[KubManifestV0] Ignore SSL errors conditonally (#10183)

* [KubManifestV0] Ignore SSL errors conditonally * undoing utility-common
microsoft · Apr 24, 2019 · 9c6e2d6 · 9c6e2d6
1 parent 5ce8440
commit 9c6e2d6
Show file tree

Hide file tree

Showing 13 changed files with 46 additions and 34 deletions.
diff --git a/Tasks/Common/kubernetes-common/kubectl-object-model.ts b/Tasks/Common/kubernetes-common/kubectl-object-model.ts
@@ -1,5 +1,5 @@
 import tl = require('vsts-task-lib/task');
-import { IExecOptions, IExecSyncResult, IExecSyncOptions } from 'vsts-task-lib/toolrunner';
+import { IExecOptions, IExecSyncResult, IExecSyncOptions, ToolRunner } from 'vsts-task-lib/toolrunner';
 
 export interface Resource {
     name: string;
@@ -9,23 +9,26 @@ export interface Resource {
 export class Kubectl {
     private kubectlPath: string;
     private namespace: string;
+    private ignoreSSLErrors: boolean;
 
-    constructor(kubectlPath: string, namespace?: string) {
+    constructor(kubectlPath: string, namespace?: string, ignoreSSLErrors?: boolean) {
         this.kubectlPath = kubectlPath;
         if (!!namespace) {
             this.namespace = namespace;
         }
         else {
             this.namespace = "default";
         }
+
+        this.ignoreSSLErrors = !!ignoreSSLErrors;
     }
 
     public apply(configurationPaths: string | string[]): IExecSyncResult {
         var command = tl.tool(this.kubectlPath);
         command.arg("apply");
         command.arg(["-f", this.createInlineArray(configurationPaths)]);
         command.arg(["--namespace", this.namespace]);
-        return command.execSync();
+        return this.execute(command);
     }
 
     public annotate(resourceType: string, resourceName: string, annotations: string[], overwrite?: boolean): IExecSyncResult {
@@ -35,7 +38,7 @@ export class Kubectl {
         command.arg(["--namespace", this.namespace]);
         command.arg(annotations);
         if (!!overwrite) command.arg(`--overwrite`)
-        return command.execSync();
+        return this.execute(command);
     }
 
     public annotateFiles(files: string | string[], annotations: string[], overwrite?: boolean): IExecSyncResult {
@@ -45,7 +48,7 @@ export class Kubectl {
         command.arg(["--namespace", this.namespace]);
         command.arg(annotations);
         if (!!overwrite) command.arg(`--overwrite`)
-        return command.execSync();
+        return this.execute(command);
     }
 
     public createSecret(args: string, force?: boolean, secretName?: string): IExecSyncResult {
@@ -55,23 +58,23 @@ export class Kubectl {
             command.arg("secret");
             command.arg(["--namespace", this.namespace]);
             command.arg(secretName);
-            command.execSync();    
+            this.execute(command);
         }
 
         var command = tl.tool(this.kubectlPath);
         command.arg("create");
         command.arg("secret");
         command.arg(["--namespace", this.namespace]);
         command.line(args);
-        return command.execSync();
+        return this.execute(command);
     }
 
     public describe(resourceType, resourceName, silent?: boolean): IExecSyncResult {
         var command = tl.tool(this.kubectlPath);
         command.arg("describe");
         command.arg([resourceType, resourceName]);
         command.arg(["--namespace", this.namespace]);
-        return command.execSync({ silent: !!silent } as IExecOptions);
+        return this.execute(command, silent);
     }
 
     public getNewReplicaSet(deployment): string {
@@ -95,15 +98,15 @@ export class Kubectl {
         command.arg("pods");
         command.arg(["--namespace", this.namespace]);
         command.arg(["-o", "json"])
-        return command.execSync({ silent: true } as IExecSyncOptions);
+        return this.execute(command, true)
     }
 
     public checkRolloutStatus(resourceType, name): IExecSyncResult {
         var command = tl.tool(this.kubectlPath);
         command.arg(["rollout", "status"]);
         command.arg(resourceType + "/" + name);
         command.arg(["--namespace", this.namespace]);
-        return command.execSync();
+        return this.execute(command);
     }
 
     public getResource(resourceType: string, name: string): IExecSyncResult {
@@ -112,7 +115,7 @@ export class Kubectl {
         command.arg(resourceType + "/" + name);
         command.arg(["--namespace", this.namespace]);
         command.arg(["-o", "json"])
-        return command.execSync();
+        return this.execute(command);
     }
 
     public getResources(applyOutput: string, filterResourceTypes: string[]): Resource[] {
@@ -140,7 +143,7 @@ export class Kubectl {
         command.arg(resourceType + "/" + resourceName);
         command.arg(`--replicas=${replicas}`);
         command.arg(["--namespace", this.namespace]);
-        return command.execSync();
+        return this.execute(command);
     }
 
     public patch(resourceType, resourceName, patch, strategy) {
@@ -150,16 +153,23 @@ export class Kubectl {
         command.arg(["--namespace", this.namespace]);
         command.arg(`--type=${strategy}`);
         command.arg([`-p`, patch]);
-        return command.execSync();
+        return this.execute(command);
     }
 
     public delete(args) {
         var command = tl.tool(this.kubectlPath);
         command.arg("delete");
         command.line(args);
-        return command.execSync();
+        return this.execute(command);
     }
 
