cloudbees · carlosrodlop · May 21, 2024 · May 15, 2024 · May 15, 2024 · May 15, 2024
diff --git a/.cloudbees/workflows/ldap-dh.yaml b/.cloudbees/workflows/ldap-dh.yaml
diff --git a/.cloudbees/workflows/ldap-gh.yaml b/.cloudbees/workflows/ldap-gh.yaml
diff --git a/.docker/ldap/data.ldif b/.docker/ldap/data.ldif
diff --git a/.docker/ldap/openldap.Dockerfile b/.docker/ldap/openldap.Dockerfile
@@ -57,7 +57,6 @@ Once you have familiarized yourself with [CloudBees CI blueprint add-on: Get sta
 |------|-------------|------|---------|:--------:|
 | hosted_zone | Amazon Route 53 hosted zone. CloudBees CI applications are configured to use subdomains in this hosted zone. | `string` | n/a | yes |
 | trial_license | CloudBees CI trial license details for evaluation. | `map(string)` | n/a | yes |
-| grafana_admin_password | Grafana admin password. | `string` | `"change.me"` | no |
 | suffix | Unique suffix to assign to all resources. When adding the suffix, changes are required in CloudBees CI for the validation phase. | `string` | `""` | no |
 | tags | Tags to apply to resources. | `map(string)` | `{}` | no |
 
@@ -86,6 +85,7 @@ Once you have familiarized yourself with [CloudBees CI blueprint add-on: Get sta
 | efs_access_points | Amazon EFS access points. |
 | efs_arn | Amazon EFS ARN. |
 | eks_cluster_arn | Amazon EKS cluster ARN. |
+| global_password | Random string that is used as the global password. |
 | grafana_dashboard | Provides access to Grafana dashboards. |
 | kubeconfig_add | Add kubeconfig to the local configuration to access the Kubernetes API. |
 | kubeconfig_export | Export the KUBECONFIG environment variable to access the Kubernetes API. |

diff --git a/blueprints/02-at-scale/casc/oc/bundle.yaml b/blueprints/02-at-scale/casc/oc/bundle.yaml
@@ -8,6 +8,6 @@ items:
 plugins:
   - plugins
 rbac:
-  - rbac
+ - rbac
 variables:
   - variables
@@ -83,7 +83,7 @@ items:
                   store:
                     s3Store:
                       #TODO: Use variables
-                      #bucketName: ${cbci_s3}
+                      #bucketName: ${cbciS3}
                       bucketName: "cbci-bp02-s3"
                       bucketFolder: cbci/backup
                       region: us-east-1

@@ -40,7 +40,7 @@ items:
               "cloudbees.prometheus": "true"
     properties:
       - configurationAsCode:
-          bundle: "main/none-ha"
+          bundle: "ldap/none-ha"
   # Casc, HA
   - kind: managedController
     name: team-c-ha
@@ -74,4 +74,4 @@ items:
               "cloudbees.prometheus": "true"
     properties:
       - configurationAsCode:
-          bundle: "main/ha"
+          bundle: "ldap/ha"
@@ -8,15 +8,15 @@ unclassified:
       name: "casc-mm-store"
       retriever:
         SCM:
-          defaultVersion: ${casc_branch}
+          defaultVersion: ${cascBranch}
           scmSource:
             git:
               credentialsId: "GH-token"
-              remote: ${scm_casc_mm_store}
+              remote: ${scmCascMmStore}
               traits:
               - "gitBranchDiscovery"
               - headWildcardFilter:
-                  includes: ${casc_branch}
+                  includes: ${cascBranch}
               - sparseCheckoutPaths:
                   extension:
                     sparseCheckoutPaths:

@@ -2,11 +2,11 @@ jenkins:
   securityRealm:
     ldap:
       configurations:
-      - managerDN: ${ldap_ManagerDN}
-        managerPasswordSecret: ${ldap_ManagerPasswordSecret}
-        rootDN: ${ldap_RootDN}
-        server: ${ldap_Server}
-        userSearch: ${ldap_UserSearch}
+      - managerDN: ${ldapManagerDN}
+        managerPasswordSecret: ${sec_ldapPassword}
+        rootDN: ${ldapRootDN}
+        server: ${ldapServer}
+        userSearch: ${ldapUserSearch}
   authorizationStrategy: "cloudBeesRoleBasedAccessControl"
   remotingSecurity:
     enabled: true
@@ -20,12 +20,12 @@ credentials:
       - usernamePassword:
           description: "GH-User-token"
           id: "GH-User-token"
-          password: ${secGithubUser}
+          password: ${sec_githubUser}
           scope: GLOBAL
-          username: ${secGithubToken}
+          username: ${sec_githubToken}
           usernameSecret: true
       - string:
           description: "GH-ST-token"
           id: "GH-ST-token"
           scope: GLOBAL
-          secret: ${secGithubToken}
+          secret: ${sec_githubToken}
@@ -1,11 +1,10 @@
 variables:
   - message: "Welcome to the CloudBees CI blueprint add-on: At scale!"
-  - scm_casc_mm_store: "https://github.com/cloudbees/terraform-aws-cloudbees-ci-eks-addon.git"
-  - casc_branch: main
-  - ldap_ManagerDN: "cn=admin,dc=acme,dc=org"
-  - ldap_ManagerPasswordSecret: "admin"
-  - ldap_RootDN: "dc=acme,dc=org"
-  - ldap_Server: "ldap-service.auth.svc.cluster.local"
-  - ldap_UserSearch: "cn={0}"
+  - scmCascMmStore: "https://github.com/cloudbees/terraform-aws-cloudbees-ci-eks-addon.git"
+  - cascBranch: ldap
+  - ldapManagerDN: "cn=admin,dc=example,dc=org"
+  - ldapRootDN: "dc=example,dc=org"
+  - ldapServer: "openldap-stack.auth.svc.cluster.local"
+  - ldapUserSearch: "cn={0}"
   #Issue #70
-  #- cbci_s3: "cbci-bp02-s3"
+  #- cbciS3: "cbci-bp02-s3"
@@ -19,7 +19,7 @@ OperationsCenter:
     Retriever:
       Enabled: true
       scmRepo: https://github.com/cloudbees/terraform-aws-cloudbees-ci-eks-addon.git
-      scmBranch: main
+      scmBranch: ldap
       scmBundlePath: blueprints/02-at-scale/casc/oc
       scmPollingInterval: PT20M
 Persistence: