c3i-library

#25 major refactoring of the c3i global variables and supporting classes
Merged by mikeb. Opened by mikeb.
mikeb/c3i-library no-with-cluster  into  master

Previously, the library was forced to make openshift.withCluster() calls because the
context created in the calling pipeline was lost when calling openshift from a library
method. The library methods have been refactored to take a script arg, which is a
reference to the calling pipeline. The openshift variable on that pipeline can be called
directly, which retains the context from the pipeline. Because of this, library methods can
now be used to interact with multiple OpenShift project from the same pipeline.

This also enables the return values of library methods to be OpenShift "selectors", rather
than simple strings, which allows the pipeline to perform more complex actions on objects
created by library methods.

Unit test coverage is also significantly expanded. Additional convenience methods for
using the "Deployer" class have also been added to the c3i variable. A clone() method
has been added to handle shallow, single-branch clones, which are preferred for efficiency.

The ca variable now supports adding multiple subjectAltNames to a cert.

Note that these changes are backward-incompatible, but I have changes queued up for the MBS-Koji integration tests to convert to the new API. WaiverDB should be unaffected because it only used c3i.wait(name), which is unchanged.

@rayson @mkovarik @gnaponie @lholecek Please take a look.

"sans"? "without" in French? :)

How about subjectAltName instead?

1 new commit added

  • use a more descriptive name for the subjectAltName variable in the OpenSSL config template

"sans"? "without" in French? :)
How about subjectAltName instead?

Updated. :)

I may not have enough time to finish review before next Mon. Go ahead if this is urgent :)

@rayson It's not urgent, more of an enabler for using c3iaas from the MBS-Koji integration tests, and hopefully making the library more useful for other projects, like WaiverDB and the Factory2 integration tests. I'm still cleaning up the MBS-Koji changes, and will post a PR for that in the next couple days. I'd appreciate your feedback on these changes since they're so extensive. In particular, let me know if you have any suggestions on the API design, since I'm not a Groovy expert. Thanks for your time! :)

Better to rename variable to ageMinutes or ageInMinutes instead.

Are these variables safe? It looks like it could lead to shell injection (passwd="123; rm -rf --no-preserve-root /").

Are these variables safe? It looks like it could lead to shell injection (passwd="123; rm -rf --no-preserve-root /").

I'm not sure how to avoid this using the sh step, suggestions? Single-quotes around the variables, maybe?

I'm not sure how to avoid this using the sh step, suggestions? Single-quotes around the variables, maybe?

It's probably not very important. I think passing values through using environment variables should be safe.

Are these variables safe? It looks like it could lead to shell injection (passwd="123; rm -rf --no-preserve-root /").

I'm not sure how to avoid this using the sh step, suggestions? Single-quotes around the variables, maybe?

It is possible to use the withEnv step to inject environment variables to the sh step and reference them in your shell script. For example, on https://pagure.io/waiverdb/blob/master/f/openshift/pipelines/templates/waiverdb-build.Jenkinsfile#_390:

withEnv(["DEST_IMAGE_REF=${dest}"]) {
                  /* Pushes to the internal registry can sometimes randomly fail
                  * with "unknown blob" due to a known issue with the registry
                  * storage configuration. So we retry up to 5 times. */
                  retry(5) {
                    sh 'skopeo copy dir:_build/waiverdb_container "$DEST_IMAGE_REF"'
                  }
                }

1 new commit added

  • use environment variables to pass arguments through to "sh"

Refactored the ca variable to use withEnv when calling sh.

I went through this PR and really love it. Especially those wait functions should be very helpful to reduce duplicates. LGTM!

${servername} was replaced by ${subjectAltNames}, creation of CA is failing since subjectAltNames is not replaced.

5 new commits added

  • use environment variables to pass arguments through to "sh"
  • use a more descriptive name for the subjectAltName variable in the OpenSSL config template
  • support adding multiple subjectAltNames to a cert
  • add a c3i.clone() method for cloning a git repo
  • major refactoring of the c3i global variable and supporting classes

1 new commit added

  • use a consistent directory for storing CA-related files

6 new commits added

  • use a consistent directory for storing CA-related files
  • use environment variables to pass arguments through to "sh"
  • use a more descriptive name for the subjectAltName variable in the OpenSSL config template
  • support adding multiple subjectAltNames to a cert
  • add a c3i.clone() method for cloning a git repo
  • major refactoring of the c3i global variable and supporting classes

rebased onto 98162194e4d2df6cc9ce6fbd91f2e2e2c4ee6409

Thanks for the feedback!

Pull-Request has been merged by mikeb
Metadata
None
No Tags
Changes Summary 13
+2 -2
file changed
resources/ca/ssl.cnf.in
+56 -45
file changed
src/com/redhat/c3i/util/Builder.groovy
+70 -27
file changed
src/com/redhat/c3i/util/Deployer.groovy
+276
file added
test/BuilderTest.groovy
+246
file added
test/CATest.groovy
+123
file added
test/CloneTest.groovy
+422
file added
test/DeployerTest.groovy
+117
file added
test/SelectorMock.groovy
+200 -15
file changed
vars/c3i.groovy
+78 -56
file changed
vars/ca.groovy
+35 -19
file changed
vars/koji.groovy
+55 -25
file changed
vars/mbs.groovy
+27 -17
file changed
vars/umb.groovy
Static archive. pagure.io was sunset in 2026; this is a read-only snapshot.
Red Hat Logo

Fedora is sponsored by Red Hat. Learn more about the relationship between Red Hat and Fedora »

© Red Hat, Inc. and others.