diff --git a/files/groovy/create_content_selector.groovy b/files/groovy/create_content_selector.groovy index 3ba3b28e..74beff29 100644 --- a/files/groovy/create_content_selector.groovy +++ b/files/groovy/create_content_selector.groovy @@ -1,21 +1,19 @@ import groovy.json.JsonSlurper -import org.sonatype.nexus.selector.SelectorManager import org.sonatype.nexus.selector.SelectorConfiguration +import org.sonatype.nexus.selector.SelectorManager parsed_args = new JsonSlurper().parseText(args) -selectorManager = container.lookup(SelectorManager.class.name) +SelectorManager selectorManager = container.lookup(SelectorManager.class.name) -def selectorConfig boolean update = true -selectorConfig = selectorManager.browse().find { it -> it.name == parsed_args.name } +SelectorConfiguration selectorConfig = selectorManager.browse().find { it -> it.name == parsed_args.name } if (selectorConfig == null) { update = false - selectorConfig = new SelectorConfiguration( - 'name': parsed_args.name - ) + selectorConfig = selectorManager.newSelectorConfiguration() + selectorConfig.setName(parsed_args.name) } selectorConfig.setDescription(parsed_args.description) diff --git a/molecule/nexus_common_test_vars.yml b/molecule/nexus_common_test_vars.yml index 0ebc9397..de3536e4 100644 --- a/molecule/nexus_common_test_vars.yml +++ b/molecule/nexus_common_test_vars.yml @@ -31,6 +31,15 @@ nexus_audit_enabled: true nexus_rut_auth_realm: false nexus_rut_auth_header: "CUSTOM_RUT_HEADER" +nexus_repos_cleanup_policies: + - name: mvn_cleanup + format: maven2 + mode: + notes: "" + criteria: + lastBlobUpdated: 60 + lastDownloaded: 120 + nexus_repos_maven_proxy: - name: central remote_url: 'https://repo1.maven.org/maven2/' @@ -80,6 +89,13 @@ nexus_repos_yum_group: - private_yum_centos_7 - epel_centos_7_x86_64 +nexus_repos_docker_hosted: + - name: docker-private + http_port: "5000" + force_basic_auth: true + v1_enabled: true + write_policy: allow + nexus_repos_apt_hosted: - name: private_ubuntu_18.04 distribution: bionic @@ -176,6 +192,129 @@ nexus_repos_apt_proxy: maximum_metadata_age: -1 negative_cache_ttl: 60 +nexus_content_selectors: + # Docker by namespace. For mode details see: + # https://help.sonatype.com/repomanager3/formats/docker-registry/content-selectors-and-docker + - name: docker-login-search + description: Selector for docker login privilege + search_expression: format == "docker" and (path == "/v2/" of path == "/v1/search") + - name: docker-private-team1 + description: Selector for docker team1 + search_expression: format == "docker" and path =^ "/v2/team1/" + - name: docker-private-team2 + description: Selector for docker team2 + search_expression: format == "docker" and path =^ "/v2/team2/" + +nexus_privileges: + - name: all-repos-read + description: 'Read & Browse access to all repos' + repository: '*' + actions: + - read + - browse + - name: wildcard1 + type: wildcard + description: first wilcard + pattern: nexus:repository-view:yum:* + - name: some_application + type: application + description: some nexus configuration + domain: some_nexus_domain + actions: + - some action + - name: script1 + type: script + description: first script + script_name: the_script_name + actions: + - some actions + - name: docker-login-search-all + type: repository-content-selector + contentSelector: docker-login-search + description: "Login to and search docker registry" + repository: "*" + actions: + - read + - name: docker-private-team1-rw + type: repository-content-selector + contentSelector: docker-private-team1 + description: write access to /team1 namespace on docker-private + repository: docker-private + actions: + - read, + - add + - edit + - browse + - name: docker-private-team2-rw + type: repository-content-selector + contentSelector: docker-private-team2 + description: write access to /team2 namespace on docker-hosted + repository: docker-private + actions: + - read + - add + - edit + - browse + +nexus_roles: + - name: c-ro-private_yum_centos_7 + id: c-ro-private_yum_centos_7 + description: "Custrom read-only role for private_yum_centos_7 hosted repository" + privileges: + - 'nx-repository-view-yum-private_yum_centos_7-read' + - 'nx-repository-view-yum-private_yum_centos_7-browse' + - name: developers + id: developers + description: "Developers" + privileges: + - all-repos-read + - wildcard1 + - docker-login-search-all + - name: role-team1 + id: role-team1 + description: "team1" + privileges: + - docker-private-team1-rw + - name: role-team2 + id: role-team2 + description: "team2" + privileges: + - docker-private-team2-rw + +nexus_local_users: + - username: jenkins + first_name: Jenkins + last_name: CI + email: support@company.com + password: "s3cr3t" + roles: + - developers + - username: olduser # make sure this old account is removed + state: absent + - username: test_roles + first_name: Test + last_name: Roles + email: test@roles.com + password: "s3cr3t" + roles: + - c-ro-private_yum_centos_7 + - username: team1 + first_name: team + last_name: one + email: team@one.com + password: "theone" + roles: + - developers + - role-team1 + - username: team2 + first_name: team + last_name: two + email: team@two.com + password: "thetwo" + roles: + - developers + - role-team2 + nexus_scheduled_tasks: # Example task to purge maven snapshots with cron schedule - name: Purge maven snapshots @@ -246,71 +385,6 @@ nexus_scheduled_tasks: repositoryName: "*" lastUsed: "7" -nexus_local_users: - - username: jenkins - first_name: Jenkins - last_name: CI - email: support@company.com - password: "s3cr3t" - roles: - - developers - - username: olduser # make sure this old account is removed - state: absent - - username: test_roles - first_name: Test - last_name: Roles - email: test@roles.com - password: "s3cr3t" - roles: - - c-ro-private_yum_centos_7 - -nexus_privileges: - - name: all-repos-read - description: 'Read & Browse access to all repos' - repository: '*' - actions: - - read - - browse - - name: wildcard1 - type: wildcard - description: first wilcard - pattern: nexus:repository-view:yum:* - - name: some_application - type: application - description: some nexus configuration - domain: some_nexus_domain - actions: - - some action - - name: script1 - type: script - description: first script - script_name: the_script_name - actions: - - some actions - -nexus_roles: - - name: c-ro-private_yum_centos_7 - id: c-ro-private_yum_centos_7 - description: "Custrom read-only role for private_yum_centos_7 hosted repository" - privileges: - - 'nx-repository-view-yum-private_yum_centos_7-read' - - 'nx-repository-view-yum-private_yum_centos_7-browse' - - name: developers - id: developers - description: "Developers" - privileges: - - all-repos-read - - wildcard1 - -nexus_repos_cleanup_policies: - - name: mvn_cleanup - format: maven2 - mode: - notes: "" - criteria: - lastBlobUpdated: 60 - lastDownloaded: 120 - # proxy configuration depending on env nexus_with_http_proxy: "{{ lookup('env', 'http_proxy') | length > 0 | bool }}" nexus_http_proxy_host: "{{ lookup('env', 'http_proxy') | urlsplit('hostname') }}" diff --git a/molecule/test_apt_repo.py b/molecule/test_apt_repo.py index f84ef39d..8a19ffd6 100644 --- a/molecule/test_apt_repo.py +++ b/molecule/test_apt_repo.py @@ -1,3 +1,5 @@ +"""testinfra file for apt specific tests.""" + import os import testinfra.utils.ansible_runner @@ -8,7 +10,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('nexus') -apt_pub_key=""" +apt_pub_key = """ -----BEGIN PGP PUBLIC KEY BLOCK----- mQGNBF2Ym3ABDACtu4R3enO2TehVslkRXc4ZcMkaAMIcJgOLo/IQBUnN8dInGLFR @@ -52,11 +54,14 @@ -----END PGP PUBLIC KEY BLOCK----- """ + def test_apt_package_upload(host: testinfra.host.Host): + """Test we can upload an apt package to repository.""" # Copy debian test package host.ansible( "get_url", - "url=https://github.com/ansible-ThoTeam/nexushello-apt-package/releases/download/v1.0.1/nexushello_1.0.1_all.deb dest=/tmp", + "url=https://github.com/ansible-ThoTeam/nexushello-apt-package/releases" + "/download/v1.0.1/nexushello_1.0.1_all.deb dest=/tmp", check=False ) @@ -86,12 +91,11 @@ def test_apt_package_upload(host: testinfra.host.Host): ) # Import gpg key of our repo - #host.run('echo "{}" | apt-key add -'.format(apt_pub_key)) host.run('echo "{}" > /tmp/pub.key'.format(apt_pub_key)) host.run("apt-key add /tmp/pub.key") # Install package - install_package = host.ansible( + host.ansible( "apt", "name=nexushello state=present update-cache=true", check=False, @@ -99,6 +103,3 @@ def test_apt_package_upload(host: testinfra.host.Host): ) assert host.run("nexushello").stdout == "Hello nexus !\n" - - - diff --git a/molecule/test_default.py b/molecule/test_default.py index d4b148a6..3d7c27c8 100644 --- a/molecule/test_default.py +++ b/molecule/test_default.py @@ -1,3 +1,5 @@ +"""Default testinfra file for the role.""" + import os import testinfra.utils.ansible_runner @@ -7,6 +9,7 @@ def test_npm_scoped_package_download(host): + """Test if we can download npm scoped packages.""" test_package_url = \ "https://localhost/repository/npm-public/@angular%2fcore"