Added a "Test Connection" button to each build step

jenkinsci · Oct 12, 2016 · 3caf4b1 · 3caf4b1
1 parent e17e820
commit 3caf4b1
Show file tree

Hide file tree

Showing 4 changed files with 181 additions and 84 deletions.
diff --git a/src/main/java/com/openshift/jenkins/plugins/pipeline/model/HttpUtils.java b/src/main/java/com/openshift/jenkins/plugins/pipeline/model/HttpUtils.java
@@ -0,0 +1,111 @@
+package com.openshift.jenkins.plugins.pipeline.model;
+
+import com.openshift.internal.restclient.DefaultClient;
+import com.openshift.internal.restclient.authorization.AuthorizationContext;
+import com.openshift.internal.restclient.okhttp.OpenShiftAuthenticator;
+import com.openshift.internal.restclient.okhttp.ResponseCodeInterceptor;
+import com.openshift.jenkins.plugins.pipeline.Auth;
+import com.openshift.restclient.http.IHttpConstants;
+import com.openshift.restclient.utils.SSLUtils;
+import hudson.model.TaskListener;
+import okhttp3.Dispatcher;
+import okhttp3.OkHttpClient;
+import okhttp3.Request;
+import okhttp3.Response;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.X509TrustManager;
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+
+public class HttpUtils {
+    static String httpGet(boolean chatty, TaskListener listener, Map<String, String> overrides, String urlString, String authToken, String displayName, DefaultClient client, Auth auth, String apiURL) {
+        URL url = null;
+        try {
+            url = new URL(urlString);
+        } catch (MalformedURLException e) {
+            if(chatty)
+                e.printStackTrace(listener.getLogger());
+            return null;
+        }
+        // our lower level openshift-restclient-java usage here is not agreeable with the TrustManager maintained there,
+        // so we set up our own trust manager like we used to do in order to verify the server cert
+        try {
+            AuthorizationContext authContext = new AuthorizationContext(authToken, null, null);
+            ResponseCodeInterceptor responseCodeInterceptor = new ResponseCodeInterceptor();
+            OpenShiftAuthenticator authenticator = new OpenShiftAuthenticator();
+            Dispatcher dispatcher = new Dispatcher();
+            OkHttpClient.Builder builder = new OkHttpClient.Builder()
+                    .addInterceptor(responseCodeInterceptor)
+                    .authenticator(authenticator)
+                    .dispatcher(dispatcher)
+                    .readTimeout(IHttpConstants.DEFAULT_READ_TIMEOUT, TimeUnit.MILLISECONDS)
+                    .writeTimeout(IHttpConstants.DEFAULT_READ_TIMEOUT, TimeUnit.MILLISECONDS)
+                    .connectTimeout(IHttpConstants.DEFAULT_READ_TIMEOUT, TimeUnit.MILLISECONDS)
+                    .hostnameVerifier(auth);
+            X509TrustManager trustManager = null;
+            if (auth.useCert()) {
+                trustManager = Auth.createLocalTrustStore(auth, apiURL);
+            } else {
+                // so okhttp is a bit of a PITA when it comes to enforcing skip tls behavior
+                // (it should just allow you to set a null ssl socket factory given how
+                // RealConnection/Address/Route work), but stack overflow came to the rescue
+                // (http://stackoverflow.com/questions/25509296/trusting-all-certificates-with-okhttp)
+                // Create a trust manager that does not validate certificate chains
+                trustManager = new X509TrustManager() {
+                    @Override
+                    public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
+                    }
+
+                    @Override
+                    public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
+                    }
+
+                    @Override
+                    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+                        return new java.security.cert.X509Certificate[]{};
+                    }
+                };
+            }
+
+            SSLContext sslContext = null;
+            try {
+                sslContext = SSLUtils.getSSLContext(trustManager);
+            } catch (KeyManagementException e) {
+                if (chatty)
+                    e.printStackTrace(listener.getLogger());
+                return null;
+            } catch (NoSuchAlgorithmException e) {
+                if (chatty)
+                    e.printStackTrace(listener.getLogger());
+                return null;
+            }
+            builder.sslSocketFactory(sslContext.getSocketFactory(), trustManager);
+
+            OkHttpClient okClient = builder.build();
+            authContext.setClient(client);
+            responseCodeInterceptor.setClient(client);
+            authenticator.setClient(client);
+            authenticator.setOkClient(okClient);
+            Request request = client.newRequestBuilderTo(url.toString()).get().build();
+            Response result;
+            try {
+                result = okClient.newCall(request).execute();
+                String response = result.body().string();
+                return response;
+            } catch (IOException e) {
+                if (chatty)
+                    e.printStackTrace(listener.getLogger());
+            }
+            return null;
+        } finally {
+            Auth.resetLocalTrustStore();
+        }
+    }
+}
diff --git a/src/main/java/com/openshift/jenkins/plugins/pipeline/model/IOpenShiftPlugin.java b/src/main/java/com/openshift/jenkins/plugins/pipeline/model/IOpenShiftPlugin.java
@@ -59,6 +59,8 @@ public interface IOpenShiftPlugin {
     // to this object (e.g. build, deployment) being created.
     public static final String BUILD_URL_ANNOTATION = "openshift.io/jenkins-build-uri";
 
+    public static final String KUBERNETES_SERVICE_HOST_ENV_KEY = "KUBERNETES_SERVICE_HOST";
+
     public static final String NAMESPACE_FILE = "/run/secrets/kubernetes.io/serviceaccount/namespace";
 
     public static final String NAMESPACE_ENV_VAR = "PROJECT_NAME";
@@ -98,7 +100,7 @@ default String getVerbose(Map<String, String> overrides) {
     default String getApiURL(Map<String, String> overrides) {
         String val = getOverride(getApiURL(), overrides);
         if ((val == null || val.length() == 0) && overrides != null && overrides.containsKey("KUBERNETES_SERVICE_HOST")) {
-            val = overrides.get("KUBERNETES_SERVICE_HOST");
+            val = overrides.get(KUBERNETES_SERVICE_HOST_ENV_KEY);
         }
         if (val != null && val.length() > 0 && !val.startsWith("https://"))
             val = "https://" + val;
@@ -624,89 +626,9 @@ default boolean annotateJobInfoToResource(IClient client, TaskListener listener,
         return annotated;
     }
 
-    default String httpGet(boolean chatty, TaskListener listener,
-                           Map<String, String> overrides, String urlString) {
-        URL url = null;
-        try {
-            url = new URL(urlString);
-        } catch (MalformedURLException e) {
-            e.printStackTrace(listener.getLogger());
-            return null;
-        }
-        // our lower level openshift-restclient-java usage here is not agreeable with the TrustManager maintained there,
-        // so we set up our own trust manager like we used to do in order to verify the server cert
-        try {
-            AuthorizationContext authContext = new AuthorizationContext(getAuthToken(overrides), null, null);
-            ResponseCodeInterceptor responseCodeInterceptor = new ResponseCodeInterceptor();
-            OpenShiftAuthenticator authenticator = new OpenShiftAuthenticator();
-            Dispatcher dispatcher = new Dispatcher();
-            DefaultClient client = (DefaultClient) this.getClient(listener, getDisplayName(), overrides);
-            OkHttpClient.Builder builder = new OkHttpClient.Builder()
-                    .addInterceptor(responseCodeInterceptor)
-                    .authenticator(authenticator)
-                    .dispatcher(dispatcher)
-                    .readTimeout(IHttpConstants.DEFAULT_READ_TIMEOUT, TimeUnit.MILLISECONDS)
-                    .writeTimeout(IHttpConstants.DEFAULT_READ_TIMEOUT, TimeUnit.MILLISECONDS)
-                    .connectTimeout(IHttpConstants.DEFAULT_READ_TIMEOUT, TimeUnit.MILLISECONDS)
-                    .hostnameVerifier(getAuth());
-            X509TrustManager trustManager = null;
-            if (getAuth().useCert()) {
-                trustManager = Auth.createLocalTrustStore(getAuth(), getApiURL(overrides));
-            } else {
-                // so okhttp is a bit of a PITA when it comes to enforcing skip tls behavior
-                // (it should just allow you to set a null ssl socket factory given how
-                // RealConnection/Address/Route work), but stack overflow came to the rescue
-                // (http://stackoverflow.com/questions/25509296/trusting-all-certificates-with-okhttp)
-                // Create a trust manager that does not validate certificate chains
-                trustManager = new X509TrustManager() {
-                    @Override
-                    public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
-                    }
-
-                    @Override
-                    public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
-                    }
-
-                    @Override
-                    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
-                        return new java.security.cert.X509Certificate[]{};
-                    }
-                };
-            }
-
-            SSLContext sslContext = null;
-            try {
-                sslContext = SSLUtils.getSSLContext(trustManager);
-            } catch (KeyManagementException e) {
-                if (chatty)
-                    e.printStackTrace(listener.getLogger());
-                return null;
-            } catch (NoSuchAlgorithmException e) {
-                if (chatty)
-                    e.printStackTrace(listener.getLogger());
-                return null;
-            }
-            builder.sslSocketFactory(sslContext.getSocketFactory(), trustManager);
-
-            OkHttpClient okClient = builder.build();
-            authContext.setClient(client);
-            responseCodeInterceptor.setClient(client);
-            authenticator.setClient(client);
-            authenticator.setOkClient(okClient);
-            Request request = client.newRequestBuilderTo(url.toString()).get().build();
-            Response result;
-            try {
-                result = okClient.newCall(request).execute();
-                String response = result.body().string();
-                return response;
-            } catch (IOException e) {
-                if (chatty)
-                    e.printStackTrace(listener.getLogger());
-            }
-            return null;
-        } finally {
-            Auth.resetLocalTrustStore();
-        }
+    default String httpGet(boolean chatty, TaskListener listener, Map<String, String> overrides, String urlString) {
+        return HttpUtils.httpGet(chatty, listener, overrides, urlString, getAuthToken(overrides), getDisplayName(),
+                (DefaultClient) this.getClient(listener, getDisplayName(), overrides), getAuth(), getApiURL(overrides));
     }
 
