jenkinsci
/
configuration-as-code-plugin
mirror of https://github.com/jenkinsci/configuration-as-code-plugin.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

🗑️ Codacy markdown issues (#848)

This commit is contained in:
Joseph Petersen 2019-04-20 15:50:58 +02:00 committed by GitHub
parent 0dc1f3fa75
commit 3ef37525f1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
64 changed files with 326 additions and 356 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -139,7 +139,6 @@ mvn hpi:run
```text
...
...
INFO: Jenkins is fully up and running
```

3
demos/alauda-devops-sync/README.md
View File

@ -5,10 +5,7 @@ Alauda DevOps Sync plugin configuration belongs under `unclassified` root elemen
## sample configuration
```yaml
jenkins:
[...]
unclassified:
[...]
alaudaSync:
enabled: true
jenkinsService: jenkins

7
demos/artifactory/README.md
View File

@ -5,17 +5,14 @@ Artifactory plugin configuration belongs under `unclassified` root element
## sample configuration
```yaml
jenkins:
[...]
unclassified:
[...]
artifactorybuilder:
useCredentialsPlugin: true
artifactoryServers:
- serverId: artifactory
artifactoryUrl: http://acme.com/artifactory
deployerCredentialsConfig:
credentialsId: 'artifactory'
credentialsId: "artifactory"
resolverCredentialsConfig:
username: artifactory_user
password: ${ARTIFACTORY_PASSWORD}
@ -25,4 +22,4 @@ unclassified:
Currently setting credentials causes ERROR & `Enable Push to Bintray` is not supported (always enabled).
see [https://www.jfrog.com/jira/browse/HAP-1018]
see [jfrog/HAP-1018](https://www.jfrog.com/jira/browse/HAP-1018)

1
demos/build_agents/README.md
View File

@ -6,7 +6,6 @@ Build agents configuration belongs (currently) under `jenkins` root element
```yaml
jenkins:
(...)
nodes:
- permanent:
labelString: "linux docker test"

2
demos/credentials/credentials.yaml
View File

@ -1,8 +1,6 @@
jenkins:
systemMessage: "Example of configuring credentials in Jenkins"
[..]
credentials:
system:
domainCredentials:

2
demos/ec2/README.md
View File

@ -1,6 +1,6 @@
# configure Amazon EC2 plugin
https://wiki.jenkins.io/display/JENKINS/Amazon+EC2+Plugin
[Amazon EC2 Plugin](https://wiki.jenkins.io/display/JENKINS/Amazon+EC2+Plugin)
## sample configuration

2
demos/jenkins/README.md
View File

@ -35,6 +35,6 @@ jenkins:
numExecutors: 1 # This is just a random example entry to show that there is no "end token" for the multiline string apart from un-indent to the next YAML property.
```
# implementation note
## implementation note
The example above is only a subset of commonly used settings. The full list is available in the generated documentation.

3
demos/jenkins/jenkins.yaml
View File

@ -36,8 +36,6 @@ jenkins:
user: "jenkins"
instanceCapStr: "10"
tool:
git:
installations:
@ -49,7 +47,6 @@ security:
enabled: false
unclassified:
artifactorybuilder:
useCredentialsPlugin: true
artifactoryServers:

