From 41d55e2a0760ed775a368e61c1d65724e2a141a3 Mon Sep 17 00:00:00 2001 From: Vojtech Cerny Date: Wed, 15 Feb 2017 15:17:02 +0200 Subject: [PATCH] conditional steps for LDAP/ACL --- .../Generate_Workspace.groovy | 96 ++++++++++------- workspaces/jobs/jobs.groovy | 100 ++++++++++-------- 2 files changed, 113 insertions(+), 83 deletions(-) diff --git a/bootstrap/Workspace_Management/Generate_Workspace.groovy b/bootstrap/Workspace_Management/Generate_Workspace.groovy index 5fca393..cb343b7 100644 --- a/bootstrap/Workspace_Management/Generate_Workspace.groovy +++ b/bootstrap/Workspace_Management/Generate_Workspace.groovy @@ -6,7 +6,7 @@ def workspaceManagementFolder = folder(workspaceManagementFolderName) { displayN // Jobs def generateWorkspaceJob = freeStyleJob(workspaceManagementFolderName + "/Generate_Workspace") - + // Setup generateWorkspaceJob generateWorkspaceJob.with{ parameters{ @@ -20,50 +20,68 @@ generateWorkspaceJob.with{ preBuildCleanup() injectPasswords() maskPasswords() - environmentVariables { - env('DC',"${LDAP_ROOTDN}") - env('OU_GROUPS','ou=groups') - env('OU_PEOPLE','ou=people') - env('OUTPUT_FILE','output.ldif') - } - credentialsBinding { - usernamePassword("LDAP_ADMIN_USER", "LDAP_ADMIN_PASSWORD", "adop-ldap-admin") - } + if("${ADOP_LDAP_ENABLED}".equals("true")) + { + environmentVariables + { + env('DC', "${LDAP_ROOTDN}") + env('OU_GROUPS','ou=groups') + env('OU_PEOPLE','ou=people') + env('OUTPUT_FILE','output.ldif') + } + credentialsBinding + { + usernamePassword("LDAP_ADMIN_USER", "LDAP_ADMIN_PASSWORD", "adop-ldap-admin") + } + } + sshAgent("adop-jenkins-master") } steps { shell('''#!/bin/bash + # Validate Variables + pattern=" |'" + if [[ "${WORKSPACE_NAME}" =~ ${pattern} ]]; then + echo "WORKSPACE_NAME contains a space, please replace with an underscore - exiting..." + exit 1 + fi''') + conditionalSteps + { + condition + { + stringsMatch('${ADOP_ACL_ENABLED}', 'true', true) + } + runner('Fail') + steps { + systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_admin.groovy') + systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_developer.groovy') + systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_viewer.groovy') + } + } + } + if("${ADOP_LDAP_ENABLED}".equals("true")) { + steps { + shell(''' + # LDAP + ${WORKSPACE}/common/ldap/generate_role.sh -r "admin" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${ADMIN_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}" + ${WORKSPACE}/common/ldap/generate_role.sh -r "developer" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${DEVELOPER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}" + ${WORKSPACE}/common/ldap/generate_role.sh -r "viewer" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${VIEWER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}" -# Validate Variables -pattern=" |'" -if [[ "${WORKSPACE_NAME}" =~ ${pattern} ]]; then - echo "WORKSPACE_NAME contains a space, please replace with an underscore - exiting..." - exit 1 -fi''') - shell('''# LDAP -${WORKSPACE}/common/ldap/generate_role.sh -r "admin" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${ADMIN_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}" -${WORKSPACE}/common/ldap/generate_role.sh -r "developer" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${DEVELOPER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}" -${WORKSPACE}/common/ldap/generate_role.sh -r "viewer" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${VIEWER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}" - -set +e -${WORKSPACE}/common/ldap/load_ldif.sh -h ldap -u "${LDAP_ADMIN_USER}" -p "${LDAP_ADMIN_PASSWORD}" -b "${DC}" -f "${OUTPUT_FILE}" -set -e + set +e + ${WORKSPACE}/common/ldap/load_ldif.sh -h ldap -u "${LDAP_ADMIN_USER}" -p "${LDAP_ADMIN_PASSWORD}" -b "${DC}" -f "${OUTPUT_FILE}" + set -e -ADMIN_USERS=$(echo ${ADMIN_USERS} | tr ',' ' ') -DEVELOPER_USERS=$(echo ${DEVELOPER_USERS} | tr ',' ' ') -VIEWER_USERS=$(echo ${VIEWER_USERS} | tr ',' ' ') + ADMIN_USERS=$(echo ${ADMIN_USERS} | tr ',' ' ') + DEVELOPER_USERS=$(echo ${DEVELOPER_USERS} | tr ',' ' ') + VIEWER_USERS=$(echo ${VIEWER_USERS} | tr ',' ' ') -# Gerrit -for user in $ADMIN_USERS $DEVELOPER_USERS $VIEWER_USERS -do - username=$(echo ${user} | cut -d'@' -f1) - ${WORKSPACE}/common/gerrit/create_user.sh -g http://gerrit:8080/gerrit -u "${username}" -p "${username}" -done''') - dsl { - external("workspaces/jobs/**/*.groovy") + # Gerrit + for user in $ADMIN_USERS $DEVELOPER_USERS $VIEWER_USERS + do + username=$(echo ${user} | cut -d'@' -f1) + ${WORKSPACE}/common/gerrit/create_user.sh -g http://gerrit:8080/gerrit -u "${username}" -p "${username}" + done + ''') } - systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_admin.groovy') - systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_developer.groovy') - systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_viewer.groovy') } scm { git { @@ -75,4 +93,4 @@ done''') branch("*/master") } } -} +} diff --git a/workspaces/jobs/jobs.groovy b/workspaces/jobs/jobs.groovy index 5cbfd07..7a65d1a 100644 --- a/workspaces/jobs/jobs.groovy +++ b/workspaces/jobs/jobs.groovy @@ -27,57 +27,69 @@ generateProjectJob.with{ preBuildCleanup() injectPasswords() maskPasswords() - environmentVariables { - env('DC',"${DC}") - env('OU_GROUPS','ou=groups') - env('OU_PEOPLE','ou=people') - env('OUTPUT_FILE','output.ldif') - } - credentialsBinding { - usernamePassword("LDAP_ADMIN_USER", "LDAP_ADMIN_PASSWORD", "adop-ldap-admin") + if("${ADOP_LDAP_ENABLED}".equals("true")) + { + environmentVariables + { + env('DC', "${LDAP_ROOTDN}") + env('OU_GROUPS','ou=groups') + env('OU_PEOPLE','ou=people') + env('OUTPUT_FILE','output.ldif') + } + credentialsBinding + { + usernamePassword("LDAP_ADMIN_USER", "LDAP_ADMIN_PASSWORD", "adop-ldap-admin") + } } sshAgent("adop-jenkins-master") } - steps { - shell('''#!/bin/bash -e - -# Validate Variables -pattern=" |'" -if [[ "${PROJECT_NAME}" =~ ${pattern} ]]; then - echo "PROJECT_NAME contains a space, please replace with an underscore - exiting..." - exit 1 -fi''') - shell('''set -e -# LDAP -${WORKSPACE}/common/ldap/generate_role.sh -r "admin" -n "${WORKSPACE_NAME}.${PROJECT_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${ADMIN_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}" -${WORKSPACE}/common/ldap/generate_role.sh -r "developer" -n "${WORKSPACE_NAME}.${PROJECT_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${DEVELOPER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}" -${WORKSPACE}/common/ldap/generate_role.sh -r "viewer" -n "${WORKSPACE_NAME}.${PROJECT_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${VIEWER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}" + steps + { + shell('''#!/bin/bash + # Validate Variables + pattern=" |'" + if [[ "${WORKSPACE_NAME}" =~ ${pattern} ]]; then + echo "WORKSPACE_NAME contains a space, please replace with an underscore - exiting..." + exit 1 + fi''') + conditionalSteps + { + condition + { + stringsMatch('${ADOP_ACL_ENABLED}', 'true', true) + } + runner('Fail') + steps { + systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_admin.groovy') + systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_developer.groovy') + systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_viewer.groovy') + } + } + } + if("${ADOP_LDAP_ENABLED}".equals("true")){ + steps { + shell(''' + # LDAP + ${WORKSPACE}/common/ldap/generate_role.sh -r "admin" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${ADMIN_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}" + ${WORKSPACE}/common/ldap/generate_role.sh -r "developer" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${DEVELOPER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}" + ${WORKSPACE}/common/ldap/generate_role.sh -r "viewer" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${VIEWER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}" -set +e -${WORKSPACE}/common/ldap/load_ldif.sh -h ldap -u "${LDAP_ADMIN_USER}" -p "${LDAP_ADMIN_PASSWORD}" -b "${DC}" -f "${OUTPUT_FILE}" -set -e + set +e + ${WORKSPACE}/common/ldap/load_ldif.sh -h ldap -u "${LDAP_ADMIN_USER}" -p "${LDAP_ADMIN_PASSWORD}" -b "${DC}" -f "${OUTPUT_FILE}" + set -e -ADMIN_USERS=$(echo ${ADMIN_USERS} | tr ',' ' ') -DEVELOPER_USERS=$(echo ${DEVELOPER_USERS} | tr ',' ' ') -VIEWER_USERS=$(echo ${VIEWER_USERS} | tr ',' ' ') + ADMIN_USERS=$(echo ${ADMIN_USERS} | tr ',' ' ') + DEVELOPER_USERS=$(echo ${DEVELOPER_USERS} | tr ',' ' ') + VIEWER_USERS=$(echo ${VIEWER_USERS} | tr ',' ' ') -# Gerrit -for user in $ADMIN_USERS $DEVELOPER_USERS $VIEWER_USERS -do - username=$(echo ${user} | cut -d'@' -f1) - ${WORKSPACE}/common/gerrit/create_user.sh -g http://gerrit:8080/gerrit -u "${username}" -p "${username}" -done''') - shell('''#!/bin/bash -ex -# Gerrit -source ${WORKSPACE}/projects/gerrit/configure.sh -# Generate second permission repo with enabled code-review -source ${WORKSPACE}/projects/gerrit/configure.sh -r permissions-with-review''') - dsl { - external("projects/jobs/**/*.groovy") + # Gerrit + for user in $ADMIN_USERS $DEVELOPER_USERS $VIEWER_USERS + do + username=$(echo ${user} | cut -d'@' -f1) + ${WORKSPACE}/common/gerrit/create_user.sh -g http://gerrit:8080/gerrit -u "${username}" -p "${username}" + done + ''') } - systemGroovyScriptFile('${WORKSPACE}/projects/groovy/acl_admin.groovy') - systemGroovyScriptFile('${WORKSPACE}/projects/groovy/acl_developer.groovy') - systemGroovyScriptFile('${WORKSPACE}/projects/groovy/acl_viewer.groovy') } scm { git {