jenkins/sap-jenkins-library
1
0
Fork 0
mirror of https://github.com/SAP/jenkins-library.git synced 2025-11-06 09:09:19 +02:00
Code Issues Releases Activity

feat(shellExecute): cleanup, Jenkins step, docs … (#3313)

Browse Source 
* remove functionality with script downloading (security issue), clean up code

* remove vault client creating, remove vault params

* fix go generate issue

* error handling and test updated

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
This commit is contained in:
Eugene Kortelyov
2021-12-13 14:31:31 +03:00
committed by GitHub
parent ff6a26dd42
commit e727601ea4
8 changed files with 48 additions and 124 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
cmd/shellExecute.go
View File

@@ -1,28 +1,23 @@
package cmd package cmd
import ( import (
"net/url" "fmt"
"os/exec" "os/exec"
"strings"
"github.com/hashicorp/vault/api"
"github.com/pkg/errors" "github.com/pkg/errors"
"github.com/SAP/jenkins-library/pkg/command" "github.com/SAP/jenkins-library/pkg/command"
piperhttp "github.com/SAP/jenkins-library/pkg/http"
"github.com/SAP/jenkins-library/pkg/log" "github.com/SAP/jenkins-library/pkg/log"
"github.com/SAP/jenkins-library/pkg/piperutils" "github.com/SAP/jenkins-library/pkg/piperutils"
"github.com/SAP/jenkins-library/pkg/telemetry" "github.com/SAP/jenkins-library/pkg/telemetry"
"github.com/SAP/jenkins-library/pkg/vault"
) )
type shellExecuteUtils interface { type shellExecuteUtils interface {
command.ExecRunner command.ExecRunner
FileExists(filename string) (bool, error) piperutils.FileUtils
} }
type shellExecuteUtilsBundle struct { type shellExecuteUtilsBundle struct {
*vault.Client
*command.Command *command.Command
*piperutils.Files *piperutils.Files
} }
@@ -39,83 +34,33 @@ func newShellExecuteUtils() shellExecuteUtils {
func shellExecute(config shellExecuteOptions, telemetryData *telemetry.CustomData) { func shellExecute(config shellExecuteOptions, telemetryData *telemetry.CustomData) {
utils := newShellExecuteUtils() utils := newShellExecuteUtils()
fileUtils := &piperutils.Files{}
err := runShellExecute(&config, telemetryData, utils, fileUtils) err := runShellExecute(&config, telemetryData, utils)
if err != nil { if err != nil {
log.Entry().WithError(err).Fatal("step execution failed") log.Entry().WithError(err).Fatal("step execution failed")
} }
} }
func runShellExecute(config *shellExecuteOptions, telemetryData *telemetry.CustomData, utils shellExecuteUtils, fileUtils piperutils.FileUtils) error { func runShellExecute(config *shellExecuteOptions, telemetryData *telemetry.CustomData, utils shellExecuteUtils) error {
// create vault client
// try to retrieve existing credentials
// if it's impossible - will add it
vaultConfig := &vault.Config{
Config: &api.Config{
Address: config.VaultServerURL,
},
Namespace: config.VaultNamespace,
}
_, err := vault.NewClientWithAppRole(vaultConfig, GeneralConfig.VaultRoleID, GeneralConfig.VaultRoleSecretID)
if err != nil {
log.Entry().Info("could not create vault client:", err)
}
// piper http client for downloading scripts
httpClient := piperhttp.Client{}
// scripts for running locally
var e []string
// check input data // check input data
// example for script: sources: ["./script.sh"] // example for script: sources: ["./script.sh"]
for _, source := range config.Sources { for _, source := range config.Sources {
// check it's a local script or remote // check if the script is physically present
_, err := url.ParseRequestURI(source) exists, err := utils.FileExists(source)
if err != nil { if err != nil {
// err means that it's not a remote script log.Entry().WithError(err).Error("failed to check for defined script")
// check if the script is physically present (for local scripts) return fmt.Errorf("failed to check for defined script: %w", err)
exists, err := fileUtils.FileExists(source)
if err != nil {
log.Entry().WithError(err).Error("failed to check for defined script")
return errors.Wrap(err, "failed to check for defined script")
}
if !exists {
log.Entry().WithError(err).Error("the specified script could not be found")
return errors.New("the specified script could not be found")
}
e = append(e, source)
} else {
// this block means that it's a remote script
// so, need to download it before
// get script name at first
path := strings.Split(source, "/")
err = httpClient.DownloadFile(source, path[len(path)-1], nil, nil)
if err != nil {
log.Entry().WithError(err).Errorf("the specified script could not be downloaded")
}
// make script executable
exec.Command("/bin/sh", "chmod +x "+path[len(path)-1])
e = append(e, path[len(path)-1])
} }
} if !exists {
log.Entry().WithError(err).Errorf("the script '%v' could not be found: %v", source, err)
// if all ok - try to run them one by one return fmt.Errorf("the script '%v' could not be found", source)
for _, script := range e { }
log.Entry().Info("starting running script:", script) log.Entry().Info("starting running script:", source)
err = utils.RunExecutable(script) err = utils.RunExecutable(source)
if err != nil { if err != nil {
log.Entry().Errorln("starting running script:", script) log.Entry().Errorln("starting running script:", source)
} }
// handle exit code
// if it's an exit error, then check the exit code
// according to the requirements
// 0 - success
// 1 - fails the build (or > 2)
// 2 - build unstable - unsupported now
if ee, ok := err.(*exec.ExitError); ok { if ee, ok := err.(*exec.ExitError); ok {
switch ee.ExitCode() { switch ee.ExitCode() {
case 0: case 0:

29
cmd/shellExecute_generated.go
View File

@@ -16,9 +16,7 @@ import (
) )
type shellExecuteOptions struct { type shellExecuteOptions struct {
VaultServerURL string `json:"vaultServerUrl,omitempty"` Sources []string `json:"sources,omitempty"`
VaultNamespace string `json:"vaultNamespace,omitempty"`
Sources []string `json:"sources,omitempty"`
} }
// ShellExecuteCommand Step executes defined script // ShellExecuteCommand Step executes defined script
@@ -35,7 +33,7 @@ func ShellExecuteCommand() *cobra.Command {
var createShellExecuteCmd = &cobra.Command{ var createShellExecuteCmd = &cobra.Command{
Use: STEP_NAME, Use: STEP_NAME,
Short: "Step executes defined script", Short: "Step executes defined script",
Long: `Step executes defined script with Vault credentials, or created them on this step`, Long: `Step executes defined script with using test vault credentials`,
PreRunE: func(cmd *cobra.Command, _ []string) error { PreRunE: func(cmd *cobra.Command, _ []string) error {
startTime = time.Now() startTime = time.Now()
log.SetStepName(STEP_NAME) log.SetStepName(STEP_NAME)
@@ -110,8 +108,6 @@ func ShellExecuteCommand() *cobra.Command {
} }
func addShellExecuteFlags(cmd *cobra.Command, stepConfig *shellExecuteOptions) { func addShellExecuteFlags(cmd *cobra.Command, stepConfig *shellExecuteOptions) {
cmd.Flags().StringVar(&stepConfig.VaultServerURL, "vaultServerUrl", os.Getenv("PIPER_vaultServerUrl"), "The URL for the Vault server to use")
cmd.Flags().StringVar(&stepConfig.VaultNamespace, "vaultNamespace", os.Getenv("PIPER_vaultNamespace"), "The vault namespace that should be used (optional)")
cmd.Flags().StringSliceVar(&stepConfig.Sources, "sources", []string{}, "Scripts names for execution or links to scripts") cmd.Flags().StringSliceVar(&stepConfig.Sources, "sources", []string{}, "Scripts names for execution or links to scripts")
} }
@@ -127,24 +123,6 @@ func shellExecuteMetadata() config.StepData {
Spec: config.StepSpec{ Spec: config.StepSpec{
Inputs: config.StepInputs{ Inputs: config.StepInputs{
Parameters: []config.StepParameters{ Parameters: []config.StepParameters{
{
Name: "vaultServerUrl",
ResourceRef: []config.ResourceReference{},
Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"},
Type: "string",
Mandatory: false,
Aliases: []config.Alias{},
Default: os.Getenv("PIPER_vaultServerUrl"),
},
{
Name: "vaultNamespace",
ResourceRef: []config.ResourceReference{},
Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"},
Type: "string",
Mandatory: false,
Aliases: []config.Alias{},
Default: os.Getenv("PIPER_vaultNamespace"),
},
{ {
Name: "sources", Name: "sources",
ResourceRef: []config.ResourceReference{}, ResourceRef: []config.ResourceReference{},
@@ -156,6 +134,9 @@ func shellExecuteMetadata() config.StepData {
}, },
}, },
}, },
Containers: []config.Container{
{Name: "shell", Image: "node:lts-stretch", WorkingDir: "/home/node"},
},
}, },
} }
return theMetaData return theMetaData