2
demos/kubernetes-helm/README.md
View File

@ -92,7 +92,7 @@ Master:
Now, deploy the Helm chart with those customized values:
```
```bash
helm install --name jenkins stable/jenkins -f values.yaml
```

1
demos/kubernetes-helm/values.yaml
View File

@ -121,7 +121,6 @@ Master:
# Annotations:
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "false"
# TLS:
# - secretName: jenkins.cicd.your.cloud
# hosts:

10
demos/kubernetes-secrets/README.md
View File

@ -1,14 +1,14 @@
# Configure Kubernetes secrets for Jenkins Configuration as Code plugin
### Prerequisites
## Prerequisites
1. `SECRETS` environment variable should provide a path to mounted secret volume.
2. Kubernetes secrets with all required values.
3. `volumeMounts` and `volumes` directives of Kubernetes manifest should have records for Kubernetes secrets mounts.
### Sample configuration
## Sample configuration
```
```yml
---
apiVersion: v1
kind: ConfigMap
@ -32,11 +32,9 @@ data:
---
apiVersion: apps/v1beta1
kind: StatefulSet
...
spec:
containers:
- name: jenkins
...
env:
# Read the configuration-as-code from the ConfigMap
- name: CASC_JENKINS_CONFIG
@ -45,7 +43,6 @@ kind: StatefulSet
# we point Jenkins Configuration as Code plugin the location of the secrets
- name: SECRETS
value: /secrets/jenkins
...
# Mount the configuration-as-code ConfigMap
volumeMounts:
- name: jenkins-configuration-as-code
@ -53,7 +50,6 @@ kind: StatefulSet
- name: jenkins-secrets
mountPath: /secrets/jenkins
readOnly: true
...
volumes:
# The configuration-as-code ConfigMap
- name: jenkins-configuration-as-code

2
demos/kubernetes/README.md
View File

@ -6,7 +6,7 @@ See [config.yml](config.yml) for the `ConfigMap` definition.
Example installation on Kubernetes:
```
```bash
kubectl apply -f service-account.yml
kubectl apply -f config.yml
kubectl apply -f jenkins.yml

8
demos/kubernetes/jenkins.yml
View File

@ -1,5 +1,4 @@
# jenkins
---
apiVersion: apps/v1beta1
kind: StatefulSet
@ -68,7 +67,6 @@ spec:
securityContext:
fsGroup: 1000
volumes:
# The configuration-as-code ConfigMap
- name: jenkins-configuration-as-code
configMap:
@ -100,12 +98,10 @@ spec:
# k8s 1.7+
externalTrafficPolicy: Local
ports:
-
name: http
- name: http
port: 80
targetPort: 8080
protocol: TCP
-
name: agent
- name: agent
port: 50000
protocol: TCP

3
demos/mailer/README.md
View File

@ -23,5 +23,4 @@ It is identified as YAML root element `mailer` as this descriptor has a `global.
assumes it makes sense to expose it as a root element extension.
Descriptor defines setters so we can inject configuration, but for SMTP authentication parameters.
See https://github.com/jenkinsci/configuration-as-code-plugin/issues/2.
See https://github.com/jenkinsci/mailer-plugin/pull/39
See [jenknisci/mailer-plugin#39](https://github.com/jenkinsci/mailer-plugin/pull/39)

74
demos/role-strategy-auth/README.md
View File

@ -4,4 +4,76 @@ Basic configuration of the [Role-based Authorization Strategy plugin](https://pl
