Skip to content

Commit

Permalink
✨ : add credentials mgmt to jobs
Browse files Browse the repository at this point in the history
  • Loading branch information
juwit committed Jul 9, 2020
1 parent fdff3a5 commit ae437ae
Show file tree
Hide file tree
Showing 6 changed files with 60 additions and 0 deletions.
17 changes: 17 additions & 0 deletions src/main/java/io/gaia_app/credentials/Credentials.kt
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
package io.gaia_app.credentials

interface Credentials {
fun toEnv(): List<String>
}

data class AWSCredentials(val access_key:String, val secret_key:String):Credentials {
override fun toEnv() = listOf("""AWS_ACCESS_KEY_ID=${access_key}""", """AWS_SECRET_ACCESS_KEY=${secret_key}""")
}

data class GCPCredentials(val serviceAccountJSONContents:String):Credentials {
override fun toEnv() = listOf("""GOOGLE_CREDENTIALS=${serviceAccountJSONContents}""")
}

data class AzureCredentials(val clientId:String, val clientSecret:String):Credentials {
override fun toEnv() = listOf("""ARM_CLIENT_ID=${clientId}""", """ARM_CLIENT_SECRET=${clientSecret}""")
}
5 changes: 5 additions & 0 deletions src/main/java/io/gaia_app/runner/DockerRunner.java
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,11 @@ int runContainerForJob(JobWorkflow jobWorkflow, String script) {

var job = jobWorkflow.getJob();

// add credentials of the job, if any
if (job.getCredentials() != null){
env.addAll(job.getCredentials().toEnv());
}

// pulling the image
dockerClient.pullImageCmd(job.getTerraformImage().image())
.start()
Expand Down
10 changes: 10 additions & 0 deletions src/main/java/io/gaia_app/stacks/bo/Job.java
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package io.gaia_app.stacks.bo;

import io.gaia_app.credentials.Credentials;
import io.gaia_app.modules.bo.TerraformImage;
import io.gaia_app.teams.User;
import io.gaia_app.modules.bo.TerraformImage;
Expand Down Expand Up @@ -27,6 +28,7 @@ public class Job {
private List<Step> steps = new ArrayList<>(2);
@DBRef
private User user;
private Credentials credentials;

public Job() {
}
Expand Down Expand Up @@ -138,4 +140,12 @@ public Long getExecutionTime() {
}
return Duration.between(this.startDateTime, this.endDateTime).toMillis();
}

public Credentials getCredentials() {
return credentials;
}

public void setCredentials(Credentials credentials) {
this.credentials = credentials;
}
}
11 changes: 11 additions & 0 deletions src/main/java/io/gaia_app/stacks/bo/Stack.java
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package io.gaia_app.stacks.bo;

import io.gaia_app.credentials.Credentials;
import io.gaia_app.teams.Team;
import io.gaia_app.teams.User;
import org.springframework.data.mongodb.core.mapping.DBRef;
Expand Down Expand Up @@ -59,6 +60,9 @@ public class Stack {

private BigDecimal estimatedRunningCost;

@DBRef
private Credentials credentials;

@DBRef
private User createdBy;

Expand Down Expand Up @@ -173,4 +177,11 @@ public void setUpdatedAt(LocalDateTime updatedAt) {
this.updatedAt = updatedAt;
}

public Credentials getCredentials() {
return credentials;
}

public void setCredentials(Credentials credentials) {
this.credentials = credentials;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,7 @@ public Map<String, String> launchJob(@PathVariable String id, @PathVariable JobT
// create a new job
var job = new Job(jobType, id, user);
job.setTerraformImage(module.getTerraformImage());
job.setCredentials(stack.getCredentials());
jobRepository.save(job);

return Map.of("jobId", job.getId());
Expand Down
16 changes: 16 additions & 0 deletions src/test/java/io/gaia_app/runner/DockerRunnerIT.kt
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package io.gaia_app.runner

import io.gaia_app.credentials.AWSCredentials
import io.gaia_app.modules.bo.TerraformImage
import io.gaia_app.runner.config.DockerConfig
import io.gaia_app.settings.bo.Settings
Expand Down Expand Up @@ -73,6 +74,21 @@ class DockerRunnerIT {
assertThat(jobWorkflow.currentStep.logs).isEqualTo("hello world\n");
}

@Test
fun `runContainerForJob() use credentials of the job`() {
val script = "echo \$AWS_ACCESS_KEY_ID; exit 0;"

val job = Job()
job.terraformImage = TerraformImage.defaultInstance()
job.credentials = AWSCredentials("SOME_ACCESS_KEY", "SOME_SECRET_KEY")
val jobWorkflow = JobWorkflow(job)
jobWorkflow.currentStep = Step()

dockerRunner.runContainerForJob(jobWorkflow, script)

assertThat(jobWorkflow.currentStep.logs).isEqualTo("SOME_ACCESS_KEY\n");
}

@Test
fun `runContainerForJob() use TF_IN_AUTOMATION env var`() {
val script = "echo \$TF_IN_AUTOMATION; exit 0;"
Expand Down

0 comments on commit ae437ae

Please sign in to comment.