        this.caCertificate = caCertificate;
+        this.skipTlsVerify = skipTlsVerify;
+    }
+
+    public String getServerUrl() {
+        return serverUrl;
+    }
+
+    public String getCaCertificate() {
+        return caCertificate;
+    }
+
+    public boolean isSkipTlsVerify() {
+        return skipTlsVerify;
+    }
+}

src/main/java/org/jenkinsci/plugins/kubernetes/auth/KubernetesAuthCertificate.java

@@ -0,0 +1,49 @@
+package org.jenkinsci.plugins.kubernetes.auth.impl;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import io.fabric8.kubernetes.api.model.AuthInfoBuilder;
+import io.fabric8.kubernetes.api.model.Cluster;
+import io.fabric8.kubernetes.client.internal.SerializationUtils;
+import org.jenkinsci.plugins.kubernetes.auth.KubernetesAuth;
+import org.jenkinsci.plugins.kubernetes.auth.KubernetesAuthConfig;
+import org.jenkinsci.plugins.kubernetes.auth.KubernetesAuthException;
+import org.jenkinsci.plugins.kubernetes.credentials.Utils;
+
+abstract class AbstractKubernetesAuth implements KubernetesAuth {
+    abstract AuthInfoBuilder decorate(AuthInfoBuilder builder, KubernetesAuthConfig config) throws KubernetesAuthException;
+
+    public String buildKubeConfig(KubernetesAuthConfig config) throws JsonProcessingException, KubernetesAuthException {
+        io.fabric8.kubernetes.api.model.ConfigBuilder configBuilder = new io.fabric8.kubernetes.api.model.ConfigBuilder();
+        // setup cluster
+        Cluster cluster = new Cluster();
+        cluster.setServer(config.getServerUrl());
+        String caCertificate = config.getCaCertificate();
+        if (caCertificate != null && !caCertificate.isEmpty()) {
+            cluster.setCertificateAuthorityData(Utils.encodeBase64(Utils.wrapCertificate(caCertificate)));
+        }
+        cluster.setInsecureSkipTlsVerify(config.isSkipTlsVerify());
+        configBuilder
+                .addNewCluster()
+                    .withName("k8s")
+                    .withCluster(cluster)
+                .endCluster();
+
+        // setup user (class-specific)
+        configBuilder
+                .addNewUser()
+                .withName("cluster-admin")
+                    .withUser(decorate(new AuthInfoBuilder(), config).build())
+                .endUser();
+        // setup context
+        configBuilder
+                .addNewContext()
+                    .withName("k8s")
+                    .withNewContext()
+                        .withCluster("k8s")
+                        .withUser("cluster-admin")
+                    .endContext()
+                .endContext();
+        return SerializationUtils.getMapper().writeValueAsString(configBuilder.build());
+    }
+
+}

src/main/java/org/jenkinsci/plugins/kubernetes/auth/KubernetesAuthConfig.java

@@ -0,0 +1,40 @@
+package org.jenkinsci.plugins.kubernetes.auth.impl;
+
+import io.fabric8.kubernetes.api.model.AuthInfoBuilder;
+import io.fabric8.kubernetes.client.ConfigBuilder;
+import org.jenkinsci.plugins.kubernetes.auth.KubernetesAuth;
+import org.jenkinsci.plugins.kubernetes.auth.KubernetesAuthConfig;
+import org.jenkinsci.plugins.kubernetes.credentials.Utils;
+
+public class KubernetesAuthCertificate extends AbstractKubernetesAuth implements KubernetesAuth {
+    private final String certificate;
+
+    private final String key;
+
+    public KubernetesAuthCertificate(String certificate, String key) {
+        this.certificate = certificate;
+        this.key = key;
+    }
+
+    @Override
+    public AuthInfoBuilder decorate(AuthInfoBuilder builder, KubernetesAuthConfig config) {
+        return builder
+                .withClientCertificateData(Utils.encodeBase64(certificate))
+                .withClientKeyData(Utils.encodeBase64(key));
+    }
+
+    @Override
+    public ConfigBuilder decorate(ConfigBuilder builder, KubernetesAuthConfig config) {
+        return builder
+                .withClientCertData(Utils.encodeBase64(certificate))
+                .withClientKeyData(Utils.encodeBase64(key));
+    }
+
+    public String getCertificate() {
+        return certificate;
+    }
+
+    public String getKey() {
+        return key;
+    }
+}