diff --git a/resources/com/boxboat/jenkins/config.example.yaml b/resources/com/boxboat/jenkins/config.example.yaml index 920e8b5e..84d14ad2 100644 --- a/resources/com/boxboat/jenkins/config.example.yaml +++ b/resources/com/boxboat/jenkins/config.example.yaml @@ -3,6 +3,12 @@ awsProfileMap: region: us-east-1 accessKeyIdCredential: aws-access-key-id secretAccessKeyCredential: aws-secret-access-key +azureProfileMap: + default: + keyVaultName: your-keyvault-name + tenantIdCredential: azure-tenant-id + clientIdCredential: azure-client-id + clientSecretKeyCredential: azure-client-secret-key deployTargetMap: dev01: !!com.boxboat.jenkins.library.deployTarget.KubernetesDeployTarget contextName: boxboat @@ -61,6 +67,7 @@ vaultMap: secretIdCredential: vault-secret-id tokenCredential: vault-token url: http://localhost:8200 + repo: common: defaultBranch: master diff --git a/src/com/boxboat/jenkins/library/azure/AzureProfile.groovy b/src/com/boxboat/jenkins/library/azure/AzureProfile.groovy new file mode 100644 index 00000000..136f8a28 --- /dev/null +++ b/src/com/boxboat/jenkins/library/azure/AzureProfile.groovy @@ -0,0 +1,31 @@ +package com.boxboat.jenkins.library.azure + +import com.boxboat.jenkins.library.config.BaseConfig +import com.boxboat.jenkins.library.config.Config + +class AzureProfile extends BaseConfig implements Serializable{ + + String keyVaultName + + String tenantIdCredential + + String clientIdCredential + + String clientSecretKeyCredential + + def withCredentials(Closure closure) { + List credentials = [] + if (tenantIdCredential) { + credentials.add(Config.pipeline.string(credentialsId: tenantIdCredential, variable: 'AZURE_TENANT_ID',)) + } + if (clientIdCredential) { + credentials.add(Config.pipeline.string(credentialsId: clientIdCredential, variable: 'AZURE_CLIENT_ID',)) + } + if (clientSecretKeyCredential) { + credentials.add(Config.pipeline.string(credentialsId: clientSecretKeyCredential, variable: 'AZURE_CLIENT_SECRET',)) + } + Config.pipeline.withCredentials(credentials) { + closure() + } + } +} diff --git a/src/com/boxboat/jenkins/library/config/GlobalConfig.groovy b/src/com/boxboat/jenkins/library/config/GlobalConfig.groovy index 76195767..7ad2ea75 100644 --- a/src/com/boxboat/jenkins/library/config/GlobalConfig.groovy +++ b/src/com/boxboat/jenkins/library/config/GlobalConfig.groovy @@ -1,6 +1,7 @@ package com.boxboat.jenkins.library.config import com.boxboat.jenkins.library.aws.AwsProfile +import com.boxboat.jenkins.library.azure.AzureProfile import com.boxboat.jenkins.library.deployTarget.IDeployTarget import com.boxboat.jenkins.library.docker.Registry import com.boxboat.jenkins.library.environment.Environment @@ -13,6 +14,8 @@ class GlobalConfig extends BaseConfig implements Serializable { Map awsProfileMap + Map azureProfileMap + Map deployTargetMap Map environmentMap @@ -37,6 +40,15 @@ class GlobalConfig extends BaseConfig implements Serializable { return awsProfile } + AzureProfile getAzureProfile(String key) { + def azureProfile = azureProfileMap.get(key) + if (!azureProfile) { + throw new Exception("azureProfile entry '${key}' does not exist in config file") + } + return azureProfile + + } + IDeployTarget getDeployTarget(String key) { def deployTarget = deployTargetMap.get(key) if (!deployTarget) { diff --git a/src/com/boxboat/jenkins/pipeline/common/dockcmd/DockcmdGetSecrets.groovy b/src/com/boxboat/jenkins/pipeline/common/dockcmd/DockcmdGetSecrets.groovy index 116d8c88..3eb7fe47 100644 --- a/src/com/boxboat/jenkins/pipeline/common/dockcmd/DockcmdGetSecrets.groovy +++ b/src/com/boxboat/jenkins/pipeline/common/dockcmd/DockcmdGetSecrets.groovy @@ -1,5 +1,6 @@ package com.boxboat.jenkins.pipeline.common.dockcmd +import com.boxboat.jenkins.library.azure.AzureProfile import com.boxboat.jenkins.library.config.Config