Skip to content

Commit

Permalink
conditional steps for LDAP/ACL
Browse files Browse the repository at this point in the history
  • Loading branch information
Vojtech Cerny authored and Northard, Robert A committed Feb 23, 2017
1 parent 09cb3b1 commit 292cdd0
Show file tree
Hide file tree
Showing 2 changed files with 136 additions and 75 deletions.
100 changes: 66 additions & 34 deletions bootstrap/Workspace_Management/Generate_Workspace.groovy
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ def workspaceManagementFolder = folder(workspaceManagementFolderName) { displayN

// Jobs
def generateWorkspaceJob = freeStyleJob(workspaceManagementFolderName + "/Generate_Workspace")

// Setup generateWorkspaceJob
generateWorkspaceJob.with{
parameters{
Expand All @@ -20,45 +20,77 @@ generateWorkspaceJob.with{
preBuildCleanup()
injectPasswords()
maskPasswords()
environmentVariables {
env('DC',"${LDAP_ROOTDN}")
env('OU_GROUPS','ou=groups')
env('OU_PEOPLE','ou=people')
env('OUTPUT_FILE','output.ldif')
}
credentialsBinding {
usernamePassword("LDAP_ADMIN_USER", "LDAP_ADMIN_PASSWORD", "adop-ldap-admin")
if("${ADOP_LDAP_ENABLED}" == "true")
{
environmentVariables
{
env('DC', "${LDAP_ROOTDN}")
env('OU_GROUPS','ou=groups')
env('OU_PEOPLE','ou=people')
env('OUTPUT_FILE','output.ldif')
}

credentialsBinding
{
usernamePassword("LDAP_ADMIN_USER", "LDAP_ADMIN_PASSWORD", "adop-ldap-admin")
}
sshAgent("adop-jenkins-master")
}
}
steps {
shell('''#!/bin/bash
# Validate Variables
pattern=" |'"
if [[ "${WORKSPACE_NAME}" =~ ${pattern} ]]; then
echo "WORKSPACE_NAME contains a space, please replace with an underscore - exiting..."
exit 1
fi''')
conditionalSteps
{
condition
{
stringsMatch('${ADOP_ACL_ENABLED}', 'true', true)
}
runner('Fail')
steps {
systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_admin.groovy')
systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_developer.groovy')
systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_viewer.groovy')
}
}
conditionalSteps
{
condition
{
stringsMatch('${ADOP_LDAP_ENABLED}', 'true', true)
}
runner('Fail')
steps {
shell('''
# LDAP
${WORKSPACE}/common/ldap/generate_role.sh -r "admin" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${ADMIN_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}"
${WORKSPACE}/common/ldap/generate_role.sh -r "developer" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${DEVELOPER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}"
${WORKSPACE}/common/ldap/generate_role.sh -r "viewer" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${VIEWER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}"
# Validate Variables
pattern=" |'"
if [[ "${WORKSPACE_NAME}" =~ ${pattern} ]]; then
echo "WORKSPACE_NAME contains a space, please replace with an underscore - exiting..."
exit 1
fi''')
shell('''# LDAP
${WORKSPACE}/common/ldap/generate_role.sh -r "admin" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${ADMIN_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}"
${WORKSPACE}/common/ldap/generate_role.sh -r "developer" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${DEVELOPER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}"
${WORKSPACE}/common/ldap/generate_role.sh -r "viewer" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${VIEWER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}"
set +e
${WORKSPACE}/common/ldap/load_ldif.sh -h ldap -u "${LDAP_ADMIN_USER}" -p "${LDAP_ADMIN_PASSWORD}" -b "${DC}" -f "${OUTPUT_FILE}"
set -e
set +e
${WORKSPACE}/common/ldap/load_ldif.sh -h ldap -u "${LDAP_ADMIN_USER}" -p "${LDAP_ADMIN_PASSWORD}" -b "${DC}" -f "${OUTPUT_FILE}"
set -e
ADMIN_USERS=$(echo ${ADMIN_USERS} | tr ',' ' ')
DEVELOPER_USERS=$(echo ${DEVELOPER_USERS} | tr ',' ' ')
VIEWER_USERS=$(echo ${VIEWER_USERS} | tr ',' ' ')
ADMIN_USERS=$(echo ${ADMIN_USERS} | tr ',' ' ')
DEVELOPER_USERS=$(echo ${DEVELOPER_USERS} | tr ',' ' ')
VIEWER_USERS=$(echo ${VIEWER_USERS} | tr ',' ' ')
# Gerrit
for user in $ADMIN_USERS $DEVELOPER_USERS $VIEWER_USERS
do
username=$(echo ${user} | cut -d'@' -f1)
${WORKSPACE}/common/gerrit/create_user.sh -g http://gerrit:8080/gerrit -u "${username}" -p "${username}"
done''')
dsl {
# Gerrit
for user in $ADMIN_USERS $DEVELOPER_USERS $VIEWER_USERS
do
username=$(echo ${user} | cut -d'@' -f1)
${WORKSPACE}/common/gerrit/create_user.sh -g http://gerrit:8080/gerrit -u "${username}" -p "${username}"
done
''')
}
}
dsl
{
external("workspaces/jobs/**/*.groovy")
}
systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_admin.groovy')
Expand All @@ -75,4 +107,4 @@ done''')
branch("*/master")
}
}
}
}
111 changes: 70 additions & 41 deletions workspaces/jobs/jobs.groovy
Original file line number Diff line number Diff line change
Expand Up @@ -27,53 +27,82 @@ generateProjectJob.with{
preBuildCleanup()
injectPasswords()
maskPasswords()
environmentVariables {
env('DC',"${DC}")
env('OU_GROUPS','ou=groups')
env('OU_PEOPLE','ou=people')
env('OUTPUT_FILE','output.ldif')
}
credentialsBinding {
usernamePassword("LDAP_ADMIN_USER", "LDAP_ADMIN_PASSWORD", "adop-ldap-admin")
if("${ADOP_ACL_ENABLED}" == "true")
{
environmentVariables
{
env('DC', "${LDAP_ROOTDN}")
env('OU_GROUPS','ou=groups')
env('OU_PEOPLE','ou=people')
env('OUTPUT_FILE','output.ldif')
}
if("${ADOP_LDAP_ENABLED}" == "true")
{
credentialsBinding
{
usernamePassword("LDAP_ADMIN_USER", "LDAP_ADMIN_PASSWORD", "adop-ldap-admin")
}
sshAgent("adop-jenkins-master")
}
}
sshAgent("adop-jenkins-master")
}
steps {
shell('''#!/bin/bash -e
# Validate Variables
pattern=" |'"
if [[ "${PROJECT_NAME}" =~ ${pattern} ]]; then
echo "PROJECT_NAME contains a space, please replace with an underscore - exiting..."
exit 1
fi''')
shell('''set -e
# LDAP
${WORKSPACE}/common/ldap/generate_role.sh -r "admin" -n "${WORKSPACE_NAME}.${PROJECT_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${ADMIN_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}"
${WORKSPACE}/common/ldap/generate_role.sh -r "developer" -n "${WORKSPACE_NAME}.${PROJECT_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${DEVELOPER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}"
${WORKSPACE}/common/ldap/generate_role.sh -r "viewer" -n "${WORKSPACE_NAME}.${PROJECT_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${VIEWER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}"
steps
{
shell('''#!/bin/bash
# Validate Variables
pattern=" |'"
if [[ "${WORKSPACE_NAME}" =~ ${pattern} ]]; then
echo "WORKSPACE_NAME contains a space, please replace with an underscore - exiting..."
exit 1
fi''')
conditionalSteps
{
condition
{
stringsMatch('${ADOP_ACL_ENABLED}', 'true', true)
}
runner('Fail')
steps {
systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_admin.groovy')
systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_developer.groovy')
systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_viewer.groovy')
}
}
conditionalSteps
{
condition
{
stringsMatch('${ADOP_LDAP_ENABLED}', 'true', true)
}
runner('Fail')
steps {
shell('''
# LDAP
${WORKSPACE}/common/ldap/generate_role.sh -r "admin" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${ADMIN_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}"
${WORKSPACE}/common/ldap/generate_role.sh -r "developer" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${DEVELOPER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}"
${WORKSPACE}/common/ldap/generate_role.sh -r "viewer" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${VIEWER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}"
set +e
${WORKSPACE}/common/ldap/load_ldif.sh -h ldap -u "${LDAP_ADMIN_USER}" -p "${LDAP_ADMIN_PASSWORD}" -b "${DC}" -f "${OUTPUT_FILE}"
set -e
set +e
${WORKSPACE}/common/ldap/load_ldif.sh -h ldap -u "${LDAP_ADMIN_USER}" -p "${LDAP_ADMIN_PASSWORD}" -b "${DC}" -f "${OUTPUT_FILE}"
set -e
ADMIN_USERS=$(echo ${ADMIN_USERS} | tr ',' ' ')
DEVELOPER_USERS=$(echo ${DEVELOPER_USERS} | tr ',' ' ')
VIEWER_USERS=$(echo ${VIEWER_USERS} | tr ',' ' ')
ADMIN_USERS=$(echo ${ADMIN_USERS} | tr ',' ' ')
DEVELOPER_USERS=$(echo ${DEVELOPER_USERS} | tr ',' ' ')
VIEWER_USERS=$(echo ${VIEWER_USERS} | tr ',' ' ')
# Gerrit
for user in $ADMIN_USERS $DEVELOPER_USERS $VIEWER_USERS
do
username=$(echo ${user} | cut -d'@' -f1)
${WORKSPACE}/common/gerrit/create_user.sh -g http://gerrit:8080/gerrit -u "${username}" -p "${username}"
done''')
shell('''#!/bin/bash -ex
# Gerrit
source ${WORKSPACE}/projects/gerrit/configure.sh
# Generate second permission repo with enabled code-review
source ${WORKSPACE}/projects/gerrit/configure.sh -r permissions-with-review''')
dsl {
external("projects/jobs/**/*.groovy")
# Gerrit
for user in $ADMIN_USERS $DEVELOPER_USERS $VIEWER_USERS
do
username=$(echo ${user} | cut -d'@' -f1)
${WORKSPACE}/common/gerrit/create_user.sh -g http://gerrit:8080/gerrit -u "${username}" -p "${username}"
done
''')
}
}
dsl
{
external("workspaces/jobs/**/*.groovy")
}
systemGroovyScriptFile('${WORKSPACE}/projects/groovy/acl_admin.groovy')
systemGroovyScriptFile('${WORKSPACE}/projects/groovy/acl_developer.groovy')
Expand Down

0 comments on commit 292cdd0

Please sign in to comment.