Add option to pass User public ssh key to Gerrit

Currently CI/CD application allows to specify default user for work with Gerrit, but for normal workflow we need to set ssh public key via Gerrit UI for having access to clone projects and upload patches. It's ok for new users, but for fast start we need way to speicify this key on configuration step, before deployment start. This aptch adds new field of ssh key for CI/CD application and for Gerrit application. Specified key will be automatically added to specified user after deployment Gerrit service. In script we add check for each option. If this option is not empty we add it to list of options, otherwise we ignore it. Change-Id: I8f10f5153ab30361944437fe27e8842420371363
2016-05-30 13:02:50 +03:00 · 2016-05-30 13:02:50 +03:00 · a59b349708
commit a59b349708
parent a02dd616a7
6 changed files with 75 additions and 5 deletions
--- a/murano-apps/CiCdEnvironment/package/Classes/CiCdEnvironment.yaml
+++ b/murano-apps/CiCdEnvironment/package/Classes/CiCdEnvironment.yaml
@ -33,6 +33,8 @@ Properties:
    Contract: $.string()
  ldapEmail:
    Contract: $.string()
+  userSSH:
+    Contract: $.string()

  instance_name:
    Contract: $.string().notNull()
@ -94,7 +96,8 @@ Methods:
          - $this.gerrit: new(ci_cd_pipeline_murano_app:Gerrit, $this,
              name => 'Gerrit',
              instance => $gerritInstance,
-              ldap => $this.ldap)
+              ldap => $this.ldap,
+              userSSH => $this.userSSH)

      # Jenkins
      # set user and mail for accessing to Gerrit from Jenkins
--- a/murano-apps/CiCdEnvironment/package/UI/ui.yaml
+++ b/murano-apps/CiCdEnvironment/package/UI/ui.yaml
@ -10,6 +10,7 @@ Application:
  ldapUser: $.appConfiguration.ldapUser
  ldapPass: $.appConfiguration.ldapPass
  ldapEmail: $.appConfiguration.ldapEmail
+  userSSH: $.appConfiguration.userSSH
  instance_name: generateHostname($.instanceConfiguration.unitNamingPattern, 1)
  flavor: $.instanceConfiguration.flavor
  image: $.instanceConfiguration.osImage
@ -71,6 +72,14 @@ Forms:
          descriptionTitle: Regular user Email
          description: >-
            Please, provide regular user email
+        - name: userSSH
+          type: string
+          initial: ''
+          label: User ssh key
+          required: false
+          descriptionTitle: User public ssh key
+          description: >-
+            Please, provide user public ssh key
  - instanceConfiguration:
      fields:
        - name: title
--- a/murano-apps/Gerrit/package/Classes/Gerrit.yaml
+++ b/murano-apps/Gerrit/package/Classes/Gerrit.yaml
@ -21,6 +21,8 @@ Properties:
    Default: 'http://tarballs.openstack.org/ci/test/gerrit-v2.11.9.3.eb6e48d.war'
  ldap:
    Contract: $.class(ci_cd_pipeline_murano_app:OpenLDAP)
+  userSSH:
+    Contract: $.string()

 Methods:
  initialize:
@ -72,6 +74,11 @@ Methods:
      - $._deployGerrit()
      - $._environment.reporter.report($this, 'Switching gerrit to a local project-config')
      - $._switchProjectConfig()
+      - If: $.ldap != null and not $.userSSH in [null, ''] and not $.ldap.ldapUser in [null, '']
+        Then:
+          - $._environment.reporter.report($this, "Adding user's SSH public key to Gerrit.")
+
+          - $.createAccount('', $.ldap.ldapUser, $.ldap.ldapEmail, $.userSSH, $.ldap.ldapUser)

      - $._environment.reporter.report($this, 'Gerrit is deployed.')
      - $.setAttr(deployed, true)
@ -112,6 +119,8 @@ Methods:
      - $.instance.setHieraValue('ldap_domain', $.ldap.domain)
      - $.instance.setHieraValue('ldap_root_user', $.ldap.ldapRootUser)
      - $.instance.setHieraValue('ldap_root_password', $.ldap.ldapRootPass)
+      - $.instance.setHieraValue('ldap_user', $.ldap.ldapUser)
+      - $.instance.setHieraValue('ldap_password', $.ldap.ldapPass)

  createConfiguration:
    Body:
@ -161,7 +170,7 @@ Methods:
  createAccount:
    Arguments:
      - group:
-          Contract: $.string().notNull()
+          Contract: $.string()
      - fullName:
          Contract: $.string().notNull()
      - email:
--- a/murano-apps/Gerrit/package/Resources/scripts/create_account.sh
+++ b/murano-apps/Gerrit/package/Resources/scripts/create_account.sh
@ -14,14 +14,40 @@ NAME="$6"

