Add support for users, roles and npm

Author: taylorific

cookbooks/boxcutter_sonatype/attributes/default.rb

@@ -20,14 +20,15 @@
     #   '-Dkaraf.log' => '/opt/sonatype-work/nexus3/log ',
     # }
   },
-  'properties' => {
-  },
+  'properties' => {},
+  'repositories' => {},
+  'roles' => {},
+  'users' => {},
   'blobstores' => {
     'default' => {
       'name' => 'default',
       'type' => 'file',
       'path' => 'default',
     },
   },
-  'repositories' => {},
 }

cookbooks/boxcutter_sonatype/libraries/default.rb

@@ -64,19 +64,157 @@ def self.set_realms_active(node, realms)
         end
       end
 
+      # curl -u admin:password \
+      #   -H "accept: application/json" \
+      #   -X GET 'http://127.0.0.1:8081/service/rest/v1/security/realms/available'
+      def self.get_realms_available(node)
+        uri = URI.parse('http://localhost:8081/service/rest/v1/security/realms/available')
+        request = Net::HTTP::Get.new(uri)
+        request.basic_auth(admin_username(node), admin_password(node))
+        request['Accept'] = 'application/json'
+
+        response = Net::HTTP.start(uri.hostname, uri.port) do |http|
+          http.request(request)
+        end
+
+        if response.is_a?(Net::HTTPSuccess)
+          available_realms = JSON.parse(response.body)
+          Chef::Log.info("Available Realms: #{available_realms}")
+        else
+          Chef::Log.error("Failed to query available realms. HTTP Status: #{response.code}")
+        end
+        available_realms
+      end
+
       # curl -u admin:Superseekret63 \
       #   -H "Content-Type: application/json" \
       #   -X GET "http://localhost:8081/service/rest/v1/security/roles"
-      def self.list_roles; end
+      def self.roles_list(node)
+        uri = URI.parse('http://localhost:8081/service/rest/v1/security/roles')
+        request = Net::HTTP::Get.new(uri)
+        request.basic_auth(admin_username(node), admin_password(node))
+        request['Accept'] = 'application/json'
 
-      def self.create_role; end
+        response = Net::HTTP.start(uri.hostname, uri.port) do |http|
+          http.request(request)
+        end
+
+        if response.code.to_i == 200
+          roles = JSON.parse(response.body)
+          Chef::Log.info("Roles: #{roles}")
+          # You can process the repositories as needed here
+        else
+          Chef::Log.error("Failed to get roles: #{response.message}")
+        end
+        roles
+      end
+
+      def self.role_create_payload(role_id, role_config)
+        {
+          'id' => role_id,
+          'name' => role_config['name'],
+          'description' => role_config['description'],
+          'privileges' => role_config['privileges'],
+          'roles' => role_config['roles'],
+        }.to_json
+      end
+
+      def self.role_create(node, role_id, role_config)
+        uri = URI.parse('http://localhost:8081/service/rest/v1/security/roles')
+
+        payload = role_create_payload(role_id, role_config)
+        puts "MISCHA: role_create_payload: #{payload}"
+
+        http = Net::HTTP.new(uri.host, uri.port)
+
+        request = Net::HTTP::Post.new(uri.request_uri, { 'Content-Type' => 'application/json' })
+        request.basic_auth(admin_username(node), admin_password(node))
+        request.body = payload
+
+        response = http.request(request)
+
+        puts "MISCHA: PUT response code: #{response.code}"
+        puts "MISCHA: PUT response body: #{response.body}"
+      end
+
+      def self.role_delete(node, role_id)
+        uri = URI.parse("http://localhost:8081/service/rest/v1/security/roles/#{role_id}")
+        http = Net::HTTP.new(uri.hostname, uri.port)
+
+        request = Net::HTTP::Delete.new(uri)
+        request.basic_auth(admin_username(node), admin_password(node))
+
+        response = http.request(request)
+
+        puts "MISCHA: DELETE response code: #{response.code}"
+        puts "MISCHA: DELETE response body: #{response.body}"
+      end
 
       # curl -u admin:password \
       #   -H "Content-Type: application/json" \
       #   -X GET "http://localhost:8081/service/rest/v1/security/users"
-      def self.list_users; end
+      def self.users_list(node)
+        uri = URI.parse('http://localhost:8081/service/rest/v1/security/users')
+        request = Net::HTTP::Get.new(uri)
+        request.basic_auth(admin_username(node), admin_password(node))
+        request['Accept'] = 'application/json'
+
+        response = Net::HTTP.start(uri.hostname, uri.port) do |http|
+          http.request(request)
+        end
+
+        if response.code.to_i == 200
+          users = JSON.parse(response.body)
+          Chef::Log.info("Users: #{users}")
+          # You can process the repositories as needed here
+        else
+          Chef::Log.error("Failed to get repositories: #{response.message}")
+        end
+        users
+      end
+
+      def self.user_create_payload(user_id, user_config)
+        {
+          'userId' => user_id,
+          'firstName' => user_config['first_name'],
+          'lastName' => user_config['last_name'],
+          'emailAddress' => user_config['email_address'],
+          'password' => user_config['password'],
+          'status' => 'active',
+          'roles' => user_config['roles'],
+        }.to_json
+      end
+
+      def self.user_create(node, user_id, user_config)
+        uri = URI.parse('http://localhost:8081/service/rest/v1/security/users')
 
