Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / jenkins / f623bcd4762348398fa1fb5e45d1156e819bf633 / . / _states / jenkins_approval.py
blob: 27647451ddbd2a4be8f617fe122e6aa843f2b3e3 [file] [log] [blame]
Jakub Josefbf0b73e2017-03-22 14:32:45 +0100[diff] [blame]1import logging
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]2
Jakub Josefbf0b73e2017-03-22 14:32:45 +0100[diff] [blame]3logger = logging.getLogger(__name__)
4
5approve_signature_groovy = """\
6import org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval
7import org.jenkinsci.plugins.scriptsecurity.scripts.languages.GroovyLanguage
8import org.jenkinsci.plugins.scriptsecurity.scripts.ApprovalContext
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]9def signature = '${signature}'
Jakub Josefbf0b73e2017-03-22 14:32:45 +0100[diff] [blame]10def scriptApproval = ScriptApproval.get()
11def approvedSignatures = Arrays.asList(scriptApproval.approvedSignatures)
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]12if(approvedSignatures.contains(signature)){
Jakub Josef0a03c2c2017-03-22 17:35:40 +0100[diff] [blame]13 print("EXISTS")
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]14}else{
15 try{
Jakub Josefbf0b73e2017-03-22 14:32:45 +0100[diff] [blame]16 scriptApproval.pendingSignatures.add(new ScriptApproval.PendingSignature(signature, false, ApprovalContext.create()))
17 scriptApproval.approveSignature(signature)
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]18 if(Arrays.asList(scriptApproval.approvedSignatures).contains(signature)){
Jakub Josefbf0b73e2017-03-22 14:32:45 +0100[diff] [blame]19 print("SUCCESS")
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]20 }else{
Jakub Josefbf0b73e2017-03-22 14:32:45 +0100[diff] [blame]21 print("FAILED")
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]22 }
23 }catch(e){
Jakub Josefbf0b73e2017-03-22 14:32:45 +0100[diff] [blame]24 print(e)
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]25 }
26}
27""" # noqa
Jakub Josefbf0b73e2017-03-22 14:32:45 +0100[diff] [blame]28
29deny_signature_groovy = """\
30import org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval
31import org.jenkinsci.plugins.scriptsecurity.scripts.languages.GroovyLanguage
32import org.jenkinsci.plugins.scriptsecurity.scripts.ApprovalContext
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]33def signature = '${signature}'
Jakub Josefbf0b73e2017-03-22 14:32:45 +0100[diff] [blame]34def scriptApproval = ScriptApproval.get()
35def approvedSignatures = Arrays.asList(scriptApproval.approvedSignatures)
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]36if(approvedSignatures.contains(signature)){
37 try{
Jakub Josefbf0b73e2017-03-22 14:32:45 +0100[diff] [blame]38 scriptApproval.denySignature(signature)
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]39 if(!scriptApproval.approvedSignatures.contains(signature)){
Jakub Josefbf0b73e2017-03-22 14:32:45 +0100[diff] [blame]40 print("SUCCESS")
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]41 }else{
Jakub Josefbf0b73e2017-03-22 14:32:45 +0100[diff] [blame]42 print("FAILED")
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]43 }
44 }catch(e){
Jakub Josefbf0b73e2017-03-22 14:32:45 +0100[diff] [blame]45 print(e)
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]46 }
47}else{
Jakub Josefbf0b73e2017-03-22 14:32:45 +0100[diff] [blame]48 print("NOT PRESENT")
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]49}
Jakub Josefbf0b73e2017-03-22 14:32:45 +0100[diff] [blame]50
51
52"""
53
Ilya Kharin3d8bffe2017-06-22 17:40:31 +0400[diff] [blame]54
55def __virtual__():
56 '''
57 Only load if jenkins_common module exist.
58 '''
59 if 'jenkins_common.call_groovy_script' not in __salt__:
60 return (
61 False,
62 'The jenkins_approval state module cannot be loaded: '
63 'jenkins_common not found')
64 return True
65
66
Jakub Josefbf0b73e2017-03-22 14:32:45 +0100[diff] [blame]67def approved(name):
68 """
69 Jenkins Script approval approve state method
70
71 :param name: signature to approve
72 :returns: salt-specified state dict
73 """
74 test = __opts__['test'] # noqa
75 ret = {
76 'name': name,
77 'changes': {},
78 'result': False,
79 'comment': '',
80 }
81 result = False
82 if test:
83 status = "SUCCESS"
84 ret['changes'][name] = status
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]85 ret['comment'] = 'Jenkins script approval config %s %s' % (
86 name, status.lower())
Jakub Josefbf0b73e2017-03-22 14:32:45 +0100[diff] [blame]87 else:
88 call_result = __salt__['jenkins_common.call_groovy_script'](
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]89 approve_signature_groovy, {"signature": name})
90 if call_result["code"] == 200 and call_result["msg"] in [
91 "SUCCESS", "EXISTS"]:
Jakub Josefbf0b73e2017-03-22 14:32:45 +0100[diff] [blame]92 status = call_result["msg"]
93 if status == "SUCCESS":
94 ret['changes'][name] = status
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]95 ret['comment'] = 'Jenkins script approval config %s %s' % (
96 name, status.lower())
Jakub Josefbf0b73e2017-03-22 14:32:45 +0100[diff] [blame]97 result = True
98 else:
99 status = 'FAILED'
100 logger.error(
101 "Jenkins script approval API call failure: %s", call_result["msg"])
102 ret['comment'] = 'Jenkins script approval API call failure: %s' % (call_result[
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]103 "msg"])
Jakub Josefbf0b73e2017-03-22 14:32:45 +0100[diff] [blame]104 ret['result'] = None if test else result
105 return ret
106
107
108def denied(name):
109 """
110 Jenkins Script approval deny state method
111
112 :param name: signature to deny
113 :returns: salt-specified state dict
114 """
115 test = __opts__['test'] # noqa
116 ret = {
117 'name': name,
118 'changes': {},
119 'result': False,
120 'comment': '',
121 }
122 result = False
123 if test:
124 status = "SUCCESS"
125 ret['changes'][name] = status
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]126 ret['comment'] = 'Jenkins script approval config %s %s' % (
127 name, status.lower())
Jakub Josefbf0b73e2017-03-22 14:32:45 +0100[diff] [blame]128 else:
129 call_result = __salt__['jenkins_common.call_groovy_script'](
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]130 deny_signature_groovy, {"signature": name})
131 if call_result["code"] == 200 and call_result["msg"] in [
132 "SUCCESS", "NOT PRESENT"]:
Jakub Josefbf0b73e2017-03-22 14:32:45 +0100[diff] [blame]133 status = call_result["msg"]
134 if status == "SUCCESS":
135 ret['changes'][name] = status
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]136 ret['comment'] = 'Jenkins script approval config %s %s' % (
137 name, status.lower())
Jakub Josefbf0b73e2017-03-22 14:32:45 +0100[diff] [blame]138 result = True
139 else:
140 status = 'FAILED'
141 logger.error(
142 "Jenkins script approval API call failure: %s", call_result["msg"])
143 ret['comment'] = 'Jenkins script approval lib API call failure: %s' % (call_result[
Adam Tengler70763e02017-08-21 16:50:32 +0000[diff] [blame]144 "msg"])
Jakub Josefbf0b73e2017-03-22 14:32:45 +0100[diff] [blame]145 ret['result'] = None if test else result
146 return ret