This is an automated email from the ASF dual-hosted git repository. astefanutti pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 86722fbdf4621674887d290500f1b2a17023c75e Author: Antonin Stefanutti <[email protected]> AuthorDate: Thu Mar 25 10:59:57 2021 +0100 feat(build): Support custom CA certificate for Catalog builds --- pkg/builder/project.go | 22 +++------------------- pkg/builder/quarkus.go | 4 ++-- pkg/builder/types.go | 2 +- pkg/cmd/util_dependencies.go | 3 ++- pkg/util/camel/catalog.go | 25 +++++++++++++++++++----- pkg/util/jvm/keystore.go | 45 ++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 73 insertions(+), 28 deletions(-) diff --git a/pkg/builder/project.go b/pkg/builder/project.go index 27e20fe..8f77ecc 100644 --- a/pkg/builder/project.go +++ b/pkg/builder/project.go @@ -18,14 +18,10 @@ limitations under the License. package builder import ( - "fmt" "os" - "os/exec" - "path" - "strings" - "github.com/apache/camel-k/pkg/util" "github.com/apache/camel-k/pkg/util/camel" + "github.com/apache/camel-k/pkg/util/jvm" "github.com/apache/camel-k/pkg/util/kubernetes" ) @@ -80,21 +76,9 @@ func generateJavaKeystore(ctx *builderContext) error { return err } - certPath := ctx.Build.Maven.CaCert.Key - if err := util.WriteFileWithContent(ctx.Path, certPath, certData); err != nil { - return err - } - - keystore := "trust.jks" - ctx.Maven.TrustStorePath = path.Join(ctx.Path, keystore) - - args := strings.Fields(fmt.Sprintf("-importcert -alias maven -file %s -keystore %s", certPath, keystore)) - cmd := exec.CommandContext(ctx.C, "keytool", args...) - cmd.Dir = ctx.Path - cmd.Stderr = os.Stderr - cmd.Stdout = os.Stdout + ctx.Maven.TrustStoreName = "trust.jks" - return cmd.Run() + return jvm.GenerateJavaKeystore(ctx.C, ctx.Path, ctx.Maven.TrustStoreName, certData) } func generateProjectSettings(ctx *builderContext) error { diff --git a/pkg/builder/quarkus.go b/pkg/builder/quarkus.go index 028b919..7e02255 100644 --- a/pkg/builder/quarkus.go +++ b/pkg/builder/quarkus.go @@ -147,8 +147,8 @@ func buildQuarkusRunner(ctx *builderContext) error { mc.LocalRepository = ctx.Build.Maven.LocalRepository mc.Timeout = ctx.Build.Maven.GetTimeout().Duration - if ctx.Maven.TrustStorePath != "" { - mc.ExtraMavenOpts = append(mc.ExtraMavenOpts, "-Djavax.net.ssl.trustStore="+path.Join(ctx.Path, ctx.Maven.TrustStorePath)) + if ctx.Maven.TrustStoreName != "" { + mc.ExtraMavenOpts = append(mc.ExtraMavenOpts, "-Djavax.net.ssl.trustStore="+path.Join(ctx.Path, ctx.Maven.TrustStoreName)) } err := BuildQuarkusRunnerCommon(mc) diff --git a/pkg/builder/types.go b/pkg/builder/types.go index 776e8a0..55354f6 100644 --- a/pkg/builder/types.go +++ b/pkg/builder/types.go @@ -90,6 +90,6 @@ type builderContext struct { Maven struct { Project maven.Project SettingsData []byte - TrustStorePath string + TrustStoreName string } } diff --git a/pkg/cmd/util_dependencies.go b/pkg/cmd/util_dependencies.go index 3a3762b..0dbbcb1 100644 --- a/pkg/cmd/util_dependencies.go +++ b/pkg/cmd/util_dependencies.go @@ -228,7 +228,8 @@ func generateCatalog() (*camel.RuntimeCatalog, error) { Provider: