From 38eec3f0709d31e5dc1b1d6fb8d43f3cd589ece0 Mon Sep 17 00:00:00 2001
From: Anastasia Kuznetsova <akuznetsova@mirantis.com>
Date: Fri, 25 Mar 2016 16:51:52 +0300
Subject: [PATCH] Configure Jenkins and LDAP integration

Change-Id: I450f3521f29e5f09a1748eed4718618c6b891ce2
---
 .../Jenkins/package/Classes/Jenkins.yaml      | 28 ++++++++++++
 .../package/Resources/ConnectLDAP.template    | 19 ++++++++
 .../Resources/scripts/configure_ldap.sh       | 10 +++++
 .../scripts/configure_ldap/manifests/init.pp  | 19 ++++++++
 .../configure_ldap/templates/config.erb       | 44 +++++++++++++++++++
 .../package/Resources/scripts/ldap_init.pp    |  8 ++++
 murano-apps/Jenkins/package/UI/ui.yaml        |  6 +++
 murano-apps/Jenkins/package/manifest.yaml     |  1 +
 8 files changed, 135 insertions(+)
 create mode 100644 murano-apps/Jenkins/package/Resources/ConnectLDAP.template
 create mode 100644 murano-apps/Jenkins/package/Resources/scripts/configure_ldap.sh
 create mode 100644 murano-apps/Jenkins/package/Resources/scripts/configure_ldap/manifests/init.pp
 create mode 100644 murano-apps/Jenkins/package/Resources/scripts/configure_ldap/templates/config.erb
 create mode 100644 murano-apps/Jenkins/package/Resources/scripts/ldap_init.pp

diff --git a/murano-apps/Jenkins/package/Classes/Jenkins.yaml b/murano-apps/Jenkins/package/Classes/Jenkins.yaml
index a854f93..bcc6e5e 100644
--- a/murano-apps/Jenkins/package/Classes/Jenkins.yaml
+++ b/murano-apps/Jenkins/package/Classes/Jenkins.yaml
@@ -13,6 +13,8 @@ Extends: std:Application
 Properties:
   name:
     Contract: $.string().notNull()
+  ldap:
+    Contract: $.class(OpenLDAP)
   instance:
     Contract: $.class(puppet:PuppetInstance).notNull()
 
@@ -46,6 +48,12 @@ Methods:
           - $._environment.reporter.report($this, 'Jenkins deploying')
           - $.instance.agent.call($template, $resources)
 
+          - If: $.ldap != null
+            Then:
+              - $._environment.reporter.report($this, 'Jenkins waits OpenLDAP to be deployed...')
+              - $.ldap.deploy()
+              - $.connectLDAP()
+
           - If: $.instance.assignFloatingIp
             Then:
               - $host: $.instance.floatingIpAddress
@@ -54,6 +62,26 @@ Methods:
           - $._environment.reporter.report($this, 'Jenkins is available at {0}:8080'.format($host))
           - $.setAttr(deployed, true)
 
+  connectLDAP:
+    Body:
+      - $ldapInstance: $.ldap.instance
+      - If: $ldapInstance.assignFloatingIp
+        Then:
+          - $ldapHost: $ldapInstance.floatingIpAddress
+        Else:
+          - $ldapHost: $ldapInstance.ipAddresses[0]
+
+      - $.instance.setHieraValue('ldap_ip', $ldapHost)
+      - $.instance.setHieraValue('ldap_domain', $.ldap.domain)
+      - $.instance.setHieraValue('ldap_root_user', $.ldap.ldapRootUser)
+      - $.instance.setHieraValue('ldap_root_password', $.ldap.ldapRootPass)
+
+      - $resources: new(sys:Resources)
+      - $._environment.reporter.report($this, 'Connecting Jenkins to OpenLDAP server')
+      - $template: $resources.yaml('ConnectLDAP.template')
+      - $.instance.agent.call($template, $resources)
+      - $._environment.reporter.report($this, 'Jenkins is connected to OpenLDAP server!')
+
 