 HOSTNAME="`hostname -f`"

+create_args=
+set_args=
+
+# check group
+if [ ! -z "${GROUP}" ] ; then
+    create_args+="--group \'${GROUP}\' "
+fi
+
+# check full name
+if [ ! -z "${FULL_NAME}" ] ; then
+    create_args+="--full-name \'${FULL_NAME}\' "
+    set_args+="--full-name \'${FULL_NAME}\' "
+fi
+
+# check email
+if [ ! -z "${EMAIL}" ] ; then
+    create_args+="--email $EMAIL "
+    set_args+="--add-email $EMAIL "
+fi
+
+# check ssh
+if [ ! -z "${SSHKEY}" ] ; then
+    create_args+="--ssh-key \'${SSHKEY}\' "
+    set_args+="--add-ssh-key \'${SSHKEY}\' "
+fi
+
 set +e
 su gerrit2 -c "ssh -p 29418 -i /home/gerrit2/review_site/etc/ssh_project_rsa_key project-creator@$HOSTNAME \
-gerrit create-account --group \'${GROUP}\' --full-name \'${FULL_NAME}\' --email $EMAIL --ssh-key \'${SSHKEY}\' $NAME"
+gerrit create-account ${create_args[@]} $NAME"

 code=$?

 if [ $code -ne 0 ]; then
  # Do not create account but set related properties.
  su gerrit2 -c "ssh -p 29418 -i /home/gerrit2/review_site/etc/ssh_project_rsa_key project-creator@$HOSTNAME \
-  gerrit set-account --full-name \'${FULL_NAME}\' --add-email $EMAIL --add-ssh-key \'${SSHKEY}\' $NAME"
+  gerrit set-account ${set_args[@]} $NAME"
 fi
--- a/murano-apps/Gerrit/package/Resources/scripts/create_projects.pp
+++ b/murano-apps/Gerrit/package/Resources/scripts/create_projects.pp
@ -3,6 +3,9 @@ $db_root_password = hiera('gerrit_db_root_password')
 $admin_user     = hiera('ldap_root_user')
 $admin_password = hiera('ldap_root_password')

+$user     = hiera('ldap_user')
+$password = hiera('ldap_password')
+
 $project_user       = 'project-creator'
 $project_user_id    = 99
 $project_user_key   = hiera('gerrit_ssh_project_rsa_pubkey_contents')
@ -83,3 +86,14 @@ logrotate::file { 'manage_projects.log':
    ],
    require => Exec['upload_gerrit_projects'],
 }
+
+if $user {
+    exec { 'first_user_login':
+         command     => "/usr/bin/curl -s -o /tmp/hhhh -w \"%{http_code}\" -k -X POST -d \"username=${user}\" -d \"password=${password}\" https://${fqdn}/login | grep -q 302",
+         try_sleep   => 10,
+         tries       => 6,
+         refreshonly => true,
+         subscribe => Logrotate::File['manage_projects.log'],
+    }
+}
+
--- a/murano-apps/Gerrit/package/UI/ui.yaml
+++ b/murano-apps/Gerrit/package/UI/ui.yaml
@ -6,6 +6,7 @@ Application:
  name: $.appConfiguration.name
  warUrl: $.appConfiguration.warUrl
  ldap: $.appConfiguration.OpenLDAP
+  userSSH: $.appConfiguration.userSSH
  instance:
    ?:
      type: org.openstack.ci_cd_pipeline_murano_app.puppet.PuppetInstance
@ -45,6 +46,14 @@ Forms:
          required: false
          description: >-
            Specify OpenLDAP domain for authentication
+        - name: userSSH
+          type: string
+          initial: ''
+          label: User ssh key
+          required: false
+          descriptionTitle: User public ssh key
+          description: >-
+            Please, provide user public ssh key
  - instanceConfiguration:
      fields:
        - name: title