support Docker Host Certificate Authentication type

Signed-off-by: Shuwei Hao <[email protected]>

Author: haoshuwei

pom.xml

@@ -234,6 +234,11 @@
       <version>1.18</version>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>org.jenkins-ci.plugins</groupId>
+      <artifactId>docker-commons</artifactId>
+      <version>1.14</version>
+    </dependency>
   </dependencies>
 
 

src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesCloud.java

@@ -31,6 +31,7 @@
 import org.csanchez.jenkins.plugins.kubernetes.pipeline.PodTemplateMap;
 import org.csanchez.jenkins.plugins.kubernetes.pod.retention.Default;
 import org.csanchez.jenkins.plugins.kubernetes.pod.retention.PodRetention;
+import org.jenkinsci.plugins.docker.commons.credentials.DockerServerCredentials;
 import org.jenkinsci.plugins.plaincredentials.FileCredentials;
 import org.jenkinsci.plugins.plaincredentials.StringCredentials;
 import org.jenkinsci.plugins.plaincredentials.impl.StringCredentialsImpl;
@@ -718,7 +719,8 @@ public ListBoxModel doFillCredentialsIdItems(@QueryParameter String serverUrl) {
                                     CredentialsMatchers.instanceOf(
                                             org.jenkinsci.plugins.kubernetes.credentials.TokenProducer.class),
                                     CredentialsMatchers.instanceOf(StandardCertificateCredentials.class),
-                                    CredentialsMatchers.instanceOf(StringCredentials.class)), //
+                                    CredentialsMatchers.instanceOf(StringCredentials.class),//
+                                    CredentialsMatchers.instanceOf(DockerServerCredentials.class)),
                             CredentialsProvider.lookupCredentials(StandardCredentials.class, //
                                     Jenkins.getInstance(), //
                                     ACL.SYSTEM, //

src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesFactoryAdapter.java

@@ -39,6 +39,7 @@
 import io.fabric8.kubernetes.client.DefaultKubernetesClient;
 import io.fabric8.kubernetes.client.KubernetesClient;
 import jenkins.model.Jenkins;
+import org.jenkinsci.plugins.docker.commons.credentials.DockerServerCredentials;
 import org.jenkinsci.plugins.kubernetes.credentials.TokenProducer;
 import org.jenkinsci.plugins.plaincredentials.FileCredentials;
 import org.jenkinsci.plugins.plaincredentials.StringCredentials;
@@ -152,6 +153,10 @@ public KubernetesClient createClient() throws NoSuchAlgorithmException, Unrecove
             builder.withClientCertData(Base64.encodeBase64String(certificate.getEncoded()))
                     .withClientKeyData(pemEncodeKey(key))
                     .withClientKeyPassphrase(Secret.toString(certificateCredentials.getPassword()));
+        } else if (credentials instanceof DockerServerCredentials) {
+            DockerServerCredentials certificateCredentials = (DockerServerCredentials) credentials;
+            builder.withClientCertData(certificateCredentials.getClientCertificate())
+                    .withClientKeyData(certificateCredentials.getClientKey());
         }
 
         if (skipTlsVerify) {
@@ -160,7 +165,11 @@ public KubernetesClient createClient() throws NoSuchAlgorithmException, Unrecove
 
         if (caCertData != null) {
             // JENKINS-38829 CaCertData expects a Base64 encoded certificate
-            builder.withCaCertData(Base64.encodeBase64String(caCertData.getBytes(UTF_8)));
+            if (credentials instanceof DockerServerCredentials) {
+                builder.withCaCertData(org.apache.commons.codec.binary.StringUtils.newStringUtf8(caCertData.getBytes(UTF_8)));
+            } else {
+                builder.withCaCertData(Base64.encodeBase64String(caCertData.getBytes(UTF_8)));
+            }
         }
 
         builder = builder.withRequestTimeout(readTimeout * 1000).withConnectionTimeout(connectTimeout * 1000);