diff --git a/VERSION b/VERSION index 56fea8a..cb2b00e 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -3.0.0 \ No newline at end of file +3.0.1 diff --git a/lib/nexus_cli.rb b/lib/nexus_cli.rb index 38524cb..e9f5faa 100644 --- a/lib/nexus_cli.rb +++ b/lib/nexus_cli.rb @@ -30,6 +30,8 @@ module NexusCli autoload :LoggingActions, 'nexus_cli/mixins/logging_actions' autoload :CustomMetadataActions, 'nexus_cli/mixins/pro/custom_metadata_actions' autoload :SmartProxyActions, 'nexus_cli/mixins/pro/smart_proxy_actions' + autoload :RoleMappingActions, 'nexus_cli/mixins/role_mapping_actions' + autoload :LdapActions, 'nexus_cli/mixins/ldap_actions' class << self def root diff --git a/lib/nexus_cli/mixins/ldap_actions.rb b/lib/nexus_cli/mixins/ldap_actions.rb new file mode 100644 index 0000000..ebd3bda --- /dev/null +++ b/lib/nexus_cli/mixins/ldap_actions.rb @@ -0,0 +1,43 @@ +require 'json' + +module NexusCli + # @author Ilja Bobkevic + module LdapActions + + # Set provided LDAP connection information + # + # @param params [Hash] a Hash of parameters for connection information + # + # @return [Boolean] true if the connection information was set, false otherwise + def set_ldap_connection_info(params) + response = nexus.put(nexus_url("service/local/ldap/conn_info"), :body => create_data(params), :header => DEFAULT_CONTENT_TYPE_HEADER) + case response.status + when 200 + return true + else + raise UnexpectedStatusCodeException.new(reponse.code) + end + end + + # Set provided LDAP user and group configuration + # + # @param params [Hash] a Hash of parameters for user and group configuration + # + # @return [Boolean] true if the user and group configuration was set, false otherwise + def set_ldap_user_group_configuration(params) + response = nexus.put(nexus_url("service/local/ldap/user_group_conf"), :body => create_data(params), :header => DEFAULT_CONTENT_TYPE_HEADER) + case response.status + when 200 + return true + else + raise UnexpectedStatusCodeException.new(reponse.code) + end + end + + private + + def create_data(params) + JSON.dump(:data => params) + end + end +end diff --git a/lib/nexus_cli/mixins/role_mapping_actions.rb b/lib/nexus_cli/mixins/role_mapping_actions.rb new file mode 100644 index 0000000..bbd13cb --- /dev/null +++ b/lib/nexus_cli/mixins/role_mapping_actions.rb @@ -0,0 +1,48 @@ +require 'json' + +module NexusCli + # @author Ilja Bobkevic + module RoleMappingActions + + # Creates a User to role mapping within given source + # + # @param params [Hash] a Hash of parameters to use during user to role mapping creation + # + # @return [Boolean] true if the user to role mapping is created, false otherwise + def create_role_mapping(params) + response = nexus.put(nexus_url("service/local/user_to_roles/#{params[:source]}/#{params[:userId]}"), :body => create_user_json(params), :header => DEFAULT_CONTENT_TYPE_HEADER) + case response.status + when 204 + return true + when 404 + raise UserNotFoundException.new(params[:userId]) + else + raise UnexpectedStatusCodeException.new(reponse.code) + end + end + + # Deletes the Nexus user to role mapping from define source and with the given user id. + # + # @param realm [String] the mapping realm, e.g. LDAP + # @param user_id [String] the Nexus user to role mapping to delete + # + # @return [Boolean] true if the user to role mapping is deleted, false otherwise + def delete_role_mapping(realm, mapping_id) + response = nexus.delete(nexus_url("service/local/user_to_roles/#{realm}/#{mapping_id}")) + case response.status + when 204 + return true + when 404 + raise UserNotFoundException.new(mapping_id) + else + raise UnexpectedStatusCodeException.new(response.status) + end + end + + private + + def create_user_json(params) + JSON.dump(:data => params) + end + end +end diff --git a/lib/nexus_cli/remote/oss_remote.rb b/lib/nexus_cli/remote/oss_remote.rb index bdbe6a8..986bf98 100644 --- a/lib/nexus_cli/remote/oss_remote.rb +++ b/lib/nexus_cli/remote/oss_remote.rb @@ -7,5 +7,7 @@ class OSSRemote < BaseRemote include LoggingActions include RepositoryActions include UserActions + include RoleMappingActions + include LdapActions end end \ No newline at end of file diff --git a/lib/nexus_cli/tasks.rb b/lib/nexus_cli/tasks.rb index ef567de..2445045 100644 --- a/lib/nexus_cli/tasks.rb +++ b/lib/nexus_cli/tasks.rb @@ -240,6 +240,141 @@ def delete_user(user_id) end end + method_option :username, + :type => :string, + :default => nil, + :desc => "The mapping username." + method_option :realm, + :type => :string, + :default => nil, + :desc => "The mapping realm." + method_option :roles, + :type => :array, + :default => [], + :require => false, + :desc => "An array of roles." + desc "create_role_mapping", "Creates a new user to role mapping." + def create_role_mapping + params = ask_role_mapping(options) + + if nexus_remote.create_role_mapping(params) + say "A user to role mapping with the ID of #{params[:userId]} for realm #{params[:source]} has been created.", :blue + end + end + + desc "delete_role_mapping realm mapping_id", "Deletes the user to role mapping from defined realm and with the given id." + def delete_role_mapping(realm, mapping_id) + if nexus_remote.delete_role_mapping(realm, mapping_id) + say "User to role mapping #{mapping_id} has been deleted from mapping realm #{realm}.", :blue + end + end + + method_option :search_base, + :type => :string, + :default => nil, + :desc => "The LDAP search base." + method_option :auth_scheme, + :type => :string, + :default => 'none', + :require => false, + :desc => "The LDAP authentication scheme." + method_option :protocol, + :type => :string, + :default => 'ldap', + :require => false, + :desc => "The LDAP protocol." + method_option :port, + :type => :numeric, + :default => 389, + :require => false, + :desc => "The LDAP server port." + method_option :host, + :type => :string, + :default => nil, + :desc => "The LDAP server host name." + desc "set_ldap_connection_info", "Sets LDAP connection information." + def set_ldap_connection_info + params = ask_ldap_conn_info(options) + + if nexus_remote.set_ldap_connection_info(params) + say "A LDAP connection information has been updated.", :blue + end + end + + method_option :email_address_attribute, + :type => :string, + :default => 'mail', + :require => false, + :desc => "The LDAP email address attribute." + method_option :ldap_groups_as_roles, + :type => :boolean, + :default => true, + :require => false, + :desc => "Treat LDAP groups as roles." + method_option :group_base_dn, + :type => :string, + :default => 'ou=Groups', + :require => false, + :desc => "The LDAP group base distinguished name." + method_option :group_id_attribute, + :type => :string, + :default => 'cn', + :require => false, + :desc => "The LDAP group id attribute." + method_option :group_member_attribute, + :type => :string, + :default => 'uniqueMember', + :require => false, + :desc => "The LDAP group member attribute." + method_option :group_member_format, + :type => :string, + :default => '${username}', + :require => false, + :desc => "The LDAP group member format." + method_option :group_object_class, + :type => :string, + :default => 'groupOfUniqueNames', + :require => false, + :desc => "The LDAP group object class name." + method_option :user_id_attribute, + :type => :string, + :default => 'uid', + :require => false, + :desc => "The LDAP user id attribute." + method_option :user_object_class, + :type => :string, + :default => 'inetOrgPerson', + :require => false, + :desc => "The LDAP user object class name." + method_option :user_base_dn, + :type => :string, + :default => 'ou=People', + :require => false, + :desc => "The LDAP user base distinguished name." + method_option :user_real_name_attribute, + :type => :string, + :default => 'cn', + :require => false, + :desc => "The LDAP user real name attribute." + method_option :user_subtree, + :type => :boolean, + :default => false, + :require => false, + :desc => "Look for LDAP users in the subtree." + method_option :group_subtree, + :type => :boolean, + :default => false, + :require => false, + :desc => "Look for LDAP groups in the subtree." + desc "set_ldap_user_group_configuration", "Sets LDAP user and group configuration." + def set_ldap_user_group_configuration + params = ask_ldap_user_group_conf(options) + + if nexus_remote.set_ldap_user_group_configuration(params) + say "A LDAP user and group configuration has been updated.", :blue + end + end + method_option :oldPassword, :type => :string, :default => nil, @@ -490,6 +625,80 @@ def ask_password(message) q.echo = false end end + + def ask_role_mapping(params, ask_username=true) + username = params[:username] + source = params[:realm] + roles = params[:roles] + + if username.nil? && ask_username + username = ask "Please enter the mapping username:" + end + if source.nil? + first_name = ask "Please enter the mapping realm:" + end + if roles.size == 0 + roles = ask "Please enter the mapping roles:" + end + params = {:userId => username} + params[:source] = source + params[:roles] = roles.kind_of?(Array) ? roles : roles.split(' ') + params + end + + def ask_ldap_conn_info(params, ask_host=true, ask_search_base=true) + search_base = params[:search_base] + auth_scheme = params[:auth_scheme] + protocol = params[:protocol] + host = params[:host] + port = params[:port] + + if host.nil? && ask_host + host = ask "Please enter the LDAP server host name:" + end + + if search_base.nil? && ask_search_base + search_base = ask "Please enter the LDAP search base:" + end + + params = {:host => host} + params[:searchBase] = search_base + params[:authScheme] = auth_scheme unless auth_scheme.nil? + params[:protocol] = protocol unless protocol.nil? + params[:port] = port unless port.nil? + params + end + + def ask_ldap_user_group_conf(params) + email_address_attribute = params[:email_address_attribute] + ldap_groups_as_roles = params[:ldap_groups_as_roles] + group_base_dn = params[:group_base_dn] + group_id_attribute = params[:group_id_attribute] + group_member_attribute = params[:group_member_attribute] + group_member_format = params[:group_member_format] + group_object_class = params[:group_object_class] + user_id_attribute = params[:user_id_attribute] + user_object_class = params[:user_object_class] + user_base_dn = params[:user_base_dn] + user_real_name_attribute = params[:user_real_name_attribute] + user_subtree = params[:user_subtree] + group_subtree = params[:group_subtree] + + params = {:emailAddressAttribute => email_address_attribute} + params[:ldapGroupsAsRoles] = ldap_groups_as_roles + params[:groupBaseDn] = group_base_dn + params[:groupIdAttribute] = group_id_attribute + params[:groupMemberAttribute] = group_member_attribute + params[:groupMemberFormat] = group_member_format + params[:groupObjectClass] = group_object_class + params[:userIdAttribute] = user_id_attribute + params[:userObjectClass] = user_object_class + params[:userBaseDn] = user_base_dn + params[:userRealNameAttribute] = user_real_name_attribute + params[:userSubtree] = user_subtree + params[:groupSubtree] = group_subtree + params + end end end end