From f7ce50c30936d39d32f7b1fa3885991a420dcfad Mon Sep 17 00:00:00 2001
From: Nikolay Mahotkin <nmakhotkin@mirantis.com>
Date: Thu, 7 Jul 2016 15:48:40 +0300
Subject: [PATCH] [Jenkins] Fixing work v2 with LDAP plugin

 * Install LDAP plugin
 * Update config.xml
 * More accurate search in get_api_token.sh

Change-Id: I27f4e99a69e492d303e1f5a6653abcdb473ef7ee
---
 .../Jenkins/package/Classes/Jenkins.yaml      |  6 ++++-
 .../configure_ldap/templates/config.erb       | 24 ++++++++++++++-----
 .../package/Resources/get_api_token.sh        |  4 ++--
 3 files changed, 25 insertions(+), 9 deletions(-)

diff --git a/murano-apps/Jenkins/package/Classes/Jenkins.yaml b/murano-apps/Jenkins/package/Classes/Jenkins.yaml
index 91d72b5..3beec73 100644
--- a/murano-apps/Jenkins/package/Classes/Jenkins.yaml
+++ b/murano-apps/Jenkins/package/Classes/Jenkins.yaml
@@ -132,7 +132,11 @@ Methods:
       - $this.instance.putHieraData($data)
 
       - $resources: new(sys:Resources)
-      - $._environment.reporter.report($this, 'Connecting Jenkins to OpenLDAP server')
+      - $._environment.reporter.report($this, 'Installing jenkins LDAP plugin...')
+      - $template: $resources.yaml('InstallPlugins.template').bind({plugins => ldap})
+      - $.instance.agent.call($template, $resources)
+      - $._environment.reporter.report($this, 'LDAP plugin is installed.')
+      - $._environment.reporter.report($this, 'Connecting Jenkins to OpenLDAP server...')
       - $template: $resources.yaml('ConnectLDAP.template')
       - $.instance.agent.call($template, $resources)
       - $._environment.reporter.report($this, 'Jenkins is connected to OpenLDAP server!')
diff --git a/murano-apps/Jenkins/package/Resources/scripts/configure_ldap/templates/config.erb b/murano-apps/Jenkins/package/Resources/scripts/configure_ldap/templates/config.erb
index 209593f..44791f0 100644
--- a/murano-apps/Jenkins/package/Resources/scripts/configure_ldap/templates/config.erb
+++ b/murano-apps/Jenkins/package/Resources/scripts/configure_ldap/templates/config.erb
@@ -5,20 +5,30 @@
   <numExecutors>2</numExecutors>
   <mode>NORMAL</mode>
   <useSecurity>true</useSecurity>
-  <securityRealm class="hudson.security.LDAPSecurityRealm" plugin="ldap@1.6">
+  <authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy">
+    <denyAnonymousReadAccess>false</denyAnonymousReadAccess>
+  </authorizationStrategy>
+  <securityRealm class="hudson.security.LDAPSecurityRealm" plugin="ldap@1.12">
     <server>ldap://<%= openldap_ip %>:389</server>
     <rootDN>dc=<%= domain.split(".")[0] %>,dc=<%= domain.split(".")[1] %></rootDN>
     <inhibitInferRootDN>false</inhibitInferRootDN>
     <userSearchBase></userSearchBase>
     <userSearch>uid={0}</userSearch>
+    <groupMembershipStrategy class="jenkins.security.plugins.ldap.FromGroupSearchLDAPGroupMembershipStrategy">
+      <filter></filter>
+    </groupMembershipStrategy>
     <managerDN>cn=<%= admin_name %>,dc=<%= domain.split(".")[0] %>,dc=<%= domain.split(".")[1] %></managerDN>
     <!-- NOTE: need to store managerPassword in base64 encoded, otherwise Jenkins can't correctly parse it -->
     <% require 'base64' %>
-    <managerPassword><%= Base64.encode64(admin_password) %></managerPassword>
+    <managerPassword><%= Base64.encode64(admin_password) -%></managerPassword>
     <disableMailAddressResolver>false</disableMailAddressResolver>
+    <displayNameAttributeName>displayname</displayNameAttributeName>
+    <mailAddressAttributeName>mail</mailAddressAttributeName>
+    <userIdStrategy class="jenkins.model.IdStrategy$CaseInsensitive"/>
+    <groupIdStrategy class="jenkins.model.IdStrategy$CaseInsensitive"/>
   </securityRealm>
   <disableRememberMe>false</disableRememberMe>
-  <projectNamingStrategy class="jenkins.model.ProjectNamingStrategy\$DefaultProjectNamingStrategy"/>
+  <projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
   <workspaceDir>${JENKINS_HOME}/workspace/${ITEM_FULLNAME}</workspaceDir>
   <buildsDir>${ITEM_ROOTDIR}/builds</buildsDir>
   <markupFormatter class="hudson.markup.EscapedMarkupFormatter"/>
@@ -33,12 +43,14 @@
       <name>All</name>
       <filterExecutors>false</filterExecutors>
       <filterQueue>false</filterQueue>
-      <properties class="hudson.model.View\$PropertyList"/>
     </hudson.model.AllView>
   </views>
   <primaryView>All</primaryView>
-  <slaveAgentPort>0</slaveAgentPort>
+  <slaveAgentPort>-1</slaveAgentPort>
   <label></label>
+  <crumbIssuer class="hudson.security.csrf.DefaultCrumbIssuer">
+    <excludeClientIPFromCrumb>false</excludeClientIPFromCrumb>
+  </crumbIssuer>
   <nodeProperties/>
   <globalNodeProperties/>
-</hudson>
+</hudson>
\ No newline at end of file
diff --git a/murano-apps/Nodepool/package/Resources/get_api_token.sh b/murano-apps/Nodepool/package/Resources/get_api_token.sh
index 21f2949..39dd19f 100644
--- a/murano-apps/Nodepool/package/Resources/get_api_token.sh
+++ b/murano-apps/Nodepool/package/Resources/get_api_token.sh
@@ -3,14 +3,14 @@
 username="%USERNAME%"
 password="%PASSWORD%"
 jenkins_host="%JENKINS_HOST%"
-cmd="curl --user '$username:$password' http://${jenkins_host}:8080/me/configure | grep -o '\"[0-9a-f]\{32\}\"' | cut -d '\"' -f 2"
+cmd="curl --user '$username:$password' http://${jenkins_host}:8080/me/configure | grep apiToken | grep -o '\"[0-9a-f]\{32\}\"' | cut -d '\"' -f 2"
 
 # Jenkins might not be ready at this point.
 # Retry logic is used here.
 token=$(eval $cmd)
 tries=10
 
-while [ -z $token ]; do
+while [ -z "$token" ]; do
   sleep 20
   token=$(eval $cmd)