You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by as...@apache.org on 2021/03/30 17:20:44 UTC
[camel-k] 02/20: feat(build): Support custom CA certificate for
Catalog builds
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 86722fbdf4621674887d290500f1b2a17023c75e
Author: Antonin Stefanutti <an...@stefanutti.fr>
AuthorDate: Thu Mar 25 10:59:57 2021 +0100
feat(build): Support custom CA certificate for Catalog builds
---
pkg/builder/project.go | 22 +++-------------------
pkg/builder/quarkus.go | 4 ++--
pkg/builder/types.go | 2 +-
pkg/cmd/util_dependencies.go | 3 ++-
pkg/util/camel/catalog.go | 25 +++++++++++++++++++-----
pkg/util/jvm/keystore.go | 45 ++++++++++++++++++++++++++++++++++++++++++++
6 files changed, 73 insertions(+), 28 deletions(-)
diff --git a/pkg/builder/project.go b/pkg/builder/project.go
index 27e20fe..8f77ecc 100644
--- a/pkg/builder/project.go
+++ b/pkg/builder/project.go
@@ -18,14 +18,10 @@ limitations under the License.
package builder
import (
- "fmt"
"os"
- "os/exec"
- "path"
- "strings"
- "github.com/apache/camel-k/pkg/util"
"github.com/apache/camel-k/pkg/util/camel"
+ "github.com/apache/camel-k/pkg/util/jvm"
"github.com/apache/camel-k/pkg/util/kubernetes"
)
@@ -80,21 +76,9 @@ func generateJavaKeystore(ctx *builderContext) error {
return err
}
- certPath := ctx.Build.Maven.CaCert.Key
- if err := util.WriteFileWithContent(ctx.Path, certPath, certData); err != nil {
- return err
- }
-
- keystore := "trust.jks"
- ctx.Maven.TrustStorePath = path.Join(ctx.Path, keystore)
-
- args := strings.Fields(fmt.Sprintf("-importcert -alias maven -file %s -keystore %s", certPath, keystore))
- cmd := exec.CommandContext(ctx.C, "keytool", args...)
- cmd.Dir = ctx.Path
- cmd.Stderr = os.Stderr
- cmd.Stdout = os.Stdout
+ ctx.Maven.TrustStoreName = "trust.jks"
- return cmd.Run()
+ return jvm.GenerateJavaKeystore(ctx.C, ctx.Path, ctx.Maven.TrustStoreName, certData)
}
func generateProjectSettings(ctx *builderContext) error {
diff --git a/pkg/builder/quarkus.go b/pkg/builder/quarkus.go
index 028b919..7e02255 100644
--- a/pkg/builder/quarkus.go
+++ b/pkg/builder/quarkus.go
@@ -147,8 +147,8 @@ func buildQuarkusRunner(ctx *builderContext) error {
mc.LocalRepository = ctx.Build.Maven.LocalRepository
mc.Timeout = ctx.Build.Maven.GetTimeout().Duration
- if ctx.Maven.TrustStorePath != "" {
- mc.ExtraMavenOpts = append(mc.ExtraMavenOpts, "-Djavax.net.ssl.trustStore="+path.Join(ctx.Path, ctx.Maven.TrustStorePath))
+ if ctx.Maven.TrustStoreName != "" {
+ mc.ExtraMavenOpts = append(mc.ExtraMavenOpts, "-Djavax.net.ssl.trustStore="+path.Join(ctx.Path, ctx.Maven.TrustStoreName))
}
err := BuildQuarkusRunnerCommon(mc)
diff --git a/pkg/builder/types.go b/pkg/builder/types.go
index 776e8a0..55354f6 100644
--- a/pkg/builder/types.go
+++ b/pkg/builder/types.go
@@ -90,6 +90,6 @@ type builderContext struct {
Maven struct {
Project maven.Project
SettingsData []byte
- TrustStorePath string
+ TrustStoreName string
}
}
diff --git a/pkg/cmd/util_dependencies.go b/pkg/cmd/util_dependencies.go
index 3a3762b..0dbbcb1 100644
--- a/pkg/cmd/util_dependencies.go
+++ b/pkg/cmd/util_dependencies.go