 }
diff --git a/src/main/java/com/openshift/jenkins/plugins/pipeline/model/IOpenShiftPluginDescriptor.java b/src/main/java/com/openshift/jenkins/plugins/pipeline/model/IOpenShiftPluginDescriptor.java
@@ -1,13 +1,34 @@
 package com.openshift.jenkins.plugins.pipeline.model;
 
 
+import com.openshift.internal.restclient.DefaultClient;
+import com.openshift.internal.restclient.authorization.AuthorizationContext;
+import com.openshift.internal.restclient.okhttp.OpenShiftAuthenticator;
+import com.openshift.internal.restclient.okhttp.ResponseCodeInterceptor;
+import com.openshift.jenkins.plugins.pipeline.Auth;
 import com.openshift.jenkins.plugins.pipeline.ParamVerify;
+import com.openshift.restclient.ClientBuilder;
+import com.openshift.restclient.http.IHttpConstants;
+import com.openshift.restclient.utils.SSLUtils;
+import hudson.EnvVars;
 import hudson.util.FormValidation;
 import hudson.util.ListBoxModel;
+import okhttp3.Dispatcher;
+import okhttp3.OkHttpClient;
+import okhttp3.Request;
+import org.apache.commons.lang.StringUtils;
 import org.kohsuke.stapler.QueryParameter;
 
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.X509TrustManager;
 import javax.servlet.ServletException;
 import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.util.concurrent.TimeUnit;
 
 public interface IOpenShiftPluginDescriptor {
 
@@ -37,5 +58,44 @@ default ListBoxModel doFillWaitUnitItems() {
         return items;
     }
 
+    default FormValidation doTestConnection(@QueryParameter String apiURL, @QueryParameter String authToken) {
 
+
+        if (StringUtils.isEmpty(apiURL)) {
+            if(!EnvVars.masterEnvVars.containsKey(IOpenShiftPlugin.KUBERNETES_SERVICE_HOST_ENV_KEY) &&
+                    !StringUtils.isEmpty(EnvVars.masterEnvVars.get(IOpenShiftPlugin.KUBERNETES_SERVICE_HOST_ENV_KEY))) {
+                return FormValidation.error("Required fields not provided");
+            }
+
+            apiURL = EnvVars.masterEnvVars.get(IOpenShiftPlugin.KUBERNETES_SERVICE_HOST_ENV_KEY);
+        }
+
+        try {
+
+            URL url = new URL(apiURL); // Test to make sure we have a good URL
+
+            Auth auth = Auth.createInstance(null, apiURL, EnvVars.masterEnvVars);
+
+            DefaultClient client = (DefaultClient) new ClientBuilder(apiURL).
+                    sslCertificateCallback(auth).
+                    withConnectTimeout(5, TimeUnit.SECONDS).
+                    usingToken(Auth.deriveBearerToken(authToken, null, false, EnvVars.masterEnvVars)).
+                    sslCertificate(apiURL, auth.getCert()).
+                    build();
+
+            if (client == null) {
+                return FormValidation.error("Connection unsuccessful");
+            }
+
+            client.getServerReadyStatus();
+
+            HttpUtils.httpGet(false, null, EnvVars.masterEnvVars, apiURL, authToken, "", client, auth, apiURL);
+        } catch (MalformedURLException e ) {
+            return FormValidation.error("Connection Unsuccessful: Bad URL");
+        } catch ( Exception e ) {
+            return FormValidation.error("Connection unsuccessful");
+        }
+
+        return FormValidation.ok("Connection successful");
+    }
 }
diff --git a/src/main/resources/com/openshift/jenkins/plugins/pipeline/Common/cluster.jelly b/src/main/resources/com/openshift/jenkins/plugins/pipeline/Common/cluster.jelly
@@ -13,4 +13,8 @@
     <f:textbox  />
   </f:entry>
 
+  <f:validateButton title="${%Test Connection}" progress="${%Testing...}" method="testConnection"
+    with="apiURL,authToken" />
+
+
 </j:jelly>