This is an automated email from the ASF dual-hosted git repository. pcongiusti pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 6c397ba62c12c3acb63d1c81a9939216f49c414c Author: haanhvu <[email protected]> AuthorDate: Wed May 11 16:30:36 2022 +0700 Add settings security to Maven build --- config/crd/bases/camel.apache.org_builds.yaml | 44 +++++++ .../camel.apache.org_integrationplatforms.yaml | 84 ++++++++++++ docs/modules/ROOT/pages/configuration/maven.adoc | 33 ++++- docs/modules/ROOT/partials/apis/camel-k-crds.adoc | 8 ++ examples/maven/README.md | 17 +++ examples/maven/ip.yaml | 15 +++ helm/camel-k/crds/crd-build.yaml | 44 +++++++ helm/camel-k/crds/crd-integration-platform.yaml | 84 ++++++++++++ pkg/apis/camel/v1/maven_types.go | 3 + pkg/apis/camel/v1/zz_generated.deepcopy.go | 1 + pkg/builder/project.go | 8 ++ pkg/builder/project_test.go | 142 +++++++++++++++++++++ pkg/builder/quarkus.go | 2 + pkg/builder/types.go | 11 +- pkg/util/maven/maven_command.go | 7 + 15 files changed, 497 insertions(+), 6 deletions(-) diff --git a/config/crd/bases/camel.apache.org_builds.yaml b/config/crd/bases/camel.apache.org_builds.yaml index 6ac023fd6..5db172705 100644 --- a/config/crd/bases/camel.apache.org_builds.yaml +++ b/config/crd/bases/camel.apache.org_builds.yaml @@ -373,6 +373,50 @@ spec: - key type: object type: object + settingsSecurity: + description: A reference to the ConfigMap or Secret + key that contains the security of the Maven settings. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + secretKeyRef: + description: Selects a key of a secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object type: object name: description: name of the task diff --git a/config/crd/bases/camel.apache.org_integrationplatforms.yaml b/config/crd/bases/camel.apache.org_integrationplatforms.yaml index 1b82862f5..d83005fbe 100644 --- a/config/crd/bases/camel.apache.org_integrationplatforms.yaml +++ b/config/crd/bases/camel.apache.org_integrationplatforms.yaml @@ -223,6 +223,48 @@ spec: - key type: object type: object + settingsSecurity: + description: A reference to the ConfigMap or Secret key that + contains the security of the Maven settings. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secretKeyRef: + description: Selects a key of a secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object type: object persistentVolumeClaim: description: 'Deprecated: Use PublishStrategyOptions instead the @@ -498,6 +540,48 @@ spec: - key type: object type: object + settingsSecurity: + description: A reference to the ConfigMap or Secret key that + contains the security of the Maven settings. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secretKeyRef: + description: Selects a key of a secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object type: object persistentVolumeClaim: description: 'Deprecated: Use PublishStrategyOptions instead the diff --git a/docs/modules/ROOT/pages/configuration/maven.adoc b/docs/modules/ROOT/pages/configuration/maven.adoc index 69a71960a..1f860fd80 100644 --- a/docs/modules/ROOT/pages/configuration/maven.adoc +++ b/docs/modules/ROOT/pages/configuration/maven.adoc @@ -29,7 +29,38 @@ spec: name: maven-settings ---- -The IntegrationPlatform resource can be edited directly, to reference the ConfigMap or the Secret that contains the Maven settings, e.g.: +[[maven-settings-security]] +=== Maven Settings Security + +If your project also requires a Maven Settings Security in a `settings-security.xml` file (as described in https://maven.apache.org/guides/mini/guide-encryption.html[the official Maven Password Encryption guide]), you can create a ConfigMap or Secret for that file + +[source,console] +---- +$ kubectl create configmap maven-settings-security --from-file=settings-security.xml +---- + +and reference it in the IntegrationPlatform resource: + +[source,yaml] +---- +apiVersion: camel.apache.org/v1 +kind: IntegrationPlatform +metadata: + name: camel-k +spec: + build: + maven: + settings: + configMapKeyRef: + key: settings.xml + name: maven-settings + settingsSecurity: + configMapKeyRef: + key: settings-security.xml + name: maven-settings-security +---- + +The IntegrationPlatform resource can be edited directly, to reference the ConfigMap(s) or the Secret(s) that contains the Maven settings and settings security, e.g.: [source,console] ---- diff --git a/docs/modules/ROOT/partials/apis/camel-k-crds.adoc b/docs/modules/ROOT/partials/apis/camel-k-crds.adoc index 445c66379..b70cc29db 100644 --- a/docs/modules/ROOT/partials/apis/camel-k-crds.adoc +++ b/docs/modules/ROOT/partials/apis/camel-k-crds.adoc @@ -2348,6 +2348,14 @@ The Maven properties. A reference to the ConfigMap or Secret key that contains the Maven settings. +|`settingsSecurity` + +*xref:#_camel_apache_org_v1_ValueSource[ValueSource]* +| + + +A reference to the ConfigMap or Secret key that contains +the security of the Maven settings. + |`caSecret` + *https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#secretkeyselector-v1-core[Kubernetes core/v1.SecretKeySelector]* | diff --git a/examples/maven/README.md b/examples/maven/README.md new file mode 100644 index 000000000..9d3c5cd3d --- /dev/null +++ b/examples/maven/README.md @@ -0,0 +1,17 @@ +# Camel K Maven configuration examples + +In this section, you'll find examples about Maven configurations in Camel K. + +**Example 1: Reference Maven setting files in an IntegrationPlatform resource** + +If you have a `settings.xml` file and (optionally) a `settings-security.xml` file, you can create a ConfigMap or a Secret for each file in Kubernetes: + +`kubectl create configmap maven-settings --from-file=settings.xml` + +`kubectl create configmap maven-settings-security --from-file=settings-security.xml` + +The created ConfigMap(s) or Secret(s) can then be referenced in an IntegrationPlatform file like the example `ip.yaml` + +With an IntegrationPlatform file, you can then create an IntegrationPlatform in Kubernetes: + +`kubectl apply -f ip.yaml` \ No newline at end of file diff --git a/examples/maven/ip.yaml b/examples/maven/ip.yaml new file mode 100644 index 000000000..65741a66c --- /dev/null +++ b/examples/maven/ip.yaml @@ -0,0 +1,15 @@ +apiVersion: camel.apache.org/v1 +kind: IntegrationPlatform +metadata: + name: camel-k +spec: + build: + maven: + settings: + configMapKeyRef: + key: settings.xml + name: maven-settings + settingsSecurity: + configMapKeyRef: + key: settings-security.xml + name: maven-settings-security \ No newline at end of file diff --git a/helm/camel-k/crds/crd-build.yaml b/helm/camel-k/crds/crd-build.yaml index 6ac023fd6..5db172705 100644 --- a/helm/camel-k/crds/crd-build.yaml +++ b/helm/camel-k/crds/crd-build.yaml @@ -373,6 +373,50 @@ spec: - key type: object type: object + settingsSecurity: + description: A reference to the ConfigMap or Secret + key that contains the security of the Maven settings. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + secretKeyRef: + description: Selects a key of a secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object type: object name: description: name of the task diff --git a/helm/camel-k/crds/crd-integration-platform.yaml b/helm/camel-k/crds/crd-integration-platform.yaml index 1b82862f5..d83005fbe 100644 --- a/helm/camel-k/crds/crd-integration-platform.yaml +++ b/helm/camel-k/crds/crd-integration-platform.yaml @@ -223,6 +223,48 @@ spec: - key type: object type: object + settingsSecurity: + description: A reference to the ConfigMap or Secret key that + contains the security of the Maven settings. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secretKeyRef: + description: Selects a key of a secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object type: object persistentVolumeClaim: description: 'Deprecated: Use PublishStrategyOptions instead the @@ -498,6 +540,48 @@ spec: - key type: object type: object + settingsSecurity: + description: A reference to the ConfigMap or Secret key that + contains the security of the Maven settings. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secretKeyRef: + description: Selects a key of a secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object type: object persistentVolumeClaim: description: 'Deprecated: Use PublishStrategyOptions instead the diff --git a/pkg/apis/camel/v1/maven_types.go b/pkg/apis/camel/v1/maven_types.go index 7716cd777..252cc3166 100644 --- a/pkg/apis/camel/v1/maven_types.go +++ b/pkg/apis/camel/v1/maven_types.go @@ -32,6 +32,9 @@ type MavenSpec struct { // A reference to the ConfigMap or Secret key that contains // the Maven settings. Settings ValueSource `json:"settings,omitempty"` + // A reference to the ConfigMap or Secret key that contains + // the security of the Maven settings. + SettingsSecurity ValueSource `json:"settingsSecurity,omitempty"` // Deprecated: use CASecrets // The Secret name and key, containing the CA certificate(s) used to connect // to remote Maven repositories. diff --git a/pkg/apis/camel/v1/zz_generated.deepcopy.go b/pkg/apis/camel/v1/zz_generated.deepcopy.go index f01175b95..521ba3cce 100644 --- a/pkg/apis/camel/v1/zz_generated.deepcopy.go +++ b/pkg/apis/camel/v1/zz_generated.deepcopy.go @@ -1292,6 +1292,7 @@ func (in *MavenSpec) DeepCopyInto(out *MavenSpec) { } } in.Settings.DeepCopyInto(&out.Settings) + in.SettingsSecurity.DeepCopyInto(&out.SettingsSecurity) if in.CASecret != nil { in, out := &in.CASecret, &out.CASecret *out = new(corev1.SecretKeySelector) diff --git a/pkg/builder/project.go b/pkg/builder/project.go index 6efa153d5..28878c8d1 100644 --- a/pkg/builder/project.go +++ b/pkg/builder/project.go @@ -124,6 +124,14 @@ func generateProjectSettings(ctx *builderContext) error { } ctx.Maven.GlobalSettings = data + settingsSecurity, err := kubernetes.ResolveValueSource(ctx.C, ctx.Client, ctx.Namespace, &ctx.Build.Maven.SettingsSecurity) + if err != nil { + return err + } + if settingsSecurity != "" { + ctx.Maven.SettingsSecurity = []byte(settingsSecurity) + } + return nil } diff --git a/pkg/builder/project_test.go b/pkg/builder/project_test.go index e816b745d..15bd9f212 100644 --- a/pkg/builder/project_test.go +++ b/pkg/builder/project_test.go @@ -239,6 +239,77 @@ func TestMavenSettingsFromConfigMap(t *testing.T) { assert.Equal(t, []byte("setting-data"), ctx.Maven.UserSettings) } +func TestMavenSettingsWithSettingsSecurityFromConfigMap(t *testing.T) { + catalog, err := camel.DefaultCatalog() + assert.Nil(t, err) + + c, err := test.NewFakeClient( + &corev1.ConfigMap{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "v1", + Kind: "ConfigMap", + }, + ObjectMeta: metav1.ObjectMeta{ + Namespace: "ns", + Name: "maven-settings", + }, + Data: map[string]string{ + "settings.xml": "setting-data", + }, + }, + &corev1.ConfigMap{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "v1", + Kind: "ConfigMap", + }, + ObjectMeta: metav1.ObjectMeta{ + Namespace: "ns", + Name: "maven-settings-security", + }, + Data: map[string]string{ + "settings-security.xml": "setting-security-data", + }, + }, + ) + + assert.Nil(t, err) + + ctx := builderContext{ + Catalog: catalog, + Client: c, + Namespace: "ns", + Build: v1.BuilderTask{ + Runtime: catalog.Runtime, + Maven: v1.MavenBuildSpec{ + MavenSpec: v1.MavenSpec{ + Settings: v1.ValueSource{ + ConfigMapKeyRef: &corev1.ConfigMapKeySelector{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: "maven-settings", + }, + Key: "settings.xml", + }, + }, + SettingsSecurity: v1.ValueSource{ + ConfigMapKeyRef: &corev1.ConfigMapKeySelector{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: "maven-settings-security", + }, + Key: "settings-security.xml", + }, + }, + }, + }, + }, + } + + err = Project.GenerateProjectSettings.execute(&ctx) + assert.Nil(t, err) + + assert.Equal(t, []byte("setting-data"), ctx.Maven.UserSettings) + assert.Equal(t, []byte("setting-security-data"), ctx.Maven.SettingsSecurity) +} + func TestMavenSettingsFromSecret(t *testing.T) { catalog, err := camel.DefaultCatalog() assert.Nil(t, err) @@ -288,6 +359,77 @@ func TestMavenSettingsFromSecret(t *testing.T) { assert.Equal(t, []byte("setting-data"), ctx.Maven.UserSettings) } +func TestMavenSettingsWithSettingsSecurityFromSecret(t *testing.T) { + catalog, err := camel.DefaultCatalog() + assert.Nil(t, err) + + c, err := test.NewFakeClient( + &corev1.Secret{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "v1", + Kind: "Secret", + }, + ObjectMeta: metav1.ObjectMeta{ + Namespace: "ns", + Name: "maven-settings", + }, + Data: map[string][]byte{ + "settings.xml": []byte("setting-data"), + }, + }, + &corev1.Secret{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "v1", + Kind: "Secret", + }, + ObjectMeta: metav1.ObjectMeta{ + Namespace: "ns", + Name: "maven-settings-security", + }, + Data: map[string][]byte{ + "settings-security.xml": []byte("setting-security-data"), + }, + }, + ) + + assert.Nil(t, err) + + ctx := builderContext{ + Catalog: catalog, + Client: c, + Namespace: "ns", + Build: v1.BuilderTask{ + Runtime: catalog.Runtime, + Maven: v1.MavenBuildSpec{ + MavenSpec: v1.MavenSpec{ + Settings: v1.ValueSource{ + SecretKeyRef: &corev1.SecretKeySelector{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: "maven-settings", + }, + Key: "settings.xml", + }, + }, + SettingsSecurity: v1.ValueSource{ + SecretKeyRef: &corev1.SecretKeySelector{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: "maven-settings-security", + }, + Key: "settings-security.xml", + }, + }, + }, + }, + }, + } + + err = Project.GenerateProjectSettings.execute(&ctx) + assert.Nil(t, err) + + assert.Equal(t, []byte("setting-data"), ctx.Maven.UserSettings) + assert.Equal(t, []byte("setting-security-data"), ctx.Maven.SettingsSecurity) +} + func TestInjectEmptyServersIntoDefaultMavenSettings(t *testing.T) { settings, err := maven.NewSettings(maven.DefaultRepositories) assert.Nil(t, err) diff --git a/pkg/builder/quarkus.go b/pkg/builder/quarkus.go index 6f2d2d240..f8cd30786 100644 --- a/pkg/builder/quarkus.go +++ b/pkg/builder/quarkus.go @@ -153,6 +153,7 @@ func buildQuarkusRunner(ctx *builderContext) error { mc := maven.NewContext(path.Join(ctx.Path, "maven")) mc.GlobalSettings = ctx.Maven.GlobalSettings mc.UserSettings = ctx.Maven.UserSettings + mc.SettingsSecurity = ctx.Maven.SettingsSecurity mc.LocalRepository = ctx.Build.Maven.LocalRepository mc.AdditionalArguments = ctx.Build.Maven.CLIOptions @@ -200,6 +201,7 @@ func computeQuarkusDependencies(ctx *builderContext) error { mc := maven.NewContext(path.Join(ctx.Path, "maven")) mc.GlobalSettings = ctx.Maven.GlobalSettings mc.UserSettings = ctx.Maven.UserSettings + mc.SettingsSecurity = ctx.Maven.SettingsSecurity mc.LocalRepository = ctx.Build.Maven.LocalRepository mc.AdditionalArguments = ctx.Build.Maven.CLIOptions diff --git a/pkg/builder/types.go b/pkg/builder/types.go index bb2a2f204..5d3fef9b6 100644 --- a/pkg/builder/types.go +++ b/pkg/builder/types.go @@ -84,10 +84,11 @@ type builderContext struct { SelectedArtifacts []v1.Artifact Resources []resource Maven struct { - Project maven.Project - UserSettings []byte - GlobalSettings []byte - TrustStoreName string - TrustStorePass string + Project maven.Project + UserSettings []byte + GlobalSettings []byte + SettingsSecurity []byte + TrustStoreName string + TrustStorePass string } } diff --git a/pkg/util/maven/maven_command.go b/pkg/util/maven/maven_command.go index 750c4b786..2440a4328 100644 --- a/pkg/util/maven/maven_command.go +++ b/pkg/util/maven/maven_command.go @@ -147,6 +147,7 @@ type Context struct { ExtraMavenOpts []string GlobalSettings []byte UserSettings []byte + SettingsSecurity []byte AdditionalArguments []string AdditionalEntries map[string]interface{} LocalRepository string @@ -193,6 +194,12 @@ func generateProjectStructure(context Context, project Project) error { } } + if context.SettingsSecurity != nil { + if err := util.WriteFileWithContent(path.Join(context.Path, "settings-security.xml"), context.SettingsSecurity); err != nil { + return err + } + } + for k, v := range context.AdditionalEntries { var bytes []byte var err error