+    private execute(command: ToolRunner, silent?: boolean) {
+        if (this.ignoreSSLErrors) {
+            command.arg("--insecure-skip-tls-verify");
+        }
+
+        return command.execSync({ silent: !!silent } as IExecOptions);
+    }
 
     private createInlineArray(str: string | string[]): string {
         if (typeof str === "string") return str;

diff --git a/Tasks/KubernetesManifestV0/src/actions/bake.ts b/Tasks/KubernetesManifestV0/src/actions/bake.ts
@@ -9,7 +9,7 @@ import { Helm, NameValuePair } from "utility-common/helm-object-model";
 
 const uuidV4 = require('uuid/v4');
 
-export async function bake() {
+export async function bake(ignoreSslErrors?: boolean) {
     let renderType = tl.getInput("renderType", true);
     switch (renderType) {
         case "helm2":

diff --git a/Tasks/KubernetesManifestV0/src/actions/createSecret.ts b/Tasks/KubernetesManifestV0/src/actions/createSecret.ts
@@ -7,7 +7,7 @@ import * as TaskInputParameters from '../models/TaskInputParameters';
 import AuthenticationToken from "docker-common/registryauthenticationprovider/registryauthenticationtoken";
 import { getDockerRegistryEndpointAuthenticationToken } from "docker-common/registryauthenticationprovider/registryauthenticationtoken";
 
-export async function createSecret() {
+export async function createSecret(ignoreSslErrors?: boolean) {
     let args = "";
     if (utils.isEqual(TaskInputParameters.secretType, "dockerRegistry", utils.StringComparer.OrdinalIgnoreCase)) {
         args = getDockerRegistrySecretArgs();
@@ -16,7 +16,7 @@ export async function createSecret() {
         args = getGenericSecretArgs();
     }
 
-    let kubectl = new Kubectl(await utils.getKubectl(), TaskInputParameters.namespace);
+    let kubectl = new Kubectl(await utils.getKubectl(), TaskInputParameters.namespace, ignoreSslErrors);
     var result = kubectl.createSecret(args, true, TaskInputParameters.secretName.trim());
     utils.checkForErrors([result]);
 }

diff --git a/Tasks/KubernetesManifestV0/src/actions/delete.ts b/Tasks/KubernetesManifestV0/src/actions/delete.ts
@@ -5,14 +5,14 @@ import { Kubectl } from "kubernetes-common/kubectl-object-model";
 import * as utils from "../utils/utilities";
 import * as TaskInputParameters from '../models/TaskInputParameters';
 
-export async function deleteResources() {
+export async function deleteResources(ignoreSslErrors?: boolean) {
     let args = TaskInputParameters.args;
 
     if (args == null || args.length == 0) {
         throw (tl.loc("ArgumentsInputNotSupplied"));
     }
 
-    let kubectl = new Kubectl(await utils.getKubectl(), TaskInputParameters.namespace);
+    let kubectl = new Kubectl(await utils.getKubectl(), TaskInputParameters.namespace, ignoreSslErrors);
     var result = kubectl.delete(args);
     utils.checkForErrors([result]);
 }
diff --git a/Tasks/KubernetesManifestV0/src/actions/deploy.ts b/Tasks/KubernetesManifestV0/src/actions/deploy.ts
@@ -5,8 +5,8 @@ import * as TaskInputParameters from '../models/TaskInputParameters';
 import * as utils from "../utils/utilities";
 import { Kubectl } from "kubernetes-common/kubectl-object-model";
 
-export async function deploy() {
+export async function deploy(ignoreSslErrors?: boolean) {
     var kubectlPath = await utils.getKubectl();
-    let kubectl = new Kubectl(kubectlPath, TaskInputParameters.namespace);
+    let kubectl = new Kubectl(kubectlPath, TaskInputParameters.namespace, ignoreSslErrors);
     deploymentHelper.deploy(kubectl, TaskInputParameters.manifests, TaskInputParameters.deploymentStrategy);
 }
diff --git a/Tasks/KubernetesManifestV0/src/actions/patch.ts b/Tasks/KubernetesManifestV0/src/actions/patch.ts
@@ -5,8 +5,8 @@ import { Kubectl } from "kubernetes-common/kubectl-object-model";
 import * as utils from "../utils/utilities";
 import * as constants from "../models/constants";
 