   destroy:
     Body:
diff --git a/murano-apps/Jenkins/package/Resources/ConnectLDAP.template b/murano-apps/Jenkins/package/Resources/ConnectLDAP.template
new file mode 100644
index 0000000..cc96099
--- /dev/null
+++ b/murano-apps/Jenkins/package/Resources/ConnectLDAP.template
@@ -0,0 +1,19 @@
+FormatVersion: 2.1.0
+Version: 1.0.0
+Name: Connect LDAP
+
+Body: |
+  return deploy(args).stdout
+
+Scripts:
+  deploy:
+    Type: Application
+    Version: 1.0.0
+    EntryPoint: configure_ldap.sh
+    Files:
+      - 'configure_ldap/templates/config.erb'
+      - 'configure_ldap/manifests/init.pp'
+      - 'ldap_init.pp'
+    Options:
+      captureStdout: true
+      captureStderr: true
\ No newline at end of file
diff --git a/murano-apps/Jenkins/package/Resources/scripts/configure_ldap.sh b/murano-apps/Jenkins/package/Resources/scripts/configure_ldap.sh
new file mode 100644
index 0000000..ef390a4
--- /dev/null
+++ b/murano-apps/Jenkins/package/Resources/scripts/configure_ldap.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+mkdir /etc/puppet/modules/configure_ldap
+mkdir /etc/puppet/modules/configure_ldap/manifests/
+mkdir /etc/puppet/modules/configure_ldap/templates/
+
+cp configure_ldap/manifests/init.pp /etc/puppet/modules/configure_ldap/manifests/
+cp configure_ldap/templates/config.erb /etc/puppet/modules/configure_ldap/templates/
+
+puppet apply ldap_init.pp
\ No newline at end of file
diff --git a/murano-apps/Jenkins/package/Resources/scripts/configure_ldap/manifests/init.pp b/murano-apps/Jenkins/package/Resources/scripts/configure_ldap/manifests/init.pp
new file mode 100644
index 0000000..1bf3fb4
--- /dev/null
+++ b/murano-apps/Jenkins/package/Resources/scripts/configure_ldap/manifests/init.pp
@@ -0,0 +1,19 @@
+class configure_ldap (
+  $openldap_ip    = undef,
+  $admin_name     = undef,
+  $admin_password = undef,
+  $domain         = undef,
+) {
+  service { 'jenkins':
+    ensure => running,
+    enable => true,
+  }
+  file { '/var/lib/jenkins/config.xml':
+      notify  => Service['jenkins'],
+      ensure  => present,
+      owner   => 'jenkins',
+      group   => 'jenkins',
+      mode    => '0644',
+      content => template('configure_ldap/config.erb'),
+    }
+}
\ No newline at end of file
diff --git a/murano-apps/Jenkins/package/Resources/scripts/configure_ldap/templates/config.erb b/murano-apps/Jenkins/package/Resources/scripts/configure_ldap/templates/config.erb
new file mode 100644
index 0000000..0f063df
--- /dev/null
+++ b/murano-apps/Jenkins/package/Resources/scripts/configure_ldap/templates/config.erb
@@ -0,0 +1,44 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<hudson>
+  <disabledAdministrativeMonitors/>
+  <version>1.0</version>
+  <numExecutors>2</numExecutors>
+  <mode>NORMAL</mode>
+  <useSecurity>true</useSecurity>
+  <securityRealm class="hudson.security.LDAPSecurityRealm" plugin="ldap@1.6">
+    <server>ldap://<%= openldap_ip %>:389</server>
+    <rootDN>dc=<%= domain.split(".")[0] %>,dc=<%= domain.split(".")[1] %></rootDN>
+    <inhibitInferRootDN>false</inhibitInferRootDN>
+    <userSearchBase></userSearchBase>
+    <userSearch>uid={0}</userSearch>
+    <managerDN>cn=<%= admin_name %>,dc=<%= domain.split(".")[0] %>,dc=<%= domain.split(".")[1] %></managerDN>
+    <!-- NOTE: need to store managerPassword in base64 encoded, otherwise Jenkins can't correctly parse it -->
+    <% require 'base64' %>
+    <managerPassword><%= Base64.encode64(admin_password) %></managerPassword>
+    <disableMailAddressResolver>false</disableMailAddressResolver>
+  </securityRealm>
+  <disableRememberMe>false</disableRememberMe>
+  <projectNamingStrategy class="jenkins.model.ProjectNamingStrategy\$DefaultProjectNamingStrategy"/>
+  <workspaceDir>\${JENKINS_HOME}/workspace/\${ITEM_FULLNAME}</workspaceDir>
+  <buildsDir>\${ITEM_ROOTDIR}/builds</buildsDir>
+  <markupFormatter class="hudson.markup.EscapedMarkupFormatter"/>
+  <jdks/>
+  <viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
+  <myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
+  <clouds/>
+  <scmCheckoutRetryCount>0</scmCheckoutRetryCount>
+  <views>
+    <hudson.model.AllView>
+      <owner class="hudson" reference="../../.."/>
+      <name>All</name>
+      <filterExecutors>false</filterExecutors>
+      <filterQueue>false</filterQueue>
+      <properties class="hudson.model.View\$PropertyList"/>
+    </hudson.model.AllView>
+  </views>
+  <primaryView>All</primaryView>
+  <slaveAgentPort>0</slaveAgentPort>
+  <label></label>
+  <nodeProperties/>
+  <globalNodeProperties/>
+</hudson>
diff --git a/murano-apps/Jenkins/package/Resources/scripts/ldap_init.pp b/murano-apps/Jenkins/package/Resources/scripts/ldap_init.pp
new file mode 100644
index 0000000..e7c49e2
--- /dev/null
+++ b/murano-apps/Jenkins/package/Resources/scripts/ldap_init.pp
@@ -0,0 +1,8 @@
+node default {
+  class { 'configure_ldap':
+    openldap_ip    => hiera('ldap_ip'),
+    admin_name     => hiera('ldap_root_user'),
+    admin_password => hiera('ldap_root_password'),
+    domain         => hiera('ldap_domain')
+  }
+}
\ No newline at end of file
diff --git a/murano-apps/Jenkins/package/UI/ui.yaml b/murano-apps/Jenkins/package/UI/ui.yaml
index 0d53fa6..af07b0d 100644
--- a/murano-apps/Jenkins/package/UI/ui.yaml
+++ b/murano-apps/Jenkins/package/UI/ui.yaml
@@ -4,6 +4,7 @@ Application:
   ?:
     type: io.murano.opaas.Jenkins
   name: $.appConfiguration.name
+  ldap: $.appConfiguration.OpenLDAP
   instance:
     ?:
       type: io.murano.opaas.puppet.PuppetInstance
@@ -31,6 +32,11 @@ Forms:
              Select to true to assign floating IP automatically
           initial: true
           required: false
+        - name: OpenLDAP
+          type: io.murano.opaas.OpenLDAP
+          required: false
+          description: >-
+            Specify OpenLDAP domain for authentication
   - instanceConfiguration:
       fields:
         - name: title
diff --git a/murano-apps/Jenkins/package/manifest.yaml b/murano-apps/Jenkins/package/manifest.yaml
index 2718b17..eeccccc 100644
--- a/murano-apps/Jenkins/package/manifest.yaml
+++ b/murano-apps/Jenkins/package/manifest.yaml
@@ -13,3 +13,4 @@ Logo: logo.png
 Require:
   io.murano.opaas.puppet.ProjectConfig:
   io.murano.opaas.puppet.Puppet:
+  io.murano.opaas.OpenLDAP: