You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by as...@apache.org on 2021/03/30 17:20:42 UTC
[camel-k] branch master updated (9e38411 -> 8adc29b)
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git.
from 9e38411 Updated CHANGELOG.md
new e913ccf feat(build): Add CA cert from user Secret into Maven build JVM trust store
new 86722fb feat(build): Support custom CA certificate for Catalog builds
new 87d2353 chore(build): regen CRDs with CA certificate support
new 4e2a7b2 feat(build): Support custom CA certificate in OpenAPI builds
new 2d66b6b feat(build): Do not override user-provided Maven options
new 1d66557 feat(build): Import root CA certificates into custom truststore
new 8515b4d feat(build): Manage truststore password
new 1d1c8d1 chore: Clean-up util methods
new ee8e20b chore: Rename Maven CA Secret field
new ee8468d chore(build): Re-create parent build directory after clean-up
new 0867183 feat(build): Pipe CA Secret data into keytool stdin directly
new 517fa6d feat(build): Add install option to configure Maven CA secret
new 84d8910 test: Maven CA secret e2e tests
new 64e507c test: Fix HTTPD in non-root container
new a3f3361 test: Fix HTTPS authorization
new bc16ba0 test: Correct Maven central proxy Nexus URL
new 0705bf9 test: Add readiness probe to Nexus deployment
new 2c035d3 test: Free more disk space in Kubernetes workflow setup
new d4cf4ee test: Fix HTTPD proxy mutex permission issue
new 8adc29b test: Create Apache Snapshots proxy repository with Nexus REST API
The 20 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.github/workflows/kubernetes.yml | 4 +
config/crd/bases/camel.apache.org_builds.yaml | 27 ++
.../camel.apache.org_integrationplatforms.yaml | 48 +++
.../1.4.0-snapshot/camel.apache.org_builds.yaml | 27 ++
.../camel.apache.org_integrationplatforms.yaml | 48 +++
e2e/common/{traits => build}/files/Java.java | 0
e2e/common/build/maven_ca_secret_test.go | 421 +++++++++++++++++++++
helm/camel-k/crds/crd-build.yaml | 27 ++
helm/camel-k/crds/crd-integration-platform.yaml | 48 +++
pkg/apis/camel/v1/common_types.go | 13 +-
pkg/apis/camel/v1/zz_generated.deepcopy.go | 5 +
pkg/builder/project.go | 28 +-
pkg/builder/quarkus.go | 17 +-
pkg/builder/types.go | 6 +-
pkg/cmd/install.go | 33 +-
pkg/cmd/util_dependencies.go | 3 +-
pkg/install/operator.go | 2 +-
pkg/resources/resources.go | 8 +-
pkg/trait/openapi.go | 29 +-
pkg/trait/quarkus_test.go | 2 +-
pkg/trait/toleration.go | 2 +-
pkg/util/camel/catalog.go | 29 +-
pkg/util/jvm/keystore.go | 98 +++++
pkg/util/kubernetes/{camel_labels.go => camel.go} | 4 +-
pkg/util/kubernetes/{core_client.go => client.go} | 84 ++--
.../kubernetes/{core_factory.go => factory.go} | 2 +-
pkg/util/kubernetes/util.go | 2 -
pkg/util/maven/maven.go | 47 ++-
pkg/util/maven/maven_types.go | 11 +-
pkg/util/olm/operator.go | 2 +-
script/Makefile | 1 +
31 files changed, 964 insertions(+), 114 deletions(-)
copy e2e/common/{traits => build}/files/Java.java (100%)
create mode 100644 e2e/common/build/maven_ca_secret_test.go
create mode 100644 pkg/util/jvm/keystore.go
rename pkg/util/kubernetes/{camel_labels.go => camel.go} (98%)
rename pkg/util/kubernetes/{core_client.go => client.go} (60%)
rename pkg/util/kubernetes/{core_factory.go => factory.go} (96%)
[camel-k] 05/20: feat(build): Do not override user-provided Maven
options
Posted by as...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 2d66b6b8523127f1a1a4f5911df34470913278fe
Author: Antonin Stefanutti <an...@stefanutti.fr>
AuthorDate: Thu Mar 25 18:55:53 2021 +0100
feat(build): Do not override user-provided Maven options
---
pkg/util/maven/maven.go | 54 ++++++++++++++++++++++++++++++++++---------------
1 file changed, 38 insertions(+), 16 deletions(-)
diff --git a/pkg/util/maven/maven.go b/pkg/util/maven/maven.go
index f49658f..081e35e 100644
--- a/pkg/util/maven/maven.go
+++ b/pkg/util/maven/maven.go
@@ -124,26 +124,48 @@ func Run(ctx Context) error {
cmd.Stdout = os.Stdout
}
- mavenOpts, ok := os.LookupEnv("MAVEN_OPTS")
- // FIXME: do not override duplicated Maven options
- mavenOpts = strings.Join(append(strings.Fields(mavenOpts), ctx.ExtraMavenOpts...), " ")
-
- // Inherit the parent process environment
- env := os.Environ()
- if !ok {
- env = append(env, mavenOpts)
- } else {
- for i, e := range env {
- if strings.HasPrefix(e, "MAVEN_OPTS=") {
- env[i] = mavenOpts
- break
+ var mavenOptions string
+ if len(ctx.ExtraMavenOpts) > 0 {
+ // Inherit the parent process environment
+ env := os.Environ()
+
+ mavenOpts, ok := os.LookupEnv("MAVEN_OPTS")
+ if !ok {
+ mavenOptions = strings.Join(ctx.ExtraMavenOpts, " ")
+ env = append(env, "MAVEN_OPTS="+mavenOptions)
+ } else {
+ var extraOptions []string
+ options := strings.Fields(mavenOpts)
+ for _, extraOption := range ctx.ExtraMavenOpts {
+ // Basic duplicated key detection, that should be improved
+ // to support a wider range of JVM options
+ key := strings.SplitN(extraOption, "=", 2)[0]
+ exists := false
+ for _, opt := range options {
+ if strings.HasPrefix(opt, key) {
+ exists = true
+ break
+ }
+ }
+ if !exists {
+ extraOptions = append(extraOptions, extraOption)
+ }
+ }
+
+ options = append(options, extraOptions...)
+ mavenOptions = strings.Join(options, " ")
+ for i, e := range env {
+ if strings.HasPrefix(e, "MAVEN_OPTS=") {
+ env[i] = "MAVEN_OPTS=" + mavenOptions
+ break
+ }
}
}
- }
- cmd.Env = env
+ cmd.Env = env
+ }
- Log.WithValues("timeout", timeout.String(), "env", env).
+ Log.WithValues("timeout", timeout.String(), "MAVEN_OPTS", mavenOptions).
Infof("executing: %s", strings.Join(cmd.Args, " "))
return cmd.Run()
[camel-k] 19/20: test: Fix HTTPD proxy mutex permission issue
Posted by as...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit d4cf4eee50449c90b83c058c2d1c5be208314db9
Author: Antonin Stefanutti <an...@stefanutti.fr>
AuthorDate: Tue Mar 30 10:42:31 2021 +0200
test: Fix HTTPD proxy mutex permission issue
---
e2e/common/build/maven_ca_secret_test.go | 2 ++
1 file changed, 2 insertions(+)
diff --git a/e2e/common/build/maven_ca_secret_test.go b/e2e/common/build/maven_ca_secret_test.go
index 4151a23..46f0567 100644
--- a/e2e/common/build/maven_ca_secret_test.go
+++ b/e2e/common/build/maven_ca_secret_test.go
@@ -134,6 +134,8 @@ LoadModule status_module /usr/local/apache2/modules/mod_status.so
LoadModule autoindex_module /usr/local/apache2/modules/mod_autoindex.so
LoadModule ssl_module /usr/local/apache2/modules/mod_ssl.so
+Mutex posixsem
+
ErrorLog /proc/self/fd/2
LogLevel warn
[camel-k] 11/20: feat(build): Pipe CA Secret data into keytool
stdin directly
Posted by as...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 0867183a0a68ed9151beb585496f5573f74353f2
Author: Antonin Stefanutti <an...@stefanutti.fr>
AuthorDate: Fri Mar 26 18:34:03 2021 +0100
feat(build): Pipe CA Secret data into keytool stdin directly
---
pkg/util/jvm/keystore.go | 15 ++++-----------
1 file changed, 4 insertions(+), 11 deletions(-)
diff --git a/pkg/util/jvm/keystore.go b/pkg/util/jvm/keystore.go
index 0a3fe1a..eb055b2 100644
--- a/pkg/util/jvm/keystore.go
+++ b/pkg/util/jvm/keystore.go
@@ -18,6 +18,7 @@ limitations under the License.
package jvm
import (
+ "bytes"
"context"
"fmt"
"math/rand"
@@ -26,25 +27,17 @@ import (
"path"
"strings"
"time"
-
- "github.com/apache/camel-k/pkg/util"
)
func GenerateKeystore(ctx context.Context, keystoreDir, keystoreName, keystorePass string, data []byte) error {
- tmpFile := "ca-cert.tmp"
- err := util.WriteFileWithContent(keystoreDir, tmpFile, data)
- if err != nil {
- return err
- }
- defer os.Remove(path.Join(keystoreDir, tmpFile))
-
- args := strings.Fields(fmt.Sprintf("-importcert -noprompt -alias maven -storepass %s -file %s -keystore %s", keystorePass, tmpFile, keystoreName))
+ args := strings.Fields(fmt.Sprintf("-importcert -noprompt -alias maven -storepass %s -keystore %s", keystorePass, keystoreName))
cmd := exec.CommandContext(ctx, "keytool", args...)
cmd.Dir = keystoreDir
+ cmd.Stdin = bytes.NewReader(data)
cmd.Stderr = os.Stderr
cmd.Stdout = os.Stdout
- err = cmd.Run()
+ err := cmd.Run()
if err != nil {
return err
}
[camel-k] 08/20: chore: Clean-up util methods
Posted by as...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 1d1c8d12de528d556a12d430d6a9a9106f029a0c
Author: Antonin Stefanutti <an...@stefanutti.fr>
AuthorDate: Fri Mar 26 15:29:28 2021 +0100
chore: Clean-up util methods
---
pkg/install/operator.go | 2 +-
pkg/trait/toleration.go | 2 +-
pkg/util/kubernetes/{camel_labels.go => camel.go} | 4 +-
pkg/util/kubernetes/{core_client.go => client.go} | 46 ----------------------
.../kubernetes/{core_factory.go => factory.go} | 2 +-
pkg/util/olm/operator.go | 2 +-
6 files changed, 6 insertions(+), 52 deletions(-)
diff --git a/pkg/install/operator.go b/pkg/install/operator.go
index 9798d1a..1fc6cf7 100644
--- a/pkg/install/operator.go
+++ b/pkg/install/operator.go
@@ -90,7 +90,7 @@ func OperatorOrCollect(ctx context.Context, c client.Client, cfg OperatorConfigu
if cfg.Tolerations != nil {
if d, ok := o.(*appsv1.Deployment); ok {
if d.Labels["camel.apache.org/component"] == "operator" {
- tolerations, err := kubernetes.GetTolerations(cfg.Tolerations)
+ tolerations, err := kubernetes.NewTolerations(cfg.Tolerations)
if err != nil {
fmt.Println("Warning: could not parse the configured tolerations!")