## sample
Check out the example YAML file [role-strategy-auth.yaml] which is taken from the plugins' integration test resources <https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/integrations/src/test/resources/io/jenkins/plugins/casc/RoleStrategy1.yml>
```yml
jenkins:
authorizationStrategy:
roleBased:
roles:
global:
- name: "admin"
description: "Jenkins administrators"
permissions:
- "Overall/Administer"
assignments:
- "admin"
- name: "readonly"
description: "Read-only users"
permissions:
- "Overall/Read"
- "Job/Read"
assignments:
- "authenticated"
items:
- name: "FolderA"
description: "Jobs in Folder A, but not the folder itself"
pattern: "A/.*"
permissions:
- "Job/Configure"
- "Job/Build"
- "Job/Delete"
assignments:
- "user1"
- "user2"
- name: "FolderB"
description: "Jobs in Folder B, but not the folder itself"
pattern: "B.*"
permissions:
- "Job/Configure"
- "Job/Build"
assignments:
- "user2"
agents:
- name: "Agent1"
description: "Agent 1"
pattern: "agent1"
permissions:
- "Agent/Build"
assignments:
- "user1"
securityRealm:
local:
allowsSignup: false
users:
- id: "admin"
password: "1234"
- id: "user1"
password: ""
- id: "user_hashed"
# password is password
password: "#jbcrypt:$2a$10$3bnAsorIxhl9kTYvNHa2hOJQwPzwT4bv9Vs.9KdXkh9ySANjJKm5u"
nodes:
- dumb:
mode: NORMAL
name: "agent1"
remoteFS: "/home/user1"
launcher: jnlp
- dumb:
mode: NORMAL
name: "agent2"
remoteFS: "/home/user1"
launcher: jnlp
```
which is taken from the plugins' [integration test resources](../../integrations/src/test/resources/io/jenkins/plugins/casc/RoleStrategy1.yml)

70
demos/role-strategy-auth/role-strategy-auth.yaml
View File

@ -1,70 +0,0 @@
jenkins:
[..]
authorizationStrategy:
roleBased:
roles:
global:
- name: "admin"
description: "Jenkins administrators"
permissions:
- "Overall/Administer"
assignments:
- "admin"
- name: "readonly"
description: "Read-only users"
permissions:
- "Overall/Read"
- "Job/Read"
assignments:
- "authenticated"
items:
- name: "FolderA"
description: "Jobs in Folder A, but not the folder itself"
pattern: "A/.*"
permissions:
- "Job/Configure"
- "Job/Build"
- "Job/Delete"
assignments:
- "user1"
- "user2"
- name: "FolderB"
description: "Jobs in Folder B, but not the folder itself"
pattern: "B.*"
permissions:
- "Job/Configure"
- "Job/Build"
assignments:
- "user2"
agents:
- name: "Agent1"
description: "Agent 1"
pattern: "agent1"
permissions:
- "Agent/Build"
assignments:
- "user1"
securityRealm:
local:
allowsSignup: false
users:
- id: "admin"
password: "1234"
- id: "user1"
password: ""
- id: "user_hashed"
# password is password
password: "#jbcrypt:$2a$10$3bnAsorIxhl9kTYvNHa2hOJQwPzwT4bv9Vs.9KdXkh9ySANjJKm5u"
nodes:
- dumb:
mode: NORMAL
name: "agent1"
remoteFS: "/home/user1"
launcher: jnlp
- dumb:
mode: NORMAL
name: "agent2"
remoteFS: "/home/user1"
launcher: jnlp

3
demos/sonarqube/README.md
View File

@ -5,9 +5,6 @@
Sample configuration for the SonarQube plugin
```yaml
jenkins:
[...]
unclassified:
sonarglobalconfiguration: # mandatory
buildWrapperEnabled: true

