Forked from nblair/nexus-repo-manager-privilege-example.groovy
Created
October 15, 2019 20:03
-
-
Save Badrmoh/e084308cdf0dd2a4ca6ecf66eee59253 to your computer and use it in GitHub Desktop.
A groovy script to create Content Selectors, privileges, and roles programmatically via the Nexus Repository Manager 3 Scripting API.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import org.sonatype.nexus.common.entity.* | |
| import org.sonatype.nexus.security.* | |
| import org.sonatype.nexus.security.authz.* | |
| import org.sonatype.nexus.selector.* | |
| import com.google.common.collect.ImmutableMap | |
| // use container.lookup to fetch internal APIs we need to use | |
| def selectorManager = container.lookup(SelectorManager.class.name) | |
| def securitySystem = container.lookup(SecuritySystem.class.name) | |
| def authorizationManager = securitySystem.getAuthorizationManager('default') | |
| // create content selector (if not already present) | |
| def selectorConfig = new SelectorConfiguration( | |
| name: 'mycompany-custom-selector', | |
| type: 'jexl', | |
| description: 'selector for my custom package', | |
| attributes: ['expression': 'coordinate.groupId =^ "com.mycompany"'] | |
| ) | |
| if (selectorManager.browse().find { it -> it.name == selectorConfig.name } == null) { | |
| selectorManager.create(selectorConfig) | |
| } | |
| // create snapshot and release repositories | |
| def snapshotName = "mycompany-maven-snapshots" | |
| def releaseName = "mycompany-maven-releases" | |
| repository.createMavenHosted(snapshotName, 'default', false, | |
| org.sonatype.nexus.repository.maven.VersionPolicy.SNAPSHOT, | |
| org.sonatype.nexus.repository.storage.WritePolicy.ALLOW) | |
| repository.createMavenHosted(releaseName, 'default', false, | |
| org.sonatype.nexus.repository.maven.VersionPolicy.RELEASE, | |
| org.sonatype.nexus.repository.storage.WritePolicy.ALLOW_ONCE) | |
| // create content selector privilege for release repo | |
| def releaseProperties = ImmutableMap.builder() | |
| .put("content-selector", selectorConfig.name) | |
| .put("repository", releaseName) | |
| .put("actions", "browse,read,edit") | |
| .build() | |
| def releasePrivilege = new org.sonatype.nexus.security.privilege.Privilege( | |
| id: "mycompany-release-priv", | |
| version: '', | |
| name: "mycompany-release-priv", | |
| description: "Content Selector Release privilege", | |
| type: "repository-content-selector", | |
| properties: releaseProperties | |
| ) | |
| authorizationManager.addPrivilege(releasePrivilege) | |
| // create content selector privilege for snapshot repo | |
| def snapshotProperties = ImmutableMap.builder() | |
| .put("content-selector", selectorConfig.name) | |
| .put("repository", snapshotName) | |
| .put("actions", "browse,read,edit") | |
| .build() | |
| def snapshotPrivilege = new org.sonatype.nexus.security.privilege.Privilege( | |
| id: "mycompany-snapshot-priv", | |
| version: '', | |
| name: "mycompany-snapshot-priv", | |
| description: "Content Selector Snapshot privilege", | |
| type: "repository-content-selector", | |
| properties: snapshotProperties | |
| ) | |
| authorizationManager.addPrivilege(snapshotPrivilege) | |
| // create a role with the snapshot and release privileges | |
| def role = new org.sonatype.nexus.security.role.Role( | |
| roleId: "mycompany-role", | |
| source: "Nexus", | |
| name: "mycompany-role", | |
| description: "My Company Role", | |
| readOnly: false, | |
| privileges: [ snapshotPrivilege.id, releasePrivilege.id ], | |
| roles: [] | |
| ) | |
| authorizationManager.addRole(role) | |
| // add a local user account with the role | |
| security.addUser("devuser", | |
| "Delilah", "Developer", | |
| "[email protected]", true, | |
| "devpassword", [ role.roleId ]) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment