Add option to pass User public ssh key to Gerrit

Currently CI/CD application allows to specify default user for work with Gerrit, but for normal workflow we need to set ssh public key via Gerrit UI for having access to clone projects and upload patches. It's ok for new users, but for fast start we need way to speicify this key on configuration step, before deployment start. This aptch adds new field of ssh key for CI/CD application and for Gerrit application. Specified key will be automatically added to specified user after deployment Gerrit service. In script we add check for each option. If this option is not empty we add it to list of options, otherwise we ignore it. Change-Id: I8f10f5153ab30361944437fe27e8842420371363
2016-05-30 13:02:50 +03:00 · 2016-05-30 13:02:50 +03:00 · a59b349708
commit a59b349708
parent a02dd616a7
6 changed files with 75 additions and 5 deletions
--- a/murano-apps/CiCdEnvironment/package/Classes/CiCdEnvironment.yaml
+++ b/murano-apps/CiCdEnvironment/package/Classes/CiCdEnvironment.yaml
@ -33,6 +33,8 @@ Properties:
    Contract: $.string()
  ldapEmail:
    Contract: $.string()
  userSSH:
    Contract: $.string()
  instance_name:
    Contract: $.string().notNull()
@ -94,7 +96,8 @@ Methods:
          - $this.gerrit: new(ci_cd_pipeline_murano_app:Gerrit, $this,
              name => 'Gerrit',
              instance => $gerritInstance,
-              ldap => $this.ldap)
+              ldap => $this.ldap,
              userSSH => $this.userSSH)
      # Jenkins
      # set user and mail for accessing to Gerrit from Jenkins
--- a/murano-apps/CiCdEnvironment/package/UI/ui.yaml
+++ b/murano-apps/CiCdEnvironment/package/UI/ui.yaml
@ -10,6 +10,7 @@ Application:
  ldapUser: $.appConfiguration.ldapUser
  ldapPass: $.appConfiguration.ldapPass
  ldapEmail: $.appConfiguration.ldapEmail
  userSSH: $.appConfiguration.userSSH
  instance_name: generateHostname($.instanceConfiguration.unitNamingPattern, 1)
  flavor: $.instanceConfiguration.flavor
  image: $.instanceConfiguration.osImage
@ -71,6 +72,14 @@ Forms:
          descriptionTitle: Regular user Email
          description: >-
            Please, provide regular user email
        - name: userSSH
          type: string
          initial: ''
          label: User ssh key
          required: false
          descriptionTitle: User public ssh key
          description: >-
            Please, provide user public ssh key
  - instanceConfiguration:
      fields:
        - name: title
--- a/murano-apps/Gerrit/package/Classes/Gerrit.yaml
+++ b/murano-apps/Gerrit/package/Classes/Gerrit.yaml
@ -21,6 +21,8 @@ Properties:
    Default: 'http://tarballs.openstack.org/ci/test/gerrit-v2.11.9.3.eb6e48d.war'
  ldap:
    Contract: $.class(ci_cd_pipeline_murano_app:OpenLDAP)
  userSSH:
    Contract: $.string()
 Methods:
  initialize:
@ -72,6 +74,11 @@ Methods:
      - $._deployGerrit()
      - $._environment.reporter.report($this, 'Switching gerrit to a local project-config')
      - $._switchProjectConfig()
      - If: $.ldap != null and not $.userSSH in [null, ''] and not $.ldap.ldapUser in [null, '']
        Then:
          - $._environment.reporter.report($this, "Adding user's SSH public key to Gerrit.")
          - $.createAccount('', $.ldap.ldapUser, $.ldap.ldapEmail, $.userSSH, $.ldap.ldapUser)
      - $._environment.reporter.report($this, 'Gerrit is deployed.')
