use the nexus api to retrieve the nuget api key
This commit is contained in:
Rui Lopes
parent
7ce73f9e07
commit
d39103bbb1
|
|
@ -2,12 +2,13 @@ This is a Vagrant Environment for a [Nexus Repository OSS](https://github.com/so
|
|||
|
||||
This will:
|
||||
|
||||
* Configure Nexus through the API.
|
||||
* Configure the NuGet `nuget-hosted` repository to accept pushing with an API key.
|
||||
* Configure Nexus through Groovy scripts.
|
||||
* Create the `adhoc-package` repository.
|
||||
* Create the `npm-group`, `npm-hosted` and `npmjs.org-proxy` repositories.
|
||||
* Create the `chocolatey-group`, `chocolatey-hosted` and `chocolatey.org-proxy` repositories.
|
||||
* Create the `powershell-group`, `powershell-hosted` and `powershellgallery.com-proxy` repositories.
|
||||
* Configure the NuGet `nuget-hosted` repository to accept pushing with an API key.
|
||||
* Schedule a task to remove the old snapshots from the `maven-snapshots` repository.
|
||||
* Create users and a custom `deployer` role.
|
||||
* Setup an Active Directory LDAP user authentication source (when `config_authentication='ldap'` is set inside the `provision-nexus.sh` file).
|
||||
|
|
|
|||
|
|
@ -1,16 +0,0 @@
|
|||
import groovy.json.JsonOutput
|
||||
import org.sonatype.nexus.security.authc.apikey.ApiKeyStore
|
||||
import org.apache.shiro.subject.SimplePrincipalCollection
|
||||
|
||||
def getNuGetApiKey(String userName) {
|
||||
realmName = "NexusAuthenticatingRealm"
|
||||
apiKeyDomain = "NuGetApiKey"
|
||||
principal = new SimplePrincipalCollection(userName, realmName)
|
||||
keyStore = container.lookup(ApiKeyStore.class.getName())
|
||||
apiKey = keyStore.getApiKey(apiKeyDomain, principal)
|
||||
return apiKey.toString()
|
||||
}
|
||||
|
||||
return JsonOutput.toJson([
|
||||
apiKey: getNuGetApiKey("jenkins"),
|
||||
])
|
||||
|
|
@ -6,7 +6,6 @@ import groovy.json.JsonOutput
|
|||
import org.sonatype.nexus.capability.CapabilityRegistry
|
||||
import org.sonatype.nexus.repository.config.WritePolicy
|
||||
import org.sonatype.nexus.security.user.UserSearchCriteria
|
||||
import org.sonatype.nexus.security.authc.apikey.ApiKeyStore
|
||||
import org.sonatype.nexus.security.realm.RealmManager
|
||||
import org.apache.shiro.subject.SimplePrincipalCollection
|
||||
import org.sonatype.nexus.scheduling.TaskScheduler
|
||||
|
|
@ -93,15 +92,6 @@ repository.createDockerProxy("docker-hub-proxy", "https://registry-1.docker.io",
|
|||
repository.createDockerGroup("docker-group", 6001, null, ["docker-hosted", "docker-hub-proxy"], true, "default", true)
|
||||
|
||||
|
||||
// see http://stackoverflow.com/questions/8138164/groovy-generate-random-string-from-given-character-set
|
||||
def random(String alphabet, int n) {
|
||||
new Random().with {
|
||||
(1..n).collect { alphabet[nextInt(alphabet.length())] }.join()
|
||||
}
|
||||
}
|
||||
jenkinsPassword = random((('A'..'Z')+('a'..'z')+('0'..'9')).join(), 16)
|
||||
|
||||
|
||||
// set the base url. this is used when sending emails.
|
||||
// see https://help.sonatype.com/display/NXRM3/Configuration#Configuration-BaseURLCreation
|
||||
core.baseUrl("https://" + java.net.InetAddress.localHost.canonicalHostName)
|
||||
|
|
@ -141,20 +131,6 @@ security.anonymousAccess = true
|
|||
// password is easier to remember.
|
||||
security.securitySystem.changePassword('admin', 'admin')
|
||||
|
||||
// the intent is to get or create an NuGet API Key like the one we can see on the user page:
|
||||
// http://nexus.example.com:8081/#user/nugetapitoken.
