Skip to content

Commit

Permalink
Conditional steps for LDAP/ACL
Browse files Browse the repository at this point in the history
  • Loading branch information
Vojtech Cerny authored and Northard, Robert A committed Feb 27, 2017
1 parent 09cb3b1 commit c6113bf
Show file tree
Hide file tree
Showing 2 changed files with 120 additions and 60 deletions.
73 changes: 53 additions & 20 deletions bootstrap/Workspace_Management/Generate_Workspace.groovy
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,15 @@ def workspaceManagementFolder = folder(workspaceManagementFolderName) { displayN

// Jobs
def generateWorkspaceJob = freeStyleJob(workspaceManagementFolderName + "/Generate_Workspace")


def adopLdapEnabled = '';

try{
adopLdapEnabled = "${ADOP_LDAP_ENABLED}".toBoolean();
}catch(MissingPropertyException ex){
adopLdapEnabled = true;
}

// Setup generateWorkspaceJob
generateWorkspaceJob.with{
parameters{
Expand All @@ -20,26 +28,52 @@ generateWorkspaceJob.with{
preBuildCleanup()
injectPasswords()
maskPasswords()
environmentVariables {
env('DC',"${LDAP_ROOTDN}")
env('OU_GROUPS','ou=groups')
env('OU_PEOPLE','ou=people')
env('OUTPUT_FILE','output.ldif')
}
credentialsBinding {
usernamePassword("LDAP_ADMIN_USER", "LDAP_ADMIN_PASSWORD", "adop-ldap-admin")
}
if(adopLdapEnabled == true)
{
environmentVariables
{
env('DC', "${LDAP_ROOTDN}")
env('OU_GROUPS','ou=groups')
env('OU_PEOPLE','ou=people')
env('OUTPUT_FILE','output.ldif')
}
credentialsBinding
{
usernamePassword("LDAP_ADMIN_USER", "LDAP_ADMIN_PASSWORD", "adop-ldap-admin")
}
}
sshAgent("adop-jenkins-master")
}
steps {
shell('''#!/bin/bash
# Validate Variables
pattern=" |'"
if [[ "${WORKSPACE_NAME}" =~ ${pattern} ]]; then
echo "WORKSPACE_NAME contains a space, please replace with an underscore - exiting..."
exit 1
fi''')
shell('''# LDAP
conditionalSteps
{
condition
{
shell('''
if [ "${ADOP_ACL_ENABLED}" == "false" ]
then
exit 1
fi
exit 0
''')
}
runner('DontRun')
steps {
systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_admin.groovy')
systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_developer.groovy')
systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_viewer.groovy')
}
}
if(adopLdapEnabled == true) {
shell('''
# LDAP
${WORKSPACE}/common/ldap/generate_role.sh -r "admin" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${ADMIN_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}"
${WORKSPACE}/common/ldap/generate_role.sh -r "developer" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${DEVELOPER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}"
${WORKSPACE}/common/ldap/generate_role.sh -r "viewer" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${VIEWER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}"
Expand All @@ -55,15 +89,14 @@ VIEWER_USERS=$(echo ${VIEWER_USERS} | tr ',' ' ')
# Gerrit
for user in $ADMIN_USERS $DEVELOPER_USERS $VIEWER_USERS
do
username=$(echo ${user} | cut -d'@' -f1)
${WORKSPACE}/common/gerrit/create_user.sh -g http://gerrit:8080/gerrit -u "${username}" -p "${username}"
done''')
username=$(echo ${user} | cut -d'@' -f1)
${WORKSPACE}/common/gerrit/create_user.sh -g http://gerrit:8080/gerrit -u "${username}" -p "${username}"
done
''')
}
dsl {
external("workspaces/jobs/**/*.groovy")
external("workspaces/jobs/**/*.groovy")
}
systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_admin.groovy')
systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_developer.groovy')
systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_viewer.groovy')
}
scm {
git {
Expand All @@ -75,4 +108,4 @@ done''')
branch("*/master")
}
}
}
}
107 changes: 67 additions & 40 deletions workspaces/jobs/jobs.groovy
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,14 @@ def projectManagementFolder = folder(projectManagementFolderName) { displayName(
// Jobs
def generateProjectJob = freeStyleJob(projectManagementFolderName + "/Generate_Project")

def adopLdapEnabled = '';

try{
adopLdapEnabled = "${ADOP_LDAP_ENABLED}".toBoolean();
}catch(MissingPropertyException ex){
adopLdapEnabled = true;
}

// Setup Generate_Project
generateProjectJob.with{
parameters{
Expand All @@ -27,57 +35,76 @@ generateProjectJob.with{
preBuildCleanup()
injectPasswords()
maskPasswords()
environmentVariables {
env('DC',"${DC}")
env('OU_GROUPS','ou=groups')
env('OU_PEOPLE','ou=people')
env('OUTPUT_FILE','output.ldif')
}
credentialsBinding {
usernamePassword("LDAP_ADMIN_USER", "LDAP_ADMIN_PASSWORD", "adop-ldap-admin")
if(adopLdapEnabled == true)
{
environmentVariables
{
env('DC', "${LDAP_ROOTDN}")
env('OU_GROUPS','ou=groups')
env('OU_PEOPLE','ou=people')
env('OUTPUT_FILE','output.ldif')
}
credentialsBinding
{
usernamePassword("LDAP_ADMIN_USER", "LDAP_ADMIN_PASSWORD", "adop-ldap-admin")
}
}
sshAgent("adop-jenkins-master")
}
steps {
shell('''#!/bin/bash -e
steps
{
shell('''#!/bin/bash
# Validate Variables
pattern=" |'"
if [[ "${PROJECT_NAME}" =~ ${pattern} ]]; then
echo "PROJECT_NAME contains a space, please replace with an underscore - exiting..."
exit 1
if [[ "${WORKSPACE_NAME}" =~ ${pattern} ]]; then
echo "WORKSPACE_NAME contains a space, please replace with an underscore - exiting..."
exit 1
fi''')
shell('''set -e
# LDAP
${WORKSPACE}/common/ldap/generate_role.sh -r "admin" -n "${WORKSPACE_NAME}.${PROJECT_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${ADMIN_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}"
${WORKSPACE}/common/ldap/generate_role.sh -r "developer" -n "${WORKSPACE_NAME}.${PROJECT_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${DEVELOPER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}"
${WORKSPACE}/common/ldap/generate_role.sh -r "viewer" -n "${WORKSPACE_NAME}.${PROJECT_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${VIEWER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}"
conditionalSteps
{
condition
{
shell('''
if [ "${ADOP_ACL_ENABLED}" == "false" ]
then
exit 1
fi
exit 0
''')
}
runner('DontRun')
steps {
systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_admin.groovy')
systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_developer.groovy')
systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_viewer.groovy')
}
}
if(adopLdapEnabled == true){
shell('''
# LDAP
${WORKSPACE}/common/ldap/generate_role.sh -r "admin" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${ADMIN_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}"
${WORKSPACE}/common/ldap/generate_role.sh -r "developer" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${DEVELOPER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}"
${WORKSPACE}/common/ldap/generate_role.sh -r "viewer" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${VIEWER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}"
set +e
${WORKSPACE}/common/ldap/load_ldif.sh -h ldap -u "${LDAP_ADMIN_USER}" -p "${LDAP_ADMIN_PASSWORD}" -b "${DC}" -f "${OUTPUT_FILE}"
set -e
set +e
${WORKSPACE}/common/ldap/load_ldif.sh -h ldap -u "${LDAP_ADMIN_USER}" -p "${LDAP_ADMIN_PASSWORD}" -b "${DC}" -f "${OUTPUT_FILE}"
set -e
ADMIN_USERS=$(echo ${ADMIN_USERS} | tr ',' ' ')
DEVELOPER_USERS=$(echo ${DEVELOPER_USERS} | tr ',' ' ')
VIEWER_USERS=$(echo ${VIEWER_USERS} | tr ',' ' ')
ADMIN_USERS=$(echo ${ADMIN_USERS} | tr ',' ' ')
DEVELOPER_USERS=$(echo ${DEVELOPER_USERS} | tr ',' ' ')
VIEWER_USERS=$(echo ${VIEWER_USERS} | tr ',' ' ')
# Gerrit
for user in $ADMIN_USERS $DEVELOPER_USERS $VIEWER_USERS
do
username=$(echo ${user} | cut -d'@' -f1)
${WORKSPACE}/common/gerrit/create_user.sh -g http://gerrit:8080/gerrit -u "${username}" -p "${username}"
done''')
shell('''#!/bin/bash -ex
# Gerrit
source ${WORKSPACE}/projects/gerrit/configure.sh
# Generate second permission repo with enabled code-review
source ${WORKSPACE}/projects/gerrit/configure.sh -r permissions-with-review''')
# Gerrit
for user in $ADMIN_USERS $DEVELOPER_USERS $VIEWER_USERS
do
username=$(echo ${user} | cut -d'@' -f1)
${WORKSPACE}/common/gerrit/create_user.sh -g http://gerrit:8080/gerrit -u "${username}" -p "${username}"
done
''')
}
dsl {
external("projects/jobs/**/*.groovy")
external("projects/jobs/**/*.groovy")
}
systemGroovyScriptFile('${WORKSPACE}/projects/groovy/acl_admin.groovy')
systemGroovyScriptFile('${WORKSPACE}/projects/groovy/acl_developer.groovy')
systemGroovyScriptFile('${WORKSPACE}/projects/groovy/acl_viewer.groovy')
}
scm {
git {
Expand Down

0 comments on commit c6113bf

Please sign in to comment.