Merge "Add option to pass User public ssh key to Gerrit"

murano-apps/CiCdEnvironment/package/Classes/CiCdEnvironment.yaml

@@ -33,6 +33,8 @@ Properties:
     Contract: $.string()
   ldapEmail:
     Contract: $.string()
+  userSSH:
+    Contract: $.string()
 
   instance_name:
     Contract: $.string().notNull()
@@ -94,7 +96,8 @@ Methods:
           - $this.gerrit: new(ci_cd_pipeline_murano_app:Gerrit, $this,
               name => 'Gerrit',
               instance => $gerritInstance,
-              ldap => $this.ldap)
+              ldap => $this.ldap,
+              userSSH => $this.userSSH)
 
       # Jenkins
       # set user and mail for accessing to Gerrit from Jenkins

murano-apps/CiCdEnvironment/package/UI/ui.yaml

@@ -10,6 +10,7 @@ Application:
   ldapUser: $.appConfiguration.ldapUser
   ldapPass: $.appConfiguration.ldapPass
   ldapEmail: $.appConfiguration.ldapEmail
+  userSSH: $.appConfiguration.userSSH
   instance_name: generateHostname($.instanceConfiguration.unitNamingPattern, 1)
   flavor: $.instanceConfiguration.flavor
   image: $.instanceConfiguration.osImage
@@ -71,6 +72,14 @@ Forms:
           descriptionTitle: Regular user Email
           description: >-
             Please, provide regular user email
+        - name: userSSH
+          type: string
+          initial: ''
+          label: User ssh key
+          required: false
+          descriptionTitle: User public ssh key
+          description: >-
+            Please, provide user public ssh key
   - instanceConfiguration:
       fields:
         - name: title

murano-apps/Gerrit/package/Classes/Gerrit.yaml

@@ -21,6 +21,8 @@ Properties:
     Default: 'http://tarballs.openstack.org/ci/test/gerrit-v2.11.9.3.eb6e48d.war'
   ldap:
     Contract: $.class(ci_cd_pipeline_murano_app:OpenLDAP)
+  userSSH:
+    Contract: $.string()
 
 Methods:
   initialize:
@@ -72,6 +74,11 @@ Methods:
       - $._deployGerrit()
       - $._environment.reporter.report($this, 'Switching gerrit to a local project-config')
       - $._switchProjectConfig()
+      - If: $.ldap != null and not $.userSSH in [null, ''] and not $.ldap.ldapUser in [null, '']
+        Then:
+          - $._environment.reporter.report($this, "Adding user's SSH public key to Gerrit.")
+
+          - $.createAccount('', $.ldap.ldapUser, $.ldap.ldapEmail, $.userSSH, $.ldap.ldapUser)
 
       - $._environment.reporter.report($this, 'Gerrit is deployed.')
       - $.setAttr(deployed, true)
@@ -112,6 +119,8 @@ Methods:
       - $.instance.setHieraValue('ldap_domain', $.ldap.domain)
       - $.instance.setHieraValue('ldap_root_user', $.ldap.ldapRootUser)
       - $.instance.setHieraValue('ldap_root_password', $.ldap.ldapRootPass)
+      - $.instance.setHieraValue('ldap_user', $.ldap.ldapUser)
+      - $.instance.setHieraValue('ldap_password', $.ldap.ldapPass)
 
   createConfiguration:
     Body:
@@ -161,7 +170,7 @@ Methods:
   createAccount:
     Arguments:
       - group:
-          Contract: $.string().notNull()
+          Contract: $.string()
       - fullName:
           Contract: $.string().notNull()
       - email:

murano-apps/Gerrit/package/Resources/scripts/create_account.sh

@@ -14,14 +14,40 @@ NAME="$6"
 
 HOSTNAME="`hostname -f`"
 
+create_args=
+set_args=
+
+# check group
+if [ ! -z "${GROUP}" ] ; then
+    create_args+="--group \'${GROUP}\' "
+fi
+
+# check full name
+if [ ! -z "${FULL_NAME}" ] ; then
+    create_args+="--full-name \'${FULL_NAME}\' "
+    set_args+="--full-name \'${FULL_NAME}\' "
+fi
+
+# check email
+if [ ! -z "${EMAIL}" ] ; then
+    create_args+="--email $EMAIL "
+    set_args+="--add-email $EMAIL "
+fi
+
+# check ssh
+if [ ! -z "${SSHKEY}" ] ; then
+    create_args+="--ssh-key \'${SSHKEY}\' "
+    set_args+="--add-ssh-key \'${SSHKEY}\' "
+fi
+
 set +e
 su gerrit2 -c "ssh -p 29418 -i /home/gerrit2/review_site/etc/ssh_project_rsa_key project-creator@$HOSTNAME \
-gerrit create-account --group \'${GROUP}\' --full-name \'${FULL_NAME}\' --email $EMAIL --ssh-key \'${SSHKEY}\' $NAME"
+gerrit create-account ${create_args[@]} $NAME"
 
 code=$?
 
 if [ $code -ne 0 ]; then
   # Do not create account but set related properties.
   su gerrit2 -c "ssh -p 29418 -i /home/gerrit2/review_site/etc/ssh_project_rsa_key project-creator@$HOSTNAME \
-  gerrit set-account --full-name \'${FULL_NAME}\' --add-email $EMAIL --add-ssh-key \'${SSHKEY}\' $NAME"
-fi
+  gerrit set-account ${set_args[@]} $NAME"
+fi

murano-apps/Gerrit/package/Resources/scripts/create_projects.pp

@@ -3,6 +3,9 @@ $db_root_password = hiera('gerrit_db_root_password')
 $admin_user     = hiera('ldap_root_user')
 $admin_password = hiera('ldap_root_password')
 
+$user     = hiera('ldap_user')
+$password = hiera('ldap_password')
+
 $project_user       = 'project-creator'
 $project_user_id    = 99
 $project_user_key   = hiera('gerrit_ssh_project_rsa_pubkey_contents')
@@ -83,3 +86,14 @@ logrotate::file { 'manage_projects.log':
     ],
     require => Exec['upload_gerrit_projects'],
 }
+
+if $user {
+    exec { 'first_user_login':
+         command     => "/usr/bin/curl -s -o /tmp/hhhh -w \"%{http_code}\" -k -X POST -d \"username=${user}\" -d \"password=${password}\" https://${fqdn}/login | grep -q 302",
+         try_sleep   => 10,
+         tries       => 6,
+         refreshonly => true,
+         subscribe => Logrotate::File['manage_projects.log'],
+    }
+}
+

murano-apps/Gerrit/package/UI/ui.yaml

@@ -6,6 +6,7 @@ Application:
   name: $.appConfiguration.name
   warUrl: $.appConfiguration.warUrl
   ldap: $.appConfiguration.OpenLDAP
+  userSSH: $.appConfiguration.userSSH
   instance:
     ?:
       type: org.openstack.ci_cd_pipeline_murano_app.puppet.PuppetInstance
@@ -45,6 +46,14 @@ Forms:
           required: false
           description: >-
             Specify OpenLDAP domain for authentication
+        - name: userSSH
+          type: string
+          initial: ''
+          label: User ssh key
+          required: false
+          descriptionTitle: User public ssh key
+          description: >-
+            Please, provide user public ssh key
   - instanceConfiguration:
       fields:
         - name: title