-      def self.create_user; end
+        payload = user_create_payload(user_id, user_config)
+        puts "MISCHA: user_create_payload: #{payload}"
+
+        http = Net::HTTP.new(uri.host, uri.port)
+
+        request = Net::HTTP::Post.new(uri.request_uri, { 'Content-Type' => 'application/json' })
+        request.basic_auth(admin_username(node), admin_password(node))
+        request.body = payload
+
+        response = http.request(request)
+
+        puts "MISCHA: PUT response code: #{response.code}"
+        puts "MISCHA: PUT response body: #{response.body}"
+      end
+
+      def self.user_delete(node, user_id)
+        uri = URI.parse("http://localhost:8081/service/rest/v1/security/users/#{user_id}")
+        http = Net::HTTP.new(uri.hostname, uri.port)
+
+        request = Net::HTTP::Delete.new(uri)
+        request.basic_auth(admin_username(node), admin_password(node))
+
+        response = http.request(request)
+
+        puts "MISCHA: DELETE response code: #{response.code}"
+        puts "MISCHA: DELETE response body: #{response.body}"
+      end
 
       def self.change_user_password(user_id, new_password); end
 
@@ -265,6 +403,54 @@ def self.repository_create_docker_payload(repository_name, repository_config)
         end
       end
 
+      def self.repository_create_npm_payload(repository_name, repository_config)
+        case repository_config['type']
+        when 'hosted'
+          {
+            'name' => repository_name,
+            'online' => true,
+            'storage' => {
+              'blobStoreName' => repository_config.fetch('storage_blob_store_name', 'default'),
+              'strictContentTypeValidation' => true,
+              'writePolicy' => 'allow',
+            },
+            'cleanup' => {
+              'policyNames' => [],
+            },
+          }.to_json
+        when 'proxy'
+          {
+            'name' => repository_name,
+            'online' => true,
+            'storage' => {
+              'blobStoreName' => repository_config.fetch('storage_blob_store_name', 'default'),
+              'strictContentTypeValidation' => false,
+            },
+            'proxy' => {
+              'remoteUrl' => repository_config['remote_url'],
+              'contentMaxAge' => 1440,
+              'metadataMaxAge' => 1440,
+            },
+            'negativeCache' => {
+              'enabled' => true,
+              'timeToLive' => 1440,
+            },
+            'httpClient' => {
+              'blocked' => false,
+              'autoBlock' => true,
+              'connection' => {
+                'retries' => 0,
+                # 'userAgentSuffix' => 'string',
+                'timeout' => 60,
+                'enableCircularRedirects' => false,
+                'enableCookies' => false,
+                'useTrustStore' => false,
+              },
+            },
+          }.to_json
+        end
+      end
+
       def self.repository_create_pypi_payload(repository_name, repository_config)
         case repository_config['type']
         when 'hosted'
@@ -374,6 +560,8 @@ def self.repository_create(node, repository_name, repository_config)
           payload = repository_create_apt_payload(repository_name, repository_config)
         when 'docker'
           payload = repository_create_docker_payload(repository_name, repository_config)
+        when 'npm'
+          payload = repository_create_npm_payload(repository_name, repository_config)
         when 'pypi'
           payload = repository_create_pypi_payload(repository_name, repository_config)
         when 'raw'

cookbooks/boxcutter_sonatype/recipes/default.rb

@@ -43,9 +43,9 @@
 end
 
 # https://help.sonatype.com/en/download.html
-version = 'nexus-3.76.0-03'
-url = 'https://download.sonatype.com/nexus/3/nexus-3.76.0-03-unix.tar.gz'
-checksum = 'd336a1c1fa3c26ee977ef720707d7bbca660aee5bf7369a9037293910c63c672'
+version = 'nexus-3.76.1-01'
+url = 'https://download.sonatype.com/nexus/3/nexus-3.76.1-01-unix.tar.gz'
+checksum = 'e6a68b903a445fc6b923a2ea922accb336e659a838099f2efb08e382332ff8f1'
 
 tmp_path = ::File.join(Chef::Config[:file_cache_path], ::File.basename(url))
 

cookbooks/boxcutter_sonatype/resources/boxcutter_sonatype_nexus_repository.rb

@@ -13,9 +13,35 @@ class Helpers
     Boxcutter::Sonatype::Helpers.set_realms_active(node, desired_realms)
   end
 