import com.boxboat.jenkins.library.aws.AwsProfile import com.boxboat.jenkins.library.vault.Vault @@ -10,6 +11,8 @@ class DockcmdGetSecrets implements Serializable { public String vaultKey + public String azureProfileKey + public String directory = "." public String[] files = [] @@ -37,6 +40,27 @@ class DockcmdGetSecrets implements Serializable { } + public parseAzureSecrets(Map additionalOptions = [:]) { + if (!azureProfileKey) { + Config.pipeline.error "'azureProfileKey' is required" + } + AzureProfile azure = Config.global.getAzureProfile(azureProfileKey) + azure.withCredentials { + Config.pipeline.sh parseAzureSecretsScript(azure.keyVaultName, additionalOptions) + } + } + + public parseAzureSecretsScript(String keyVaultName, Map additionalOptions = [:]) { + def combinedOptions = combineOptions(options, additionalOptions) + return """ + dockcmd_current_dir=\$(pwd) + cd "${directory}" + dockcmd azure get-secrets --key-vault "${keyVaultName}" ${optionsString(combinedOptions)} ${files.join('" "')} + cd "\$dockcmd_current_dir" + """ + + } + public parseVaultSecrets(Map additionalOptions = [:]) { if (!vaultKey) { Config.pipeline.error "'vaultKey' is required" diff --git a/test-resources/com/boxboat/jenkins/test/library/config/globalConfig/test.yaml b/test-resources/com/boxboat/jenkins/test/library/config/globalConfig/test.yaml index 920e8b5e..dc6cc00d 100644 --- a/test-resources/com/boxboat/jenkins/test/library/config/globalConfig/test.yaml +++ b/test-resources/com/boxboat/jenkins/test/library/config/globalConfig/test.yaml @@ -3,6 +3,12 @@ awsProfileMap: region: us-east-1 accessKeyIdCredential: aws-access-key-id secretAccessKeyCredential: aws-secret-access-key +azureProfileMap: + default: + keyVaultName: vault-name + tenantIdCredential: azure-tenant-id + clientIdCredential: azure-client-id + clientSecretKeyCredential: azure-client-secret-key deployTargetMap: dev01: !!com.boxboat.jenkins.library.deployTarget.KubernetesDeployTarget contextName: boxboat diff --git a/test-resources/com/boxboat/jenkins/test/pipeline/deployment.jenkins b/test-resources/com/boxboat/jenkins/test/pipeline/deployment.jenkins index b6f33958..e2591b09 100644 --- a/test-resources/com/boxboat/jenkins/test/pipeline/deployment.jenkins +++ b/test-resources/com/boxboat/jenkins/test/pipeline/deployment.jenkins @@ -61,6 +61,23 @@ def execute() { dockcmdAws.parseAwsSecrets() + def dockcmdAzure = new DockcmdGetSecrets( + azureProfileKey: "default", + files: [ + "secret-values-*.yaml", + ], + options: [ + "edit-in-place": true, + "set": [ + "Deployment=dev", + "Foo=bar", + ] + ], + ) + + dockcmdAzure.parseAzureSecrets() + + deploy.withCredentials() { sh "helm upgrade --install test ." } diff --git a/test/com/boxboat/jenkins/test/library/config/GlobalConfigTest.groovy b/test/com/boxboat/jenkins/test/library/config/GlobalConfigTest.groovy index 39764821..c2725610 100644 --- a/test/com/boxboat/jenkins/test/library/config/GlobalConfigTest.groovy +++ b/test/com/boxboat/jenkins/test/library/config/GlobalConfigTest.groovy @@ -1,6 +1,7 @@ package com.boxboat.jenkins.test.library.config import com.boxboat.jenkins.library.aws.AwsProfile +import com.boxboat.jenkins.library.azure.AzureProfile import com.boxboat.jenkins.library.config.CommonConfig import com.boxboat.jenkins.library.config.DeployConfig import com.boxboat.jenkins.library.config.GlobalConfig @@ -68,6 +69,14 @@ class GlobalConfigTest { secretAccessKeyCredential: "aws-secret-access-key", ), ], + azureProfileMap: [ + "default": new AzureProfile( + keyVaultName: "vault-name", + tenantIdCredential: "tenant-id", + clientIdCredential: "azure-client-id", + clientSecretKeyCredential: "azure-client-secret-key", + ), + ], deployTargetMap: [ "dev01" : new KubernetesDeployTarget( contextName: "boxboat",