This repository has been archived by the owner on Jan 25, 2022. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add script to sync jenkins role setting
This is related with http://reviews.cloudfoundry.org/#/c/12321/. Running this script could sync the current admins and role setting to deployment manifest. Change-Id: I5f2389d92f999dc8de2be622720654e13abcddbc
- Loading branch information
Showing
3 changed files
with
143 additions
and
37 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
require "logger" | ||
require "optparse" | ||
require "set" | ||
require "tmpdir" | ||
require "yaml" | ||
|
||
def system!(logger, cmd) | ||
logger.info("+ #{cmd}") | ||
unless system(cmd) | ||
raise "Failed executing '#{cmd}'" | ||
end | ||
|
||
true | ||
end | ||
|
||
def parse_jenkins_ip(manifest_path) | ||
manifest = YAML.load_file(manifest_path) | ||
unless jobs = manifest["jobs"] | ||
raise "No jobs found in manifest" | ||
end | ||
|
||
jenkins_job = jobs.select {|j| j["name"] == "jenkins"}.first | ||
unless jenkins_job | ||
raise "Jenkins job not found in manifest" | ||
end | ||
|
||
unless networks = jenkins_job["networks"] | ||
raise "No networks found for jenkins" | ||
end | ||
|
||
nets = Set.new(%w[jenkins default]) | ||
net = networks.select {|n| nets.include?(n["name"]) }.first | ||
unless net | ||
raise "No network found" | ||
end | ||
|
||
unless ips = net["static_ips"] | ||
raise "No static ips found in jenkins default network" | ||
end | ||
|
||
ips.first | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,100 @@ | ||
require "logger" | ||
require "optparse" | ||
require "set" | ||
require "tmpdir" | ||
require "yaml" | ||
require 'rexml/document' | ||
include REXML | ||
|
||
require File.expand_path(File.dirname(__FILE__) + '/sync_jenkins_common.rb') | ||
|
||
ADMIN_MEMBER_PATH = "hudson/authorizationStrategy/roleMap[@type='globalRoles']/role[@name='admin']/assignedSIDs/sid" | ||
ROLE_PATH = "hudson/authorizationStrategy/roleMap[@type='projectRoles']/role" | ||
|
||
def fetch_jenkins_config(logger, jenkins_ip) | ||
jenkins_config_dir = Dir.mktmpdir | ||
config_local_copy = File.expand_path("config.xml", jenkins_config_dir) | ||
cmd = ["rsync -e ssh -az ", | ||
"vcap@#{jenkins_ip}:/var/vcap/store/jenkins/config.xml", | ||
config_local_copy].join(" ") | ||
system!(logger, cmd) | ||
config_local_copy | ||
end | ||
|
||
def sync_role_info(logger, manifest_path, jenkins_config) | ||
manifest = YAML.load_file(manifest_path) | ||
config_xml = Document.new(File.new(jenkins_config)) | ||
|
||
# sync admin members | ||
admins = Array.new | ||
config_xml.each_element(ADMIN_MEMBER_PATH){ |admin| | ||
admins.push(admin.text) | ||
} | ||
manifest['properties']['jenkins']['admins'] = admins | ||
|
||
# sync roles | ||
role_setting = Array.new | ||
config_xml.each_element(ROLE_PATH){ |role| | ||
members = Array.new | ||
role.each_element("assignedSIDs/sid"){ |member| | ||
members.push(member.text) | ||
} | ||
role_setting.push({'name' => role.attributes['name'], 'regex' => role.attributes['pattern'], 'members' => members.join(",") }) | ||
} | ||
manifest['properties']['jenkins']['views'] = role_setting | ||
|
||
# save updated manifest yaml | ||
File.open(manifest_path, 'w') do |out| | ||
YAML.dump(manifest, out) | ||
end | ||
|
||
# remove trailing blankspace generated by YAML.dump | ||
system!(logger, "sed -i 's/[ \t]*$//' #{manifest_path}") | ||
end | ||
|
||
|
||
opts = { | ||
:verbose => false, | ||
} | ||
|
||
opt_parser = OptionParser.new do |op| | ||
op.banner = "Synchronize live Jenkins job configs with a release repo\n\n" | ||
|
||
op.on("-v", "--verbose", "Print debugging information") do | ||
opts[:verbose] = true | ||
end | ||
|
||
end | ||
opt_parser.parse!(ARGV) | ||
|
||
unless ARGV.length == 1 | ||
puts "Usage: sync_jenkins_roles.rb [/path/to/deployment_manifest]" | ||
puts | ||
puts opt_parser.help | ||
exit 1 | ||
end | ||
|
||
logger = Logger.new(STDOUT) | ||
if opts[:verbose] | ||
logger.level = Logger::DEBUG | ||
else | ||
logger.level = Logger::INFO | ||
end | ||
|
||
manifest_path = ARGV[0] | ||
|
||
begin | ||
jenkins_ip = parse_jenkins_ip(manifest_path) | ||
logger.info("Found jenkins ip: #{jenkins_ip}") | ||
|
||
jenkins_config = fetch_jenkins_config(logger, jenkins_ip) | ||
logger.info("Fetch jenkins config") | ||
|
||
sync_role_info(logger, manifest_path, jenkins_config) | ||
logger.info("Synchronizing role information") | ||
|
||
logger.info("Done") | ||
rescue => e | ||
logger.error(e.to_s) | ||
logger.debug(e.backtrace.join("\n")) if e.backtrace | ||
end |