Merge pull request #86 from jonesbusy/feature/add-vault-pipeline-tests

Add vault pipelines tests
jenkinsci · Jun 12, 2023 · a8b005f · a8b005f
2 parents ad0cb80 + f24f790
commit a8b005f
Show file tree

Hide file tree

Showing 4 changed files with 140 additions and 2 deletions.
diff --git a/src/test/java/org/jenkinsci/plugins/ansible/PipelineTest.java b/src/test/java/org/jenkinsci/plugins/ansible/PipelineTest.java
@@ -2,6 +2,10 @@
 
 import java.nio.charset.StandardCharsets;
 import org.apache.commons.io.IOUtils;
+import org.jenkinsci.plugins.plaincredentials.FileCredentials;
+import org.jenkinsci.plugins.plaincredentials.StringCredentials;
+import org.jenkinsci.plugins.plaincredentials.impl.FileCredentialsImpl;
+import org.jenkinsci.plugins.plaincredentials.impl.StringCredentialsImpl;
 import org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition;
 import org.jenkinsci.plugins.workflow.job.WorkflowJob;
 import org.jenkinsci.plugins.workflow.job.WorkflowRun;
@@ -12,10 +16,12 @@
 import com.cloudbees.plugins.credentials.CredentialsProvider;
 import com.cloudbees.plugins.credentials.CredentialsScope;
 import com.cloudbees.plugins.credentials.CredentialsStore;
+import com.cloudbees.plugins.credentials.SecretBytes;
 import com.cloudbees.plugins.credentials.domains.Domain;
 import com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl;
 import hudson.model.Label;
 import hudson.slaves.DumbSlave;
+import hudson.util.Secret;
 
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.*;
@@ -94,11 +100,60 @@ public void testAnsiblePlaybookSshPass() throws Exception {
         workflowJob.setDefinition(new CpsFlowDefinition(pipeline, true));
         WorkflowRun run1 = workflowJob.scheduleBuild2(0).waitForStart();
         jenkins.waitForCompletion(run1);
-
-        System.out.println(run1.getLog());
         assertThat(run1.getLog(), allOf(
                 containsString("sshpass ******** ansible-playbook playbook.yml -u username -k")
         ));
     }
 