}
diff --git a/pkg/trait/toleration.go b/pkg/trait/toleration.go
index 9b97c6e..bc0fd8e 100644
--- a/pkg/trait/toleration.go
+++ b/pkg/trait/toleration.go
@@ -66,7 +66,7 @@ func (t *tolerationTrait) Configure(e *Environment) (bool, error) {
}
func (t *tolerationTrait) Apply(e *Environment) (err error) {
- tolerations, err := kubernetes.GetTolerations(t.Taints)
+ tolerations, err := kubernetes.NewTolerations(t.Taints)
if err != nil {
return err
}
diff --git a/pkg/util/kubernetes/camel_labels.go b/pkg/util/kubernetes/camel.go
similarity index 98%
rename from pkg/util/kubernetes/camel_labels.go
rename to pkg/util/kubernetes/camel.go
index cc31559..ca487b5 100644
--- a/pkg/util/kubernetes/camel_labels.go
+++ b/pkg/util/kubernetes/camel.go
@@ -20,13 +20,13 @@ package kubernetes
import (
"strings"
- camelv1 "github.com/apache/camel-k/pkg/apis/camel/v1"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
+
+ camelv1 "github.com/apache/camel-k/pkg/apis/camel/v1"
)
-// CamelCreatorLabelPrefix --
const (
CamelCreatorLabelPrefix = "camel.apache.org/created.by"
diff --git a/pkg/util/kubernetes/core_client.go b/pkg/util/kubernetes/client.go
similarity index 83%
rename from pkg/util/kubernetes/core_client.go
rename to pkg/util/kubernetes/client.go
index 621a90f..ceecef5 100644
--- a/pkg/util/kubernetes/core_client.go
+++ b/pkg/util/kubernetes/client.go
@@ -30,7 +30,6 @@ import (
"github.com/apache/camel-k/pkg/client"
)
-// GetIntegrationPlatform --
func GetIntegrationPlatform(context context.Context, client ctrl.Reader, name string, namespace string) (*v1.IntegrationPlatform, error) {
key := ctrl.ObjectKey{
Name: name,
@@ -46,7 +45,6 @@ func GetIntegrationPlatform(context context.Context, client ctrl.Reader, name st
return &answer, nil
}
-// GetIntegrationKit --
func GetIntegrationKit(context context.Context, client ctrl.Reader, name string, namespace string) (*v1.IntegrationKit, error) {
key := ctrl.ObjectKey{
Name: name,
@@ -62,23 +60,6 @@ func GetIntegrationKit(context context.Context, client ctrl.Reader, name string,
return &answer, nil
}
-// GetIntegration --
-func GetIntegration(context context.Context, client ctrl.Reader, name string, namespace string) (*v1.Integration, error) {
- key := ctrl.ObjectKey{
- Name: name,
- Namespace: namespace,
- }
-
- answer := v1.NewIntegration(namespace, name)
-
- if err := client.Get(context, key, &answer); err != nil {
- return nil, err
- }
-
- return &answer, nil
-}
-
-// GetBuild --
func GetBuild(context context.Context, client client.Client, name string, namespace string) (*v1.Build, error) {
key := ctrl.ObjectKey{
Name: name,
@@ -94,7 +75,6 @@ func GetBuild(context context.Context, client client.Client, name string, namesp
return &answer, nil
}
-// GetConfigMap --
func GetConfigMap(context context.Context, client ctrl.Reader, name string, namespace string) (*corev1.ConfigMap, error) {
key := ctrl.ObjectKey{
Name: name,
@@ -119,7 +99,6 @@ func GetConfigMap(context context.Context, client ctrl.Reader, name string, name
return &answer, nil
}
-// GetSecret --
func GetSecret(context context.Context, client ctrl.Reader, name string, namespace string) (*corev1.Secret, error) {
key := ctrl.ObjectKey{
Name: name,
@@ -144,31 +123,6 @@ func GetSecret(context context.Context, client ctrl.Reader, name string, namespa
return &answer, nil
}
-// GetService --
-func GetService(context context.Context, client ctrl.Reader, name string, namespace string) (*corev1.Service, error) {
- key := ctrl.ObjectKey{
- Name: name,
- Namespace: namespace,
- }
-
- answer := corev1.Service{
- TypeMeta: metav1.TypeMeta{
- Kind: "Service",
- APIVersion: "v1",
- },
- ObjectMeta: metav1.ObjectMeta{
- Name: name,
- Namespace: namespace,
- },
- }
-
- if err := client.Get(context, key, &answer); err != nil {
- return nil, err
- }
-
- return &answer, nil
-}
-
// GetSecretRefValue returns the value of a secret in the supplied namespace
func GetSecretRefValue(ctx context.Context, client ctrl.Reader, namespace string, selector *corev1.SecretKeySelector) (string, error) {
data, err := GetSecretRefData(ctx, client, namespace, selector)
diff --git a/pkg/util/kubernetes/core_factory.go b/pkg/util/kubernetes/factory.go
similarity index 96%
rename from pkg/util/kubernetes/core_factory.go
rename to pkg/util/kubernetes/factory.go
index 5ae1891..a85c472 100644
--- a/pkg/util/kubernetes/core_factory.go
+++ b/pkg/util/kubernetes/factory.go
@@ -28,7 +28,7 @@ import (
var validTaintRegexp = regexp.MustCompile(`^([\w\/_\-\.]+)(=)?([\w_\-\.]+)?:(NoSchedule|NoExecute|PreferNoSchedule):?(\d*)?$`)
// GetTolerations build an array of Tolerations from an array of string
-func GetTolerations(taints []string) ([]corev1.Toleration, error) {
+func NewTolerations(taints []string) ([]corev1.Toleration, error) {
tolerations := make([]corev1.Toleration, 0)
for _, t := range taints {
if !validTaintRegexp.MatchString(t) {
diff --git a/pkg/util/olm/operator.go b/pkg/util/olm/operator.go
index 360cc15..896b241 100644
--- a/pkg/util/olm/operator.go
+++ b/pkg/util/olm/operator.go
@@ -207,7 +207,7 @@ func Install(ctx context.Context, client client.Client, namespace string, global
func maybeSetTolerations(sub *operatorsv1alpha1.Subscription, tolArray []string) error {
if tolArray != nil {
- tolerations, err := kubernetes.GetTolerations(tolArray)
+ tolerations, err := kubernetes.NewTolerations(tolArray)
if err != nil {
return err
}
[camel-k] 09/20: chore: Rename Maven CA Secret field
Posted by as...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit ee8e20b6962121ed5f82a70a5a138f4568565252
Author: Antonin Stefanutti <an...@stefanutti.fr>
AuthorDate: Fri Mar 26 15:54:56 2021 +0100
chore: Rename Maven CA Secret field
---
config/crd/bases/camel.apache.org_builds.yaml | 14 +++++++----
.../camel.apache.org_integrationplatforms.yaml | 28 ++++++++++++----------
.../1.4.0-snapshot/camel.apache.org_builds.yaml | 14 +++++++----
.../camel.apache.org_integrationplatforms.yaml | 28 ++++++++++++----------
helm/camel-k/crds/crd-build.yaml | 14 +++++++----
helm/camel-k/crds/crd-integration-platform.yaml | 28 ++++++++++++----------
pkg/apis/camel/v1/common_types.go | 13 ++++++----
pkg/apis/camel/v1/zz_generated.deepcopy.go | 4 ++--
pkg/builder/project.go | 4 ++--
pkg/resources/resources.go | 8 +++----
pkg/trait/openapi.go | 4 ++--
pkg/util/camel/catalog.go | 4 ++--
pkg/util/jvm/keystore.go | 2 +-
13 files changed, 96 insertions(+), 69 deletions(-)
diff --git a/config/crd/bases/camel.apache.org_builds.yaml b/config/crd/bases/camel.apache.org_builds.yaml
index 0ddd9ed..24000ef 100644
--- a/config/crd/bases/camel.apache.org_builds.yaml
+++ b/config/crd/bases/camel.apache.org_builds.yaml
@@ -127,12 +127,16 @@ spec:
maven:
description: MavenSpec --
properties:
- caCert:
- description: The Secret key containing the CA certificate
- used to connect to remote repositories. A JKS formatted
+ caSecret:
+ description: The Secret name and key, containing the
+ CA certificate(s) used to connect to remote Maven
+ repositories. It can contain X.509 certificates, and
+ PKCS#7 formatted certificate chains. A JKS formatted
keystore is automatically created to store the CA
- certificate, and configured to be used as a trusted
- certificate by the Maven command.
+ certificate(s), and configured to be used as a trusted
+ certificate(s) by the Maven commands. Note that the
+ root CA certificates are also imported into the created
+ keystore.
properties:
key:
description: The key of the secret to select from. Must
diff --git a/config/crd/bases/camel.apache.org_integrationplatforms.yaml b/config/crd/bases/camel.apache.org_integrationplatforms.yaml
index bf34421..bdf0044 100644
--- a/config/crd/bases/camel.apache.org_integrationplatforms.yaml
+++ b/config/crd/bases/camel.apache.org_integrationplatforms.yaml
@@ -81,12 +81,14 @@ spec:
maven:
description: MavenSpec --
properties:
- caCert:
- description: The Secret key containing the CA certificate
- used to connect to remote repositories. A JKS formatted
- keystore is automatically created to store the CA certificate,
- and configured to be used as a trusted certificate by the
- Maven command.
+ caSecret:
+ description: The Secret name and key, containing the CA certificate(s)
+ used to connect to remote Maven repositories. It can contain
+ X.509 certificates, and PKCS#7 formatted certificate chains.
+ A JKS formatted keystore is automatically created to store
+ the CA certificate(s), and configured to be used as a trusted
+ certificate(s) by the Maven commands. Note that the root
+ CA certificates are also imported into the created keystore.
properties:
key:
description: The key of the secret to select from. Must
@@ -251,12 +253,14 @@ spec:
maven:
description: MavenSpec --
properties:
- caCert:
- description: The Secret key containing the CA certificate
- used to connect to remote repositories. A JKS formatted
- keystore is automatically created to store the CA certificate,
- and configured to be used as a trusted certificate by the
- Maven command.
+ caSecret:
+ description: The Secret name and key, containing the CA certificate(s)
+ used to connect to remote Maven repositories. It can contain
+ X.509 certificates, and PKCS#7 formatted certificate chains.
+ A JKS formatted keystore is automatically created to store
+ the CA certificate(s), and configured to be used as a trusted
+ certificate(s) by the Maven commands. Note that the root
+ CA certificates are also imported into the created keystore.
properties:
key:
description: The key of the secret to select from. Must
diff --git a/deploy/olm-catalog/camel-k-dev/1.4.0-snapshot/camel.apache.org_builds.yaml b/deploy/olm-catalog/camel-k-dev/1.4.0-snapshot/camel.apache.org_builds.yaml
index 0ddd9ed..24000ef 100644
--- a/deploy/olm-catalog/camel-k-dev/1.4.0-snapshot/camel.apache.org_builds.yaml
+++ b/deploy/olm-catalog/camel-k-dev/1.4.0-snapshot/camel.apache.org_builds.yaml
@@ -127,12 +127,16 @@ spec:
maven:
description: MavenSpec --
properties:
- caCert:
- description: The Secret key containing the CA certificate
- used to connect to remote repositories. A JKS formatted
+ caSecret:
+ description: The Secret name and key, containing the
+ CA certificate(s) used to connect to remote Maven
+ repositories. It can contain X.509 certificates, and
+ PKCS#7 formatted certificate chains. A JKS formatted
keystore is automatically created to store the CA
- certificate, and configured to be used as a trusted
- certificate by the Maven command.
+ certificate(s), and configured to be used as a trusted
+ certificate(s) by the Maven commands. Note that the
+ root CA certificates are also imported into the created
+ keystore.
properties:
key:
description: The key of the secret to select from. Must
diff --git a/deploy/olm-catalog/camel-k-dev/1.4.0-snapshot/camel.apache.org_integrationplatforms.yaml b/deploy/olm-catalog/camel-k-dev/1.4.0-snapshot/camel.apache.org_integrationplatforms.yaml
index bf34421..bdf0044 100644
--- a/deploy/olm-catalog/camel-k-dev/1.4.0-snapshot/camel.apache.org_integrationplatforms.yaml
+++ b/deploy/olm-catalog/camel-k-dev/1.4.0-snapshot/camel.apache.org_integrationplatforms.yaml
@@ -81,12 +81,14 @@ spec:
maven:
description: MavenSpec --
properties:
- caCert:
- description: The Secret key containing the CA certificate
- used to connect to remote repositories. A JKS formatted
- keystore is automatically created to store the CA certificate,
- and configured to be used as a trusted certificate by the
- Maven command.
+ caSecret:
+ description: The Secret name and key, containing the CA certificate(s)
+ used to connect to remote Maven repositories. It can contain
+ X.509 certificates, and PKCS#7 formatted certificate chains.
+ A JKS formatted keystore is automatically created to store
+ the CA certificate(s), and configured to be used as a trusted
+ certificate(s) by the Maven commands. Note that the root
+ CA certificates are also imported into the created keystore.
properties:
key:
description: The key of the secret to select from. Must
@@ -251,12 +253,14 @@ spec:
maven:
description: MavenSpec --
properties:
- caCert:
- description: The Secret key containing the CA certificate
- used to connect to remote repositories. A JKS formatted
- keystore is automatically created to store the CA certificate,
- and configured to be used as a trusted certificate by the
- Maven command.
+ caSecret:
+ description: The Secret name and key, containing the CA certificate(s)
+ used to connect to remote Maven repositories. It can contain
+ X.509 certificates, and PKCS#7 formatted certificate chains.
+ A JKS formatted keystore is automatically created to store
+ the CA certificate(s), and configured to be used as a trusted
+ certificate(s) by the Maven commands. Note that the root
+ CA certificates are also imported into the created keystore.
properties:
key:
description: The key of the secret to select from. Must
diff --git a/helm/camel-k/crds/crd-build.yaml b/helm/camel-k/crds/crd-build.yaml
index 0ddd9ed..24000ef 100644
--- a/helm/camel-k/crds/crd-build.yaml
+++ b/helm/camel-k/crds/crd-build.yaml
@@ -127,12 +127,16 @@ spec:
maven:
description: MavenSpec --
properties:
- caCert:
- description: The Secret key containing the CA certificate
- used to connect to remote repositories. A JKS formatted
+ caSecret:
+ description: The Secret name and key, containing the
+ CA certificate(s) used to connect to remote Maven
+ repositories. It can contain X.509 certificates, and
+ PKCS#7 formatted certificate chains. A JKS formatted
keystore is automatically created to store the CA
- certificate, and configured to be used as a trusted
- certificate by the Maven command.
+ certificate(s), and configured to be used as a trusted
+ certificate(s) by the Maven commands. Note that the
+ root CA certificates are also imported into the created
+ keystore.
properties:
key:
description: The key of the secret to select from. Must
diff --git a/helm/camel-k/crds/crd-integration-platform.yaml b/helm/camel-k/crds/crd-integration-platform.yaml
index bf34421..bdf0044 100644
--- a/helm/camel-k/crds/crd-integration-platform.yaml
+++ b/helm/camel-k/crds/crd-integration-platform.yaml
@@ -81,12 +81,14 @@ spec:
maven:
description: MavenSpec --
properties:
- caCert:
- description: The Secret key containing the CA certificate
- used to connect to remote repositories. A JKS formatted
- keystore is automatically created to store the CA certificate,
- and configured to be used as a trusted certificate by the
- Maven command.
+ caSecret:
+ description: The Secret name and key, containing the CA certificate(s)
+ used to connect to remote Maven repositories. It can contain
+ X.509 certificates, and PKCS#7 formatted certificate chains.
+ A JKS formatted keystore is automatically created to store
+ the CA certificate(s), and configured to be used as a trusted
+ certificate(s) by the Maven commands. Note that the root
+ CA certificates are also imported into the created keystore.
properties:
key:
description: The key of the secret to select from. Must
@@ -251,12 +253,14 @@ spec:
maven:
description: MavenSpec --
properties:
- caCert:
- description: The Secret key containing the CA certificate
- used to connect to remote repositories. A JKS formatted
- keystore is automatically created to store the CA certificate,
- and configured to be used as a trusted certificate by the
- Maven command.
+ caSecret:
+ description: The Secret name and key, containing the CA certificate(s)
+ used to connect to remote Maven repositories. It can contain
+ X.509 certificates, and PKCS#7 formatted certificate chains.
+ A JKS formatted keystore is automatically created to store
+ the CA certificate(s), and configured to be used as a trusted
+ certificate(s) by the Maven commands. Note that the root
+ CA certificates are also imported into the created keystore.
properties:
key:
description: The key of the secret to select from. Must
diff --git a/pkg/apis/camel/v1/common_types.go b/pkg/apis/camel/v1/common_types.go
index f09d21d..a94d604 100644
--- a/pkg/apis/camel/v1/common_types.go
+++ b/pkg/apis/camel/v1/common_types.go
@@ -85,11 +85,14 @@ type PlatformInjectable interface {
type MavenSpec struct {
LocalRepository string `json:"localRepository,omitempty"`
Settings ValueSource `json:"settings,omitempty"`
- // The Secret key containing the CA certificate used to connect to remote repositories.
- // A JKS formatted keystore is automatically created to store the CA certificate,
- // and configured to be used as a trusted certificate by the Maven command.
- CaCert *corev1.SecretKeySelector `json:"caCert,omitempty"`
- Timeout *metav1.Duration `json:"timeout,omitempty"`
+ // The Secret name and key, containing the CA certificate(s) used to connect
+ // to remote Maven repositories.
+ // It can contain X.509 certificates, and PKCS#7 formatted certificate chains.
+ // A JKS formatted keystore is automatically created to store the CA certificate(s),
+ // and configured to be used as a trusted certificate(s) by the Maven commands.
+ // Note that the root CA certificates are also imported into the created keystore.
+ CASecret *corev1.SecretKeySelector `json:"caSecret,omitempty"`
+ Timeout *metav1.Duration `json:"timeout,omitempty"`
}
// ValueSource --
diff --git a/pkg/apis/camel/v1/zz_generated.deepcopy.go b/pkg/apis/camel/v1/zz_generated.deepcopy.go
index c8e1ff6..79d16d3 100644
--- a/pkg/apis/camel/v1/zz_generated.deepcopy.go
+++ b/pkg/apis/camel/v1/zz_generated.deepcopy.go
@@ -1264,8 +1264,8 @@ func (in *MavenArtifact) DeepCopy() *MavenArtifact {
func (in *MavenSpec) DeepCopyInto(out *MavenSpec) {
*out = *in
in.Settings.DeepCopyInto(&out.Settings)
- if in.CaCert != nil {
- in, out := &in.CaCert, &out.CaCert
+ if in.CASecret != nil {
+ in, out := &in.CASecret, &out.CASecret
*out = new(corev1.SecretKeySelector)
(*in).DeepCopyInto(*out)
}
diff --git a/pkg/builder/project.go b/pkg/builder/project.go
index e7b59b6..45f8835 100644
--- a/pkg/builder/project.go
+++ b/pkg/builder/project.go
@@ -67,11 +67,11 @@ func cleanUpBuildDir(ctx *builderContext) error {
}
func generateJavaKeystore(ctx *builderContext) error {
- if ctx.Build.Maven.CaCert == nil {
+ if ctx.Build.Maven.CASecret == nil {
return nil
}
- certData, err := kubernetes.GetSecretRefData(ctx.C, ctx.Client, ctx.Namespace, ctx.Build.Maven.CaCert)
+ certData, err := kubernetes.GetSecretRefData(ctx.C, ctx.Client, ctx.Namespace, ctx.Build.Maven.CASecret)
if err != nil {
return err
}
diff --git a/pkg/resources/resources.go b/pkg/resources/resources.go
index 80763e2..a87581c 100644
--- a/pkg/resources/resources.go
+++ b/pkg/resources/resources.go
@@ -78,9 +78,9 @@ var assets = func() http.FileSystem {
"/crd/bases/camel.apache.org_builds.yaml": &vfsgen۰CompressedFileInfo{
name: "camel.apache.org_builds.yaml",
modTime: time.Time{},
- uncompressedSize: 22436,
+ uncompressedSize: 22748,
- compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xec\x5c\xdf\x73\xdb\x36\xf2\x7f\xd7\x5f\xb1\x13\x3f\x24\x99\xb1\xa8\xa6\xed\xf7\x3b\x1d\xdd\xc3\x8d\x2a\x27\x73\xba\x24\xb6\xc7\x72\xd2\xe9\xe3\x8a\x5c\x51\xa8\x48\x80\x07\x80\x96\xd5\x9b\xfb\xdf\x6f\x00\x90\x12\x65\xf1\x07\x68\x2b\xad\xef\xce\x78\x49\x4c\x01\x8b\xfd\x85\xcf\xee\x82\x20\xce\x60\x78\xba\x36\x38\x83\x4f\x2c\x24\xae\x28\x02\x2d\x40\xaf\x08\x26\x19\x86\x2b\x82\xb9\x58\xea\x0d\x4a\x82\x0f\x22\xe7\x11\x6a\x [...]
+ compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xec\x5c\xdd\x73\xdb\x38\x92\x7f\xd7\x5f\xd1\x15\x3f\x24\xa9\xb2\xa8\x64\x3e\xee\xe6\x7c\x0f\x57\x1a\x25\xa9\xd3\x26\xb1\x5d\x96\x93\xd9\x79\x6c\x91\x2d\x0a\x23\x12\xe0\x02\xa0\x64\xcd\xd6\xfe\xef\x5b\x00\x48\x49\xb4\xf8\x01\xda\xca\x8c\x77\xd7\x78\x49\x4c\x01\x8d\xfe\xc2\xaf\xbb\x41\x10\x67\x30\x3c\x5d\x1b\x9c\xc1\x27\x16\x12\x57\x14\x81\x16\xa0\x97\x04\xe3\x0c\xc3\x25\xc1\x4c\x2c\xf4\x06\x25\xc1\x07\x91\xf3\x08\x35\x [...]
},
"/crd/bases/camel.apache.org_camelcatalogs.yaml": &vfsgen۰CompressedFileInfo{
name: "camel.apache.org_camelcatalogs.yaml",
@@ -99,9 +99,9 @@ var assets = func() http.FileSystem {
"/crd/bases/camel.apache.org_integrationplatforms.yaml": &vfsgen۰CompressedFileInfo{
name: "camel.apache.org_integrationplatforms.yaml",
modTime: time.Time{},
- uncompressedSize: 19424,
+ uncompressedSize: 19896,
- compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xec\x5c\x5f\x8f\xdb\xb8\x11\x7f\xd7\xa7\x18\xc4\x0f\xb9\x03\xd6\xf2\xa5\xed\x43\xe1\x3e\x14\x3e\x27\x41\xdd\x24\xbb\x8b\xb5\x93\xc3\x3d\xd2\xd2\x58\xe6\x99\x22\x55\x92\x5a\xc7\x57\xf4\xbb\x17\x43\x4a\xb6\xbc\xd6\xbf\xf5\xe6\xd0\xf6\x2a\xbe\x24\x96\xc8\xe1\xfc\xfd\x71\xc8\xa1\x76\x04\xe3\x6f\xd7\x82\x11\x7c\xe4\x11\x4a\x83\x31\x58\x05\x76\x8b\x30\xcb\x58\xb4\x45\x58\xaa\x8d\xdd\x33\x8d\xf0\x5e\xe5\x32\x66\x96\x2b\x09\x [...]
+ compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xec\x5c\x5f\x73\xdb\xb8\x11\x7f\xe7\xa7\xd8\x89\x1e\x72\x99\xb1\xa8\xa4\x7f\xa6\xad\xfa\xd0\xd1\x29\xc9\x54\x75\x62\x7b\x2c\x25\xd7\x7b\x84\xc8\x15\x85\x13\x08\xb0\x00\x68\x45\xd7\xe9\x77\xef\x2c\x40\x4a\x94\x45\x52\xb4\xec\x9b\xb6\x57\xe2\xc5\x96\x08\x2c\xf6\xef\x0f\x0b\x2c\xa8\x01\x0c\x5f\xae\x05\x03\xf8\xc4\x23\x94\x06\x63\xb0\x0a\xec\x1a\x61\x92\xb1\x68\x8d\x30\x57\x2b\xbb\x65\x1a\xe1\xa3\xca\x65\xcc\x2c\x57\x12\x [...]
},
"/crd/bases/camel.apache.org_integrations.yaml": &vfsgen۰CompressedFileInfo{
name: "camel.apache.org_integrations.yaml",
diff --git a/pkg/trait/openapi.go b/pkg/trait/openapi.go
index d652599..9ba84cf 100644
--- a/pkg/trait/openapi.go
+++ b/pkg/trait/openapi.go
@@ -215,8 +215,8 @@ func (t *openAPITrait) createNewOpenAPIConfigMap(e *Environment, resource v1.Res
mc.SettingsContent = []byte(settings)
}
- if e.Platform.Status.Build.Maven.CaCert != nil {
- certData, err := kubernetes.GetSecretRefData(e.C, e.Client, e.Platform.Namespace, e.Platform.Status.Build.Maven.CaCert)
+ if e.Platform.Status.Build.Maven.CASecret != nil {
+ certData, err := kubernetes.GetSecretRefData(e.C, e.Client, e.Platform.Namespace, e.Platform.Status.Build.Maven.CASecret)
if err != nil {
return err
}
diff --git a/pkg/util/camel/catalog.go b/pkg/util/camel/catalog.go
index 6b8ee38..47a5359 100644
--- a/pkg/util/camel/catalog.go
+++ b/pkg/util/camel/catalog.go
@@ -76,8 +76,8 @@ func GenerateCatalog(
}
var caCert []byte
- if mvn.CaCert != nil {
- caCert, err = kubernetes.GetSecretRefData(ctx, client, namespace, mvn.CaCert)
+ if mvn.CASecret != nil {
+ caCert, err = kubernetes.GetSecretRefData(ctx, client, namespace, mvn.CASecret)
if err != nil {
return nil, err
}
diff --git a/pkg/util/jvm/keystore.go b/pkg/util/jvm/keystore.go
index 7a8e753..0a3fe1a 100644
--- a/pkg/util/jvm/keystore.go
+++ b/pkg/util/jvm/keystore.go
@@ -49,7 +49,7 @@ func GenerateKeystore(ctx context.Context, keystoreDir, keystoreName, keystorePa
return err
}
- // Try to locale root CA certificates truststore, in order to import them
+ // Try to locate root CA certificates truststore, in order to import them
// into the newly created truststore. It avoids tempering the system-wide
// JVM truststore.
javaHome, ok := os.LookupEnv("JAVA_HOME")
[camel-k] 17/20: test: Add readiness probe to Nexus deployment
Posted by as...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 0705bf9757288cc82c25bcd4fc6baea90e4cc38c
Author: Antonin Stefanutti <an...@stefanutti.fr>
AuthorDate: Mon Mar 29 19:21:25 2021 +0200
test: Add readiness probe to Nexus deployment
---
e2e/common/build/maven_ca_secret_test.go | 25 ++++++++++++++++++++-----
1 file changed, 20 insertions(+), 5 deletions(-)
diff --git a/e2e/common/build/maven_ca_secret_test.go b/e2e/common/build/maven_ca_secret_test.go
index 8466a38..4151a23 100644
--- a/e2e/common/build/maven_ca_secret_test.go
+++ b/e2e/common/build/maven_ca_secret_test.go
@@ -42,6 +42,7 @@ import (
"k8s.io/apimachinery/pkg/util/intstr"
. "github.com/apache/camel-k/e2e/support"
+ v1 "github.com/apache/camel-k/pkg/apis/camel/v1"
)
func TestMavenCASecret(t *testing.T) {
@@ -235,6 +236,16 @@ ProxyPreserveHost On
MountPath: "/nexus-data",
},
},
+ ReadinessProbe: &corev1.Probe{
+ InitialDelaySeconds: 30,
+ FailureThreshold: 3,
+ Handler: corev1.Handler{
+ HTTPGet: &corev1.HTTPGetAction{
+ Port: intstr.FromString("nexus"),
+ Path: "/repository/maven-public/",
+ },
+ },
+ },
},
},
Volumes: []corev1.Volume{
@@ -298,7 +309,7 @@ ProxyPreserveHost On
Expect(TestClient().Create(TestContext, service)).To(Succeed())
// Wait for the Deployment to become ready
- Eventually(Deployment(ns, deployment.Name)).Should(PointTo(MatchFields(IgnoreExtras,
+ Eventually(Deployment(ns, deployment.Name), TestTimeoutMedium).Should(PointTo(MatchFields(IgnoreExtras,
Fields{
"Status": MatchFields(IgnoreExtras,
Fields{
@@ -307,17 +318,21 @@ ProxyPreserveHost On
}),
))
- // Install Camel K with the Maven CA secret
+ // Install Camel K with the Maven Central Nexus proxy and the corresponding Maven CA secret
Expect(Kamel("install", "-n", ns,
"--maven-repository", fmt.Sprintf(`https://%s/repository/maven-public/@id=central@snapshots`, hostname),
"--maven-ca-secret", secret.Name+"/"+corev1.TLSCertKey,
).Execute()).To(Succeed())
+ Eventually(PlatformPhase(ns), TestTimeoutMedium).Should(Equal(v1.IntegrationPlatformPhaseReady))
+
// Run the Integration
name := "java"
- Expect(Kamel("run", "-n", ns, "files/Java.java",
- "--name", name,
- ).Execute()).To(Succeed())
+ Expect(Kamel("run", "-n", ns, "files/Java.java", "--name", name).Execute()).To(Succeed())
+
+ Eventually(IntegrationPodPhase(ns, name), TestTimeoutMedium).Should(Equal(corev1.PodRunning))
+ Eventually(IntegrationCondition(ns, name, v1.IntegrationConditionReady), TestTimeoutShort).Should(Equal(corev1.ConditionTrue))
+ Eventually(IntegrationLogs(ns, name), TestTimeoutShort).Should(ContainSubstring("Magicstring!"))
// Clean up
Expect(Kamel("delete", "--all", "-n", ns).Execute()).To(Succeed())
[camel-k] 13/20: test: Maven CA secret e2e tests
Posted by as...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 84d8910d6e9c3ae412a526a62b420497542864d1
Author: Antonin Stefanutti <an...@stefanutti.fr>
AuthorDate: Mon Mar 29 15:01:33 2021 +0200
test: Maven CA secret e2e tests
---
e2e/common/build/files/Java.java | 28 ++++
e2e/common/build/maven_ca_secret_test.go | 276 +++++++++++++++++++++++++++++++
script/Makefile | 1 +
3 files changed, 305 insertions(+)
diff --git a/e2e/common/build/files/Java.java b/e2e/common/build/files/Java.java
new file mode 100644
index 0000000..66fef5f
--- /dev/null
+++ b/e2e/common/build/files/Java.java
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import org.apache.camel.builder.RouteBuilder;
+
+public class Java extends RouteBuilder {
+ @Override
+ public void configure() throws Exception {
+ from("timer:tick")
+ .setHeader("m").constant("string!")