@@ -228,7 +228,8 @@ func generateCatalog() (*camel.RuntimeCatalog, error) {
Provider: v1.RuntimeProviderQuarkus,
}
var providerDependencies []maven.Dependency
- catalog, err := camel.GenerateCatalogCommon(settings, mvn, runtime, providerDependencies)
+ var caCert []byte
+ catalog, err := camel.GenerateCatalogCommon(settings, caCert, mvn, runtime, providerDependencies)
if err != nil {
return nil, err
}
diff --git a/pkg/util/camel/catalog.go b/pkg/util/camel/catalog.go
index 451d857..014eefd 100644
--- a/pkg/util/camel/catalog.go
+++ b/pkg/util/camel/catalog.go
@@ -30,16 +30,15 @@ import (
v1 "github.com/apache/camel-k/pkg/apis/camel/v1"
"github.com/apache/camel-k/pkg/resources"
"github.com/apache/camel-k/pkg/util/defaults"
+ "github.com/apache/camel-k/pkg/util/jvm"
"github.com/apache/camel-k/pkg/util/kubernetes"
"github.com/apache/camel-k/pkg/util/maven"
)
-// DefaultCatalog --
func DefaultCatalog() (*RuntimeCatalog, error) {
return QuarkusCatalog()
}
-// QuarkusCatalog --
func QuarkusCatalog() (*RuntimeCatalog, error) {
return catalogForRuntimeProvider(v1.RuntimeProviderQuarkus)
}
@@ -63,7 +62,6 @@ func catalogForRuntimeProvider(provider v1.RuntimeProvider) (*RuntimeCatalog, er
})
}
-// GenerateCatalog --
func GenerateCatalog(
ctx context.Context,
client k8sclient.Reader,
@@ -77,12 +75,20 @@ func GenerateCatalog(
return nil, err
}
- return GenerateCatalogCommon(settings, mvn, runtime, providerDependencies)
+ var caCert []byte
+ if mvn.CaCert != nil {
+ caCert, err = kubernetes.GetSecretRefData(ctx, client, namespace, mvn.CaCert)
+ if err != nil {
+ return nil, err
+ }
+ }
+
+ return GenerateCatalogCommon(settings, caCert, mvn, runtime, providerDependencies)
}
-// GenerateCatalogCommon --
func GenerateCatalogCommon(
settings string,
+ caCert []byte,
mvn v1.MavenSpec,
runtime v1.RuntimeSpec,
providerDependencies []maven.Dependency) (*RuntimeCatalog, error) {
@@ -113,6 +119,15 @@ func GenerateCatalogCommon(
mc.SettingsContent = []byte(settings)
}
+ if caCert != nil {
+ trustStoreName := "trust.jks"
+ err := jvm.GenerateJavaKeystore(context.Background(), tmpDir, trustStoreName, caCert)
+ if err != nil {
+ return nil, err
+ }
+ mc.ExtraMavenOpts = append(mc.ExtraMavenOpts, "-Djavax.net.ssl.trustStore="+trustStoreName)
+ }
+
err = maven.Run(mc)
if err != nil {
return nil, err
diff --git a/pkg/util/jvm/keystore.go b/pkg/util/jvm/keystore.go
new file mode 100644
index 0000000..c1de152
--- /dev/null
+++ b/pkg/util/jvm/keystore.go
@@ -0,0 +1,45 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package jvm
+
+import (
+ "context"
+ "fmt"
+ "os"
+ "os/exec"
+ "path"
+ "strings"
+
+ "github.com/apache/camel-k/pkg/util"
+)
+
+func GenerateJavaKeystore(ctx context.Context, keystoreDir, keystoreName string, data []byte) error {
+ tmpFile := "ca-cert.tmp"
+ if err := util.WriteFileWithContent(keystoreDir, tmpFile, data); err != nil {
+ return err
+ }
+ defer os.Remove(path.Join(keystoreDir, tmpFile))
+
+ args := strings.Fields(fmt.Sprintf("-importcert -alias maven -file %s -keystore %s", tmpFile, keystoreName))
+ cmd := exec.CommandContext(ctx, "keytool", args...)
+ cmd.Dir = keystoreDir
+ cmd.Stderr = os.Stderr
+ cmd.Stdout = os.Stdout
+
+ return cmd.Run()
+}