-  # puts "MISCHA: list repositories=#{properties}"
-  # node['boxcutter_sonatype']['nexus_repository']['repositories'] each do |repository_name, repository_info|
-  # end
+  puts "MISCHA: list roles=#{Boxcutter::Sonatype::Helpers.roles_list(node)}"
+  current_role_names = Boxcutter::Sonatype::Helpers.roles_list(node).map { |role| role['id'] }
+  puts "MISCHA: current_role_names=#{current_role_names}"
+  filtered_current_role_names = current_role_names.reject do |user_id|
+    ['nx-admin', 'nx-anonymous'].include?(user_id)
+  end
+  puts "MISCHA: filtered_current_user_names=#{filtered_current_role_names}"
+  desired_roles = node['boxcutter_sonatype']['nexus_repository']['roles']
+  desired_role_names = desired_roles.map { |key, role| role['id'] || key }
+  puts "MISCHA: desired_role_names=#{desired_role_names}"
+  roles_to_delete = filtered_current_role_names - desired_role_names
+  roles_to_delete.each do |role_name|
+    Boxcutter::Sonatype::Helpers.role_delete(node, role_name)
+  end
+
+  puts "MISCHA: list users=#{Boxcutter::Sonatype::Helpers.users_list(node)}"
+  current_user_names = Boxcutter::Sonatype::Helpers.users_list(node).map { |user| user['userId'] }
+  puts "MISCHA: current_user_names=#{current_user_names}"
+  filtered_current_user_names = current_user_names.reject do |user_id|
+    ['anonymous', 'admin'].include?(user_id)
+  end
+  puts "MISCHA: filtered_current_user_names=#{filtered_current_user_names}"
+  desired_users = node['boxcutter_sonatype']['nexus_repository']['users']
+  desired_user_names = desired_users.map { |key, user| user['user_id'] || key }
+  puts "MISCHA: desired_user_names=#{desired_user_names}"
+  users_to_delete = filtered_current_user_names - desired_user_names
+  users_to_delete.each do |user_name|
+    Boxcutter::Sonatype::Helpers.user_delete(node, user_name)
+  end
 
   puts "MISCHA: list blobstores=#{Boxcutter::Sonatype::Helpers.blobstores_list(node)}"
   current_blobstore_names = Boxcutter::Sonatype::Helpers.blobstores_list(node).map { |blobstore| blobstore['name'] }
@@ -28,6 +54,10 @@ class Helpers
     Boxcutter::Sonatype::Helpers.blobstore_delete(node, blobstore_name)
   end
 
+  # puts "MISCHA: list repositories=#{properties}"
+  # node['boxcutter_sonatype']['nexus_repository']['repositories'] each do |repository_name, repository_info|
+  # end
+
   puts "MISCHA: list repositories=#{Boxcutter::Sonatype::Helpers.repositories_list(node)}"
   current_repository_names = Boxcutter::Sonatype::Helpers.repositories_list(node).map { |repo| repo['name'] }
   puts "MISCHA: current_repository_names=#{current_repository_names}"
@@ -39,6 +69,16 @@ class Helpers
     Boxcutter::Sonatype::Helpers.repository_delete(node, repository_name)
   end
 
+  node['boxcutter_sonatype']['nexus_repository']['roles'].each do |role_id, role_config|
+    next if filtered_current_role_names.include?(role_id)
+    Boxcutter::Sonatype::Helpers.role_create(node, role_id, role_config)
+  end
+
+  node['boxcutter_sonatype']['nexus_repository']['users'].each do |user_name, user_config|
+    next if filtered_current_user_names.include?(user_name)
+    Boxcutter::Sonatype::Helpers.user_create(node, user_name, user_config)
+  end
+
   node['boxcutter_sonatype']['nexus_repository']['blobstores'].each do |blobstore_name, blobstore_config|
     next if current_blobstore_names.include?(blobstore_name)
     Boxcutter::Sonatype::Helpers.blobstore_create(node, blobstore_name, blobstore_config)

cookbooks/boxcutter_sonatype/test/cookbooks/boxcutter_sonatype_test/recipes/default.rb

@@ -9,6 +9,31 @@
 # node.run_state['boxcutter_sonatype']['nexus_repository']['admin_username'] = 'chef'
 # node.run_state['boxcutter_sonatype']['nexus_repository']['admin_password'] = 'sucre-canonize-ROADSTER-bashful'
 
+node.default['boxcutter_sonatype']['nexus_repository']['roles'] = {
+  'engineering-read-only' => {
+    'id' => 'engineering-read-only',
+    'name' => 'engineering-read-only',
+    'description' => 'Read-only access to engineering repositories',
+    'privileges' => [
+      'nx-healthcheck-read',
+      'nx-search-read',
+      'nx-repository-view-*-*-read',
+      'nx-repository-view-*-*-browse',
+    ],
+    'roles' => [],
+  },
+}
+node.default['boxcutter_sonatype']['nexus_repository']['users'] = {
+  'chef' => {
+    'user_id' => 'chef',
+    'first_name' => 'Chef',
+    'last_name' => 'User',
+    'email_address' => 'nobody@nowhere.com',
+    'password' => 'superseekret',
+    'roles' => ['nx-admin'],
+  },
+}
+
 node.default['boxcutter_sonatype']['nexus_repository']['blobstores'] = {
   'default' => {
     'name' => 'default',