Search code examples
javagroovysonatypenexus3

Nexus REST API to map LDAP user to existing Roles

Is there any possibility of having a Groovy script for mapping the LDAP user to existing nexus roles? I have created a Groovy script which will check my employee no in LDAP and map the nexus role to my user id.

import org.sonatype.nexus.security.role.RoleIdentifier
import org.sonatype.nexus.security.user.User
import org.sonatype.nexus.security.user.UserManager
import org.sonatype.nexus.security.role.NoSuchRoleException
import groovy.json.JsonOutput 
import groovy.json.JsonSlurper 
import groovy.json.JsonBuilder
import java.util.ArrayList
import java.util.HashSet
import java.util.List
import java.util.Set


def id = "NA10009"
def roles = 'dot-maven'
def json = new JsonBuilder()
def root= json id: id, roles: roles 
def roles1 = json.toString()
def role = new JsonSlurper().parseText(roles1)
 log.info("The Role in JSON  : $roles1")

authManager = security.getSecuritySystem().getAuthorizationManager(UserManager.DEFAULT_SOURCE)
 log.info("The authManager  : $authManager")
roles = (role.roles == null ? new HashSet() :role.roles.toSet())
try {
    User user = security.securitySystem.getUser(id, 'LDAP') 
    def existingRole = authManager.getRole(role.roles)
    log.info("The Role  : $existingRole")

    if (user != null) {
        List test = []
        test << existingRole.roleId
         log.info("The Role list  : $test")
        security.setUsersRoles(id,  test)
        log.info("Role of $roles  has been added to $id")
    } else {
        log.warn("$id not found.")
    }

} catch (Exception e) {
    log.error(e.toString())
}

The output is 

    org.sonatype.nexus.internal.script.ScriptTask - groovy.lang.MissingMethodException: No signature of method: org.sonatype.nexus.security.internal.DefaultSecuritySystem$$EnhancerByGuice$$20b4f8d.setUsersRoles() is applicable for argument types: (java.lang.String, java.lang.String, java.util.ArrayList) values: [NA10009, [dot-maven]]
Possible solutions: setUsersRoles(java.lang.String, java.lang.String, java.util.Set)

I created a json for the roles and tried to update the LDAP user. But it throws the above error.

Solution

  • To Add Nexus role to LDAP users,

    import org.sonatype.nexus.security.role.RoleIdentifier;
import org.sonatype.nexus.security.user.User;
import org.sonatype.nexus.security.user.UserManager;

String userId = 'NA10009';
String newRoleId = 'dot-maven'
String realm = 'LDAP'
String role_realm = 'default'

User user = security.securitySystem.getUser(userId, realm)
authManager = security.getSecuritySystem().getAuthorizationManager(UserManager.DEFAULT_SOURCE)
def existingRole = authManager.getRole(newRoleId)
if(user != null) {
    RoleIdentifier newRole = new RoleIdentifier(role_realm, existingRole.roleId);
    user.addRole(newRole)
    security.securitySystem.setUsersRoles(user.getUserId(), realm, user.getRoles());
} else {
    log.warn("No user with ID of $userId found.")
}