Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / jenkins / 7f95b080009a9691cbab172da24d81c59b743340 / . / _states / jenkins_user.py
blob: ec102b16646fd56797623b3b719448f662d7b9ad [file] [log] [blame]
Jakub Josef3de91af2016-12-08 17:03:33 +0100[diff] [blame]1import logging
2logger = logging.getLogger(__name__)
3
4create_admin_groovy = u"""\
5import jenkins.model.*
6import hudson.security.*
7def instance = Jenkins.getInstance()
Jakub Josef26956a62017-03-22 16:32:28 +0100[diff] [blame]8if(hudson.model.User.getAll().find{{u->u.fullName.equals("{username}")}}){{
9 print("EXISTS")
10}}else{{
11 def hudsonRealm = new HudsonPrivateSecurityRealm(false)
12 def result=hudsonRealm.createAccount("{username}","{password}")
13 instance.setSecurityRealm(hudsonRealm)
14 def strategy = new hudson.security.FullControlOnceLoggedInAuthorizationStrategy()
15 strategy.setAllowAnonymousRead(false)
16 instance.setAuthorizationStrategy(strategy)
17 instance.save()
18 if(result.toString().equals("{username}")){{
19 print("SUCCESS")
20 }}else{{
21 print("FAILED")
22 }}
23}}
Jakub Josef7ae6b242016-12-14 14:41:44 +0100[diff] [blame]24""" # noqa
Jakub Josef3de91af2016-12-08 17:03:33 +0100[diff] [blame]25
26
27create_user_groovy = u"""\
Jakub Josef26956a62017-03-22 16:32:28 +0100[diff] [blame]28if(hudson.model.User.getAll().find{{u->u.fullName.equals("{username}")}}){{
29 print("EXISTS")
30}}else{{
31 def result=jenkins.model.Jenkins.instance.securityRealm.createAccount("{username}", "{password}")
32 if(result.toString().equals("{username}")){{
33 print("SUCCESS")
34 }}else{{
35 print("FAILED")
36 }}
37}}
Jakub Josef3de91af2016-12-08 17:03:33 +0100[diff] [blame]38""" # noqa
39
Jakub Josefe3807982016-12-15 11:54:51 +0100[diff] [blame]40
Jakub Josef3de91af2016-12-08 17:03:33 +0100[diff] [blame]41def present(name, username, password, admin=False):
42 """
43 Main jenkins users state method
44
45 :param username: user name
46 :param password: user password
47 :param admin: is admin user flag (username will be always admin)
48 :returns: salt-specified state dict
49 """
50 test = __opts__['test'] # noqa
51 ret = {
52 'name': username,
53 'changes': {},
54 'result': False,
55 'comment': '',
56 }
57
58 result = False
59 if test:
60 status = 'CREATED'
61 ret['changes'][username] = status
62 ret['comment'] = 'User %s %s' % (username, status.lower())
63 else:
Jakub Josef26956a62017-03-22 16:32:28 +0100[diff] [blame]64 call_result = __salt__['jenkins_common.call_groovy_script'](
65 create_admin_groovy if admin else create_user_groovy, {"username": username, "password": password})
66 if call_result["code"] == 200 and call_result["msg"] in ["SUCCESS", "EXISTS"]:
67 if call_result["msg"] == "SUCCESS":
Jakub Josef7ae6b242016-12-14 14:41:44 +0100[diff] [blame]68 status = "CREATED" if not admin else "ADMIN CREATED"
69 ret['changes'][username] = status
Jakub Josef7ae6b242016-12-14 14:41:44 +0100[diff] [blame]70 else:
Jakub Josef26956a62017-03-22 16:32:28 +0100[diff] [blame]71 status = "EXISTS"
Jakub Josef3de91af2016-12-08 17:03:33 +0100[diff] [blame]72 ret['comment'] = 'User %s %s' % (username, status.lower())
73 result = True
Jakub Josef26956a62017-03-22 16:32:28 +0100[diff] [blame]74 else:
75 status = 'FAILED'
76 logger.error("Jenkins user API call failure: %s",
77 call_result["msg"])
78 ret['comment'] = 'Jenkins user API call failure: %s' % (call_result[
79 "msg"])
Jakub Josef3de91af2016-12-08 17:03:33 +0100[diff] [blame]80 ret['result'] = None if test else result
81 return ret