      - $.setAttr(deployed, true)
@ -112,6 +119,8 @@ Methods:
      - $.instance.setHieraValue('ldap_domain', $.ldap.domain)
      - $.instance.setHieraValue('ldap_root_user', $.ldap.ldapRootUser)
      - $.instance.setHieraValue('ldap_root_password', $.ldap.ldapRootPass)
      - $.instance.setHieraValue('ldap_user', $.ldap.ldapUser)
      - $.instance.setHieraValue('ldap_password', $.ldap.ldapPass)
  createConfiguration:
    Body:
@ -161,7 +170,7 @@ Methods:
  createAccount:
    Arguments:
      - group:
-          Contract: $.string().notNull()
+          Contract: $.string()
      - fullName:
          Contract: $.string().notNull()
      - email:
--- a/murano-apps/Gerrit/package/Resources/scripts/create_account.sh
+++ b/murano-apps/Gerrit/package/Resources/scripts/create_account.sh
@ -14,14 +14,40 @@ NAME="$6"
 HOSTNAME="`hostname -f`"
 create_args=
 set_args=
 # check group
 if [ ! -z "${GROUP}" ] ; then
    create_args+="--group \'${GROUP}\' "
 fi
 # check full name
 if [ ! -z "${FULL_NAME}" ] ; then
    create_args+="--full-name \'${FULL_NAME}\' "
    set_args+="--full-name \'${FULL_NAME}\' "
 fi
 # check email
 if [ ! -z "${EMAIL}" ] ; then
    create_args+="--email $EMAIL "
    set_args+="--add-email $EMAIL "
 fi
 # check ssh
 if [ ! -z "${SSHKEY}" ] ; then
    create_args+="--ssh-key \'${SSHKEY}\' "
    set_args+="--add-ssh-key \'${SSHKEY}\' "
 fi
 set +e
 su gerrit2 -c "ssh -p 29418 -i /home/gerrit2/review_site/etc/ssh_project_rsa_key project-creator@$HOSTNAME \
-gerrit create-account --group \'${GROUP}\' --full-name \'${FULL_NAME}\' --email $EMAIL --ssh-key \'${SSHKEY}\' $NAME"
+gerrit create-account ${create_args[@]} $NAME"
 code=$?
 if [ $code -ne 0 ]; then
  # Do not create account but set related properties.
  su gerrit2 -c "ssh -p 29418 -i /home/gerrit2/review_site/etc/ssh_project_rsa_key project-creator@$HOSTNAME \
-  gerrit set-account --full-name \'${FULL_NAME}\' --add-email $EMAIL --add-ssh-key \'${SSHKEY}\' $NAME"
+  gerrit set-account ${set_args[@]} $NAME"
-fi
+fi
--- a/murano-apps/Gerrit/package/Resources/scripts/create_projects.pp
+++ b/murano-apps/Gerrit/package/Resources/scripts/create_projects.pp
@ -3,6 +3,9 @@ $db_root_password = hiera('gerrit_db_root_password')
 $admin_user     = hiera('ldap_root_user')
 $admin_password = hiera('ldap_root_password')
 $user     = hiera('ldap_user')
 $password = hiera('ldap_password')
 $project_user       = 'project-creator'
 $project_user_id    = 99
 $project_user_key   = hiera('gerrit_ssh_project_rsa_pubkey_contents')
@ -83,3 +86,14 @@ logrotate::file { 'manage_projects.log':
    ],
    require => Exec['upload_gerrit_projects'],
 }
 if $user {
    exec { 'first_user_login':
         command     => "/usr/bin/curl -s -o /tmp/hhhh -w \"%{http_code}\" -k -X POST -d \"username=${user}\" -d \"password=${password}\" https://${fqdn}/login | grep -q 302",
         try_sleep   => 10,
         tries       => 6,
         refreshonly => true,
         subscribe => Logrotate::File['manage_projects.log'],
    }
 }
--- a/murano-apps/Gerrit/package/UI/ui.yaml
+++ b/murano-apps/Gerrit/package/UI/ui.yaml
@ -6,6 +6,7 @@ Application:
  name: $.appConfiguration.name
  warUrl: $.appConfiguration.warUrl
  ldap: $.appConfiguration.OpenLDAP
  userSSH: $.appConfiguration.userSSH
  instance:
    ?:
      type: org.openstack.ci_cd_pipeline_murano_app.puppet.PuppetInstance
@ -45,6 +46,14 @@ Forms:
          required: false
          description: >-
            Specify OpenLDAP domain for authentication
        - name: userSSH
          type: string
          initial: ''
          label: User ssh key
          required: false
          descriptionTitle: User public ssh key
          description: >-
            Please, provide user public ssh key
  - instanceConfiguration:
      fields:
        - name: title