45
demos/terraform/README.md
View File

@ -1,8 +1,10 @@
# example of how to configure terraform plugin
## Prerequisites
to test it from root of the current repository:
```
```bash
export CASC_JENKINS_CONFIG=$(PWD)/demos/terraform/jenkins.yaml
mvn hpi:run
```
@ -13,3 +15,44 @@ You need to install the following plugins to make it work (you can do it before
- Configuration As Code Support
- Job DSL
- SSH Credentials
## Sample
```yml
jenkins:
systemMessage: "Jenkins configured automatically by Jenkins Configuration as Code plugin\n\n"
tool:
terraforminstallation:
installations:
- name: terraform
home: ""
properties:
- installSource:
installers:
- terraformInstaller:
id: "0.11.9-linux-amd64"
jobs:
- script: >
job("terraform-job") {
description()
keepDependencies(false)
disabled(false)
concurrentBuild(false)
wrappers {
terraformBuildWrapper {
variables("")
terraformInstallation("terraform")
doGetUpdate(true)
doNotApply(false)
doDestroy(false)
config {
value("inline")
inlineConfig("")
fileConfig("")
}
}
}
}
```

36
demos/terraform/jenkins.yaml
View File

@ -1,36 +0,0 @@
jenkins:
systemMessage: "Jenkins configured automatically by Jenkins Configuration as Code plugin\n\n"
tool:
terraforminstallation:
installations:
- name: terraform
home: ""
properties:
- installSource:
installers:
- terraformInstaller:
id: '0.11.9-linux-amd64'
jobs:
- script: >
job("terraform-job") {
description()
keepDependencies(false)
disabled(false)
concurrentBuild(false)
wrappers {
terraformBuildWrapper {
variables("")
terraformInstallation("terraform")
doGetUpdate(true)
doNotApply(false)
doDestroy(false)
config {
value("inline")
inlineConfig("")
fileConfig("")
}
}
}
}

10
docs/DEVELOPER.md
View File

@ -4,9 +4,9 @@ This document describes the JCasC API and design for plugin developers who are i
extending JCasC by implementing custom Configurators or re-using the configuration mechanism
in another context.
# Using Configuration as Code
## Using Configuration as Code
## Configurators
### Configurators
Third party code to rely on JCasC has to create a key:value hierarchical representation of the target
component and its sub-components. This representation is defined by the `io.jenkins.plugins.casc.model` package,
@ -16,7 +16,7 @@ The main API is the `Configurator` which encapsulates access to the target compo
Such a data model is exposed to external usage as a set of `Attribute`s via the `Configurator.describe()` method.
Each key in the key:value representation used as configuration input, has to match an `Attribute`.
## ConfigurationContext
### ConfigurationContext
The configuration process only relies on `ConfigurationContext` to convert the key:value representation into a live
component instance. Third party components to use this mechanism can provide a custom context, while
@ -28,13 +28,13 @@ JCasC relies on registered Jenkins components.
- defines registry to retrieve Configurator for various component and classes to be configured
- offers option to register `Listener`s to get notified about the configuration process and react on errors
## YAML support
### YAML support
`io.jenkins.plugins.casc.yaml` package defines the implementation for loading the configuration from YAML sources.
`YamlUtils.loadFrom` encapsulates the YAML parsing and merge process from a set of YAML documents, while `YamlSource`
abstracts the way we load documents from files, URLs, or any other sources.
# Extending Configuration as Code
## Extending Configuration as Code
`Configurator` and `Attribute` are the core abstraction of Configuration as Code to offer implementation flexibility.
JCasC offers an implementation based on introspecting Java classes, relying on web UI data-binding

4
docs/migrate.md
View File

@ -10,10 +10,10 @@ Jenkins Configuration as Code solves both problems - you don't need to access Je
We've decided to use the YAML format so writing the configuration "by hand" should be easy. Your existing Jenkins can be also used as a documentation - the YAML file tries to mimic the UI you're used to as much as possible.
Plugin provides documentation generated for your specific Jenkins instance - after you install it, and it is available at:
http://[your_jenkins_url]/configuration-as-code/
`http://[your_jenkins_url]/configuration-as-code/`
Various samples of plugins' configuration can be found in [demos](../demos) folder
## Export existing configuration
To be able to do that, you need to install the plugin manually on your working Jenkins instance and use the export function under http://[your_jenkins_url]/configuration-as-code/. Please note that export is not intended to offer a directly usable jenkins.yaml configuration. It can be used for inspiration writing your own, but be aware that export can be partial, or fail for some components.
To be able to do that, you need to install the plugin manually on your working Jenkins instance and use the export function under `http://[your_jenkins_url]/configuration-as-code/`. Please note that export is not intended to offer a directly usable jenkins.yaml configuration. It can be used for inspiration writing your own, but be aware that export can be partial, or fail for some components.

16
docs/vault/setup-vault-using-docker.md
View File

@ -68,12 +68,12 @@
## Run it
1. Set execute permissions on the newly created scripts: `chmod u+x run-consul-agent.sh`
1. Set execute permissions on the newly created scripts: `chmod u+x run-vault-server.sh`
1. Execute: `./run-consul-agent.sh` to start the consul agent locally
- Set execute permissions on the newly created scripts: `chmod u+x run-consul-agent.sh`
- Set execute permissions on the newly created scripts: `chmod u+x run-vault-server.sh`
- Execute: `./run-consul-agent.sh` to start the consul agent locally
- Verify that the consul agent is up and running, connected to the cluster.
1. Execute: `./run-vault-server.sh` to start the vault server
1. Configure the vault server
- Execute: `./run-vault-server.sh` to start the vault server
- Configure the vault server
- Execute: `docker exec -it vault /bin/sh` to access the vault docker container
- Execute: `vault operator init` to initialize the vault server. Take note of the _Unseal Keys_ and the _Initial Root Token_. Without these, the vault is lost when sealed/locked
- Execute: `vault operator unseal` to unseal/open the vault. Follow the onscreen instructions and use 3 of the five _Unseal Keys_
@ -81,9 +81,9 @@
## Test it
1. Execute: `export VAULT_TOKEN="[VAULT_TOKEN]"` where _Vault Token_ is used
1. Execute: `curl --header "X-Vault-Token: $VAULT_TOKEN" --request POST --data '{"bar": "Baz"}' http://vault.domain.local:8200/v1/secret/foo` to put test data into the vault. No output is returned if it works
1. Execute: `curl --header "X-Vault-Token: $VAULT_TOKEN" http://vault.domain.local:8200/v1/secret/foo` to get test data from the vault. Expected output is JSON formatted:
- Execute: `export VAULT_TOKEN="[VAULT_TOKEN]"` where _Vault Token_ is used
- Execute: `curl --header "X-Vault-Token: $VAULT_TOKEN" --request POST --data '{"bar": "Baz"}' http://vault.domain.local:8200/v1/secret/foo` to put test data into the vault. No output is returned if it works
- Execute: `curl --header "X-Vault-Token: $VAULT_TOKEN" http://vault.domain.local:8200/v1/secret/foo` to get test data from the vault. Expected output is JSON formatted:
```json
{