+ .setBody().simple("Magic${header.m}")
+ .log("${body}");
+ }
+}
diff --git a/e2e/common/build/maven_ca_secret_test.go b/e2e/common/build/maven_ca_secret_test.go
new file mode 100644
index 0000000..a3e06d5
--- /dev/null
+++ b/e2e/common/build/maven_ca_secret_test.go
@@ -0,0 +1,276 @@
+// +build integration
+
+// To enable compilation of this file in Goland, go to "Settings -> Go -> Vendoring & Build Tags -> Custom Tags" and add "integration"
+
+/*
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package build
+
+import (
+ "crypto/rand"
+ "crypto/rsa"
+ "crypto/x509"
+ "crypto/x509/pkix"
+ "encoding/pem"
+ "fmt"
+ "math/big"
+ rand2 "math/rand"
+ "testing"
+ "time"
+
+ . "github.com/onsi/gomega"
+ . "github.com/onsi/gomega/gstruct"
+
+ appsv1 "k8s.io/api/apps/v1"
+ corev1 "k8s.io/api/core/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/util/intstr"
+
+ . "github.com/apache/camel-k/e2e/support"
+)
+
+func TestMavenCASecret(t *testing.T) {
+ WithNewTestNamespace(t, func(ns string) {
+ hostname := fmt.Sprintf("%s.%s.svc", "nexus", ns)
+ tlsMountPath := "/etc/tls/private"
+
+ // Generate the TLS certificate
+ serialNumber := big.NewInt(rand2.Int63())
+ cert := &x509.Certificate{
+ SerialNumber: serialNumber,
+ Subject: pkix.Name{
+ Organization: []string{"Camel K test"},
+ },
+ DNSNames: []string{hostname},
+ NotBefore: time.Now(),
+ NotAfter: time.Now().AddDate(1, 0, 0),
+ ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+ KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
+ BasicConstraintsValid: true,
+ }
+
+ // generate certPem private key
+ certPrivateKey, err := rsa.GenerateKey(rand.Reader, 2048)
+ Expect(err).To(BeNil())
+
+ privateKeyBytes := x509.MarshalPKCS1PrivateKey(certPrivateKey)
+ // encode for storing into secret
+ privateKeyPem := pem.EncodeToMemory(
+ &pem.Block{
+ Type: "RSA PRIVATE KEY",
+ Bytes: privateKeyBytes,
+ },
+ )
+ certBytes, err := x509.CreateCertificate(rand.Reader, cert, cert, &certPrivateKey.PublicKey, certPrivateKey)
+ Expect(err).To(BeNil())
+
+ // encode for storing into secret
+ certPem := pem.EncodeToMemory(&pem.Block{
+ Type: "CERTIFICATE",
+ Bytes: certBytes,
+ })
+
+ secret := &corev1.Secret{
+ TypeMeta: metav1.TypeMeta{
+ Kind: "Secret",
+ APIVersion: corev1.SchemeGroupVersion.String(),
+ },
+ ObjectMeta: metav1.ObjectMeta{
+ Namespace: ns,
+ Name: "tls-secret",
+ },
+ Type: corev1.SecretTypeTLS,
+ Data: map[string][]byte{
+ corev1.TLSCertKey: certPem,
+ corev1.TLSPrivateKeyKey: privateKeyPem,
+ },
+ }
+ Expect(TestClient().Create(TestContext, secret)).To(Succeed())
+
+ // HTTPD configuration
+ config := &corev1.ConfigMap{
+ TypeMeta: metav1.TypeMeta{
+ Kind: "ConfigMap",
+ APIVersion: corev1.SchemeGroupVersion.String(),
+ },
+ ObjectMeta: metav1.ObjectMeta{
+ Namespace: ns,
+ Name: "httd-config",
+ },
+ Data: map[string]string{
+ "httpd.conf": fmt.Sprintf(`
+ServerRoot "/usr/local/apache2"
+
+LoadModule ssl_module modules/mod_ssl.so
+
+ErrorLog /proc/self/fd/2
+
+LogLevel warn
+
+Listen 443
+
+ProxyRequests Off
+ProxyPreserveHost On
+
+<VirtualHost *:443>
+ SSLEngine on
+
+ SSLCertificateFile "%s/%s"
+ SSLCertificateKeyFile "%s/%s"
+
+ AllowEncodedSlashes NoDecode
+
+ ServerName %s
+ ProxyPass / http://localhost:8081/ nocanon
+ ProxyPassReverse / http://localhost:8081/
+ RequestHeader set X-Forwarded-Proto "https"
+</VirtualHost>
+`,
+ tlsMountPath, corev1.TLSCertKey, tlsMountPath, corev1.TLSPrivateKeyKey, hostname,
+ ),
+ },
+ }
+ Expect(TestClient().Create(TestContext, config)).To(Succeed())
+
+ // Deploy Nexus
+ // https://help.sonatype.com/repomanager3/installation/run-behind-a-reverse-proxy
+ deployment := &appsv1.Deployment{
+ TypeMeta: metav1.TypeMeta{
+ Kind: "Deployment",
+ APIVersion: appsv1.SchemeGroupVersion.String(),
+ },
+ ObjectMeta: metav1.ObjectMeta{
+ Namespace: ns,
+ Name: "nexus",
+ },
+ Spec: appsv1.DeploymentSpec{
+ Selector: &metav1.LabelSelector{
+ MatchLabels: map[string]string{
+ "camel-k": "maven-test-nexus",
+ },
+ },
+ Template: corev1.PodTemplateSpec{
+ ObjectMeta: metav1.ObjectMeta{
+ Labels: map[string]string{
+ "camel-k": "maven-test-nexus",
+ },
+ },
+ Spec: corev1.PodSpec{
+ Containers: []corev1.Container{
+ {
+ Name: "httpd",
+ Image: "httpd:2.4.46",
+ VolumeMounts: []corev1.VolumeMount{
+ {
+ Name: "tls",
+ ReadOnly: true,
+ MountPath: tlsMountPath,
+ },
+ {
+ Name: "httpd",
+ ReadOnly: true,
+ MountPath: "/usr/local/apache2/conf",
+ SubPath: "httpd.conf",
+ },
+ },
+ },
+ {
+ Name: "nexus",
+ Image: "sonatype/nexus3:3.30.0",
+ Ports: []corev1.ContainerPort{
+ {
+ Name: "nexus",
+ ContainerPort: 8081,
+ },
+ },
+ },
+ },
+ Volumes: []corev1.Volume{
+ {
+ Name: "tls",
+ VolumeSource: corev1.VolumeSource{
+ Secret: &corev1.SecretVolumeSource{
+ SecretName: secret.Name,
+ },
+ },
+ },
+ {
+ Name: "httpd",
+ VolumeSource: corev1.VolumeSource{
+ ConfigMap: &corev1.ConfigMapVolumeSource{
+ LocalObjectReference: corev1.LocalObjectReference{
+ Name: config.Name,
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ }
+ Expect(TestClient().Create(TestContext, deployment)).To(Succeed())
+
+ service := &corev1.Service{
+ TypeMeta: metav1.TypeMeta{
+ Kind: "Service",
+ APIVersion: corev1.SchemeGroupVersion.String(),
+ },
+ ObjectMeta: metav1.ObjectMeta{
+ Namespace: ns,
+ Name: deployment.Name,
+ },
+ Spec: corev1.ServiceSpec{
+ Selector: deployment.Spec.Template.Labels,
+ Ports: []corev1.ServicePort{
+ {
+ Name: "https",
+ Port: 443,
+ TargetPort: intstr.FromString("https"),
+ },
+ },
+ },
+ }
+ Expect(TestClient().Create(TestContext, service)).To(Succeed())
+
+ // Wait for the Deployment to become ready
+ Eventually(Deployment(ns, deployment.Name)).Should(PointTo(MatchFields(IgnoreExtras,
+ Fields{
+ "Status": MatchFields(IgnoreExtras,
+ Fields{
+ "ReadyReplicas": Equal(int32(1)),
+ }),
+ }),
+ ))
+
+ // Install Camel K with the Maven CA secret
+ Expect(Kamel("install", "-n", ns,
+ "--maven-repository", fmt.Sprintf(`https://%s/nexus/content/groups/public@id\=nexus@snapshots`, hostname),
+ "--maven-ca-secret", secret.Name+"/"+corev1.TLSCertKey,
+ ).Execute()).To(Succeed())
+
+ // Run the Integration
+ name := "java"
+ Expect(Kamel("run", "-n", ns, "files/Java.java",
+ "--name", name,
+ ).Execute()).To(Succeed())
+
+ // Clean up
+ Expect(Kamel("delete", "--all", "-n", ns).Execute()).To(Succeed())
+ })
+}
diff --git a/script/Makefile b/script/Makefile
index 0cf0dde..1d315b4 100644
--- a/script/Makefile
+++ b/script/Makefile
@@ -149,6 +149,7 @@ test: build
test-integration: build
STAGING_RUNTIME_REPO="$(STAGING_RUNTIME_REPO)" \
go test -timeout 60m -v ./e2e/common -tags=integration && \
+ go test -timeout 60m -v ./e2e/common/build -tags=integration && \
go test -timeout 60m -v ./e2e/common/cli -tags=integration && \
go test -timeout 60m -v ./e2e/common/languages -tags=integration && \
go test -timeout 60m -v ./e2e/common/traits -tags=integration
[camel-k] 07/20: feat(build): Manage truststore password
Posted by as...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 8515b4dc11993157e2c084b871706142bdf55068
Author: Antonin Stefanutti <an...@stefanutti.fr>
AuthorDate: Fri Mar 26 15:07:34 2021 +0100
feat(build): Manage truststore password
---
pkg/builder/project.go | 3 ++-
pkg/builder/quarkus.go | 15 +++++++++------
pkg/builder/types.go | 1 +
pkg/trait/openapi.go | 8 ++++++--
pkg/util/camel/catalog.go | 8 ++++++--
pkg/util/jvm/keystore.go | 47 ++++++++++++++++++++++++++++++++++++++++++-----
6 files changed, 66 insertions(+), 16 deletions(-)
diff --git a/pkg/builder/project.go b/pkg/builder/project.go
index 8f77ecc..e7b59b6 100644
--- a/pkg/builder/project.go
+++ b/pkg/builder/project.go
@@ -77,8 +77,9 @@ func generateJavaKeystore(ctx *builderContext) error {
}
ctx.Maven.TrustStoreName = "trust.jks"
+ ctx.Maven.TrustStorePass = jvm.NewKeystorePassword()
- return jvm.GenerateJavaKeystore(ctx.C, ctx.Path, ctx.Maven.TrustStoreName, certData)
+ return jvm.GenerateKeystore(ctx.C, ctx.Path, ctx.Maven.TrustStoreName, ctx.Maven.TrustStorePass, certData)
}
func generateProjectSettings(ctx *builderContext) error {
diff --git a/pkg/builder/quarkus.go b/pkg/builder/quarkus.go
index 7e02255..6eae256 100644
--- a/pkg/builder/quarkus.go
+++ b/pkg/builder/quarkus.go
@@ -148,7 +148,10 @@ func buildQuarkusRunner(ctx *builderContext) error {
mc.Timeout = ctx.Build.Maven.GetTimeout().Duration
if ctx.Maven.TrustStoreName != "" {
- mc.ExtraMavenOpts = append(mc.ExtraMavenOpts, "-Djavax.net.ssl.trustStore="+path.Join(ctx.Path, ctx.Maven.TrustStoreName))
+ mc.ExtraMavenOpts = append(mc.ExtraMavenOpts,
+ "-Djavax.net.ssl.trustStore="+path.Join(ctx.Path, ctx.Maven.TrustStoreName),
+ "-Djavax.net.ssl.trustStorePassword="+ctx.Maven.TrustStorePass,
+ )
}
err := BuildQuarkusRunnerCommon(mc)
@@ -165,18 +168,18 @@ func BuildQuarkusRunnerCommon(mc maven.Context) error {
return errors.Wrap(err, "failure while creating resource folder")
}
- // generate an empty application.properties so that there will be something in
+ // Generate an empty application.properties so that there will be something in
// target/classes as if such directory does not exist, the quarkus maven plugin
- // may fail the build
- //
- // in the future there should be a way to provide build information from secrets,
+ // may fail the build.
+ // In the future there should be a way to provide build information from secrets,
// configmap, etc.
if _, err := os.Create(path.Join(resourcesPath, "application.properties")); err != nil {
return errors.Wrap(err, "failure while creating application.properties")
}
- // Build the project
mc.AddArgument("package")
+
+ // Build the project
if err := maven.Run(mc); err != nil {
return errors.Wrap(err, "failure while building project")
}
diff --git a/pkg/builder/types.go b/pkg/builder/types.go
index 55354f6..20e1f34 100644
--- a/pkg/builder/types.go
+++ b/pkg/builder/types.go
@@ -91,5 +91,6 @@ type builderContext struct {
Project maven.Project
SettingsData []byte
TrustStoreName string
+ TrustStorePass string
}
}
diff --git a/pkg/trait/openapi.go b/pkg/trait/openapi.go
index b0880b7..d652599 100644
--- a/pkg/trait/openapi.go
+++ b/pkg/trait/openapi.go
@@ -221,11 +221,15 @@ func (t *openAPITrait) createNewOpenAPIConfigMap(e *Environment, resource v1.Res
return err
}
trustStoreName := "trust.jks"
- err = jvm.GenerateJavaKeystore(e.C, tmpDir, trustStoreName, certData)
+ trustStorePass := jvm.NewKeystorePassword()
+ err = jvm.GenerateKeystore(e.C, tmpDir, trustStoreName, trustStorePass, certData)
if err != nil {
return err
}
- mc.ExtraMavenOpts = append(mc.ExtraMavenOpts, "-Djavax.net.ssl.trustStore="+trustStoreName)
+ mc.ExtraMavenOpts = append(mc.ExtraMavenOpts,
+ "-Djavax.net.ssl.trustStore="+trustStoreName,
+ "-Djavax.net.ssl.trustStorePassword="+trustStorePass,
+ )
}
err = maven.Run(mc)
diff --git a/pkg/util/camel/catalog.go b/pkg/util/camel/catalog.go
index 014eefd..6b8ee38 100644
--- a/pkg/util/camel/catalog.go
+++ b/pkg/util/camel/catalog.go
@@ -121,11 +121,15 @@ func GenerateCatalogCommon(
if caCert != nil {
trustStoreName := "trust.jks"
- err := jvm.GenerateJavaKeystore(context.Background(), tmpDir, trustStoreName, caCert)
+ trustStorePass := jvm.NewKeystorePassword()
+ err := jvm.GenerateKeystore(context.Background(), tmpDir, trustStoreName, trustStorePass, caCert)
if err != nil {
return nil, err
}
- mc.ExtraMavenOpts = append(mc.ExtraMavenOpts, "-Djavax.net.ssl.trustStore="+trustStoreName)
+ mc.ExtraMavenOpts = append(mc.ExtraMavenOpts,
+ "-Djavax.net.ssl.trustStore="+trustStoreName,
+ "-Djavax.net.ssl.trustStorePassword="+trustStorePass,
+ )
}
err = maven.Run(mc)
diff --git a/pkg/util/jvm/keystore.go b/pkg/util/jvm/keystore.go
index 60003d2..7a8e753 100644
--- a/pkg/util/jvm/keystore.go
+++ b/pkg/util/jvm/keystore.go
@@ -20,28 +20,31 @@ package jvm
import (
"context"
"fmt"
+ "math/rand"
"os"
"os/exec"
"path"
"strings"
+ "time"
"github.com/apache/camel-k/pkg/util"
)
-func GenerateJavaKeystore(ctx context.Context, keystoreDir, keystoreName string, data []byte) error {
+func GenerateKeystore(ctx context.Context, keystoreDir, keystoreName, keystorePass string, data []byte) error {
tmpFile := "ca-cert.tmp"
- if err := util.WriteFileWithContent(keystoreDir, tmpFile, data); err != nil {
+ err := util.WriteFileWithContent(keystoreDir, tmpFile, data)
+ if err != nil {
return err
}
defer os.Remove(path.Join(keystoreDir, tmpFile))
- args := strings.Fields(fmt.Sprintf("-importcert -noprompt -alias maven -file %s -keystore %s", tmpFile, keystoreName))
+ args := strings.Fields(fmt.Sprintf("-importcert -noprompt -alias maven -storepass %s -file %s -keystore %s", keystorePass, tmpFile, keystoreName))
cmd := exec.CommandContext(ctx, "keytool", args...)
cmd.Dir = keystoreDir
cmd.Stderr = os.Stderr
cmd.Stdout = os.Stdout
- err := cmd.Run()
+ err = cmd.Run()
if err != nil {
return err
}
@@ -52,7 +55,7 @@ func GenerateJavaKeystore(ctx context.Context, keystoreDir, keystoreName string,
javaHome, ok := os.LookupEnv("JAVA_HOME")
if ok {
caCertsPath := path.Join(javaHome, "lib/security/cacerts")
- args := strings.Fields(fmt.Sprintf("-importkeystore -noprompt -srckeystore %s -srcstorepass %s -destkeystore %s", caCertsPath, "changeit", keystoreName))
+ args := strings.Fields(fmt.Sprintf("-importkeystore -noprompt -srckeystore %s -srcstorepass %s -destkeystore %s -deststorepass %s", caCertsPath, "changeit", keystoreName, keystorePass))
cmd := exec.CommandContext(ctx, "keytool", args...)
cmd.Dir = keystoreDir
cmd.Stderr = os.Stderr
@@ -66,3 +69,37 @@ func GenerateJavaKeystore(ctx context.Context, keystoreDir, keystoreName string,
return nil
}
+
+// The keytool CLI mandates a password at least 6 characters long
+// to access any key stores.
