Blame - _modules/jenkins_common.py - salt-formulas/jenkins

blob: c7446fae727e3d08e939796045ab932235d7f8d2 [file] [log] [blame]

Jakub Josef	8e7385e	2016-12-07 21:20:34 +0100	[diff] [blame]	1	import logging
Ilya Kharin	3d8bffe	2017-06-22 17:40:31 +0400	[diff] [blame]	2
Jakub Josef	8e7385e	2016-12-07 21:20:34 +0100	[diff] [blame]	3	from salt.exceptions import SaltInvocationError
Adam Tengler	70763e0	2017-08-21 16:50:32 +0000	[diff] [blame^]	4	from string import Template
Jakub Josef	8e7385e	2016-12-07 21:20:34 +0100	[diff] [blame]	5
Ilya Kharin	3d8bffe	2017-06-22 17:40:31 +0400	[diff] [blame]	6	try:
				7	import bcrypt
				8	HAS_BCRYPT = True
				9	except ImportError:
				10	HAS_BCRYPT = False
				11
				12	try:
				13	import requests
				14	HAS_REQUESTS = True
				15	except ImportError:
				16	HAS_REQUESTS = False
				17
Jakub Josef	8e7385e	2016-12-07 21:20:34 +0100	[diff] [blame]	18	logger = logging.getLogger(__name__)
				19
				20
Ilya Kharin	3d8bffe	2017-06-22 17:40:31 +0400	[diff] [blame]	21	def __virtual__():
				22	'''
				23	Only load if bcrypt and requests libraries exist.
				24	'''
				25	if not HAS_BCRYPT:
				26	return (
				27	False,
				28	'Can not load module jenkins_common: bcrypt library not found')
				29	if not HAS_REQUESTS:
				30	return (
				31	False,
				32	'Can not load module jenkins_common: requests library not found')
				33	return True
				34
				35
Adam Tengler	70763e0	2017-08-21 16:50:32 +0000	[diff] [blame^]	36	def call_groovy_script(script, props, username=None,
				37	password=None, success_status_codes=[200]):
Jakub Josef	8e7385e	2016-12-07 21:20:34 +0100	[diff] [blame]	38	"""
				39	Common method for call Jenkins groovy script API
				40
Jakub Josef	7ae6b24	2016-12-14 14:41:44 +0100	[diff] [blame]	41	:param script: groovy script template
				42	:param props: groovy script properties
				43	:param username: jenkins username (optional,
				44	if missing creds from sall will be used)
				45	:param password: jenkins password (optional,
				46	if missing creds from sall will be used)
				47	:param success_status_codes: success response status code
				48	(optional) in some cases we want to declare error call as success
Jakub Josef	8e7385e	2016-12-07 21:20:34 +0100	[diff] [blame]	49	:returns: HTTP dict {status,code,msg}
				50	"""
				51	ret = {
				52	"status": "FAILED",
				53	"code": 999,
				54	"msg": ""
				55	}
				56	jenkins_url, jenkins_user, jenkins_password = get_jenkins_auth()
Jakub Josef	7ae6b24	2016-12-14 14:41:44 +0100	[diff] [blame]	57	if username:
				58	jenkins_user = username
				59	if password:
				60	jenkins_password = password
				61
Jakub Josef	8e7385e	2016-12-07 21:20:34 +0100	[diff] [blame]	62	if not jenkins_url:
				63	raise SaltInvocationError('No Jenkins URL found.')
Jakub Josef	e13e2e7	2016-12-08 13:41:19 +0100	[diff] [blame]	64
				65	token_obj = get_api_crumb(jenkins_url, jenkins_user, jenkins_password)
				66	req_data = {"script": render_groovy_script(script, props)}
				67	if token_obj:
				68	req_data[token_obj["crumbRequestField"]] = token_obj["crumb"]
				69
				70	logger.debug("Calling Jenkins script API with URL: %s", jenkins_url)
				71	req = requests.post('%s/scriptText' % jenkins_url,
				72	auth=(jenkins_user, jenkins_password),
				73	data=req_data)
				74	ret["code"] = req.status_code
Jakub Josef	063a753	2017-01-11 15:48:01 +0100	[diff] [blame]	75	ret["msg"] = req.text
Jakub Josef	7ae6b24	2016-12-14 14:41:44 +0100	[diff] [blame]	76	if req.status_code in success_status_codes:
Jakub Josef	e13e2e7	2016-12-08 13:41:19 +0100	[diff] [blame]	77	ret["status"] = "SUCCESS"
Jakub Josef	e13e2e7	2016-12-08 13:41:19 +0100	[diff] [blame]	78	logger.debug("Jenkins script API call success: %s", ret)
Jakub Josef	8e7385e	2016-12-07 21:20:34 +0100	[diff] [blame]	79	else:
Jakub Josef	e13e2e7	2016-12-08 13:41:19 +0100	[diff] [blame]	80	logger.error("Jenkins script API call failed. \
				81	Return code %s. Text: %s", req.status_code, req.text)
Jakub Josef	8e7385e	2016-12-07 21:20:34 +0100	[diff] [blame]	82	return ret
				83
				84
Adam Tengler	70763e0	2017-08-21 16:50:32 +0000	[diff] [blame^]	85	def render_groovy_script(script_template, props):
Jakub Josef	8e7385e	2016-12-07 21:20:34 +0100	[diff] [blame]	86	"""
				87	Helper method for rendering groovy script with props
				88
Adam Tengler	70763e0	2017-08-21 16:50:32 +0000	[diff] [blame^]	89	:param script_template: groovy script template
Jakub Josef	3de91af	2016-12-08 17:03:33 +0100	[diff] [blame]	90	:param props: groovy script properties
Jakub Josef	8e7385e	2016-12-07 21:20:34 +0100	[diff] [blame]	91	:returns: generated groovy script
				92	"""
Adam Tengler	70763e0	2017-08-21 16:50:32 +0000	[diff] [blame^]	93	template = Template(script_template)
				94	return template.safe_substitute(props)
Jakub Josef	8e7385e	2016-12-07 21:20:34 +0100	[diff] [blame]	95
				96
				97	def get_api_crumb(jenkins_url=None, jenkins_user=None, jenkins_password=None):
				98	"""
				99	Obtains Jenkins API crumb, if CSRF protection is enabled.
				100	Jenkins params can be given by params or not, if not,
				101	params will be get from salt.
				102
				103	:param jenkins_url: Jenkins URL (optional)
				104	:param jenkins_user: Jenkins admin username (optional)
				105	:param jenkins_password: Jenkins admin password (optional)
				106	:returns: salt-specified state dict
				107	"""
				108	if not jenkins_url:
				109	jenkins_url, jenkins_user, jenkins_password = get_jenkins_auth()
				110	logger.debug("Obtaining Jenkins API crumb for URL: %s", jenkins_url)
				111	tokenReq = requests.get("%s/crumbIssuer/api/json" % jenkins_url,
Jakub Josef	e13e2e7	2016-12-08 13:41:19 +0100	[diff] [blame]	112	auth=(jenkins_user, jenkins_password) if jenkins_user else None)
Jakub Josef	8e7385e	2016-12-07 21:20:34 +0100	[diff] [blame]	113	if tokenReq.status_code == 200:
				114	return tokenReq.json()
Jakub Josef	7ae6b24	2016-12-14 14:41:44 +0100	[diff] [blame]	115	elif tokenReq.status_code in [404, 401]:
				116	# 404 means CSRF security is disabled, so api crumb is not necessary,
				117	# 401 means unauthorized
Jakub Josef	e13e2e7	2016-12-08 13:41:19 +0100	[diff] [blame]	118	return None
Jakub Josef	8e7385e	2016-12-07 21:20:34 +0100	[diff] [blame]	119	else:
Jakub Josef	e13e2e7	2016-12-08 13:41:19 +0100	[diff] [blame]	120	raise Exception("Cannot obtain Jenkins API crumb. Status code: %s. Text: %s" %
Jakub Josef	3de91af	2016-12-08 17:03:33 +0100	[diff] [blame]	121	(tokenReq.status_code, tokenReq.text))
Jakub Josef	8e7385e	2016-12-07 21:20:34 +0100	[diff] [blame]	122
				123
Jakub Josef	8e7385e	2016-12-07 21:20:34 +0100	[diff] [blame]	124	def get_jenkins_auth():
				125	"""
				126	Get jenkins params from salt
				127	"""
				128	jenkins_url = __salt__['config.get']('jenkins.url') or \
				129	__salt__['config.get']('jenkins:url') or \
				130	__salt__['pillar.get']('jenkins.url')
				131
				132	jenkins_user = __salt__['config.get']('jenkins.user') or \
				133	__salt__['config.get']('jenkins:user') or \
				134	__salt__['pillar.get']('jenkins.user')
				135
				136	jenkins_password = __salt__['config.get']('jenkins.password') or \
				137	__salt__['config.get']('jenkins:password') or \
				138	__salt__['pillar.get']('jenkins.password')
				139
				140	return (jenkins_url, jenkins_user, jenkins_password)
				141
				142
				143	def encode_password(password):
				144	"""
				145	Hash plaintext password by jenkins bcrypt algorithm
				146	:param password: plain-text password
				147	:returns: bcrypt hashed password
				148	"""
				149	if isinstance(password, str):
				150	return bcrypt.hashpw(password, bcrypt.gensalt(prefix=b"2a"))