1
integrations/src/test/resources/io/jenkins/plugins/casc/ActiveDirectoryTest.yml
View File

@ -1,5 +1,4 @@
jenkins:
securityRealm:
activeDirectory:
domains:

1
integrations/src/test/resources/io/jenkins/plugins/casc/GitToolInstallationTest.yml
View File

@ -5,4 +5,3 @@ tool:
home: /bin/git
- name: another_git
home: /usr/local/bin/git

1
integrations/src/test/resources/io/jenkins/plugins/casc/GlobalMatrixStrategy.yml
View File

@ -15,4 +15,3 @@ jenkins:
grantedPermissions:
- "Overall/Read:anonymous"
- "Overall/Administer:authenticated"

1
integrations/src/test/resources/io/jenkins/plugins/casc/LDAPSecurityRealmTest.yml
View File

@ -1,5 +1,4 @@
jenkins:
securityRealm:
ldap:
configurations:

1
integrations/src/test/resources/io/jenkins/plugins/casc/ProjectMatrixStrategy.yml
View File

@ -15,4 +15,3 @@ jenkins:
grantedPermissions:
- "Overall/Read:anonymous"
- "Overall/Administer:authenticated"

1
integrations/src/test/resources/io/jenkins/plugins/casc/RoleStrategy1.yml
View File

@ -1,5 +1,4 @@
jenkins:
authorizationStrategy:
roleBased:
roles:

1
integrations/src/test/resources/io/jenkins/plugins/casc/RoleStrategy2.yml
View File

@ -1,5 +1,4 @@
jenkins:
authorizationStrategy:
roleBased:
roles:

5
integrations/src/test/resources/io/jenkins/plugins/casc/SystemCredentialsTest.yml
View File

@ -41,8 +41,3 @@ credentials:
privateKeySource:
directEntry:
privateKey: ${SSH_PRIVATE_KEY}

2
integrations/src/test/resources/io/jenkins/plugins/casc/core/JdkConfiguratorTest.yml
View File

@ -7,5 +7,5 @@ tool:
- installSource:
installers:
- jdkInstaller:
id: 'jdk-8u181-oth-JPR'
id: "jdk-8u181-oth-JPR"
acceptLicense: true

1
plugin/src/test/resources/io/jenkins/plugins/casc/GlobalSecurityConfiguration.yml
View File

@ -1,3 +1,2 @@
securityConfig:
markupFormatter: plainText

2
plugin/src/test/resources/io/jenkins/plugins/casc/core/MavenConfiguratorTest.yml
View File

@ -10,4 +10,4 @@ tool:
- installSourceProperty:
installers:
- mavenInstaller:
id: '3.5.0'
id: "3.5.0"