public_git
/
nexus-vagrant
mirror of https://github.com/rgl/nexus-vagrant.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
nexus-vagrant/provision/provision-nexus/src/main/groovy/provision.groovy

134 lines
6.0 KiB
Groovy
Raw Blame History

// run this file inside the Vagrant environment with bash /vagrant/execute-provision.groovy-script.sh
// see https://books.sonatype.com/nexus-book/3.3/reference/scripting.html
// see https://github.com/sonatype/nexus-book-examples/tree/nexus-3.x/scripting/nexus-script-example
import groovy.json.JsonOutput
import org.sonatype.nexus.security.user.UserSearchCriteria
import org.sonatype.nexus.security.authc.apikey.ApiKeyStore
import org.sonatype.nexus.security.realm.RealmManager
import org.apache.shiro.subject.SimplePrincipalCollection
import org.sonatype.nexus.scheduling.TaskScheduler
import org.sonatype.nexus.scheduling.schedule.Daily
// create a raw repository backed by the default blob store.
// see https://github.com/sonatype/nexus-book-examples/blob/nexus-3.x/scripting/complex-script/rawRepositories.groovy
// see https://books.sonatype.com/nexus-book/3.3/reference/raw.html#_uploading_files_to_hosted_raw_repositories
repository.createRawHosted("adhoc-package", "default")
// create a npm repository backed by the default blob store.
repository.createNpmHosted("npm-hosted", "default")
// create a npm proxy repository backed by the default blob store.
// see http://books.sonatype.com/nexus-book/reference3/npm.html
repository.createNpmProxy("npmjs.org-proxy", "https://registry.npmjs.org", "default")
// create a npm group repository that merges the npm-host and npmjs.org-proxy together.
repository.createNpmGroup("npm-group", ["npm-hosted", "npmjs.org-proxy"], "default")
// see http://stackoverflow.com/questions/8138164/groovy-generate-random-string-from-given-character-set
def random(String alphabet, int n) {
new Random().with {
(1..n).collect { alphabet[nextInt(alphabet.length())] }.join()
}
}
jenkinsPassword = random((('A'..'Z')+('a'..'z')+('0'..'9')).join(), 16)
// set the base url. this is used when sending emails.
// see https://books.sonatype.com/nexus-book/3.3/reference/admin.html#admin-base-url
core.baseUrl("https://" + java.net.InetAddress.getLocalHost().getCanonicalHostName())
// schedule a task to remove old snapshots from the maven-snapshots repository.
// see https://github.com/sonatype/nexus-public/blob/555cc59e7fa659c0a1a4fbc881bf3fcef0e9a5b6/components/nexus-scheduling/src/main/java/org/sonatype/nexus/scheduling/TaskScheduler.java
// see https://github.com/sonatype/nexus-public/blob/555cc59e7fa659c0a1a4fbc881bf3fcef0e9a5b6/plugins/nexus-coreui-plugin/src/main/java/org/sonatype/nexus/coreui/TaskComponent.groovy
taskScheduler = (TaskScheduler)container.lookup(TaskScheduler.class.getName())
taskConfiguration = taskScheduler.createTaskConfigurationInstance("repository.maven.remove-snapshots")
taskConfiguration.name = "remove old snapshots from the maven-snapshots repository"
// NB to see the available properties uncomment the tasksDescriptors property from JsonOutput.toJson at the end of this script.
taskConfiguration.setString("repositoryName", "maven-snapshots")
taskConfiguration.setString("minimumRetained", "1")
taskConfiguration.setString("snapshotRetentionDays", "30")
// TODO taskConfiguration.setAlertEmail("TODO")
taskScheduler.scheduleTask(taskConfiguration, new Daily(new Date().clearTime().next()))
// enable the NuGet API-Key Realm.
realmManager = container.lookup(RealmManager.class.getName())
realmManager.enableRealm("NuGetApiKey")
// enable the npm Bearer Token Realm.
realmManager.enableRealm("NpmToken")
// the intent is to get or create an NuGet API Key like the one we can see on the user page:
// http://nexus.example.com:8081/#user/nugetapitoken.
def getOrCreateNuGetApiKey(String userName) {
realmName = "NexusAuthenticatingRealm"
apiKeyDomain = "NuGetApiKey"
principal = new SimplePrincipalCollection(userName, realmName)
keyStore = container.lookup(ApiKeyStore.class.getName())
apiKey = keyStore.getApiKey(apiKeyDomain, principal)
if (apiKey == null) {
apiKey = keyStore.createApiKey(apiKeyDomain, principal)
}
return apiKey.toString()
}
// create users in the deployer role.
// see https://github.com/sonatype/nexus-book-examples/blob/nexus-3.x/scripting/complex-script/security.groovy#L38
def addDeployerUser(firstName, lastName, email, userName, password) {
if (!security.securitySystem.listRoles().any { it.getRoleId() == "deployer" }) {
privileges = [
"nx-search-read",
"nx-repository-view-*-*-read",
"nx-repository-view-*-*-browse",
"nx-repository-view-*-*-add",
"nx-repository-view-*-*-edit",
"nx-apikey-all"]
security.addRole("deployer", "deployer", "deployment on all repositories", privileges, [])
}
try {
user = security.securitySystem.getUser(userName);
} catch (org.sonatype.nexus.security.user.UserNotFoundException e) {
user = security.addUser(userName, firstName, lastName, email, true, password, ["deployer"])
}
nuGetApiKey = getOrCreateNuGetApiKey(userName)
}
addDeployerUser("Jenkins", "Doe", "jenkins@example.com", "jenkins", jenkinsPassword)
addDeployerUser("Alice", "Doe", "alice.doe@example.com", "alice.doe", "password")
addDeployerUser("Bob", "Doe", "bob.doe@example.com", "bob.doe", "password")
// get the jenkins NuGet API Key.
jenkinsNuGetApiKey = getOrCreateNuGetApiKey("jenkins")
realms = realmManager.getConfiguration().getRealmNames()
users = security.securitySystem.searchUsers(new UserSearchCriteria())
repositories = repository.repositoryManager.browse().collect { [name:it.name,type:it.type.value] }
return JsonOutput.toJson([
/*tasksDescriptors: taskScheduler.taskFactory.descriptors.collect { [
id: it.id,
name: it.name,
exposed: it.exposed,
formFields: it.formFields?.collect { [
id: it.id,
type: it.type,
label: it.label,
helpText: it.helpText,
required: it.required,
regexValidation: it.regexValidation,
initialValue: it.initialValue,
] }
] },*/
realms: realms.sort { it },
users: users.sort { it.userId },
repositories: repositories.sort { it.name },
])
Reference in New Issue View Git Blame Copy Permalink