Execute deployment on slave when the job is started from slave (jenkinsci#8)

* Schedule the build to slave node if the job is running on slave
* Complete unit tests
* Send AI event based on the deployment state

Author: allxiao

src/main/java/com/microsoft/jenkins/kubernetes/KubernetesClientWrapper.java

@@ -7,12 +7,12 @@
 package com.microsoft.jenkins.kubernetes;
 
 import com.google.common.annotations.VisibleForTesting;
+import com.microsoft.jenkins.kubernetes.credentials.ResolvedDockerRegistryEndpoint;
 import com.microsoft.jenkins.kubernetes.util.CommonUtils;
 import com.microsoft.jenkins.kubernetes.util.Constants;
 import com.microsoft.jenkins.kubernetes.util.DockerConfigBuilder;
 import hudson.EnvVars;
 import hudson.FilePath;
-import hudson.model.Item;
 import hudson.util.VariableResolver;
 import io.fabric8.kubernetes.api.model.HasMetadata;
 import io.fabric8.kubernetes.api.model.Job;
@@ -32,7 +32,6 @@
 import io.fabric8.kubernetes.client.DefaultKubernetesClient;
 import io.fabric8.kubernetes.client.KubernetesClient;
 import org.apache.commons.lang.StringUtils;
-import org.jenkinsci.plugins.docker.commons.credentials.DockerRegistryEndpoint;
 
 import java.io.IOException;
 import java.io.PrintStream;
@@ -163,7 +162,6 @@ public void apply(FilePath[] configFiles) throws IOException, InterruptedExcepti
      * <p>
      * This can be used by the Pods later to pull images from the private container registry.
      *
-     * @param context             the current job context, generally this should be {@code getRun().getParent()}
      * @param kubernetesNamespace The namespace in which the Secret should be created / updated
      * @param secretName          The name of the Secret
      * @param credentials         All the configured credentials
@@ -173,14 +171,13 @@ public void apply(FilePath[] configFiles) throws IOException, InterruptedExcepti
      * </a>
      */
     public void createOrReplaceSecrets(
-            Item context,
             String kubernetesNamespace,
             String secretName,
-            List<DockerRegistryEndpoint> credentials) throws IOException {
+            List<ResolvedDockerRegistryEndpoint> credentials) throws IOException {
         log(Messages.KubernetesClientWrapper_prepareSecretsWithName(secretName));
 
         DockerConfigBuilder dockerConfigBuilder = new DockerConfigBuilder(credentials);
-        String dockercfg = dockerConfigBuilder.buildDockercfgBase64(context);
+        String dockercfg = dockerConfigBuilder.buildDockercfgBase64();
 
         Map<String, String> data = new HashMap<>();
         data.put(".dockercfg", dockercfg);

src/main/java/com/microsoft/jenkins/kubernetes/KubernetesDeployContext.java

@@ -15,20 +15,24 @@
 import com.microsoft.jenkins.azurecommons.command.SimpleBuildStepExecution;
 import com.microsoft.jenkins.azurecommons.remote.SSHClient;
 import com.microsoft.jenkins.kubernetes.command.DeploymentCommand;
+import com.microsoft.jenkins.kubernetes.credentials.ClientWrapperFactory;
 import com.microsoft.jenkins.kubernetes.credentials.ConfigFileCredentials;
 import com.microsoft.jenkins.kubernetes.credentials.KubernetesCredentialsType;
+import com.microsoft.jenkins.kubernetes.credentials.ResolvedDockerRegistryEndpoint;
 import com.microsoft.jenkins.kubernetes.credentials.SSHCredentials;
 import com.microsoft.jenkins.kubernetes.credentials.TextCredentials;
 import com.microsoft.jenkins.kubernetes.util.Constants;
 import hudson.Extension;
 import hudson.FilePath;
 import hudson.Launcher;
+import hudson.model.Item;
 import hudson.model.Run;
 import hudson.model.TaskListener;
 import hudson.util.FormValidation;
 import hudson.util.ListBoxModel;
 import org.apache.commons.lang3.StringUtils;
 import org.jenkinsci.plugins.docker.commons.credentials.DockerRegistryEndpoint;
+import org.jenkinsci.plugins.docker.commons.credentials.DockerRegistryToken;
 import org.jenkinsci.plugins.workflow.steps.StepContext;
 import org.jenkinsci.plugins.workflow.steps.StepDescriptor;
 import org.jenkinsci.plugins.workflow.steps.StepExecution;
@@ -164,14 +168,14 @@ public void setEnableConfigSubstitution(boolean enableConfigSubstitution) {
         this.enableConfigSubstitution = enableConfigSubstitution;
     }
 
