Added Secret Support

openshift-pipelines · Dec 4, 2023 · 524dd0c · 524dd0c
1 parent 1e6fe27
commit 524dd0c
Show file tree

Hide file tree

Showing 6 changed files with 32 additions and 8 deletions.
diff --git a/Makefile b/Makefile
@@ -13,6 +13,7 @@ E2E_PVC ?= test/e2e/resources/pvc-maven.yaml
 E2E_MAVEN_PARAMS_REVISION ?= master
 E2E_MAVEN_PARAMS_URL ?= https://github.com/shashirajraja/shopping-cart 
 E2E_TEST_DIR ?= ./test/e2e
+E2E_MAVEN_PARAMS_SERVER_SECRET ?= secret-maven
 
 # generic arguments employed on most of the targets
 ARGS ?=
@@ -38,7 +39,6 @@ endef
 # renders the task resource file printing it out on the standard output
 helm-template:
 	$(call render-template)
-
 # renders and installs the resources (task)
 install:
 	$(call render-template) |kubectl $(ARGS) apply -f -

diff --git a/scripts/maven-generate.sh b/scripts/maven-generate.sh
@@ -62,6 +62,7 @@ if [ -n "${SERVER_USER}" -a -n "${SERVER_PASSWORD}" ]; then
     xml="$xml\
         </server>"
     sed -i "s|<!-- ### SERVER's USER INFO from ENV ### -->|$xml|" ${MAVEN_SETTINGS_FILE}
+    echo "SERVER Creds Updated"
 fi
 
 if [ -n "${PARAMS_MAVEN_MIRROR_URL}" ]; then

diff --git a/templates/task-maven.yaml b/templates/task-maven.yaml
@@ -34,6 +34,8 @@ spec:
         The subdirectory within the repository for sources on
         which we want to execute maven goals.
       default: "."
+    - name: SERVER_SECRET
+      type: string
 
   stepTemplate:
     env:
@@ -53,6 +55,16 @@ spec:
       env:
         - name: HOME
           value: /tekton/home
+        - name: SERVER_USER
+          valueFrom:
+            secretKeyRef:
+              name: $(params.SERVER_SECRET)
+              key: username
+        - name: SERVER_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: $(params.SERVER_SECRET)
+              key: password
       command:
         - /scripts/maven-generate.sh
       securityContext:

diff --git a/test/e2e/e2e.bats b/test/e2e/e2e.bats
@@ -8,19 +8,17 @@ source ./test/helper/helper.sh
 @test "[e2e] maven task" {
     [ -n "${E2E_MAVEN_PARAMS_URL}" ]
     [ -n "${E2E_MAVEN_PARAMS_REVISION}" ]
+    [ -n "${E2E_MAVEN_PARAMS_SERVER_SECRET}" ]
+
+    kubectl delete secret secret-maven || true
 
-    kubectl delete secret regcred || true
-    run kubectl create secret generic regcred \
-        --from-file=.dockerconfigjson=$HOME/.docker/config.json \
-        --type=kubernetes.io/dockerconfigjson
-    assert_success
-    run kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "regcred"}]}'
-    assert_success
+    kubectl apply -f test/e2e/resources/secret-maven.yaml
 
     run tkn pipeline start task-maven \
         --param="URL=${E2E_MAVEN_PARAMS_URL}" \
         --param="REVISION=${E2E_MAVEN_PARAMS_REVISION}" \
         --param="VERBOSE=true" \
+        --param="SERVER_SECRET=${E2E_MAVEN_PARAMS_SERVER_SECRET}" \
         --workspace="name=source,claimName=task-maven,subPath=source" \
         --filename=test/e2e/resources/pipeline-maven.yaml \
         --showlog

diff --git a/test/e2e/resources/pipeline-maven.yaml b/test/e2e/resources/pipeline-maven.yaml
@@ -17,6 +17,8 @@ spec:
       type: string
     - name: VERBOSE
       type: string
+    - name: SERVER_SECRET
+      type: string
 
   tasks:
     - name: git
@@ -37,6 +39,9 @@ spec:
     - name: maven
       taskRef:
         name: maven
+      params:
+        - name: SERVER_SECRET
+          value: "$(params.SERVER_SECRET)"
       runAfter:
         - git
       workspaces:

diff --git a/test/e2e/resources/secret-maven.yaml b/test/e2e/resources/secret-maven.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-maven
+type: Opaque
+stringData:
+  username: some-username
+  password: some-password