+func NewKeystorePassword() string {
+ return randString(10)
+}
+
+const letterBytes = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
+
+const (
+ letterIdxBits = 6 // 6 bits to represent a letter index
+ letterIdxMask = 1<<letterIdxBits - 1 // All 1-bits, as many as letterIdxBits
+ letterIdxMax = 63 / letterIdxBits // # of letter indices fitting in 63 bits
+)
+
+var src = rand.NewSource(time.Now().UnixNano())
+
+func randString(n int) string {
+ sb := strings.Builder{}
+ sb.Grow(n)
+ for i, cache, remain := n-1, src.Int63(), letterIdxMax; i >= 0; {
+ if remain == 0 {
+ cache, remain = src.Int63(), letterIdxMax
+ }
+ if idx := int(cache & letterIdxMask); idx < len(letterBytes) {
+ sb.WriteByte(letterBytes[idx])
+ i--
+ }
+ cache >>= letterIdxBits
+ remain--
+ }
+
+ return sb.String()
+}
[camel-k] 14/20: test: Fix HTTPD in non-root container
Posted by as...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 64e507c647fd1d16583615d36d2c939312ec3ee5
Author: Antonin Stefanutti <an...@stefanutti.fr>
AuthorDate: Mon Mar 29 16:50:10 2021 +0200
test: Fix HTTPD in non-root container
---
e2e/common/build/maven_ca_secret_test.go | 65 ++++++++++++++++++++++++++------
1 file changed, 53 insertions(+), 12 deletions(-)
diff --git a/e2e/common/build/maven_ca_secret_test.go b/e2e/common/build/maven_ca_secret_test.go
index a3e06d5..eb01ebd 100644
--- a/e2e/common/build/maven_ca_secret_test.go
+++ b/e2e/common/build/maven_ca_secret_test.go
@@ -110,24 +110,37 @@ func TestMavenCASecret(t *testing.T) {
},
ObjectMeta: metav1.ObjectMeta{
Namespace: ns,
- Name: "httd-config",
+ Name: "httpd-config",
},
Data: map[string]string{
"httpd.conf": fmt.Sprintf(`
-ServerRoot "/usr/local/apache2"
+ServerRoot "/etc/httpd
-LoadModule ssl_module modules/mod_ssl.so
+PidFile /var/run/httpd/httpd.pid"
+
+LoadModule mpm_event_module /usr/local/apache2/modules/mod_mpm_event.so
+LoadModule proxy_module /usr/local/apache2/modules/mod_proxy.so
+LoadModule proxy_http_module /usr/local/apache2/modules/mod_proxy_http.so
+LoadModule headers_module /usr/local/apache2/modules/mod_headers.so
+LoadModule setenvif_module /usr/local/apache2/modules/mod_setenvif.so
+LoadModule version_module /usr/local/apache2/modules/mod_version.so
+LoadModule log_config_module /usr/local/apache2/modules/mod_log_config.so
+LoadModule env_module /usr/local/apache2/modules/mod_env.so
+LoadModule unixd_module /usr/local/apache2/modules/mod_unixd.so
+LoadModule status_module /usr/local/apache2/modules/mod_status.so
+LoadModule autoindex_module /usr/local/apache2/modules/mod_autoindex.so
+LoadModule ssl_module /usr/local/apache2/modules/mod_ssl.so
ErrorLog /proc/self/fd/2
LogLevel warn
-Listen 443
+Listen 8443
ProxyRequests Off
ProxyPreserveHost On
-<VirtualHost *:443>
+<VirtualHost *:8443>
SSLEngine on
SSLCertificateFile "%s/%s"
@@ -173,19 +186,29 @@ ProxyPreserveHost On
Spec: corev1.PodSpec{
Containers: []corev1.Container{
{
- Name: "httpd",
- Image: "httpd:2.4.46",
+ Name: "httpd",
+ Image: "httpd:2.4.46",
+ Command: []string{"httpd", "-f", "/etc/httpd/httpd.conf", "-DFOREGROUND"},
+ Ports: []corev1.ContainerPort{
+ {
+ Name: "https",
+ ContainerPort: 8443,
+ },
+ },
VolumeMounts: []corev1.VolumeMount{
{
Name: "tls",
- ReadOnly: true,
MountPath: tlsMountPath,
+ ReadOnly: true,
},
{
- Name: "httpd",
+ Name: "httpd-conf",
+ MountPath: "/etc/httpd",
ReadOnly: true,
- MountPath: "/usr/local/apache2/conf",
- SubPath: "httpd.conf",
+ },
+ {
+ Name: "httpd-run",
+ MountPath: "/var/run/httpd",
},
},
},
@@ -198,6 +221,12 @@ ProxyPreserveHost On
ContainerPort: 8081,
},
},
+ VolumeMounts: []corev1.VolumeMount{
+ {
+ Name: "nexus",
+ MountPath: "/nexus-data",
+ },
+ },
},
},
Volumes: []corev1.Volume{
@@ -210,7 +239,7 @@ ProxyPreserveHost On
},
},
{
- Name: "httpd",
+ Name: "httpd-conf",
VolumeSource: corev1.VolumeSource{
ConfigMap: &corev1.ConfigMapVolumeSource{
LocalObjectReference: corev1.LocalObjectReference{
@@ -219,6 +248,18 @@ ProxyPreserveHost On
},
},
},
+ {
+ Name: "httpd-run",
+ VolumeSource: corev1.VolumeSource{
+ EmptyDir: &corev1.EmptyDirVolumeSource{},
+ },
+ },
+ {
+ Name: "nexus",
+ VolumeSource: corev1.VolumeSource{
+ EmptyDir: &corev1.EmptyDirVolumeSource{},
+ },
+ },
},
},
},
[camel-k] 12/20: feat(build): Add install option to configure Maven
CA secret
Posted by as...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 517fa6de298d678add1eefdc7ab8d7514068dd13
Author: Antonin Stefanutti <an...@stefanutti.fr>
AuthorDate: Mon Mar 29 09:56:15 2021 +0200
feat(build): Add install option to configure Maven CA secret
---
pkg/cmd/install.go | 33 ++++++++++++++++++++++++++++++---
1 file changed, 30 insertions(+), 3 deletions(-)
diff --git a/pkg/cmd/install.go b/pkg/cmd/install.go
index a6b7468..0adbac4 100644
--- a/pkg/cmd/install.go
+++ b/pkg/cmd/install.go
@@ -114,9 +114,10 @@ func newCmdInstall(rootCmdOptions *RootCmdOptions) (*cobra.Command, *installCmdO
"operator (used in combination with the --global flag)")
// Maven settings
- cmd.Flags().String("local-repository", "", "Location of the local maven repository")
- cmd.Flags().String("maven-settings", "", "Configure the source of the maven settings (configmap|secret:name[/key])")
- cmd.Flags().StringArray("maven-repository", nil, "Add a maven repository")
+ cmd.Flags().String("local-repository", "", "Location of the local Maven repository")
+ cmd.Flags().String("maven-settings", "", "Configure the source of the Maven settings (configmap|secret:name[/key])")
+ cmd.Flags().StringArray("maven-repository", nil, "Add a Maven repository")
+ cmd.Flags().String("maven-ca-secret", "", "Configure the secret key containing the Maven CA certificates (secret/key)")
// health
cmd.Flags().Int("health-port", 8081, "The port of the health endpoint")
@@ -167,6 +168,7 @@ type installCmdOptions struct {
BuildTimeout string `mapstructure:"build-timeout"`
MavenRepositories []string `mapstructure:"maven-repositories"`
MavenSettings string `mapstructure:"maven-settings"`
+ MavenCASecret string `mapstructure:"maven-ca-secret"`
HealthPort int32 `mapstructure:"health-port"`
Monitoring bool `mapstructure:"monitoring"`
MonitoringPort int32 `mapstructure:"monitoring-port"`
@@ -358,6 +360,14 @@ func (o *installCmdOptions) install(cobraCmd *cobra.Command, _ []string) error {
platform.Spec.Build.Maven.Settings = mavenSettings
}
+ if o.MavenCASecret != "" {
+ secret, err := decodeSecretKeySelector(o.MavenCASecret)
+ if err != nil {
+ return err
+ }
+ platform.Spec.Build.Maven.CASecret = secret
+ }
+
if o.HTTPProxySecret != "" {
platform.Spec.Build.HTTPProxySecret = o.HTTPProxySecret
}
@@ -614,3 +624,20 @@ func decodeMavenSettings(mavenSettings string) (v1.ValueSource, error) {
return v1.ValueSource{}, fmt.Errorf("illegal maven setting definition, syntax: configmap|secret:resource-name[/settings path]")
}
+
+func decodeSecretKeySelector(secretKey string) (*corev1.SecretKeySelector, error) {
+ r := regexp.MustCompile(`^([a-zA-Z0-9-]*)/([a-zA-Z0-9].*)$`)
+
+ if !r.MatchString(secretKey) {
+ return nil, fmt.Errorf("illegal Maven CA certificates secret key selector, syntax: secret-name/secret-key")
+ }
+
+ match := r.FindStringSubmatch(secretKey)
+
+ return &corev1.SecretKeySelector{
+ LocalObjectReference: corev1.LocalObjectReference{
+ Name: match[1],
+ },
+ Key: match[2],
+ }, nil
+}
[camel-k] 01/20: feat(build): Add CA cert from user Secret into
Maven build JVM trust store
Posted by as...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit e913ccf5a26c783ca843f527240433c0c98043e9
Author: Antonin Stefanutti <an...@stefanutti.fr>
AuthorDate: Mon Mar 22 15:57:54 2021 +0100
feat(build): Add CA cert from user Secret into Maven build JVM trust store
---
pkg/apis/camel/v1/common_types.go | 7 ++---
pkg/builder/project.go | 36 +++++++++++++++++++++++++-
pkg/builder/quarkus.go | 4 +++
pkg/builder/types.go | 5 ++--
pkg/trait/quarkus_test.go | 2 +-
pkg/util/kubernetes/core_client.go | 52 +++++++++++++++++++++++---------------
pkg/util/kubernetes/util.go | 2 --
pkg/util/maven/maven.go | 25 +++++++++++++++---
pkg/util/maven/maven_types.go | 11 ++++----
9 files changed, 104 insertions(+), 40 deletions(-)
diff --git a/pkg/apis/camel/v1/common_types.go b/pkg/apis/camel/v1/common_types.go
index d772e77..ae0413b 100644
--- a/pkg/apis/camel/v1/common_types.go
+++ b/pkg/apis/camel/v1/common_types.go
@@ -83,9 +83,10 @@ type PlatformInjectable interface {
// MavenSpec --
type MavenSpec struct {
- LocalRepository string `json:"localRepository,omitempty"`
- Settings ValueSource `json:"settings,omitempty"`
- Timeout *metav1.Duration `json:"timeout,omitempty"`
+ LocalRepository string `json:"localRepository,omitempty"`
+ Settings ValueSource `json:"settings,omitempty"`
+ CaCert *corev1.SecretKeySelector `json:"caCert,omitempty"`
+ Timeout *metav1.Duration `json:"timeout,omitempty"`
}
// ValueSource --
diff --git a/pkg/builder/project.go b/pkg/builder/project.go
index 1bd363f..27e20fe 100644
--- a/pkg/builder/project.go
+++ b/pkg/builder/project.go
@@ -18,19 +18,24 @@ limitations under the License.
package builder
import (
+ "fmt"
"os"
+ "os/exec"
+ "path"
+ "strings"
+ "github.com/apache/camel-k/pkg/util"
"github.com/apache/camel-k/pkg/util/camel"
"github.com/apache/camel-k/pkg/util/kubernetes"
)
-
func init() {
registerSteps(Steps)
}
type steps struct {
CleanUpBuildDir Step
+ GenerateJavaKeystore Step
GenerateProjectSettings Step
InjectDependencies Step
SanitizeDependencies Step
@@ -40,6 +45,7 @@ type steps struct {
var Steps = steps{
CleanUpBuildDir: NewStep(ProjectGenerationPhase-1, cleanUpBuildDir),
+ GenerateJavaKeystore: NewStep(ProjectGenerationPhase, generateJavaKeystore),
GenerateProjectSettings: NewStep(ProjectGenerationPhase+1, generateProjectSettings),
InjectDependencies: NewStep(ProjectGenerationPhase+2, injectDependencies),
SanitizeDependencies: NewStep(ProjectGenerationPhase+3, sanitizeDependencies),
@@ -49,6 +55,7 @@ var Steps = steps{
var DefaultSteps = []Step{
Steps.CleanUpBuildDir,
+ Steps.GenerateJavaKeystore,
Steps.GenerateProjectSettings,
Steps.InjectDependencies,
Steps.SanitizeDependencies,
@@ -63,6 +70,33 @@ func cleanUpBuildDir(ctx *builderContext) error {
return os.RemoveAll(ctx.Build.BuildDir)
}
+func generateJavaKeystore(ctx *builderContext) error {
+ if ctx.Build.Maven.CaCert == nil {
+ return nil
+ }
+
+ certData, err := kubernetes.GetSecretRefData(ctx.C, ctx.Client, ctx.Namespace, ctx.Build.Maven.CaCert)
+ if err != nil {
+ return err
+ }
+
+ certPath := ctx.Build.Maven.CaCert.Key
+ if err := util.WriteFileWithContent(ctx.Path, certPath, certData); err != nil {
+ return err
+ }
+
+ keystore := "trust.jks"
+ ctx.Maven.TrustStorePath = path.Join(ctx.Path, keystore)
+
+ args := strings.Fields(fmt.Sprintf("-importcert -alias maven -file %s -keystore %s", certPath, keystore))
+ cmd := exec.CommandContext(ctx.C, "keytool", args...)
+ cmd.Dir = ctx.Path
+ cmd.Stderr = os.Stderr
+ cmd.Stdout = os.Stdout
+
+ return cmd.Run()
+}
+
func generateProjectSettings(ctx *builderContext) error {
val, err := kubernetes.ResolveValueSource(ctx.C, ctx.Client, ctx.Namespace, &ctx.Build.Maven.Settings)
if err != nil {
diff --git a/pkg/builder/quarkus.go b/pkg/builder/quarkus.go
index 23ef90a..028b919 100644
--- a/pkg/builder/quarkus.go
+++ b/pkg/builder/quarkus.go
@@ -147,6 +147,10 @@ func buildQuarkusRunner(ctx *builderContext) error {
mc.LocalRepository = ctx.Build.Maven.LocalRepository
mc.Timeout = ctx.Build.Maven.GetTimeout().Duration
+ if ctx.Maven.TrustStorePath != "" {
+ mc.ExtraMavenOpts = append(mc.ExtraMavenOpts, "-Djavax.net.ssl.trustStore="+path.Join(ctx.Path, ctx.Maven.TrustStorePath))
+ }
+
err := BuildQuarkusRunnerCommon(mc)
if err != nil {
return err
diff --git a/pkg/builder/types.go b/pkg/builder/types.go
index 471ab88..776e8a0 100644
--- a/pkg/builder/types.go
+++ b/pkg/builder/types.go
@@ -88,7 +88,8 @@ type builderContext struct {
SelectedArtifacts []v1.Artifact
Resources []resource
Maven struct {
- Project maven.Project
- SettingsData []byte
+ Project maven.Project
+ SettingsData []byte
+ TrustStorePath string
}
}
diff --git a/pkg/trait/quarkus_test.go b/pkg/trait/quarkus_test.go
index 9061f57..181ba78 100644
--- a/pkg/trait/quarkus_test.go
+++ b/pkg/trait/quarkus_test.go
@@ -62,7 +62,7 @@ func TestQuarkusTraitAddBuildStepsShouldSucceed(t *testing.T) {
quarkusTrait.addBuildSteps(&steps)
- assert.Len(t, steps, 9)
+ assert.Len(t, steps, len(builder.DefaultSteps)+len(builder.QuarkusSteps))
}
func createNominalQuarkusTest() (*quarkusTrait, *Environment) {
diff --git a/pkg/util/kubernetes/core_client.go b/pkg/util/kubernetes/core_client.go
index 822b209..621a90f 100644
--- a/pkg/util/kubernetes/core_client.go
+++ b/pkg/util/kubernetes/core_client.go
@@ -23,15 +23,16 @@ import (
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- k8sclient "sigs.k8s.io/controller-runtime/pkg/client"
+
+ ctrl "sigs.k8s.io/controller-runtime/pkg/client"
v1 "github.com/apache/camel-k/pkg/apis/camel/v1"
"github.com/apache/camel-k/pkg/client"
)
// GetIntegrationPlatform --
-func GetIntegrationPlatform(context context.Context, client k8sclient.Reader, name string, namespace string) (*v1.IntegrationPlatform, error) {
- key := k8sclient.ObjectKey{
+func GetIntegrationPlatform(context context.Context, client ctrl.Reader, name string, namespace string) (*v1.IntegrationPlatform, error) {
+ key := ctrl.ObjectKey{
Name: name,
Namespace: namespace,
}
@@ -46,8 +47,8 @@ func GetIntegrationPlatform(context context.Context, client k8sclient.Reader, na
}
// GetIntegrationKit --
-func GetIntegrationKit(context context.Context, client k8sclient.Reader, name string, namespace string) (*v1.IntegrationKit, error) {
- key := k8sclient.ObjectKey{
+func GetIntegrationKit(context context.Context, client ctrl.Reader, name string, namespace string) (*v1.IntegrationKit, error) {
+ key := ctrl.ObjectKey{
Name: name,
Namespace: namespace,
}
@@ -62,8 +63,8 @@ func GetIntegrationKit(context context.Context, client k8sclient.Reader, name st
}
// GetIntegration --
-func GetIntegration(context context.Context, client k8sclient.Reader, name string, namespace string) (*v1.Integration, error) {
- key := k8sclient.ObjectKey{
+func GetIntegration(context context.Context, client ctrl.Reader, name string, namespace string) (*v1.Integration, error) {
+ key := ctrl.ObjectKey{
Name: name,
Namespace: namespace,
}
@@ -79,7 +80,7 @@ func GetIntegration(context context.Context, client k8sclient.Reader, name strin
// GetBuild --
func GetBuild(context context.Context, client client.Client, name string, namespace string) (*v1.Build, error) {
- key := k8sclient.ObjectKey{
+ key := ctrl.ObjectKey{
Name: name,
Namespace: namespace,
}
@@ -94,8 +95,8 @@ func GetBuild(context context.Context, client client.Client, name string, namesp
}
// GetConfigMap --
-func GetConfigMap(context context.Context, client k8sclient.Reader, name string, namespace string) (*corev1.ConfigMap, error) {
- key := k8sclient.ObjectKey{
+func GetConfigMap(context context.Context, client ctrl.Reader, name string, namespace string) (*corev1.ConfigMap, error) {
+ key := ctrl.ObjectKey{
Name: name,
Namespace: namespace,
}
@@ -119,8 +120,8 @@ func GetConfigMap(context context.Context, client k8sclient.Reader, name string,
}
// GetSecret --
-func GetSecret(context context.Context, client k8sclient.Reader, name string, namespace string) (*corev1.Secret, error) {
- key := k8sclient.ObjectKey{
+func GetSecret(context context.Context, client ctrl.Reader, name string, namespace string) (*corev1.Secret, error) {
+ key := ctrl.ObjectKey{
Name: name,
Namespace: namespace,
}
@@ -144,8 +145,8 @@ func GetSecret(context context.Context, client k8sclient.Reader, name string, na
}
// GetService --
-func GetService(context context.Context, client k8sclient.Reader, name string, namespace string) (*corev1.Service, error) {
- key := k8sclient.ObjectKey{
+func GetService(context context.Context, client ctrl.Reader, name string, namespace string) (*corev1.Service, error) {
+ key := ctrl.ObjectKey{
Name: name,
Namespace: namespace,
}
@@ -168,22 +169,31 @@ func GetService(context context.Context, client k8sclient.Reader, name string, n
return &answer, nil
}
-// GetSecretRefValue returns the value of a secret in the supplied namespace --
-func GetSecretRefValue(ctx context.Context, client k8sclient.Reader, namespace string, selector *corev1.SecretKeySelector) (string, error) {
- secret, err := GetSecret(ctx, client, selector.Name, namespace)
+// GetSecretRefValue returns the value of a secret in the supplied namespace
+func GetSecretRefValue(ctx context.Context, client ctrl.Reader, namespace string, selector *corev1.SecretKeySelector) (string, error) {
+ data, err := GetSecretRefData(ctx, client, namespace, selector)
if err != nil {
return "", err
}
+ return string(data), nil
+}
+
+// GetSecretRefData returns the value of a secret in the supplied namespace
+func GetSecretRefData(ctx context.Context, client ctrl.Reader, namespace string, selector *corev1.SecretKeySelector) ([]byte, error) {
+ secret, err := GetSecret(ctx, client, selector.Name, namespace)
+ if err != nil {
+ return nil, err
+ }
if data, ok := secret.Data[selector.Key]; ok {
- return string(data), nil
+ return data, nil
}
- return "", fmt.Errorf("key %s not found in secret %s", selector.Key, selector.Name)
+ return nil, fmt.Errorf("key %s not found in secret %s", selector.Key, selector.Name)
}
// GetConfigMapRefValue returns the value of a configmap in the supplied namespace
-func GetConfigMapRefValue(ctx context.Context, client k8sclient.Reader, namespace string, selector *corev1.ConfigMapKeySelector) (string, error) {
+func GetConfigMapRefValue(ctx context.Context, client ctrl.Reader, namespace string, selector *corev1.ConfigMapKeySelector) (string, error) {
cm, err := GetConfigMap(ctx, client, selector.Name, namespace)
if err != nil {
return "", err
@@ -197,7 +207,7 @@ func GetConfigMapRefValue(ctx context.Context, client k8sclient.Reader, namespac
}
// ResolveValueSource --
-func ResolveValueSource(ctx context.Context, client k8sclient.Reader, namespace string, valueSource *v1.ValueSource) (string, error) {
+func ResolveValueSource(ctx context.Context, client ctrl.Reader, namespace string, valueSource *v1.ValueSource) (string, error) {
if valueSource.ConfigMapKeyRef != nil && valueSource.SecretKeyRef != nil {
return "", fmt.Errorf("value source has bot config map and secret configured")
}
diff --git a/pkg/util/kubernetes/util.go b/pkg/util/kubernetes/util.go
index 23d3401..232cf85 100644
--- a/pkg/util/kubernetes/util.go
+++ b/pkg/util/kubernetes/util.go
@@ -24,12 +24,10 @@ import (
"github.com/apache/camel-k/pkg/util"
)
-// ToJSON --
func ToJSON(value runtime.Object) ([]byte, error) {
return json.Marshal(value)
}
-// ToYAML --
func ToYAML(value runtime.Object) ([]byte, error) {
data, err := ToJSON(value)
if err != nil {
diff --git a/pkg/util/maven/maven.go b/pkg/util/maven/maven.go
index 067feca..f49658f 100644
--- a/pkg/util/maven/maven.go
+++ b/pkg/util/maven/maven.go
@@ -35,10 +35,8 @@ import (
"github.com/apache/camel-k/pkg/util/log"
)
-// Log --
var Log = log.WithName("maven")
-// GenerateProjectStructure --
func GenerateProjectStructure(context Context) error {
if err := util.WriteFileWithBytesMarshallerContent(context.Path, "pom.xml", context.Project); err != nil {
return err
@@ -78,7 +76,6 @@ func GenerateProjectStructure(context Context) error {
return nil
}
-// Run --
func Run(ctx Context) error {
if err := GenerateProjectStructure(ctx); err != nil {
return err
@@ -127,7 +124,27 @@ func Run(ctx Context) error {
cmd.Stdout = os.Stdout
}
- Log.WithValues("timeout", timeout.String()).Infof("executing: %s", strings.Join(cmd.Args, " "))
+ mavenOpts, ok := os.LookupEnv("MAVEN_OPTS")
+ // FIXME: do not override duplicated Maven options
+ mavenOpts = strings.Join(append(strings.Fields(mavenOpts), ctx.ExtraMavenOpts...), " ")
+
+ // Inherit the parent process environment
+ env := os.Environ()
+ if !ok {
+ env = append(env, mavenOpts)
+ } else {
+ for i, e := range env {
+ if strings.HasPrefix(e, "MAVEN_OPTS=") {
+ env[i] = mavenOpts
+ break
+ }
+ }
+ }
+
+ cmd.Env = env
+
+ Log.WithValues("timeout", timeout.String(), "env", env).
+ Infof("executing: %s", strings.Join(cmd.Args, " "))
return cmd.Run()
}
diff --git a/pkg/util/maven/maven_types.go b/pkg/util/maven/maven_types.go
index 3b7dba5..3bac740 100644
--- a/pkg/util/maven/maven_types.go
+++ b/pkg/util/maven/maven_types.go
@@ -43,10 +43,10 @@ type RepositoryPolicy struct {
// Mirror --
type Mirror struct {
- ID string `xml:"id"`
- Name string `xml:"name,omitempty"`
- URL string `xml:"url"`
- MirrorOf string `xml:"mirrorOf"`
+ ID string `xml:"id"`
+ Name string `xml:"name,omitempty"`
+ URL string `xml:"url"`
+ MirrorOf string `xml:"mirrorOf"`
}
// Build --
@@ -120,6 +120,7 @@ func NewContext(buildDir string, project Project) Context {
type Context struct {
Path string
Project Project
+ ExtraMavenOpts []string
SettingsContent []byte
AdditionalArguments []string
AdditionalEntries map[string]interface{}
@@ -244,5 +245,3 @@ type PropertyActivation struct {
Name string `xml:"name"`
Value string `xml:"value"`
}
-
-
[camel-k] 02/20: feat(build): Support custom CA certificate for
Catalog builds
Posted by as...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 86722fbdf4621674887d290500f1b2a17023c75e
Author: Antonin Stefanutti <an...@stefanutti.fr>
AuthorDate: Thu Mar 25 10:59:57 2021 +0100
feat(build): Support custom CA certificate for Catalog builds
---
pkg/builder/project.go | 22 +++-------------------
pkg/builder/quarkus.go | 4 ++--
pkg/builder/types.go | 2 +-
pkg/cmd/util_dependencies.go | 3 ++-
pkg/util/camel/catalog.go | 25 +++++++++++++++++++-----
pkg/util/jvm/keystore.go | 45 ++++++++++++++++++++++++++++++++++++++++++++
6 files changed, 73 insertions(+), 28 deletions(-)
diff --git a/pkg/builder/project.go b/pkg/builder/project.go
index 27e20fe..8f77ecc 100644
--- a/pkg/builder/project.go
+++ b/pkg/builder/project.go
@@ -18,14 +18,10 @@ limitations under the License.
package builder
import (
- "fmt"
"os"
- "os/exec"
- "path"
- "strings"
- "github.com/apache/camel-k/pkg/util"
"github.com/apache/camel-k/pkg/util/camel"
+ "github.com/apache/camel-k/pkg/util/jvm"
"github.com/apache/camel-k/pkg/util/kubernetes"
)
@@ -80,21 +76,9 @@ func generateJavaKeystore(ctx *builderContext) error {
return err
}
- certPath := ctx.Build.Maven.CaCert.Key
- if err := util.WriteFileWithContent(ctx.Path, certPath, certData); err != nil {
- return err
- }
-
- keystore := "trust.jks"
- ctx.Maven.TrustStorePath = path.Join(ctx.Path, keystore)
-
- args := strings.Fields(fmt.Sprintf("-importcert -alias maven -file %s -keystore %s", certPath, keystore))
- cmd := exec.CommandContext(ctx.C, "keytool", args...)
- cmd.Dir = ctx.Path
- cmd.Stderr = os.Stderr
- cmd.Stdout = os.Stdout
+ ctx.Maven.TrustStoreName = "trust.jks"
- return cmd.Run()
+ return jvm.GenerateJavaKeystore(ctx.C, ctx.Path, ctx.Maven.TrustStoreName, certData)
}
func generateProjectSettings(ctx *builderContext) error {
diff --git a/pkg/builder/quarkus.go b/pkg/builder/quarkus.go
index 028b919..7e02255 100644
--- a/pkg/builder/quarkus.go
+++ b/pkg/builder/quarkus.go
@@ -147,8 +147,8 @@ func buildQuarkusRunner(ctx *builderContext) error {
mc.LocalRepository = ctx.Build.Maven.LocalRepository
mc.Timeout = ctx.Build.Maven.GetTimeout().Duration
- if ctx.Maven.TrustStorePath != "" {
- mc.ExtraMavenOpts = append(mc.ExtraMavenOpts, "-Djavax.net.ssl.trustStore="+path.Join(ctx.Path, ctx.Maven.TrustStorePath))
+ if ctx.Maven.TrustStoreName != "" {
+ mc.ExtraMavenOpts = append(mc.ExtraMavenOpts, "-Djavax.net.ssl.trustStore="+path.Join(ctx.Path, ctx.Maven.TrustStoreName))
}
err := BuildQuarkusRunnerCommon(mc)
diff --git a/pkg/builder/types.go b/pkg/builder/types.go
index 776e8a0..55354f6 100644
--- a/pkg/builder/types.go
+++ b/pkg/builder/types.go
@@ -90,6 +90,6 @@ type builderContext struct {
Maven struct {
Project maven.Project
SettingsData []byte
- TrustStorePath string
+ TrustStoreName string
}
}
diff --git a/pkg/cmd/util_dependencies.go b/pkg/cmd/util_dependencies.go
index 3a3762b..0dbbcb1 100644
--- a/pkg/cmd/util_dependencies.go
+++ b/pkg/cmd/util_dependencies.go
@@ -228,7 +228,8 @@ func generateCatalog() (*camel.RuntimeCatalog, error) {
Provider: v1.RuntimeProviderQuarkus,
}
var providerDependencies []maven.Dependency
- catalog, err := camel.GenerateCatalogCommon(settings, mvn, runtime, providerDependencies)
+ var caCert []byte
+ catalog, err := camel.GenerateCatalogCommon(settings, caCert, mvn, runtime, providerDependencies)
if err != nil {
return nil, err
}
diff --git a/pkg/util/camel/catalog.go b/pkg/util/camel/catalog.go
index 451d857..014eefd 100644
--- a/pkg/util/camel/catalog.go
+++ b/pkg/util/camel/catalog.go
@@ -30,16 +30,15 @@ import (
v1 "github.com/apache/camel-k/pkg/apis/camel/v1"
"github.com/apache/camel-k/pkg/resources"
"github.com/apache/camel-k/pkg/util/defaults"
+ "github.com/apache/camel-k/pkg/util/jvm"
"github.com/apache/camel-k/pkg/util/kubernetes"
"github.com/apache/camel-k/pkg/util/maven"
)
-// DefaultCatalog --
func DefaultCatalog() (*RuntimeCatalog, error) {
return QuarkusCatalog()
}
-// QuarkusCatalog --
func QuarkusCatalog() (*RuntimeCatalog, error) {
return catalogForRuntimeProvider(v1.RuntimeProviderQuarkus)
}
@@ -63,7 +62,6 @@ func catalogForRuntimeProvider(provider v1.RuntimeProvider) (*RuntimeCatalog, er
})
}
-// GenerateCatalog --
func GenerateCatalog(
ctx context.Context,
client k8sclient.Reader,
@@ -77,12 +75,20 @@ func GenerateCatalog(
return nil, err
}
- return GenerateCatalogCommon(settings, mvn, runtime, providerDependencies)
+ var caCert []byte
+ if mvn.CaCert != nil {
+ caCert, err = kubernetes.GetSecretRefData(ctx, client, namespace, mvn.CaCert)
+ if err != nil {
+ return nil, err
+ }
+ }
+
+ return GenerateCatalogCommon(settings, caCert, mvn, runtime, providerDependencies)
}
-// GenerateCatalogCommon --
func GenerateCatalogCommon(
settings string,
+ caCert []byte,
mvn v1.MavenSpec,
runtime v1.RuntimeSpec,
providerDependencies []maven.Dependency) (*RuntimeCatalog, error) {
@@ -113,6 +119,15 @@ func GenerateCatalogCommon(
mc.SettingsContent = []byte(settings)
}
+ if caCert != nil {
+ trustStoreName := "trust.jks"
+ err := jvm.GenerateJavaKeystore(context.Background(), tmpDir, trustStoreName, caCert)
+ if err != nil {
+ return nil, err
+ }
+ mc.ExtraMavenOpts = append(mc.ExtraMavenOpts, "-Djavax.net.ssl.trustStore="+trustStoreName)
+ }
+
err = maven.Run(mc)
if err != nil {
return nil, err
diff --git a/pkg/util/jvm/keystore.go b/pkg/util/jvm/keystore.go
new file mode 100644
index 0000000..c1de152
--- /dev/null
+++ b/pkg/util/jvm/keystore.go
@@ -0,0 +1,45 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package jvm
+
+import (
+ "context"
+ "fmt"
+ "os"
+ "os/exec"
+ "path"
+ "strings"
+
+ "github.com/apache/camel-k/pkg/util"
+)
+
+func GenerateJavaKeystore(ctx context.Context, keystoreDir, keystoreName string, data []byte) error {
+ tmpFile := "ca-cert.tmp"
+ if err := util.WriteFileWithContent(keystoreDir, tmpFile, data); err != nil {
+ return err
+ }
+ defer os.Remove(path.Join(keystoreDir, tmpFile))
+
+ args := strings.Fields(fmt.Sprintf("-importcert -alias maven -file %s -keystore %s", tmpFile, keystoreName))
+ cmd := exec.CommandContext(ctx, "keytool", args...)
