From 45eae64f31b0ddd2ab7a50e490d1a3a5079b2882 Mon Sep 17 00:00:00 2001 From: David Anderson Date: Thu, 17 Sep 2020 13:47:33 -0500 Subject: [PATCH 1/2] Adding NexusUser CRD --- config/crd/bases/redhatgov.io_nexususer.yaml | 70 +++++++++++++++++++ config/crd/kustomization.yaml | 1 + config/rbac/cluster_role.yaml | 2 + config/rbac/namespaced/role.yaml | 2 + config/rbac/nexus_editor_role.yaml | 2 + config/rbac/nexus_viewer_role.yaml | 2 + ...dhatgov_v1alpha1_nexus_user_openshift.yaml | 12 ++++ playbooks/nexus-user.yml | 15 ++++ roles/nexus-user/defaults/main.yml | 5 ++ roles/nexus-user/tasks/main.yml | 34 +++++++++ watches.yaml | 6 ++ 11 files changed, 151 insertions(+) create mode 100644 config/crd/bases/redhatgov.io_nexususer.yaml create mode 100644 config/samples/redhatgov_v1alpha1_nexus_user_openshift.yaml create mode 100644 playbooks/nexus-user.yml create mode 100644 roles/nexus-user/defaults/main.yml create mode 100644 roles/nexus-user/tasks/main.yml diff --git a/config/crd/bases/redhatgov.io_nexususer.yaml b/config/crd/bases/redhatgov.io_nexususer.yaml new file mode 100644 index 0000000..bb96a83 --- /dev/null +++ b/config/crd/bases/redhatgov.io_nexususer.yaml @@ -0,0 +1,70 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: nexususers.redhatgov.io +spec: + group: redhatgov.io + names: + kind: NexusUser + listKind: NexusUserList + plural: nexususers + singular: nexususer + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: NexusUser is the Schema for the nexus_user API + properties: + apiVersion: + description: | + APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: | + Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec defines the user information to add to the local Nexus authorization list + properties: + user: + description: Keycloak User REST object. + properties: + username: + description: User Name. + type: string + password: + description: Password. + type: string + firstName: + description: First Name. + type: string + lastName: + description: Last Name. + type: string + email: + description: Email. + type: string + required: + - username + - password + type: object + required: + - user + type: object + type: object + + \ No newline at end of file diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index 5fed6eb..1b85d2b 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -6,4 +6,5 @@ kind: Kustomization # It should be run by config/default resources: - bases/redhatgov.io_nexus.yaml +- bases/redhatgov.io_nexususer.yaml # +kubebuilder:scaffold:crdkustomizeresource diff --git a/config/rbac/cluster_role.yaml b/config/rbac/cluster_role.yaml index e1a0235..c5ba555 100644 --- a/config/rbac/cluster_role.yaml +++ b/config/rbac/cluster_role.yaml @@ -82,6 +82,8 @@ rules: resources: - nexus - nexus/status + - nexususers + - nexususers/status verbs: - create - update diff --git a/config/rbac/namespaced/role.yaml b/config/rbac/namespaced/role.yaml index fe878f4..48c2458 100644 --- a/config/rbac/namespaced/role.yaml +++ b/config/rbac/namespaced/role.yaml @@ -82,6 +82,8 @@ rules: resources: - nexus - nexus/status + - nexususers + - nexususers/status verbs: - create - update diff --git a/config/rbac/nexus_editor_role.yaml b/config/rbac/nexus_editor_role.yaml index 22760fe..016ebeb 100644 --- a/config/rbac/nexus_editor_role.yaml +++ b/config/rbac/nexus_editor_role.yaml @@ -8,6 +8,7 @@ rules: - redhatgov.io resources: - nexus + - nexususers verbs: - create - delete @@ -20,5 +21,6 @@ rules: - redhatgov.io resources: - nexus/status + - nexususers/status verbs: - get diff --git a/config/rbac/nexus_viewer_role.yaml b/config/rbac/nexus_viewer_role.yaml index 01f9ff7..b8408ba 100644 --- a/config/rbac/nexus_viewer_role.yaml +++ b/config/rbac/nexus_viewer_role.yaml @@ -8,6 +8,7 @@ rules: - redhatgov.io resources: - nexus + - nexususers verbs: - get - list @@ -16,5 +17,6 @@ rules: - redhatgov.io resources: - nexus/status + - nexususers/status verbs: - get diff --git a/config/samples/redhatgov_v1alpha1_nexus_user_openshift.yaml b/config/samples/redhatgov_v1alpha1_nexus_user_openshift.yaml new file mode 100644 index 0000000..2df206b --- /dev/null +++ b/config/samples/redhatgov_v1alpha1_nexus_user_openshift.yaml @@ -0,0 +1,12 @@ +apiVersion: redhatgov.io/v1alpha1 +kind: NexusUser +metadata: + name: nexususer1 +spec: + user: + username: user1 + password: user1pwd + firstName: Nexus + lastName: User + email: user1@sample.net + diff --git a/playbooks/nexus-user.yml b/playbooks/nexus-user.yml new file mode 100644 index 0000000..e9e1ad0 --- /dev/null +++ b/playbooks/nexus-user.yml @@ -0,0 +1,15 @@ +--- +# Persistent nexus deployment playbook. + +# The following variables come from the ansible-operator +# - ansible_operator_meta.namespace + +- hosts: localhost + gather_facts: no + tasks: + - name: Add Nexus User + include_role: + name: ./roles/nexus-user + vars: + _nexus_namespace: "{{ ansible_operator_meta.namespace }}" + _nexususer: "{{ user }}" diff --git a/roles/nexus-user/defaults/main.yml b/roles/nexus-user/defaults/main.yml new file mode 100644 index 0000000..c40e5d1 --- /dev/null +++ b/roles/nexus-user/defaults/main.yml @@ -0,0 +1,5 @@ +--- +_nexus_state: present +_nexus_namespace: nexus +_nexus_name: nexus + diff --git a/roles/nexus-user/tasks/main.yml b/roles/nexus-user/tasks/main.yml new file mode 100644 index 0000000..2ee25d6 --- /dev/null +++ b/roles/nexus-user/tasks/main.yml @@ -0,0 +1,34 @@ +--- +# Tasks file for Nexus + +- name: Check for Nexus CR object + k8s_info: + api_version: redhatgov.io/v1alpha1 + namespace: "{{ _nexus_namespace }}" + kind: Nexus + register: nexus_cr_object + +- set_fact: + nexus_name: "{{ nexus_cr_object.resources[0].metadata.name }}" + when: nexus_cr_object.resources + +- name: Check for admin credential secret + k8s_info: + namespace: "{{ _nexus_namespace }}" + kind: Secret + name: "{{ nexus_name }}-admin-credentials" + register: nexus_admin_credentials + when: nexus_name is defined + +- set_fact: + nexus_admin_password: "{{ nexus_admin_credentials.resources[0].data.password | b64decode }}" + when: nexus_admin_credentials.resources + +- name: Add NexusUser + shell: >- + devsecops-api nexus add-user + http://{{ nexus_name }}-bypass.{{ _nexus_namespace }}.svc:8081 + --login-username admin --login-password {{ nexus_admin_password }} + --usernames "{{ _nexususer.username }}" + --passwords "{{ _nexususer.password }}" + when: nexus_admin_password is defined diff --git a/watches.yaml b/watches.yaml index 0ab1e42..cb72192 100644 --- a/watches.yaml +++ b/watches.yaml @@ -3,3 +3,9 @@ group: redhatgov.io kind: Nexus playbook: playbooks/nexus-operator.yml + +- version: v1alpha1 + group: redhatgov.io + kind: NexusUser + playbook: playbooks/nexus-user.yml + reconcilePeriod: "0" \ No newline at end of file From a1fffec3333e67039cce47c1c0a23c274e64de70 Mon Sep 17 00:00:00 2001 From: David Anderson Date: Thu, 17 Sep 2020 14:22:20 -0500 Subject: [PATCH 2/2] fix lint errors --- config/crd/bases/redhatgov.io_nexususer.yaml | 2 -- config/samples/redhatgov_v1alpha1_nexus_user_openshift.yaml | 1 - watches.yaml | 2 +- 3 files changed, 1 insertion(+), 4 deletions(-) diff --git a/config/crd/bases/redhatgov.io_nexususer.yaml b/config/crd/bases/redhatgov.io_nexususer.yaml index bb96a83..e92db63 100644 --- a/config/crd/bases/redhatgov.io_nexususer.yaml +++ b/config/crd/bases/redhatgov.io_nexususer.yaml @@ -66,5 +66,3 @@ spec: - user type: object type: object - - \ No newline at end of file diff --git a/config/samples/redhatgov_v1alpha1_nexus_user_openshift.yaml b/config/samples/redhatgov_v1alpha1_nexus_user_openshift.yaml index 2df206b..904ece4 100644 --- a/config/samples/redhatgov_v1alpha1_nexus_user_openshift.yaml +++ b/config/samples/redhatgov_v1alpha1_nexus_user_openshift.yaml @@ -9,4 +9,3 @@ spec: firstName: Nexus lastName: User email: user1@sample.net - diff --git a/watches.yaml b/watches.yaml index cb72192..2f96961 100644 --- a/watches.yaml +++ b/watches.yaml @@ -8,4 +8,4 @@ group: redhatgov.io kind: NexusUser playbook: playbooks/nexus-user.yml - reconcilePeriod: "0" \ No newline at end of file + reconcilePeriod: "0"