+    @Test
+    public void testVaultCredentialsFile() throws Exception {
+
+        FileCredentials vaultCredentials = new FileCredentialsImpl(CredentialsScope.GLOBAL, "vaultCredentialsFile", "test username password", "vault-pass.txt", SecretBytes.fromString("text-secret"));
+        CredentialsStore store = CredentialsProvider.lookupStores(jenkins.jenkins).iterator().next();
+        store.addCredentials(Domain.global(), vaultCredentials);
+
+        String pipeline = IOUtils.toString(PipelineTest.class.getResourceAsStream("/pipelines/vaultCredentialsFile.groovy"), StandardCharsets.UTF_8);
+        WorkflowJob workflowJob = jenkins.createProject(WorkflowJob.class);
+        workflowJob.setDefinition(new CpsFlowDefinition(pipeline, true));
+        WorkflowRun run1 = workflowJob.scheduleBuild2(0).waitForStart();
+        jenkins.waitForCompletion(run1);
+        assertThat(run1.getLog(), allOf(
+                containsString("ansible-playbook playbook.yml --vault-password-file ")
+        ));
+    }
+
+    @Test
+    public void testVaultCredentialsString() throws Exception {
+
+        StringCredentials vaultCredentials = new StringCredentialsImpl(CredentialsScope.GLOBAL, "vaultCredentialsString", "test username password", Secret.fromString("test-secret"));
+        CredentialsStore store = CredentialsProvider.lookupStores(jenkins.jenkins).iterator().next();
+        store.addCredentials(Domain.global(), vaultCredentials);
+
+        String pipeline = IOUtils.toString(PipelineTest.class.getResourceAsStream("/pipelines/vaultCredentialsString.groovy"), StandardCharsets.UTF_8);
+        WorkflowJob workflowJob = jenkins.createProject(WorkflowJob.class);
+        workflowJob.setDefinition(new CpsFlowDefinition(pipeline, true));
+        WorkflowRun run1 = workflowJob.scheduleBuild2(0).waitForStart();
+        jenkins.waitForCompletion(run1);
+        assertThat(run1.getLog(), allOf(
+                containsString("ansible-playbook playbook.yml --vault-password-file ")
+        ));
+    }
+
+    @Test
+    public void testVaultCredentialsFileViaExtras() throws Exception {
+
+        FileCredentials vaultCredentials = new FileCredentialsImpl(CredentialsScope.GLOBAL, "vaultCredentialsFileViaExtras", "test username password", "vault-pass.txt", SecretBytes.fromString("text-secret"));
+        CredentialsStore store = CredentialsProvider.lookupStores(jenkins.jenkins).iterator().next();
+        store.addCredentials(Domain.global(), vaultCredentials);
+
+        String pipeline = IOUtils.toString(PipelineTest.class.getResourceAsStream("/pipelines/vaultCredentialsFileViaExtras.groovy"), StandardCharsets.UTF_8);
+        WorkflowJob workflowJob = jenkins.createProject(WorkflowJob.class);
+        workflowJob.setDefinition(new CpsFlowDefinition(pipeline, true));
+        WorkflowRun run1 = workflowJob.scheduleBuild2(0).waitForStart();
+        jenkins.waitForCompletion(run1);
+        assertThat(run1.getLog(), allOf(
+                containsString("ansible-playbook playbook.yml --vault-password-file ")
+        ));
+    }
+
 }
diff --git a/src/test/resources/pipelines/vaultCredentialsFile.groovy b/src/test/resources/pipelines/vaultCredentialsFile.groovy
@@ -0,0 +1,27 @@
+pipeline {
+    agent {
+        label('test-agent')
+    }
+    stages {
+        stage('Create playbook') {
+            steps {
+                writeFile(encoding: 'UTF-8', file: 'playbook.yml', text: '''- hosts: localhost
+  connection: local
+  gather_facts: no
+  tasks:
+    - debug: msg=test
+                ''')
+                }
+        }
+        stage('Ansible playbook') {
+            steps {
+                warnError(message: 'ansible command not found?') {
+                    ansiblePlaybook(
+                        playbook: 'playbook.yml',
+                        vaultCredentialsId: 'vaultCredentialsFile',
+                    )
+                }
+            }
+        }
+    }
+}
diff --git a/src/test/resources/pipelines/vaultCredentialsFileViaExtras.groovy b/src/test/resources/pipelines/vaultCredentialsFileViaExtras.groovy
@@ -0,0 +1,29 @@
+pipeline {
+    agent {
+        label('test-agent')
+    }
+    stages {
+        stage('Create playbook') {
+            steps {
+                writeFile(encoding: 'UTF-8', file: 'playbook.yml', text: '''- hosts: localhost
+  connection: local
+  gather_facts: no
+  tasks:
+    - debug: msg=test
+                ''')
+                }
+        }
+        stage('Ansible playbook') {
+            steps {
+                warnError(message: 'ansible command not found?') {
+                    withCredentials([file(credentialsId: 'vaultCredentialsFileViaExtras', variable: 'VAULT_FILE')]) {
+                        ansiblePlaybook(
+                            playbook: 'playbook.yml',
+                            extras: '--vault-password-file $VAULT_FILE',
+                        )
+                    }
+                }
+            }
+        }
+    }
+}
diff --git a/src/test/resources/pipelines/vaultCredentialsString.groovy b/src/test/resources/pipelines/vaultCredentialsString.groovy
@@ -0,0 +1,27 @@
+pipeline {
+    agent {
+        label('test-agent')
+    }
+    stages {
+        stage('Create playbook') {
+            steps {
+                writeFile(encoding: 'UTF-8', file: 'playbook.yml', text: '''- hosts: localhost
+  connection: local
+  gather_facts: no
+  tasks:
+    - debug: msg=test
+                ''')
+                }
+        }
+        stage('Ansible playbook') {
+            steps {
+                warnError(message: 'ansible command not found?') {
+                    ansiblePlaybook(
+                        playbook: 'playbook.yml',
+                        vaultCredentialsId: 'vaultCredentialsString',
+                    )
+                }
+            }
+        }
+    }
+}