-    @Override
     public List<DockerRegistryEndpoint> getDockerCredentials() {
         if (dockerCredentials == null) {
             return ImmutableList.of();
         }
-        return dockerCredentials;
+        return ImmutableList.copyOf(dockerCredentials);
     }
 
+
     @DataBoundSetter
     public void setDockerCredentials(List<DockerRegistryEndpoint> dockerCredentials) {
         List<DockerRegistryEndpoint> endpoints = new ArrayList<>();
@@ -191,30 +195,34 @@ public void setDockerCredentials(List<DockerRegistryEndpoint> dockerCredentials)
                     registryUrl = "http://" + registryUrl;
                 }
             }
-            endpoint = new DockerRegistryEndpoint(registryUrl, credentialsId);
-            endpoints.add(endpoint);
+            endpoints.add(new DockerRegistryEndpoint(registryUrl, credentialsId));
         }
         this.dockerCredentials = endpoints;
     }
 
-    public KubernetesClientWrapper buildKubernetesClientWrapper(FilePath workspace) throws Exception {
+    @Override
+    public List<ResolvedDockerRegistryEndpoint> resolveEndpoints(Item context) throws IOException {
+        List<ResolvedDockerRegistryEndpoint> endpoints = new ArrayList<>();
+        List<DockerRegistryEndpoint> configured = getDockerCredentials();
+        for (DockerRegistryEndpoint endpoint : configured) {
+            DockerRegistryToken token = endpoint.getToken(context);
+            if (token == null) {
+                throw new IllegalArgumentException("No credentials found for " + endpoint);
+            }
+            endpoints.add(new ResolvedDockerRegistryEndpoint(endpoint.getEffectiveUrl(), token));
+        }
+        return endpoints;
+    }
+
+    @Override
+    public ClientWrapperFactory clientFactory() {
         switch (getCredentialsTypeEnum()) {
             case SSH:
-                FilePath tempConfig = getSsh().getConfigFilePath(workspace);
-                try {
-                    return new KubernetesClientWrapper(tempConfig.getRemote());
-                } finally {
-                    tempConfig.delete();
-                }
+                return getSsh().buildClientWrapperFactory();
             case KubeConfig:
-                return new KubernetesClientWrapper(getKubeConfig().getConfigFilePath(workspace).getRemote());
+                return getKubeConfig().buildClientWrapperFactory();
             case Text:
-                TextCredentials text = getTextCredentials();
-                return new KubernetesClientWrapper(
-                        text.getServerUrl(),
-                        text.getCertificateAuthorityData(),
-                        text.getClientCertificateData(),
-                        text.getClientKeyData());
+                return getTextCredentials().buildClientWrapperFactory();
             default:
                 throw new IllegalStateException(
                         Messages.KubernetesDeployContext_unknownCredentialsType(getCredentialsTypeEnum()));

src/main/java/com/microsoft/jenkins/kubernetes/command/DeploymentCommand.java

@@ -16,95 +16,149 @@
 import com.microsoft.jenkins.kubernetes.KubernetesCDPlugin;
 import com.microsoft.jenkins.kubernetes.KubernetesClientWrapper;
 import com.microsoft.jenkins.kubernetes.Messages;
+import com.microsoft.jenkins.kubernetes.credentials.ClientWrapperFactory;
+import com.microsoft.jenkins.kubernetes.credentials.ResolvedDockerRegistryEndpoint;
 import com.microsoft.jenkins.kubernetes.util.Constants;
 import hudson.EnvVars;
 import hudson.FilePath;
 import hudson.model.Item;
+import hudson.model.TaskListener;
 import hudson.util.VariableResolver;
+import io.fabric8.kubernetes.client.KubernetesClient;
+import jenkins.security.MasterToSlaveCallable;
 import org.apache.commons.lang3.StringUtils;
-import org.jenkinsci.plugins.docker.commons.credentials.DockerRegistryEndpoint;
 
+import java.io.IOException;
+import java.io.Serializable;
 import java.net.URL;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 
 import static com.google.common.base.Preconditions.checkState;
 
-public class DeploymentCommand implements ICommand<DeploymentCommand.IDeploymentCommand> {
+/**
+ * Command to deploy Kubernetes configurations.
+ * <p>
+ * Mark it as serializable so that the inner Callable can be serialized correctly.
+ */
+public class DeploymentCommand implements ICommand<DeploymentCommand.IDeploymentCommand>, Serializable {
     @Override
     public void execute(IDeploymentCommand context) {
         JobContext jobContext = context.getJobContext();
-        FilePath workspace = jobContext.getWorkspace();
-        Item jobItem = jobContext.getRun().getParent();
-        EnvVars envVars = context.getEnvVars();
-        String secretNamespace = context.getSecretNamespace();
-        String configPaths = context.getConfigs();
 
-        KubernetesClientWrapper wrapper = null;
+        // all the final variables below are serializable, which will be captured in the below MasterToSlaveCallable
+        // and execute on the slave if the job is scheduled on slave.
+        final TaskListener taskListener = jobContext.getTaskListener();
+        final String secretNameCfg = context.getSecretName();
+        final String secretNamespace = context.getSecretNamespace();
+        final String configPaths = context.getConfigs();
+        final FilePath workspace = jobContext.getWorkspace();
+        final String defaultSecretName = jobContext.getRun().getDisplayName();
+        final EnvVars envVars = context.getEnvVars();
+        final boolean enableSubstitution = context.isEnableConfigSubstitution();
+        final ClientWrapperFactory clientFactory = context.clientFactory();
+
+        TaskResult taskResult = null;
         try {
-            checkState(StringUtils.isNotBlank(secretNamespace), Messages.DeploymentCommand_blankNamespace());
-            checkState(StringUtils.isNotBlank(configPaths), Messages.DeploymentCommand_blankConfigFiles());
-
-            wrapper = context.buildKubernetesClientWrapper(workspace).withLogger(jobContext.logger());
-
-            FilePath[] configFiles = workspace.list(configPaths);
-            if (configFiles.length == 0) {
-                context.logError(Messages.DeploymentCommand_noMatchingConfigFiles(configPaths));
-                return;
-            }
-
-            List<DockerRegistryEndpoint> dockerCredentials = context.getDockerCredentials();
-            if (!dockerCredentials.isEmpty()) {
-                String secretName = KubernetesClientWrapper.prepareSecretName(
-                        context.getSecretName(), jobContext.getRun().getDisplayName(), envVars);
-
-                wrapper.createOrReplaceSecrets(jobItem, secretNamespace, secretName, dockerCredentials);
-
-                context.logStatus(Messages.DeploymentCommand_injectSecretName(
-                        Constants.KUBERNETES_SECRET_NAME_PROP, secretName));
-                EnvironmentInjector.inject(
-                        jobContext.getRun(), envVars, Constants.KUBERNETES_SECRET_NAME_PROP, secretName);
+            final List<ResolvedDockerRegistryEndpoint> dockerRegistryEndpoints =
+                    context.resolveEndpoints(jobContext.getRun().getParent());
+            taskResult = workspace.act(new MasterToSlaveCallable<TaskResult, Exception>() {
+                @Override
+                public TaskResult call() throws Exception {
+                    TaskResult result = new TaskResult();
+
+                    checkState(StringUtils.isNotBlank(secretNamespace), Messages.DeploymentCommand_blankNamespace());
+                    checkState(StringUtils.isNotBlank(configPaths), Messages.DeploymentCommand_blankConfigFiles());
+
+                    KubernetesClientWrapper wrapper =
+                            clientFactory.buildClient(workspace).withLogger(taskListener.getLogger());
+                    result.masterHost = getMasterHost(wrapper);
+
+                    FilePath[] configFiles = workspace.list(configPaths);
+                    if (configFiles.length == 0) {
+                        String message = Messages.DeploymentCommand_noMatchingConfigFiles(configPaths);
+                        taskListener.error(message);
+                        result.commandState = CommandState.HasError;
+                        throw new IllegalStateException(message);
+                    }
+
+                    if (!dockerRegistryEndpoints.isEmpty()) {
+                        String secretName =
+                                KubernetesClientWrapper.prepareSecretName(secretNameCfg, defaultSecretName, envVars);
+
+                        wrapper.createOrReplaceSecrets(secretNamespace, secretName, dockerRegistryEndpoints);
+
+                        taskListener.getLogger().println(Messages.DeploymentCommand_injectSecretName(
+                                Constants.KUBERNETES_SECRET_NAME_PROP, secretName));
+                        envVars.put(Constants.KUBERNETES_SECRET_NAME_PROP, secretName);
+                        result.extraEnvVars.put(Constants.KUBERNETES_SECRET_NAME_PROP, secretName);
+                    }
+
+                    if (enableSubstitution) {
+                        wrapper.withVariableResolver(new VariableResolver.ByMap<>(envVars));
+                    }
+
+                    wrapper.apply(configFiles);
+
+                    result.commandState = CommandState.Success;
+
+                    return result;
+                }
+            });
+            for (Map.Entry<String, String> entry : taskResult.extraEnvVars.entrySet()) {
+                EnvironmentInjector.inject(jobContext.getRun(), envVars, entry.getKey(), entry.getValue());
             }
 
-            if (context.isEnableConfigSubstitution()) {
-                wrapper.withVariableResolver(new VariableResolver.ByMap<>(envVars));
+            context.setCommandState(taskResult.commandState);
+            if (taskResult.commandState.isError()) {
+                KubernetesCDPlugin.sendEvent(Constants.AI_KUBERNETES, "DeployFailed",
+                        Constants.AI_K8S_MASTER, AppInsightsUtils.hash(taskResult.masterHost));
+            } else {
+                KubernetesCDPlugin.sendEvent(Constants.AI_KUBERNETES, "Deployed",
+                        Constants.AI_K8S_MASTER, AppInsightsUtils.hash(taskResult.masterHost));
             }
-
-            wrapper.apply(configFiles);
-
-            context.setCommandState(CommandState.Success);
-
-            KubernetesCDPlugin.sendEvent(Constants.AI_KUBERNETES, "Deployed",
-                    Constants.AI_K8S_MASTER, AppInsightsUtils.hash(getMasterHost(wrapper)));
         } catch (Exception e) {
             if (e instanceof InterruptedException) {
                 Thread.currentThread().interrupt();
             }
             context.logError(e);
             KubernetesCDPlugin.sendEvent(Constants.AI_KUBERNETES, "DeployFailed",
-                    Constants.AI_K8S_MASTER, AppInsightsUtils.hash(getMasterHost(wrapper)),
+                    Constants.AI_K8S_MASTER, AppInsightsUtils.hash(taskResult == null ? null : taskResult.masterHost),
                     Constants.AI_MESSAGE, e.getMessage());
         }
     }
 
     @VisibleForTesting
     String getMasterHost(KubernetesClientWrapper wrapper) {
         if (wrapper != null) {
-            URL masterURL = wrapper.getClient().getMasterUrl();
-            if (masterURL != null) {
-                return masterURL.getHost();
+            KubernetesClient client = wrapper.getClient();
+            if (client != null) {
+                URL masterURL = client.getMasterUrl();
+                if (masterURL != null) {
+                    return masterURL.getHost();
+                }
             }
         }
         return "Unknown";
     }
 
+    public static class TaskResult implements Serializable {
+        private static final long serialVersionUID = 1L;
+
+        private CommandState commandState = CommandState.Unknown;
+        private String masterHost;
+        private final Map<String, String> extraEnvVars = new HashMap<>();
+    }
+
     public interface IDeploymentCommand extends IBaseCommandData {
-        KubernetesClientWrapper buildKubernetesClientWrapper(FilePath workspace) throws Exception;
+        ClientWrapperFactory clientFactory();
 
         String getSecretNamespace();
 
         String getSecretName();
 
-        List<DockerRegistryEndpoint> getDockerCredentials();
+        List<ResolvedDockerRegistryEndpoint> resolveEndpoints(Item context) throws IOException;
 
         String getConfigs();
 

src/main/java/com/microsoft/jenkins/kubernetes/credentials/ClientWrapperFactory.java

@@ -0,0 +1,29 @@
+/*
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License. See License.txt in the project root for
+ * license information.
+ */
+
+package com.microsoft.jenkins.kubernetes.credentials;
+
+import com.microsoft.jenkins.kubernetes.KubernetesClientWrapper;
+import hudson.FilePath;
+
+import java.io.Serializable;
+
+/**
+ * The serializable factory that produces a {@link KubernetesClientWrapper}.
+ * <p>
+ * The implementation should be serializable. It will be passed to the remote node when required, and build the
+ * client wrapper there.
+ */
+public interface ClientWrapperFactory extends Serializable {
+    KubernetesClientWrapper buildClient(FilePath workspace) throws Exception;
+
+    /**
+     * The builder that builds {@link ClientWrapperFactory}.
+     */
+    interface Builder {
+        ClientWrapperFactory buildClientWrapperFactory();
+    }
+}