v1.RuntimeProviderQuarkus, } var providerDependencies []maven.Dependency - catalog, err := camel.GenerateCatalogCommon(settings, mvn, runtime, providerDependencies) + var caCert []byte + catalog, err := camel.GenerateCatalogCommon(settings, caCert, mvn, runtime, providerDependencies) if err != nil { return nil, err } diff --git a/pkg/util/camel/catalog.go b/pkg/util/camel/catalog.go index 451d857..014eefd 100644 --- a/pkg/util/camel/catalog.go +++ b/pkg/util/camel/catalog.go @@ -30,16 +30,15 @@ import ( v1 "github.com/apache/camel-k/pkg/apis/camel/v1" "github.com/apache/camel-k/pkg/resources" "github.com/apache/camel-k/pkg/util/defaults" + "github.com/apache/camel-k/pkg/util/jvm" "github.com/apache/camel-k/pkg/util/kubernetes" "github.com/apache/camel-k/pkg/util/maven" ) -// DefaultCatalog -- func DefaultCatalog() (*RuntimeCatalog, error) { return QuarkusCatalog() } -// QuarkusCatalog -- func QuarkusCatalog() (*RuntimeCatalog, error) { return catalogForRuntimeProvider(v1.RuntimeProviderQuarkus) } @@ -63,7 +62,6 @@ func catalogForRuntimeProvider(provider v1.RuntimeProvider) (*RuntimeCatalog, er }) } -// GenerateCatalog -- func GenerateCatalog( ctx context.Context, client k8sclient.Reader, @@ -77,12 +75,20 @@ func GenerateCatalog( return nil, err } - return GenerateCatalogCommon(settings, mvn, runtime, providerDependencies) + var caCert []byte + if mvn.CaCert != nil { + caCert, err = kubernetes.GetSecretRefData(ctx, client, namespace, mvn.CaCert) + if err != nil { + return nil, err + } + } + + return GenerateCatalogCommon(settings, caCert, mvn, runtime, providerDependencies) } -// GenerateCatalogCommon -- func GenerateCatalogCommon( settings string, + caCert []byte, mvn v1.MavenSpec, runtime v1.RuntimeSpec, providerDependencies []maven.Dependency) (*RuntimeCatalog, error) { @@ -113,6 +119,15 @@ func GenerateCatalogCommon( mc.SettingsContent = []byte(settings) } + if caCert != nil { + trustStoreName := "trust.jks" + err := jvm.GenerateJavaKeystore(context.Background(), tmpDir, trustStoreName, caCert) + if err != nil { + return nil, err + } + mc.ExtraMavenOpts = append(mc.ExtraMavenOpts, "-Djavax.net.ssl.trustStore="+trustStoreName) + } + err = maven.Run(mc) if err != nil { return nil, err diff --git a/pkg/util/jvm/keystore.go b/pkg/util/jvm/keystore.go new file mode 100644 index 0000000..c1de152 --- /dev/null +++ b/pkg/util/jvm/keystore.go @@ -0,0 +1,45 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package jvm + +import ( + "context" + "fmt" + "os" + "os/exec" + "path" + "strings" + + "github.com/apache/camel-k/pkg/util" +) + +func GenerateJavaKeystore(ctx context.Context, keystoreDir, keystoreName string, data []byte) error { + tmpFile := "ca-cert.tmp" + if err := util.WriteFileWithContent(keystoreDir, tmpFile, data); err != nil { + return err + } + defer os.Remove(path.Join(keystoreDir, tmpFile)) + + args := strings.Fields(fmt.Sprintf("-importcert -alias maven -file %s -keystore %s", tmpFile, keystoreName)) + cmd := exec.CommandContext(ctx, "keytool", args...) + cmd.Dir = keystoreDir + cmd.Stderr = os.Stderr + cmd.Stdout = os.Stdout + + return cmd.Run() +}
