I am currently working on implementing Single Sign-On (SSO) for the entire Coveros domain. This project required me to implement a process to add current Coveros employees into our FreeIPA server as well as account for any future employees that will be onboarded. In order to deal with this problem, a script was written which would add a user to the FreeIPA server and assign them a random password. The random password was sent to the user via email from the script as well. The script to add users can be found here if you are interested.
In order to give the business users a nice interface to add users, a parameterized Jenkins job was created.
The choices for the groups are read dynamically in real-time from the FreeIPA server. If a new group is added or deleted in FreeIPA, it is reflected in Jenkins immediately. These values were pulled with the help of the following Groovy scripts and the Extended Choice Parameter plugin.
/* Name: getGroups.groovy Developer(s): Rahul Sharma Description: This script gets all the groups that exist in the freeIPA system except for ipausers */ try{ //commands to read in the the commonMethods file GroovyShell shell = new GroovyShell() commonMethodsScript = shell.parse(new File('var/lib/jenkins/commonMethod.groovy')) // list for returning checkbox group option List<String>groups = new ArrayList<String>() getGroupsCommand = "ssh my.fav.server.com sudo ipa group-find --all|grep 'Group name'|cut -d ':' -f2|cut -d ' ' -f2" List<String> outputs = commonMethodsScript.runCommand(getGroupsCommand) //split string by newline characters to get an array of groups String[] lines= outputs.get(0).toString().split("\\r?\\n") for (String item : lines) { //add all the groups except ipausers if(!(item.equals("ipausers"))){ groups.add(item) } } return groups } catch(IOException ex){ print "IOException!!! The commonMethods.groovy file doesn't exist!!!\n" }/* Name: commonMethods.groovy Developers: Rahul Sharma, Ben Summers, Eric Lee Description: This script contains a method by the name of runCommand. The runCommand method accepts two parameters: command and TIME_TO_WAIT. The TIME_TO_WAIT  parameter is optional and if not specified, it defaults to the value of 1000000. The method takes in a command and attempts to execute it as a terminal command. The method reads in the output of the terminal command whether it is standard out or standard error. It places the standard out and standard error in a tuple and returns it. */ //method takes in a command and attempts to run it def runCommand(String command, def TIME_TO_WAIT = 1000000){   //structure to store standard output and standard error   def standardOut = new StringBuilder()   def standardErr = new StringBuilder()   def proc   def exitCode = 0   try{      //execute command on the shell      proc = ["/bin/sh", "-c", command].execute()      //consume output with either standard out and standard error      proc.consumeProcessOutput(standardOut, standardErr)      //Wait 100 seconds for the process to finish, otherwise stops the process.      proc.waitForOrKill(TIME_TO_WAIT)      exitCode = proc.exitValue()   }   //if error put message into standardErr   catch(e){      standardErr<<e.toString()   }   return new Tuple(standardOut,standardErr,exitCode) }Both of these scripts were stored in Git. Since there wasn’t any direct way to link these scripts from Git to the Extended Parameter Choice plugin, another job was created with the sole purpose of checking out those two files and moving them to /var/lib/jenkins/. That job was configured to poll SCM every 15 minutes to check for any new updates. This was done to ensure that the Extended Choice Parameter Plugin is using the latest scripts.
One of the biggest challenges that I came across during this setup was keeping these scripts source controlled. Therefore, I wanted to share my solution as I feel it will be helpful for others. Feel free to use my approach for running the most recent version of source-controlled scripts in order to get parameter values. The Groovy scripts can be used to query FreeIPA for a listing of the existing groups as well. These scripts and job configurations can be modified to generate parameters in Jenkins dynamically according to your needs.
