| Jakub Josef | 063a753 | 2017-01-11 15:48:01 +0100 | [diff] [blame] | 1 | import logging |
| Adam Tengler | 70763e0 | 2017-08-21 16:50:32 +0000 | [diff] [blame] | 2 | |
| Jakub Josef | 063a753 | 2017-01-11 15:48:01 +0100 | [diff] [blame] | 3 | logger = logging.getLogger(__name__) |
| 4 | |
| Ilya Kharin | 3d8bffe | 2017-06-22 17:40:31 +0400 | [diff] [blame] | 5 | def __virtual__(): |
| 6 | ''' |
| 7 | Only load if jenkins_common module exist. |
| 8 | ''' |
| 9 | if 'jenkins_common.call_groovy_script' not in __salt__: |
| 10 | return ( |
| 11 | False, |
| 12 | 'The jenkins_security state module cannot be loaded: ' |
| 13 | 'jenkins_common not found') |
| 14 | return True |
| 15 | |
| 16 | |
| Adam Tengler | 70763e0 | 2017-08-21 16:50:32 +0000 | [diff] [blame] | 17 | def ldap(name, server, root_dn, user_search_base, manager_dn, manager_password, |
| 18 | user_search="", group_search_base="", inhibit_infer_root_dn=False): |
| Jakub Josef | 063a753 | 2017-01-11 15:48:01 +0100 | [diff] [blame] | 19 | """ |
| 20 | Jenkins ldap state method |
| 21 | |
| 22 | :param name: ldap state name |
| Andrey | 6606be0 | 2017-08-02 17:09:42 -0500 | [diff] [blame] | 23 | :param server: ldap server host |
| Jakub Josef | 063a753 | 2017-01-11 15:48:01 +0100 | [diff] [blame] | 24 | :param root_dn: root domain names |
| 25 | :param user_search_base: |
| 26 | :param manager_dn: |
| 27 | :param manager_password: |
| 28 | :param user_search: optional, default empty string |
| 29 | :param group_search_base: optional, default empty string |
| 30 | :param inhibit_infer_root_dn: optional, default false |
| 31 | :returns: salt-specified state dict |
| 32 | """ |
| Andrey | 6606be0 | 2017-08-02 17:09:42 -0500 | [diff] [blame] | 33 | if not server.startswith("ldap:") and not server.startswith("ldaps:"): |
| 34 | server = "ldap://{server}".format(server=server) |
| 35 | |
| Dmitry Burmistrov | 2af1da7 | 2018-05-24 11:24:17 +0400 | [diff] [blame^] | 36 | template = __salt__['jenkins_common.load_template']( |
| 37 | 'salt://jenkins/files/groovy/security.ldap.template', |
| 38 | __env__) |
| 39 | return __salt__['jenkins_common.api_call'](name, template, |
| 40 | ["CHANGED", "EXISTS"], |
| 41 | { |
| 42 | "name": name, |
| 43 | "server": server, |
| 44 | "rootDN": root_dn, |
| 45 | "userSearchBase": user_search_base if user_search_base else "", |
| 46 | "managerDN": manager_dn if manager_dn else "", |
| 47 | "managerPassword": manager_password if manager_password else "", |
| 48 | "userSearch": user_search if user_search else "", |
| 49 | "groupSearchBase": group_search_base if group_search_base else "", |
| 50 | "inhibitInferRootDN": "true" if inhibit_infer_root_dn else "false" |
| 51 | }, |
| 52 | "Jenkins LDAP Settings") |
| Jakub Josef | 063a753 | 2017-01-11 15:48:01 +0100 | [diff] [blame] | 53 | |
| Jakub Josef | 0ee470e | 2017-01-17 11:46:58 +0100 | [diff] [blame] | 54 | |
| 55 | def matrix(name, strategies, project_based=False): |
| Jakub Josef | 063a753 | 2017-01-11 15:48:01 +0100 | [diff] [blame] | 56 | """ |
| 57 | Jenkins matrix security state method |
| 58 | |
| 59 | :param name: ldap state name |
| Jakub Josef | 0ee470e | 2017-01-17 11:46:58 +0100 | [diff] [blame] | 60 | :param strategies: dict with matrix strategies |
| 61 | :param procect_based: flag if we configuring |
| 62 | GlobalMatrix security or ProjectMatrix security |
| Jakub Josef | 063a753 | 2017-01-11 15:48:01 +0100 | [diff] [blame] | 63 | :returns: salt-specified state dict |
| 64 | """ |
| Dmitry Burmistrov | 2af1da7 | 2018-05-24 11:24:17 +0400 | [diff] [blame^] | 65 | template = __salt__['jenkins_common.load_template']( |
| 66 | 'salt://jenkins/files/groovy/security.matrix.template', |
| 67 | __env__) |
| 68 | return __salt__['jenkins_common.api_call'](name, template, |
| 69 | ["CHANGED", "EXISTS"], |
| 70 | { |
| 71 | "strategies": _build_strategies(strategies), |
| 72 | "matrix_class": "ProjectMatrixAuthorizationStrategy" if project_based else "GlobalMatrixAuthorizationStrategy"}, |
| 73 | "Jenkins Matrix security setting") |
| Jakub Josef | 063a753 | 2017-01-11 15:48:01 +0100 | [diff] [blame] | 74 | |
| 75 | def _build_strategies(permissions): |
| 76 | strategies_str = "" |
| Adam Tengler | 70763e0 | 2017-08-21 16:50:32 +0000 | [diff] [blame] | 77 | for strategy in _to_strategies_list( |
| 78 | "strategy.add({},\"{}\")", _to_one_dict(permissions, "")): |
| Jakub Josef | 063a753 | 2017-01-11 15:48:01 +0100 | [diff] [blame] | 79 | strategies_str += "{}\n".format(strategy) |
| 80 | return strategies_str |
| 81 | |
| 82 | |
| 83 | def _to_strategies_list(strategy_format, strategy_dict): |
| 84 | res = [] |
| 85 | for key, value in strategy_dict.items(): |
| 86 | if isinstance(value, list): |
| 87 | for user in value: |
| 88 | res.append(strategy_format.format(key, user)) |
| 89 | else: |
| 90 | res.append(strategy_format.format(key, value)) |
| 91 | return res |
| 92 | |
| 93 | |
| 94 | def _to_one_dict(input_dict, input_key): |
| 95 | res = {} |
| 96 | for key, value in input_dict.items(): |
| 97 | new_key = key if input_key == "" else "{}.{}".format(input_key, key) |
| 98 | if isinstance(value, dict): |
| 99 | res.update(_to_one_dict(value, new_key)) |
| 100 | else: |
| 101 | res[new_key] = value |
| 102 | return res |