16
cmd/shellExecute_test.go
View File

@@ -52,32 +52,24 @@ func TestRunShellExecute(t *testing.T) {
Sources: []string{"path/to/script.sh"}, Sources: []string{"path/to/script.sh"},
} }
u := newShellExecuteTestsUtils() u := newShellExecuteTestsUtils()
fm := &shellExecuteFileMock{}
err := runShellExecute(c, nil, u, fm) err := runShellExecute(c, nil, u)
assert.EqualError(t, err, "the specified script could not be found") assert.EqualError(t, err, "the script 'path/to/script.sh' could not be found")
}) })
t.Run("success case - script is present", func(t *testing.T) { t.Run("success case - script is present", func(t *testing.T) {
o := &shellExecuteOptions{} o := &shellExecuteOptions{}
u := newShellExecuteTestsUtils() u := newShellExecuteTestsUtils()
m := &shellExecuteFileMock{
fileReadContent: map[string]string{"path/to/script/script.sh": ``},
}
err := runShellExecute(o, nil, u, m) err := runShellExecute(o, nil, u)
assert.NoError(t, err) assert.NoError(t, err)
}) })
t.Run("success case - script run successfully", func(t *testing.T) { t.Run("success case - script run successfully", func(t *testing.T) {
o := &shellExecuteOptions{} o := &shellExecuteOptions{}
u := newShellExecuteTestsUtils() u := newShellExecuteTestsUtils()
m := &shellExecuteFileMock{
fileReadContent: map[string]string{"path/to/script/script.sh": `#!/usr/bin/env sh
print 'test'`},
}
err := runShellExecute(o, nil, u, m) err := runShellExecute(o, nil, u)
assert.NoError(t, err) assert.NoError(t, err)
}) })

7
documentation/docs/steps/shellExecute.md Normal file
View File

@@ -0,0 +1,7 @@
# ${docGenStepName}
## ${docGenDescription}
## ${docGenParameters}
## ${docGenConfiguration}

1
documentation/mkdocs.yml
View File

@@ -145,6 +145,7 @@ nav:
- protecodeExecuteScan: steps/protecodeExecuteScan.md - protecodeExecuteScan: steps/protecodeExecuteScan.md
- seleniumExecuteTests: steps/seleniumExecuteTests.md - seleniumExecuteTests: steps/seleniumExecuteTests.md
- setupCommonPipelineEnvironment: steps/setupCommonPipelineEnvironment.md - setupCommonPipelineEnvironment: steps/setupCommonPipelineEnvironment.md
- shellExecute: steps/shellExecute.md
- slackSendNotification: steps/slackSendNotification.md - slackSendNotification: steps/slackSendNotification.md
- snykExecute: steps/snykExecute.md - snykExecute: steps/snykExecute.md
- sonarExecuteScan: steps/sonarExecuteScan.md - sonarExecuteScan: steps/sonarExecuteScan.md

22
resources/metadata/shellExecute.yaml
View File

@@ -1,26 +1,10 @@
metadata: metadata:
name: shellExecute name: shellExecute
description: Step executes defined script description: Step executes defined script
longDescription: Step executes defined script with Vault credentials, or created them on this step longDescription: Step executes defined script with using test vault credentials
spec: spec:
inputs: inputs:
params: params:
- name: vaultServerUrl
type: string
scope:
- GENERAL
- PARAMETERS
- STAGES
- STEPS
description: The URL for the Vault server to use
- name: vaultNamespace
type: string
scope:
- GENERAL
- PARAMETERS
- STAGES
- STEPS
description: The vault namespace that should be used (optional)
- name: sources - name: sources
type: "[]string" type: "[]string"
scope: scope:
@@ -28,3 +12,7 @@ spec:
- STAGES - STAGES
- STEPS - STEPS
description: Scripts names for execution or links to scripts description: Scripts names for execution or links to scripts
containers:
- name: shell
image: node:lts-stretch
workingDir: /home/node

1
test/groovy/CommonStepsTest.groovy
View File

@@ -205,6 +205,7 @@ public class CommonStepsTest extends BasePiperTest{
'golangBuild', //implementing new golang pattern without fields 'golangBuild', //implementing new golang pattern without fields
'apiProxyDownload', //implementing new golang pattern without fields 'apiProxyDownload', //implementing new golang pattern without fields
'apiKeyValueMapDownload', //implementing new golang pattern without fields 'apiKeyValueMapDownload', //implementing new golang pattern without fields
'shellExecute', //implementing new golang pattern without fields
] ]
@Test @Test

9
vars/shellExecute.groovy Normal file
View File

@@ -0,0 +1,9 @@
import groovy.transform.Field
@Field String STEP_NAME = getClass().getName()
@Field String METADATA_FILE = 'metadata/shellExecute.yaml'
void call(Map parameters = [:]) {
List credentials = []
piperExecuteBin(parameters, STEP_NAME, METADATA_FILE, credentials)
}