I am currently working on implementing Single Sign-On (SSO) for the entire Coveros domain. This project required me to implement a process to add current Coveros employees into our FreeIPA server as well as account for any future employees that will be onboarded. In order to deal with this problem, a script was written which would add a user to the FreeIPA server and assign them a random password. The random password was sent to the user via email from the script as well. The script to add users can be found here if you are interested.

In order to give the business users a nice interface to add users, a parameterized Jenkins job was created which accepted the following parameters:

The choices for the groups are read dynamically in real-time from the FreeIPA server. If a new group is added or deleted in FreeIPA, it is reflected in Jenkins immediately. These values were pulled with the help of the following Groovy scripts and the Extended Choice Parameter plugin.

/*
Name: getGroups.groovy
Developer(s): Rahul Sharma
Description: This script gets all the groups that exist in the freeIPA system except for ipausers
*/

try{
   //commands to read in the the commonMethods file
   GroovyShell shell = new GroovyShell()
   commonMethodsScript = shell.parse(new File('var/lib/jenkins/commonMethod.groovy'))
   // list for returning checkbox group option
   List<String>groups = new ArrayList<String>()
   getGroupsCommand = "ssh my.fav.server.com sudo ipa group-find --all|grep 'Group name'|cut -d ':' -f2|cut -d ' ' -f2"
   List<String> outputs = commonMethodsScript.runCommand(getGroupsCommand)
   //split string by newline characters to get an array of groups
   String[] lines= outputs.get(0).toString().split("\\r?\\n")
   for (String item : lines) {
      //add all the groups except ipausers
      if(!(item.equals("ipausers"))){
         groups.add(item)
      }
   }
   return groups
}
catch(IOException ex){
   print "IOException!!! The commonMethods.groovy file doesn't exist!!!\n"
}
/*
Name: commonMethods.groovy 
Developers: Rahul Sharma, Ben Summers, Eric Lee
Description: This script contains a method by the name of runCommand. The runCommand method accepts 
two parameters: command and TIME_TO_WAIT. The TIME_TO_WAIT  parameter is optional and if not specified, 
it defaults to the value of 1000000. The method takes in a command and attempts to execute it as a 
terminal command. The method reads in the output of the terminal command whether it is standard out or 
standard error. It places the standard out and standard error in a tuple and returns it. 
*/
 
//method takes in a command and attempts to run it
def runCommand(String command, def TIME_TO_WAIT = 1000000){
   //structure to store standard output and standard error
   
   def standardOut = new StringBuilder()
   def standardErr = new StringBuilder()
   def proc
   def exitCode = 0
   try{
      //execute command on the shell
      proc = ["/bin/sh", "-c", command].execute()
      //consume output with either standard out and standard error
      proc.consumeProcessOutput(standardOut, standardErr)
      //Wait 100 seconds for the process to finish, otherwise stops the process.
      proc.waitForOrKill(TIME_TO_WAIT)
      exitCode = proc.exitValue()
   }
   //if error put message into standardErr
   catch(e){
      standardErr<<e.toString()
   }
   return new Tuple(standardOut,standardErr,exitCode)
}

Both of these scripts were stored in Git. Since there wasn’t any direct way to link these scripts from Git to the Extended Parameter Choice plugin, another job was created with the sole purpose of checking out those two files and moving them to /var/lib/jenkins/. That job was configured to poll SCM every 15 minutes to check for any new updates. This was done to ensure that the Extended Choice Parameter Plugin is using the latest scripts.

One of the biggest challenges that I came across during this setup was keeping these scripts source controlled. Therefore, I wanted to share my solution as I feel it will be helpful for others. Feel free to use my approach for running the most recent version of source-controlled scripts in order to get parameter values. The Groovy scripts can be used to query FreeIPA for a listing of the existing groups as well. These scripts and job configurations can be modified to generate parameters in Jenkins dynamically according to your needs.

X