Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / jenkins / 839967015e3ae3795eb2589efa471539cc3c4dd0 / . / _states / jenkins_user.py
blob: ed348775e2af76da25c966a2b5258b993affeeb5 [file] [log] [blame]
Jakub Josef3de91af2016-12-08 17:03:33 +0100[diff] [blame]1import logging
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]2
Jakub Josef3de91af2016-12-08 17:03:33 +0100[diff] [blame]3logger = logging.getLogger(__name__)
4
5create_admin_groovy = u"""\
6import jenkins.model.*
7import hudson.security.*
8def instance = Jenkins.getInstance()
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]9if(hudson.model.User.getAll().find{u->u.fullName.equals("${username}")}){
Jakub Josef26956a62017-03-22 16:32:28 +0100[diff] [blame]10 print("EXISTS")
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]11}else{
Jakub Josef26956a62017-03-22 16:32:28 +0100[diff] [blame]12 def hudsonRealm = new HudsonPrivateSecurityRealm(false)
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]13 def result=hudsonRealm.createAccount("${username}","${password}")
Jakub Josef26956a62017-03-22 16:32:28 +0100[diff] [blame]14 instance.setSecurityRealm(hudsonRealm)
15 def strategy = new hudson.security.FullControlOnceLoggedInAuthorizationStrategy()
16 strategy.setAllowAnonymousRead(false)
17 instance.setAuthorizationStrategy(strategy)
18 instance.save()
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]19 if(result.toString().equals("${username}")){
Jakub Josef26956a62017-03-22 16:32:28 +0100[diff] [blame]20 print("SUCCESS")
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]21 }else{
Jakub Josef26956a62017-03-22 16:32:28 +0100[diff] [blame]22 print("FAILED")
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]23 }
24}
Jakub Josef7ae6b242016-12-14 14:41:44 +0100[diff] [blame]25""" # noqa
Jakub Josef3de91af2016-12-08 17:03:33 +0100[diff] [blame]26
27
28create_user_groovy = u"""\
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]29if(hudson.model.User.getAll().find{u->u.fullName.equals("${username}")}){
Jakub Josef26956a62017-03-22 16:32:28 +0100[diff] [blame]30 print("EXISTS")
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]31}else{
32 def result=jenkins.model.Jenkins.instance.securityRealm.createAccount("${username}", "${password}")
33 if(result.toString().equals("${username}")){
Jakub Josef26956a62017-03-22 16:32:28 +0100[diff] [blame]34 print("SUCCESS")
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]35 }else{
Jakub Josef26956a62017-03-22 16:32:28 +0100[diff] [blame]36 print("FAILED")
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]37 }
38}
Jakub Josef3de91af2016-12-08 17:03:33 +0100[diff] [blame]39""" # noqa
40
Jakub Josefe3807982016-12-15 11:54:51 +0100[diff] [blame]41
Ilya Kharin3d8bffe2017-06-22 17:40:31 +0400[diff] [blame]42def __virtual__():
43 '''
44 Only load if jenkins_common module exist.
45 '''
46 if 'jenkins_common.call_groovy_script' not in __salt__:
47 return (
48 False,
49 'The jenkins_user state module cannot be loaded: '
50 'jenkins_common not found')
51 return True
52
53
Jakub Josef3de91af2016-12-08 17:03:33 +0100[diff] [blame]54def present(name, username, password, admin=False):
55 """
56 Main jenkins users state method
57
58 :param username: user name
59 :param password: user password
60 :param admin: is admin user flag (username will be always admin)
61 :returns: salt-specified state dict
62 """
63 test = __opts__['test'] # noqa
64 ret = {
65 'name': username,
66 'changes': {},
67 'result': False,
68 'comment': '',
69 }
70
71 result = False
72 if test:
73 status = 'CREATED'
74 ret['changes'][username] = status
75 ret['comment'] = 'User %s %s' % (username, status.lower())
76 else:
Jakub Josef26956a62017-03-22 16:32:28 +0100[diff] [blame]77 call_result = __salt__['jenkins_common.call_groovy_script'](
78 create_admin_groovy if admin else create_user_groovy, {"username": username, "password": password})
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]79 if call_result["code"] == 200 and call_result["msg"] in [
80 "SUCCESS", "EXISTS"]:
Jakub Josef26956a62017-03-22 16:32:28 +0100[diff] [blame]81 if call_result["msg"] == "SUCCESS":
Jakub Josef7ae6b242016-12-14 14:41:44 +0100[diff] [blame]82 status = "CREATED" if not admin else "ADMIN CREATED"
83 ret['changes'][username] = status
Jakub Josef7ae6b242016-12-14 14:41:44 +0100[diff] [blame]84 else:
Jakub Josef26956a62017-03-22 16:32:28 +0100[diff] [blame]85 status = "EXISTS"
Jakub Josef3de91af2016-12-08 17:03:33 +0100[diff] [blame]86 ret['comment'] = 'User %s %s' % (username, status.lower())
87 result = True
Jakub Josef26956a62017-03-22 16:32:28 +0100[diff] [blame]88 else:
89 status = 'FAILED'
90 logger.error("Jenkins user API call failure: %s",
91 call_result["msg"])
92 ret['comment'] = 'Jenkins user API call failure: %s' % (call_result[
93 "msg"])
Jakub Josef3de91af2016-12-08 17:03:33 +0100[diff] [blame]94 ret['result'] = None if test else result
95 return ret