-export async function patch() {
-    let kubectl = new Kubectl(await utils.getKubectl(), tl.getInput("namespace", false));
+export async function patch(ignoreSslErrors?: boolean) {
+    let kubectl = new Kubectl(await utils.getKubectl(), tl.getInput("namespace", false), ignoreSslErrors);
     let kind = tl.getInput("kind", false).toLowerCase();
     let name = tl.getInput("name", false);
     let filePath = tl.getInput("resourceFileToPatch", false);

diff --git a/Tasks/KubernetesManifestV0/src/actions/promote.ts b/Tasks/KubernetesManifestV0/src/actions/promote.ts
@@ -6,9 +6,9 @@ import { Kubectl } from "kubernetes-common/kubectl-object-model";
 import * as utils from "../utils/utilities";
 import * as TaskInputParameters from '../models/TaskInputParameters';
 
-export async function promote() {
+export async function promote(ignoreSslErrors?: boolean) {
 
-    let kubectl = new Kubectl(await utils.getKubectl(), TaskInputParameters.namespace);
+    let kubectl = new Kubectl(await utils.getKubectl(), TaskInputParameters.namespace, ignoreSslErrors);
 
     if (canaryDeploymentHelper.isCanaryDeploymentStrategy()) {
         // Deploy input manifests

diff --git a/Tasks/KubernetesManifestV0/src/actions/reject.ts b/Tasks/KubernetesManifestV0/src/actions/reject.ts
@@ -5,9 +5,9 @@ import { Kubectl } from "kubernetes-common/kubectl-object-model";
 import * as utils from "../utils/utilities";
 import * as TaskInputParameters from '../models/TaskInputParameters';
 
-export async function reject() {
+export async function reject(ignoreSslErrors?: boolean) {
 
-    let kubectl = new Kubectl(await utils.getKubectl(), TaskInputParameters.namespace);
+    let kubectl = new Kubectl(await utils.getKubectl(), TaskInputParameters.namespace, ignoreSslErrors);
 
     if (canaryDeploymentHelper.isCanaryDeploymentStrategy()) {
         tl.debug("Deployment strategy selected is Canary. Deleting baseline and canary workloads.");

diff --git a/Tasks/KubernetesManifestV0/src/actions/scale.ts b/Tasks/KubernetesManifestV0/src/actions/scale.ts
@@ -5,8 +5,8 @@ import { Kubectl } from "kubernetes-common/kubectl-object-model";
 import * as utils from "../utils/utilities";
 import * as constants from "../models/constants";
 
-export async function scale() {
-    let kubectl = new Kubectl(await utils.getKubectl(), tl.getInput("namespace", false));
+export async function scale(ignoreSslErrors?: boolean) {
+    let kubectl = new Kubectl(await utils.getKubectl(), tl.getInput("namespace", false), ignoreSslErrors);
     let kind = tl.getInput("kind", true).toLowerCase();
     let replicas = tl.getInput("replicas", true);
     let name = tl.getInput("name", true);

diff --git a/Tasks/KubernetesManifestV0/src/connection.ts b/Tasks/KubernetesManifestV0/src/connection.ts
@@ -5,7 +5,8 @@ import * as utils from "./utils/FileHelper";
 import kubectlutility = require("utility-common/kubectlutility");
 
 export class Connection {
-
+    public ignoreSSLErrors: boolean;
+
     public open() {
         let kubeconfig: string, kubeconfigFile: string;
         let kubernetesServiceConnection = tl.getInput("kubernetesServiceConnection", true);
@@ -22,6 +23,7 @@ export class Connection {
         kubeconfigFile = path.join(utils.getNewUserDirPath(), "config");
         fs.writeFileSync(kubeconfigFile, kubeconfig);
         tl.setVariable("KUBECONFIG", kubeconfigFile);
+        this.ignoreSSLErrors = tl.getEndpointDataParameter(kubernetesServiceConnection, 'acceptUntrustedCerts', true) === "true";
     }
 
     public close() {

diff --git a/Tasks/KubernetesManifestV0/src/run.ts b/Tasks/KubernetesManifestV0/src/run.ts
@@ -46,8 +46,8 @@ function run(): Promise<void> {
             tl.setResult(tl.TaskResult.Failed, 'Not a supported action, choose from "bake", "deploy", "patch", "scale", "delete", "promote", "reject"');
             process.exit(1);
     }
-    connection.open()
-    return action_func()
+    connection.open();
+    return action_func(connection.ignoreSSLErrors)
         .then(() => connection.close())
         .catch((error) => {
             connection.close()

diff --git a/Tasks/KubernetesManifestV0/task.json b/Tasks/KubernetesManifestV0/task.json
@@ -15,7 +15,7 @@
     "version": {
         "Major": 0,
         "Minor": 151,
-        "Patch": 4
+        "Patch": 6
     },
     "demands": [],
     "groups": [],

diff --git a/Tasks/KubernetesManifestV0/task.loc.json b/Tasks/KubernetesManifestV0/task.loc.json
@@ -15,7 +15,7 @@
   "version": {
     "Major": 0,
     "Minor": 151,
-    "Patch": 5
+    "Patch": 6
   },
   "demands": [],
   "groups": [],