use the nexus api to retrieve the nuget api key

README.md

@@ -2,12 +2,13 @@ This is a Vagrant Environment for a [Nexus Repository OSS](https://github.com/so
 
 This will:
 
+* Configure Nexus through the API.
+  * Configure the NuGet `nuget-hosted` repository to accept pushing with an API key.
 * Configure Nexus through Groovy scripts.
   * Create the `adhoc-package` repository.
   * Create the `npm-group`, `npm-hosted` and `npmjs.org-proxy` repositories.
   * Create the `chocolatey-group`, `chocolatey-hosted` and `chocolatey.org-proxy` repositories.
   * Create the `powershell-group`, `powershell-hosted` and `powershellgallery.com-proxy` repositories.
-  * Configure the NuGet `nuget-hosted` repository to accept pushing with an API key.
   * Schedule a task to remove the old snapshots from the `maven-snapshots` repository.
   * Create users and a custom `deployer` role.
   * Setup an Active Directory LDAP user authentication source (when `config_authentication='ldap'` is set inside the `provision-nexus.sh` file).

provision/provision-nexus/src/main/groovy/get-jenkins-nuget-api-key.groovy

@@ -1,16 +0,0 @@
-import groovy.json.JsonOutput
-import org.sonatype.nexus.security.authc.apikey.ApiKeyStore
-import org.apache.shiro.subject.SimplePrincipalCollection
-
-def getNuGetApiKey(String userName) {
-    realmName = "NexusAuthenticatingRealm"
-    apiKeyDomain = "NuGetApiKey"
-    principal = new SimplePrincipalCollection(userName, realmName)
-    keyStore = container.lookup(ApiKeyStore.class.getName())
-    apiKey = keyStore.getApiKey(apiKeyDomain, principal)
-    return apiKey.toString()
-}
-
-return JsonOutput.toJson([
-    apiKey: getNuGetApiKey("jenkins"),
-])

provision/provision-nexus/src/main/groovy/provision.groovy

@@ -6,7 +6,6 @@ import groovy.json.JsonOutput
 import org.sonatype.nexus.capability.CapabilityRegistry
 import org.sonatype.nexus.repository.config.WritePolicy
 import org.sonatype.nexus.security.user.UserSearchCriteria
-import org.sonatype.nexus.security.authc.apikey.ApiKeyStore
 import org.sonatype.nexus.security.realm.RealmManager
 import org.apache.shiro.subject.SimplePrincipalCollection
 import org.sonatype.nexus.scheduling.TaskScheduler
@@ -93,15 +92,6 @@ repository.createDockerProxy("docker-hub-proxy", "https://registry-1.docker.io",
 repository.createDockerGroup("docker-group", 6001, null, ["docker-hosted", "docker-hub-proxy"], true, "default", true)
 
 
-// see http://stackoverflow.com/questions/8138164/groovy-generate-random-string-from-given-character-set
-def random(String alphabet, int n) {
-    new Random().with {
-        (1..n).collect { alphabet[nextInt(alphabet.length())] }.join()
-    }
-}
-jenkinsPassword = random((('A'..'Z')+('a'..'z')+('0'..'9')).join(), 16)
-
-
 // set the base url. this is used when sending emails.
 // see https://help.sonatype.com/display/NXRM3/Configuration#Configuration-BaseURLCreation
 core.baseUrl("https://" + java.net.InetAddress.localHost.canonicalHostName)
@@ -141,20 +131,6 @@ security.anonymousAccess = true
 //    password is easier to remember.
 security.securitySystem.changePassword('admin', 'admin')
 
-// the intent is to get or create an NuGet API Key like the one we can see on the user page:
-// http://nexus.example.com:8081/#user/nugetapitoken.
-def getOrCreateNuGetApiKey(String userName) {
-    realmName = "NexusAuthenticatingRealm"
-    apiKeyDomain = "NuGetApiKey"
-    principal = new SimplePrincipalCollection(userName, realmName)
-    keyStore = container.lookup(ApiKeyStore.class.name)
-    apiKey = keyStore.getApiKey(apiKeyDomain, principal)
-    if (apiKey == null) {
-        apiKey = keyStore.createApiKey(apiKeyDomain, principal)
-    }
-    return apiKey.toString()
-}
-
 
 // create users in the deployer role.
 // see https://github.com/sonatype/nexus-book-examples/blob/nexus-3.x/scripting/complex-script/security.groovy#L38
@@ -174,16 +150,11 @@ def addDeployerUser(firstName, lastName, email, userName, password) {
     } catch (org.sonatype.nexus.security.user.UserNotFoundException e) {
         user = security.addUser(userName, firstName, lastName, email, true, password, ["deployer"])
     }
-    nuGetApiKey = getOrCreateNuGetApiKey(userName)
 }
-addDeployerUser("Jenkins", "Doe", "jenkins@example.com", "jenkins", jenkinsPassword)
+addDeployerUser("Jenkins", "Doe", "jenkins@example.com", "jenkins", "password")
 addDeployerUser("Alice", "Doe", "alice.doe@example.com", "alice.doe", "password")
 addDeployerUser("Bob", "Doe", "bob.doe@example.com", "bob.doe", "password")
 
-
-// get the jenkins NuGet API Key.
-jenkinsNuGetApiKey = getOrCreateNuGetApiKey("jenkins")
-
 realms = realmManager.configuration.realmNames
 users = security.securitySystem.searchUsers(new UserSearchCriteria())
 repositories = repository.repositoryManager.browse().collect { [name:it.name,type:it.type.value] }

provision/use-nuget-repository.sh

@@ -3,7 +3,29 @@ set -euxo pipefail
 
 nexus_domain=$(hostname --fqdn)
 
-. /vagrant/provision/nexus-groovy.sh
+# see the requests made when using https://nexus.example.com/#user/nugetapitoken UI.
+function get-jenkins-nuget-api-key {
+  local username='jenkins'
+  local password='password'
+  local user_token=$(http \
+    -a "$username:$password" \
+    --ignore-stdin \
+    --check-status \
+    POST https://$nexus_domain/service/extdirect \
+    action=rapture_Security \
+    method=authenticationToken \
+    type=rpc \
+    tid:=0 \
+    data:="[\"$(echo -n "$username" | base64 -w0)\",\"$(echo -n "$password" | base64 -w0)\"]" \
+    | jq -r .result.data)
+  http \
+    -a "$username:$password" \
+    --ignore-stdin \
+    --check-status \
+    GET https://$nexus_domain/service/rest/internal/nuget-api-key \
+    authToken=="$(echo -n "$user_token" | base64 -w0)" \
+    | jq -r .apiKey
+}
 
 mkdir -p tmp/use-nuget-repository && cd tmp/use-nuget-repository
 
@@ -19,7 +41,7 @@ fi
 
 nuget_source_url=https://$nexus_domain/repository/nuget-group/index.json
 nuget_source_push_url=https://$nexus_domain/repository/nuget-hosted/
-nuget_source_push_api_key=$(nexus-groovy get-jenkins-nuget-api-key | jq -r '.result | fromjson | .apiKey')
+nuget_source_push_api_key=$(get-jenkins-nuget-api-key)
 echo -n $nuget_source_push_api_key >/vagrant/shared/jenkins-nuget-api-key
 nuget_source_push_api_key="$(cat /vagrant/shared/jenkins-nuget-api-key)"