+ cmd.Dir = keystoreDir
+ cmd.Stderr = os.Stderr
+ cmd.Stdout = os.Stdout
+
+ return cmd.Run()
+}
[camel-k] 10/20: chore(build): Re-create parent build directory
after clean-up
Posted by as...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit ee8468d70d1d63743709c5f4e278c4a7ab23001d
Author: Antonin Stefanutti <an...@stefanutti.fr>
AuthorDate: Fri Mar 26 18:32:49 2021 +0100
chore(build): Re-create parent build directory after clean-up
---
pkg/builder/project.go | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/pkg/builder/project.go b/pkg/builder/project.go
index 45f8835..39182e0 100644
--- a/pkg/builder/project.go
+++ b/pkg/builder/project.go
@@ -63,7 +63,12 @@ func cleanUpBuildDir(ctx *builderContext) error {
return nil
}
- return os.RemoveAll(ctx.Build.BuildDir)
+ err := os.RemoveAll(ctx.Build.BuildDir)
+ if err != nil {
+ return err
+ }
+
+ return os.MkdirAll(ctx.Build.BuildDir, 0777)
}
func generateJavaKeystore(ctx *builderContext) error {
[camel-k] 16/20: test: Correct Maven central proxy Nexus URL
Posted by as...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit bc16ba0deae1027054a5fd98984af025b7006c65
Author: Antonin Stefanutti <an...@stefanutti.fr>
AuthorDate: Mon Mar 29 17:14:00 2021 +0200
test: Correct Maven central proxy Nexus URL
---
e2e/common/build/maven_ca_secret_test.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/e2e/common/build/maven_ca_secret_test.go b/e2e/common/build/maven_ca_secret_test.go
index 85d0a24..8466a38 100644
--- a/e2e/common/build/maven_ca_secret_test.go
+++ b/e2e/common/build/maven_ca_secret_test.go
@@ -309,7 +309,7 @@ ProxyPreserveHost On
// Install Camel K with the Maven CA secret
Expect(Kamel("install", "-n", ns,
- "--maven-repository", fmt.Sprintf(`https://%s/nexus/content/groups/public@id\=nexus@snapshots`, hostname),
+ "--maven-repository", fmt.Sprintf(`https://%s/repository/maven-public/@id=central@snapshots`, hostname),
"--maven-ca-secret", secret.Name+"/"+corev1.TLSCertKey,
).Execute()).To(Succeed())
[camel-k] 06/20: feat(build): Import root CA certificates into
custom truststore
Posted by as...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 1d665571aa0c94d4d7dca257b6ef7ffaf06996bb
Author: Antonin Stefanutti <an...@stefanutti.fr>
AuthorDate: Fri Mar 26 10:01:18 2021 +0100
feat(build): Import root CA certificates into custom truststore
---
pkg/util/jvm/keystore.go | 27 +++++++++++++++++++++++++--
1 file changed, 25 insertions(+), 2 deletions(-)
diff --git a/pkg/util/jvm/keystore.go b/pkg/util/jvm/keystore.go
index c1de152..60003d2 100644
--- a/pkg/util/jvm/keystore.go
+++ b/pkg/util/jvm/keystore.go
@@ -35,11 +35,34 @@ func GenerateJavaKeystore(ctx context.Context, keystoreDir, keystoreName string,
}
defer os.Remove(path.Join(keystoreDir, tmpFile))
- args := strings.Fields(fmt.Sprintf("-importcert -alias maven -file %s -keystore %s", tmpFile, keystoreName))
+ args := strings.Fields(fmt.Sprintf("-importcert -noprompt -alias maven -file %s -keystore %s", tmpFile, keystoreName))
cmd := exec.CommandContext(ctx, "keytool", args...)
cmd.Dir = keystoreDir
cmd.Stderr = os.Stderr
cmd.Stdout = os.Stdout
- return cmd.Run()
+ err := cmd.Run()
+ if err != nil {
+ return err
+ }
+
+ // Try to locale root CA certificates truststore, in order to import them
+ // into the newly created truststore. It avoids tempering the system-wide
+ // JVM truststore.
+ javaHome, ok := os.LookupEnv("JAVA_HOME")
+ if ok {
+ caCertsPath := path.Join(javaHome, "lib/security/cacerts")
+ args := strings.Fields(fmt.Sprintf("-importkeystore -noprompt -srckeystore %s -srcstorepass %s -destkeystore %s", caCertsPath, "changeit", keystoreName))
+ cmd := exec.CommandContext(ctx, "keytool", args...)
+ cmd.Dir = keystoreDir
+ cmd.Stderr = os.Stderr
+ cmd.Stdout = os.Stdout
+
+ err := cmd.Run()
+ if err != nil {
+ return err
+ }
+ }
+
+ return nil
}
[camel-k] 18/20: test: Free more disk space in Kubernetes workflow
setup
Posted by as...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 2c035d3a17bc995af5876adf243df93bc8ae202c
Author: Antonin Stefanutti <an...@stefanutti.fr>
AuthorDate: Tue Mar 30 09:20:03 2021 +0200
test: Free more disk space in Kubernetes workflow setup
---
.github/workflows/kubernetes.yml | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/.github/workflows/kubernetes.yml b/.github/workflows/kubernetes.yml
index d61da81..7a76e66 100644
--- a/.github/workflows/kubernetes.yml
+++ b/.github/workflows/kubernetes.yml
@@ -55,6 +55,10 @@ jobs:
sudo swapoff -a
sudo rm -f /swapfile
sudo apt clean
+ sudo rm -rf /usr/share/dotnet
+ sudo rm -rf /opt/ghc
+ sudo rm -rf "/usr/local/share/boost"
+ sudo rm -rf "$AGENT_TOOLSDIRECTORY"
docker rmi $(docker image ls -aq)
echo "Final status:"
[camel-k] 04/20: feat(build): Support custom CA certificate in
OpenAPI builds
Posted by as...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 4e2a7b2c95aad4fffb2992aed00208b9d02ad5d6
Author: Antonin Stefanutti <an...@stefanutti.fr>
AuthorDate: Thu Mar 25 11:23:43 2021 +0100
feat(build): Support custom CA certificate in OpenAPI builds
---
pkg/trait/openapi.go | 25 +++++++++++++++----------
1 file changed, 15 insertions(+), 10 deletions(-)
diff --git a/pkg/trait/openapi.go b/pkg/trait/openapi.go
index 197eb92..b0880b7 100644
--- a/pkg/trait/openapi.go
+++ b/pkg/trait/openapi.go
@@ -39,13 +39,11 @@ import (
"github.com/apache/camel-k/pkg/util/defaults"
"github.com/apache/camel-k/pkg/util/digest"
"github.com/apache/camel-k/pkg/util/gzip"
+ "github.com/apache/camel-k/pkg/util/jvm"
"github.com/apache/camel-k/pkg/util/kubernetes"
"github.com/apache/camel-k/pkg/util/maven"
)
-// OpenAPITraitName ---
-const OpenAPITraitName = "openapi"
-
// The OpenAPI DSL trait is internally used to allow creating integrations from a OpenAPI specs.
//
// +camel-k:trait=openapi
@@ -55,7 +53,7 @@ type openAPITrait struct {
func newOpenAPITrait() Trait {
return &openAPITrait{
- BaseTrait: NewBaseTrait(OpenAPITraitName, 300),
+ BaseTrait: NewBaseTrait("openapi", 300),
}
}
@@ -117,9 +115,7 @@ func (t *openAPITrait) Apply(e *Environment) error {
generatedSources := make([]v1.SourceSpec, 0, len(e.Integration.Status.GeneratedSources))
if e.Integration.Status.GeneratedSources != nil {
- //
// Filter out the previously generated source
- //
for _, x := range e.Integration.Status.GeneratedSources {
if x.Name != generatedSourceName {
generatedSources = append(generatedSources, x)
@@ -127,9 +123,7 @@ func (t *openAPITrait) Apply(e *Environment) error {
}
}
- //
// Add an additional source that references the config map
- //
generatedSources = append(generatedSources, v1.SourceSpec{
DataSpec: v1.DataSpec{
Name: generatedSourceName,
@@ -221,6 +215,19 @@ func (t *openAPITrait) createNewOpenAPIConfigMap(e *Environment, resource v1.Res
mc.SettingsContent = []byte(settings)
}
+ if e.Platform.Status.Build.Maven.CaCert != nil {
+ certData, err := kubernetes.GetSecretRefData(e.C, e.Client, e.Platform.Namespace, e.Platform.Status.Build.Maven.CaCert)
+ if err != nil {
+ return err
+ }
+ trustStoreName := "trust.jks"
+ err = jvm.GenerateJavaKeystore(e.C, tmpDir, trustStoreName, certData)
+ if err != nil {
+ return err
+ }
+ mc.ExtraMavenOpts = append(mc.ExtraMavenOpts, "-Djavax.net.ssl.trustStore="+trustStoreName)
+ }
+
err = maven.Run(mc)
if err != nil {
return err
@@ -246,10 +253,8 @@ func (t *openAPITrait) createNewOpenAPIConfigMap(e *Environment, resource v1.Res
return err
}
- //
// Store the generated rest xml in a separate config map in order
// not to pollute the integration with generated data
- //
cm := corev1.ConfigMap{
TypeMeta: metav1.TypeMeta{
Kind: "ConfigMap",
[camel-k] 15/20: test: Fix HTTPS authorization
Posted by as...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit a3f33612b6a325415efa806c390bff7dba769d20
Author: Antonin Stefanutti <an...@stefanutti.fr>
AuthorDate: Mon Mar 29 17:13:07 2021 +0200
test: Fix HTTPS authorization
---
e2e/common/build/maven_ca_secret_test.go | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/e2e/common/build/maven_ca_secret_test.go b/e2e/common/build/maven_ca_secret_test.go
index eb01ebd..85d0a24 100644
--- a/e2e/common/build/maven_ca_secret_test.go
+++ b/e2e/common/build/maven_ca_secret_test.go
@@ -119,6 +119,8 @@ ServerRoot "/etc/httpd
PidFile /var/run/httpd/httpd.pid"
LoadModule mpm_event_module /usr/local/apache2/modules/mod_mpm_event.so
+LoadModule authn_core_module /usr/local/apache2/modules/mod_authn_core.so
+LoadModule authz_core_module /usr/local/apache2/modules/mod_authz_core.so
LoadModule proxy_module /usr/local/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/local/apache2/modules/mod_proxy_http.so
LoadModule headers_module /usr/local/apache2/modules/mod_headers.so
@@ -140,6 +142,12 @@ Listen 8443
ProxyRequests Off
ProxyPreserveHost On
+<Directory />
+ Options FollowSymLinks
+ AllowOverride All
+ Require all granted
+</Directory>
+
<VirtualHost *:8443>
SSLEngine on
[camel-k] 03/20: chore(build): regen CRDs with CA certificate
support
Posted by as...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 87d23539918633503f52a21158bc9b036c894b88
Author: Antonin Stefanutti <an...@stefanutti.fr>
AuthorDate: Thu Mar 25 11:13:35 2021 +0100
chore(build): regen CRDs with CA certificate support
---
config/crd/bases/camel.apache.org_builds.yaml | 23 +++++++++++
.../camel.apache.org_integrationplatforms.yaml | 44 ++++++++++++++++++++++
.../1.4.0-snapshot/camel.apache.org_builds.yaml | 23 +++++++++++
.../camel.apache.org_integrationplatforms.yaml | 44 ++++++++++++++++++++++
helm/camel-k/crds/crd-build.yaml | 23 +++++++++++
helm/camel-k/crds/crd-integration-platform.yaml | 44 ++++++++++++++++++++++
pkg/apis/camel/v1/common_types.go | 11 ++++--
pkg/apis/camel/v1/zz_generated.deepcopy.go | 5 +++
pkg/resources/resources.go | 8 ++--
9 files changed, 217 insertions(+), 8 deletions(-)
diff --git a/config/crd/bases/camel.apache.org_builds.yaml b/config/crd/bases/camel.apache.org_builds.yaml
index e883c36..0ddd9ed 100644
--- a/config/crd/bases/camel.apache.org_builds.yaml
+++ b/config/crd/bases/camel.apache.org_builds.yaml
@@ -127,6 +127,29 @@ spec:
maven:
description: MavenSpec --
properties:
+ caCert:
+ description: The Secret key containing the CA certificate
+ used to connect to remote repositories. A JKS formatted
+ keystore is automatically created to store the CA
+ certificate, and configured to be used as a trusted
+ certificate by the Maven command.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
localRepository:
type: string
settings:
diff --git a/config/crd/bases/camel.apache.org_integrationplatforms.yaml b/config/crd/bases/camel.apache.org_integrationplatforms.yaml
index 7d1e156..bf34421 100644
--- a/config/crd/bases/camel.apache.org_integrationplatforms.yaml
+++ b/config/crd/bases/camel.apache.org_integrationplatforms.yaml
@@ -81,6 +81,28 @@ spec:
maven:
description: MavenSpec --
properties:
+ caCert:
+ description: The Secret key containing the CA certificate
+ used to connect to remote repositories. A JKS formatted
+ keystore is automatically created to store the CA certificate,
+ and configured to be used as a trusted certificate by the
+ Maven command.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
localRepository:
type: string
settings:
@@ -229,6 +251,28 @@ spec:
maven:
description: MavenSpec --
properties:
+ caCert:
+ description: The Secret key containing the CA certificate
+ used to connect to remote repositories. A JKS formatted
+ keystore is automatically created to store the CA certificate,
+ and configured to be used as a trusted certificate by the
+ Maven command.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
localRepository:
type: string
settings:
diff --git a/deploy/olm-catalog/camel-k-dev/1.4.0-snapshot/camel.apache.org_builds.yaml b/deploy/olm-catalog/camel-k-dev/1.4.0-snapshot/camel.apache.org_builds.yaml
index e883c36..0ddd9ed 100644
--- a/deploy/olm-catalog/camel-k-dev/1.4.0-snapshot/camel.apache.org_builds.yaml
+++ b/deploy/olm-catalog/camel-k-dev/1.4.0-snapshot/camel.apache.org_builds.yaml
@@ -127,6 +127,29 @@ spec:
maven:
description: MavenSpec --
properties:
+ caCert:
+ description: The Secret key containing the CA certificate
+ used to connect to remote repositories. A JKS formatted
+ keystore is automatically created to store the CA
+ certificate, and configured to be used as a trusted
+ certificate by the Maven command.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
localRepository:
type: string
settings:
diff --git a/deploy/olm-catalog/camel-k-dev/1.4.0-snapshot/camel.apache.org_integrationplatforms.yaml b/deploy/olm-catalog/camel-k-dev/1.4.0-snapshot/camel.apache.org_integrationplatforms.yaml
index 7d1e156..bf34421 100644
--- a/deploy/olm-catalog/camel-k-dev/1.4.0-snapshot/camel.apache.org_integrationplatforms.yaml
+++ b/deploy/olm-catalog/camel-k-dev/1.4.0-snapshot/camel.apache.org_integrationplatforms.yaml
@@ -81,6 +81,28 @@ spec:
maven:
description: MavenSpec --
properties:
+ caCert:
+ description: The Secret key containing the CA certificate
+ used to connect to remote repositories. A JKS formatted
+ keystore is automatically created to store the CA certificate,
+ and configured to be used as a trusted certificate by the
+ Maven command.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
localRepository:
type: string
settings:
@@ -229,6 +251,28 @@ spec:
maven:
description: MavenSpec --
properties:
+ caCert:
+ description: The Secret key containing the CA certificate
+ used to connect to remote repositories. A JKS formatted
+ keystore is automatically created to store the CA certificate,
+ and configured to be used as a trusted certificate by the
+ Maven command.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
localRepository:
type: string
settings:
diff --git a/helm/camel-k/crds/crd-build.yaml b/helm/camel-k/crds/crd-build.yaml
index e883c36..0ddd9ed 100644
--- a/helm/camel-k/crds/crd-build.yaml
+++ b/helm/camel-k/crds/crd-build.yaml
@@ -127,6 +127,29 @@ spec:
maven:
description: MavenSpec --
properties:
+ caCert:
+ description: The Secret key containing the CA certificate
+ used to connect to remote repositories. A JKS formatted
+ keystore is automatically created to store the CA
+ certificate, and configured to be used as a trusted
+ certificate by the Maven command.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
localRepository:
type: string
settings:
diff --git a/helm/camel-k/crds/crd-integration-platform.yaml b/helm/camel-k/crds/crd-integration-platform.yaml
index 7d1e156..bf34421 100644
--- a/helm/camel-k/crds/crd-integration-platform.yaml
+++ b/helm/camel-k/crds/crd-integration-platform.yaml
@@ -81,6 +81,28 @@ spec:
maven:
description: MavenSpec --
properties:
+ caCert:
+ description: The Secret key containing the CA certificate
+ used to connect to remote repositories. A JKS formatted
+ keystore is automatically created to store the CA certificate,
+ and configured to be used as a trusted certificate by the
+ Maven command.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
localRepository:
type: string
settings:
@@ -229,6 +251,28 @@ spec:
maven:
description: MavenSpec --
properties:
+ caCert:
+ description: The Secret key containing the CA certificate
+ used to connect to remote repositories. A JKS formatted
+ keystore is automatically created to store the CA certificate,
+ and configured to be used as a trusted certificate by the
+ Maven command.
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
localRepository:
type: string
settings:
diff --git a/pkg/apis/camel/v1/common_types.go b/pkg/apis/camel/v1/common_types.go
index ae0413b..f09d21d 100644
--- a/pkg/apis/camel/v1/common_types.go
+++ b/pkg/apis/camel/v1/common_types.go
@@ -83,10 +83,13 @@ type PlatformInjectable interface {
// MavenSpec --
type MavenSpec struct {
- LocalRepository string `json:"localRepository,omitempty"`
- Settings ValueSource `json:"settings,omitempty"`
- CaCert *corev1.SecretKeySelector `json:"caCert,omitempty"`
- Timeout *metav1.Duration `json:"timeout,omitempty"`
+ LocalRepository string `json:"localRepository,omitempty"`
+ Settings ValueSource `json:"settings,omitempty"`
+ // The Secret key containing the CA certificate used to connect to remote repositories.
+ // A JKS formatted keystore is automatically created to store the CA certificate,
+ // and configured to be used as a trusted certificate by the Maven command.
+ CaCert *corev1.SecretKeySelector `json:"caCert,omitempty"`
+ Timeout *metav1.Duration `json:"timeout,omitempty"`
}
// ValueSource --
diff --git a/pkg/apis/camel/v1/zz_generated.deepcopy.go b/pkg/apis/camel/v1/zz_generated.deepcopy.go
index 9f0410e..c8e1ff6 100644
--- a/pkg/apis/camel/v1/zz_generated.deepcopy.go
+++ b/pkg/apis/camel/v1/zz_generated.deepcopy.go
@@ -1264,6 +1264,11 @@ func (in *MavenArtifact) DeepCopy() *MavenArtifact {
func (in *MavenSpec) DeepCopyInto(out *MavenSpec) {
*out = *in
in.Settings.DeepCopyInto(&out.Settings)
+ if in.CaCert != nil {
+ in, out := &in.CaCert, &out.CaCert
+ *out = new(corev1.SecretKeySelector)
+ (*in).DeepCopyInto(*out)
+ }
if in.Timeout != nil {
in, out := &in.Timeout, &out.Timeout
*out = new(metav1.Duration)
diff --git a/pkg/resources/resources.go b/pkg/resources/resources.go
index 26f7a55..80763e2 100644
--- a/pkg/resources/resources.go
+++ b/pkg/resources/resources.go
@@ -78,9 +78,9 @@ var assets = func() http.FileSystem {
"/crd/bases/camel.apache.org_builds.yaml": &vfsgen۰CompressedFileInfo{
name: "camel.apache.org_builds.yaml",
modTime: time.Time{},
- uncompressedSize: 20998,
+ uncompressedSize: 22436,
- compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xec\x3c\x5d\x6f\xdb\x38\xb6\xef\xfe\x15\x07\xf5\x43\x5b\x20\x96\xa7\x33\x73\x2f\x06\xbe\x0f\x17\x1e\xb7\xc5\x35\xda\x26\x41\xec\x76\x30\x8f\xb4\x74\x2c\x71\x2c\x91\xba\x24\x65\xc7\xb3\xd8\xff\xbe\x20\x29\xd9\x52\xac\x0f\x2a\x51\x67\xb3\xbb\xe1\x4b\x62\x89\x3c\xdf\x3c\x1f\x24\xc5\x31\x4c\x86\x6b\xa3\x31\x7c\xa6\x3e\x32\x89\x01\x28\x0e\x2a\x42\x98\xa7\xc4\x8f\x10\x56\x7c\xab\x0e\x44\x20\x7c\xe4\x19\x0b\x88\xa2\x9c\xc1\x [...]
+ compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xec\x5c\xdf\x73\xdb\x36\xf2\x7f\xd7\x5f\xb1\x13\x3f\x24\x99\xb1\xa8\xa6\xed\xf7\x3b\x1d\xdd\xc3\x8d\x2a\x27\x73\xba\x24\xb6\xc7\x72\xd2\xe9\xe3\x8a\x5c\x51\xa8\x48\x80\x07\x80\x96\xd5\x9b\xfb\xdf\x6f\x00\x90\x12\x65\xf1\x07\x68\x2b\xad\xef\xce\x78\x49\x4c\x01\x8b\xfd\x85\xcf\xee\x82\x20\xce\x60\x78\xba\x36\x38\x83\x4f\x2c\x24\xae\x28\x02\x2d\x40\xaf\x08\x26\x19\x86\x2b\x82\xb9\x58\xea\x0d\x4a\x82\x0f\x22\xe7\x11\x6a\x [...]
},
"/crd/bases/camel.apache.org_camelcatalogs.yaml": &vfsgen۰CompressedFileInfo{
name: "camel.apache.org_camelcatalogs.yaml",
@@ -99,9 +99,9 @@ var assets = func() http.FileSystem {
"/crd/bases/camel.apache.org_integrationplatforms.yaml": &vfsgen۰CompressedFileInfo{
name: "camel.apache.org_integrationplatforms.yaml",
modTime: time.Time{},
- uncompressedSize: 16884,
+ uncompressedSize: 19424,
- compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xec\x5b\xdf\x8f\xe2\x38\xf2\x7f\xcf\x5f\x51\x1a\x1e\x66\x57\x6a\x60\xe7\xfb\xbd\x87\x13\xf7\x70\xea\x65\x66\x74\x68\x66\xba\x5b\x0d\x33\xab\x7d\x34\x49\x11\xbc\x38\x76\xce\x3f\x9a\x61\x4f\xf7\xbf\x9f\x5c\x4e\x20\x40\x12\x42\x77\xaf\x4e\xba\x8d\x5f\xba\x21\x76\xb9\x7e\x7e\x5c\xae\x22\x03\x18\xbe\xde\x88\x06\xf0\x99\xc7\x28\x0d\x26\x60\x15\xd8\x35\xc2\x6d\xce\xe2\x35\xc2\x5c\xad\xec\x96\x69\x84\x8f\xca\xc9\x84\x59\xae\x [...]
+ compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xec\x5c\x5f\x8f\xdb\xb8\x11\x7f\xd7\xa7\x18\xc4\x0f\xb9\x03\xd6\xf2\xa5\xed\x43\xe1\x3e\x14\x3e\x27\x41\xdd\x24\xbb\x8b\xb5\x93\xc3\x3d\xd2\xd2\x58\xe6\x99\x22\x55\x92\x5a\xc7\x57\xf4\xbb\x17\x43\x4a\xb6\xbc\xd6\xbf\xf5\xe6\xd0\xf6\x2a\xbe\x24\x96\xc8\xe1\xfc\xfd\x71\xc8\xa1\x76\x04\xe3\x6f\xd7\x82\x11\x7c\xe4\x11\x4a\x83\x31\x58\x05\x76\x8b\x30\xcb\x58\xb4\x45\x58\xaa\x8d\xdd\x33\x8d\xf0\x5e\xe5\x32\x66\x96\x2b\x09\x [...]
},
"/crd/bases/camel.apache.org_integrations.yaml": &vfsgen۰CompressedFileInfo{
name: "camel.apache.org_integrations.yaml",
[camel-k] 20/20: test: Create Apache Snapshots proxy repository
with Nexus REST API
Posted by as...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 8adc29b425ed372a89dd1b652184483584dda3aa
Author: Antonin Stefanutti <an...@stefanutti.fr>
AuthorDate: Tue Mar 30 17:08:12 2021 +0200
test: Create Apache Snapshots proxy repository with Nexus REST API
---
e2e/common/build/maven_ca_secret_test.go | 81 +++++++++++++++++++++++++++++++-
1 file changed, 80 insertions(+), 1 deletion(-)
diff --git a/e2e/common/build/maven_ca_secret_test.go b/e2e/common/build/maven_ca_secret_test.go
index 46f0567..13acf7f 100644
--- a/e2e/common/build/maven_ca_secret_test.go
+++ b/e2e/common/build/maven_ca_secret_test.go
@@ -22,6 +22,8 @@ limitations under the License.
package build
import (
+ "bufio"
+ "bytes"
"crypto/rand"
"crypto/rsa"
"crypto/x509"
@@ -30,11 +32,16 @@ import (
"fmt"
"math/big"
rand2 "math/rand"
+ "os"
"testing"
"time"
. "github.com/onsi/gomega"
. "github.com/onsi/gomega/gstruct"
+ "k8s.io/client-go/kubernetes/scheme"
+ "k8s.io/client-go/tools/remotecommand"
+
+ ctrl "sigs.k8s.io/controller-runtime/pkg/client"
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
@@ -320,9 +327,81 @@ ProxyPreserveHost On
}),
))
+ // Get the Nexus Pod
+ pods := &corev1.PodList{
+ TypeMeta: metav1.TypeMeta{
+ Kind: "Pod",
+ APIVersion: corev1.SchemeGroupVersion.String(),
+ },
+ }
+ Expect(TestClient().List(TestContext, pods,
+ ctrl.InNamespace(ns),
+ ctrl.MatchingLabels{"camel-k": "maven-test-nexus"},
+ )).To(Succeed())
+ Expect(pods.Items).To(HaveLen(1))
+
+ // Retrieve the Nexus admin password
+ req := TestClient().CoreV1().RESTClient().Post().
+ Resource("pods").
+ Name(pods.Items[0].Name).
+ Namespace(ns).
+ SubResource("exec").
+ Param("container", "nexus")
+
+ req.VersionedParams(&corev1.PodExecOptions{
+ Container: "nexus",
+ Command: []string{"cat", "/nexus-data/admin.password"},
+ Stdout: true,
+ Stderr: true,
+ TTY: false,
+ }, scheme.ParameterCodec)
+
+ exec, err := remotecommand.NewSPDYExecutor(TestClient().GetConfig(), "POST", req.URL())
+ Expect(err).To(BeNil())
+
+ var password bytes.Buffer
+ Expect(exec.Stream(remotecommand.StreamOptions{
+ Stdout: bufio.NewWriter(&password),
+ Stderr: os.Stderr,
+ Tty: false,
+ })).To(Succeed())
+
+ // Create the Apache Snapshot proxy repository using the Nexus REST API
+ req = TestClient().CoreV1().RESTClient().Post().
+ Resource("pods").
+ Name(pods.Items[0].Name).
+ Namespace(ns).
+ SubResource("exec").
+ Param("container", "nexus")
+
+ apacheSnapshots := "https://repository.apache.org/content/repositories/snapshots/"
+ repository := fmt.Sprintf(`{"name":"apache-snapshots","proxy":{"remoteUrl":"%s","contentMaxAge":1440,"metadataMaxAge":1440},"online":true,"maven":{"versionPolicy":"SNAPSHOT","layoutPolicy":"PERMISSIVE"},"negativeCache":{"enabled":false,"timeToLive":1440},"httpClient":{"autoBlock":false,"blocked":false},"storage":{"strictContentTypeValidation":true,"blobStoreName":"default"}}`, apacheSnapshots)
+
+ req.VersionedParams(&corev1.PodExecOptions{
+ Container: "nexus",
+ Command: []string{"curl", "-v",
+ "-u", "admin:" + password.String(),
+ "-H", "Content-Type: application/json",
+ "--data", repository,
+ "http://localhost:8081/service/rest/v1/repositories/maven/proxy/"},
+ Stdout: true,
+ Stderr: true,
+ TTY: false,
+ }, scheme.ParameterCodec)
+
+ exec, err = remotecommand.NewSPDYExecutor(TestClient().GetConfig(), "POST", req.URL())
+ Expect(err).To(BeNil())
+
+ Expect(exec.Stream(remotecommand.StreamOptions{
+ Stdout: os.Stdout,
+ Stderr: os.Stderr,
+ Tty: false,
+ })).To(Succeed())
+
// Install Camel K with the Maven Central Nexus proxy and the corresponding Maven CA secret
Expect(Kamel("install", "-n", ns,
- "--maven-repository", fmt.Sprintf(`https://%s/repository/maven-public/@id=central@snapshots`, hostname),
+ "--maven-repository", fmt.Sprintf(`https://%s/repository/maven-public/@id=central`, hostname),
+ "--maven-repository", fmt.Sprintf(`https://%s/repository/apache-snapshots/@id=apache-snapshots@snapshots`, hostname),
"--maven-ca-secret", secret.Name+"/"+corev1.TLSCertKey,
).Execute()).To(Succeed())