|
||||
def getOrCreateNuGetApiKey(String userName) {
|
||||
realmName = "NexusAuthenticatingRealm"
|
||||
apiKeyDomain = "NuGetApiKey"
|
||||
principal = new SimplePrincipalCollection(userName, realmName)
|
||||
keyStore = container.lookup(ApiKeyStore.class.name)
|
||||
apiKey = keyStore.getApiKey(apiKeyDomain, principal)
|
||||
if (apiKey == null) {
|
||||
apiKey = keyStore.createApiKey(apiKeyDomain, principal)
|
||||
}
|
||||
return apiKey.toString()
|
||||
}
|
||||
|
||||
|
||||
// create users in the deployer role.
|
||||
// see https://github.com/sonatype/nexus-book-examples/blob/nexus-3.x/scripting/complex-script/security.groovy#L38
|
||||
|
|
@ -174,16 +150,11 @@ def addDeployerUser(firstName, lastName, email, userName, password) {
|
|||
} catch (org.sonatype.nexus.security.user.UserNotFoundException e) {
|
||||
user = security.addUser(userName, firstName, lastName, email, true, password, ["deployer"])
|
||||
}
|
||||
nuGetApiKey = getOrCreateNuGetApiKey(userName)
|
||||
}
|
||||
addDeployerUser("Jenkins", "Doe", "jenkins@example.com", "jenkins", jenkinsPassword)
|
||||
addDeployerUser("Jenkins", "Doe", "jenkins@example.com", "jenkins", "password")
|
||||
addDeployerUser("Alice", "Doe", "alice.doe@example.com", "alice.doe", "password")
|
||||
addDeployerUser("Bob", "Doe", "bob.doe@example.com", "bob.doe", "password")
|
||||
|
||||
|
||||
// get the jenkins NuGet API Key.
|
||||
jenkinsNuGetApiKey = getOrCreateNuGetApiKey("jenkins")
|
||||
|
||||
realms = realmManager.configuration.realmNames
|
||||
users = security.securitySystem.searchUsers(new UserSearchCriteria())
|
||||
repositories = repository.repositoryManager.browse().collect { [name:it.name,type:it.type.value] }
|
||||
|
|
|
|||
|
|
@ -3,7 +3,29 @@ set -euxo pipefail
|
|||
|
||||
nexus_domain=$(hostname --fqdn)
|
||||
|
||||
. /vagrant/provision/nexus-groovy.sh
|
||||
# see the requests made when using https://nexus.example.com/#user/nugetapitoken UI.
|
||||
function get-jenkins-nuget-api-key {
|
||||
local username='jenkins'
|
||||
local password='password'
|
||||
local user_token=$(http \
|
||||
-a "$username:$password" \
|
||||
--ignore-stdin \
|
||||
--check-status \
|
||||
POST https://$nexus_domain/service/extdirect \
|
||||
action=rapture_Security \
|
||||
method=authenticationToken \
|
||||
type=rpc \
|
||||
tid:=0 \
|
||||
data:="[\"$(echo -n "$username" | base64 -w0)\",\"$(echo -n "$password" | base64 -w0)\"]" \
|
||||
| jq -r .result.data)
|
||||
http \
|
||||
-a "$username:$password" \
|
||||
--ignore-stdin \
|
||||
--check-status \
|
||||
GET https://$nexus_domain/service/rest/internal/nuget-api-key \
|
||||
authToken=="$(echo -n "$user_token" | base64 -w0)" \
|
||||
| jq -r .apiKey
|
||||
}
|
||||
|
||||
mkdir -p tmp/use-nuget-repository && cd tmp/use-nuget-repository
|
||||
|
||||
|
|
@ -19,7 +41,7 @@ fi
|
|||
|
||||
nuget_source_url=https://$nexus_domain/repository/nuget-group/index.json
|
||||
nuget_source_push_url=https://$nexus_domain/repository/nuget-hosted/
|
||||
nuget_source_push_api_key=$(nexus-groovy get-jenkins-nuget-api-key | jq -r '.result | fromjson | .apiKey')
|
||||
nuget_source_push_api_key=$(get-jenkins-nuget-api-key)
|
||||
echo -n $nuget_source_push_api_key >/vagrant/shared/jenkins-nuget-api-key
|
||||
nuget_source_push_api_key="$(cat /vagrant/shared/jenkins-nuget-api-key)"
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue