So I was looking for
when you run a Groovy script in Nexus, you have available a predefined variable "repository", which is of type org.sonatype.nexus.script.plugin.internal.provisioning.RepositoryApiImpl
This in turn contains a reference to a blobStoreManager org.sonatype.nexus.blobstore.api.BlobStoreManager and to a repositoryManager org.sonatype.nexus.repository.manager.RepositoryManager , plus a series of convenience methods to create commonly used repository formats (you are not expected to create anything fancy, most properties are assigned by default) and groups.
Key element is a org.sonatype.nexus.repository.config.Configuration object, again very disappointing since the configuration is represented by a "attribute" map (String, Map(String, Object)) which is really a stupid idea, too generic interface.
RepositoryManager has a Iterable<Repository> browse(); which returns a collection of org.sonatype.nexus.repository.Repository
Sample script:
import org.sonatype.nexus.repository.Repository
repository.repositoryManager.browse().each { Repository repo ->
log.info("Repository: $repo")
log.info("Repository Configuration: $repo.configuration")
}
this dumps in nexus.log the following content:
Repository: RepositoryImpl$$EnhancerByGuice$$c5f0822b{type=proxy, format=nuget, name='nuget.org-proxy'}
Repository Configuration: Configuration{repositoryName='nuget.org-proxy', recipeName='nuget-proxy', attributes={proxy={strictContentTypeValidation=true, contentMaxAge=1440, remoteUrl=https://www.nuget.org/api/v2/, metadataMaxAge=1440}, negativeCache={}, storage={blobStoreName=default}, nugetProxy={}, httpclient={connection={blocked=false, autoBlock=true}}}}
Repository: RepositoryImpl$$EnhancerByGuice$$c5f0822b{type=hosted, format=maven2, name='maven-releases'}
Repository Configuration: Configuration{repositoryName='maven-releases', recipeName='maven2-hosted', attributes={maven={versionPolicy=RELEASE, layoutPolicy=STRICT}, storage={writePolicy=ALLOW_ONCE, strictContentTypeValidation=false, blobStoreName=default}}}
Repository: RepositoryImpl$$EnhancerByGuice$$c5f0822b{type=hosted, format=maven2, name='maven-snapshots'}
Repository Configuration: Configuration{repositoryName='maven-snapshots', recipeName='maven2-hosted', attributes={maven={versionPolicy=SNAPSHOT, layoutPolicy=STRICT}, storage={writePolicy=ALLOW, strictContentTypeValidation=false, blobStoreName=default}}}
Repository: RepositoryImpl$$EnhancerByGuice$$c5f0822b{type=proxy, format=maven2, name='maven-central'}
Repository Configuration: Configuration{repositoryName='maven-central', recipeName='maven2-proxy', attributes={proxy={contentMaxAge=-1, remoteUrl=https://repo1.maven.org/maven2/, metadataMaxAge=1440}, negativeCache={timeToLive=1440, enabled=true}, storage={strictContentTypeValidation=false, blobStoreName=default}, maven-indexer={}, httpclient={connection={blocked=false, autoBlock=true}}, maven={versionPolicy=RELEASE, layoutPolicy=PERMISSIVE}}}
Repository: RepositoryImpl$$EnhancerByGuice$$c5f0822b{type=group, format=nuget, name='nuget-group'}
Repository Configuration: Configuration{repositoryName='nuget-group', recipeName='nuget-group', attributes={storage={blobStoreName=default}, nugetProxy={}, httpclient={}, group={memberNames=[nuget-hosted, nuget.org-proxy]}}}
Repository: RepositoryImpl$$EnhancerByGuice$$c5f0822b{type=hosted, format=nuget, name='nuget-hosted'}
Repository Configuration: Configuration{repositoryName='nuget-hosted', recipeName='nuget-hosted', attributes={storage={writePolicy=ALLOW, blobStoreName=default}}}
Repository: RepositoryImpl$$EnhancerByGuice$$c5f0822b{type=group, format=maven2, name='maven-public'}
Repository Configuration: Configuration{repositoryName='maven-public', recipeName='maven2-group', attributes={maven={versionPolicy=MIXED}, group={memberNames=[maven-releases, maven-snapshots, maven-central]}, storage={blobStoreName=default}}}
which is pretty good result, at least you can capture in one go all the configuration of all your repositories.
This task will delete all your repos:
import org.sonatype.nexus.repository.Repository
repository.repositoryManager.browse().each { Repository repo ->
log.info("DELETE Repository: $repo")
repository.repositoryManager.delete("$repo.name")
}
All the predefined variables are
core which is a org.sonatype.nexus.internal.provisioning.CoreApiImpl
repository which is a org.sonatype.nexus.script.plugin.internal.provisioning.RepositoryApiImpl
blobStore which is a org.sonatype.nexus.internal.provisioning.BlobStoreApiImpl
createFileBlobStore(final String name, final String path) org.sonatype.nexus.blobstore.api.BlobStoreManager blobStoreManager
security which is a org.sonatype.nexus.security.internal.SecurityApiImpl
User addUser(final String id, final String firstName, final String lastName, final String email, final boolean active, final String password, final ListroleIds) Role addRole(final String id, final String name, final String description, final List privileges, final List roles) User setUserRoles(final String userId, final List roleIds)
If you do security.getSecuritySystem() you get an instance of this:
https://github.com/sonatype/nexus-public/blob/master/components/nexus-security/src/main/java/org/sonatype/nexus/security/SecuritySystem.java
Good is that if you clone the github repo nexus-book-examples you can directly open the APIs in file:///home/centos/gitclones/nexus-book-examples/scripting/apidocs/index.html
List all users with their roles
import groovy.json.JsonOutput
users = security.getSecuritySystem().listUsers()
userjson = JsonOutput.toJson(users)
log.info("USERS $userjson")
or also
import org.sonatype.nexus.security.user.UserSearchCriteria
users = security.getSecuritySystem().searchUsers(new UserSearchCriteria())
log.info("users=" + users)
Add users and roles:
privileges = [
"nx-search-read",
"nx-repository-view-*-*-read",
"nx-repository-view-*-*-browse",
"nx-repository-view-*-*-add",
"nx-repository-view-*-*-edit",
"nx-apikey-all"]
security.addRole("deployer", "deployer", "deployment on all repositories", privileges, [])
security.addUser(userName, firstName, lastName, email, true, password, ["deployer"])
creating blobstores:
def list = ["dockerGroup", "mynpm", "pippo", "ivy", "dockerhosted", "dockerProxy", "jcenter", "pythonProxy"]
for (item in list) {
log.info("creating blobstore " + item)
blobStore.createFileBlobStore(item, item)
}
creating hosted repositories
import org.sonatype.nexus.repository.storage.WritePolicy; import org.sonatype.nexus.repository.maven.VersionPolicy; import org.sonatype.nexus.repository.storage.WritePolicy import org.sonatype.nexus.repository.maven.LayoutPolicy repository.createDockerHosted(name = 'pippo', httpPort = 8123, httpsPort = null, blobStoreName = 'docker', strictContentTypeValidation=true, v1Enabled=true, writePolicy = WritePolicy.ALLOW, forceBasicAuth=false) repository.createMavenHosted(name = 'ivyhosted', blobStoreName = 'ivy', strictContentTypeValidation = true, versionPolicy = VersionPolicy.RELEASE, writePolicy= WritePolicy.ALLOW_ONCE, layoutPolicy=LayoutPolicy.PERMISSIVE )
You cannot delete anonymous, the only way is to update it:
import org.sonatype.nexus.security.user.*
import org.sonatype.nexus.security.role.*
// the following 6 lines are not required
anonymous = security.getSecuritySystem().getUser("anonymous", "default")
log.info("Anonymous before=" + anonymous)
Set allRoles = security.getSecuritySystem().listRoles();
log.info("allRoles=" + allRoles)
advRole = allRoles.find{it.roleId=='ADVRole'}
log.info("advRole=" + advRole)
// these 2 lines below do the job
advRoleIdentifier = new RoleIdentifier('default', 'ADVRole');
security.getSecuritySystem().setUsersRoles("anonymous", "default", [advRoleIdentifier].toSet())
Script to create/update a role (without affecting existing users using that role, if existing)
import org.sonatype.nexus.security.user.*
import org.sonatype.nexus.security.role.*
import static org.sonatype.nexus.security.user.UserManager.DEFAULT_SOURCE
privileges = [
"nx-search-read",
"nx-repository-view-*-*-read",
"nx-repository-view-*-*-browse",
"nx-repository-view-*-*-add",
"nx-repository-view-*-*-edit",
"nx-apikey-all"
]
createOrUpdateRole("pippo", privileges, [])
createOrUpdateUser("pippouser", [ "pippo", "nx-admin" ])
def createOrUpdateRole(rolename, privileges, roles) {
log.info("calling createOrUpdateRole with parameters rolename=" + rolename + " privileges=" + privileges + " roles=" + roles)
Set allRoles = security.getSecuritySystem().listRoles()
Role role = allRoles.find{it.roleId==rolename}
if (role != null) {
log.info("existing role=" + role)
role.setPrivileges(privileges.toSet())
role.setRoles(roles.toSet())
log.info("updating role=" + role)
// security.securitySystem.getAuthorizationManager(DEFAULT_SOURCE).deleteRole(role.roleId)
security.securitySystem.getAuthorizationManager(DEFAULT_SOURCE).updateRole(role)
log.info("role updated=" + role)
}
else {
log.info("adding role " + rolename)
security.addRole(rolename, rolename, rolename, privileges, roles)
log.info("role " + rolename + " successfully added")
}
}
def createOrUpdateUser(username, roles) {
log.info("calling createOrUpdateUser with parameters username=" + username + " roles=" + roles)
Set allUsers = security.getSecuritySystem().listUsers()
User user = allUsers.find{it.userId == username}
if (user != null) {
log.info("updating existing user=" + user)
Set roleIdentifiers = new HashSet()
roles.each{ role -> roleIdentifiers.add(new RoleIdentifier("default", role))}
security.getSecuritySystem().setUsersRoles(username, "default", roleIdentifiers)
}
else {
security.addUser(username, username, username, username + "@gmail.com", true, username, roles)
}
}
No comments:
Post a Comment