Skip to content

Commit

Permalink
Merge pull request #1719 from edx/nadeem/remove_sysadmin_repo_reference
Browse files Browse the repository at this point in the history
chore: remove sysadmin repo. reference
  • Loading branch information
nadeemshahzad authored Jan 8, 2024
2 parents 183a1e8 + d1eb5ba commit a62ebc4
Show file tree
Hide file tree
Showing 3 changed files with 73 additions and 44 deletions.
110 changes: 70 additions & 40 deletions devops/jobs/SAMLSSLExpirationCheck.groovy
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
/*
Variables without defaults are marked (required)
Variables without defaults are marked (required)
Variables consumed for this job:
* DEPLOYMENTS (required)
deployment:
Expand All @@ -9,8 +9,8 @@
saml_secret (required)
secret_key (required)
* SECURE_GIT_CREDENTIALS: secure-bot-user (required)
* CONFIGURATION_REPO: name of config repo, default is https://github.com/edx/configuration.git
* CONFIGURATION_BRANCH: default is master
* MONITORING_SCRIPT_REPO: name of config repo, default is https://github.com/edx/configuration.git
* MONITORING_SCRIPT_REPO_BRANCH: default is master
* REGION: default is us-east-1
* NOTIFY_ON_FAILURE: alert@example.com
* FOLDER_NAME: folder, default is Monitoring
Expand All @@ -21,40 +21,70 @@
package devops.jobs
import static org.edx.jenkins.dsl.Constants.common_logrotator

class SAMLSSLExpirationCheck{
public static def job = { dslFactory, extraVars ->
assert extraVars.containsKey('DEPLOYMENTS') : "Please define DEPLOYMENTS. It should be a list of strings."
assert !(extraVars.get('DEPLOYMENTS') instanceof String) : "Make sure DEPLOYMENTS is a list and not a string"
extraVars.get('DEPLOYMENTS').each { deployment, configuration ->
configuration.environments.each { environment, inner_config ->
dslFactory.job(extraVars.get("FOLDER_NAME","Monitoring") + "/saml-ssl-expiration-check-${environment}-${deployment}") {
logRotator common_logrotator


def gitCredentialId = extraVars.get('SECURE_GIT_CREDENTIALS','')

triggers {
cron("H 15 * * * ")
}

environmentVariables {
env('REGION', extraVars.get('REGION','us-east-1'))
env('DAYS', extraVars.get('DAYS', 90))
env('SAML_SECRET',inner_config.get('saml_secret'))
env('SECRET_KEY',inner_config.get('secret_key'))
}

steps {
shell(dslFactory.readFileFromWorkspace('devops/resources/saml-ssl-expiration-check.sh'))
}

if (extraVars.get('NOTIFY_ON_FAILURE')){
publishers {
mailer(extraVars.get('NOTIFY_ON_FAILURE'), false, false)
}
}
}
}
}
}
class SAMLSSLExpirationCheck {
public static def job = {
dslFactory,
extraVars ->
assert extraVars.containsKey('DEPLOYMENTS'): "Please define DEPLOYMENTS. It should be a list of strings."
assert!(extraVars.get('DEPLOYMENTS') instanceof String): "Make sure DEPLOYMENTS is a list and not a string"
extraVars.get('DEPLOYMENTS').each {
deployment,
configuration ->
configuration.environments.each {
environment,
inner_config ->
dslFactory.job(extraVars.get("FOLDER_NAME", "Monitoring") + "/saml-ssl-expiration-check-${environment}-${deployment}") {
logRotator common_logrotator

def gitCredentialId = extraVars.get('SECURE_GIT_CREDENTIALS', '')

parameters {
stringParam('MONITORING_SCRIPTS_REPO', extraVars.get('MONITORING_SCRIPTS_REPO', 'git@github.com:edx/monitoring-scripts.git'),
'Git repo containing edX monitoring scripts, which contains the ssl expiration check script.')
stringParam('MONITORING_SCRIPTS_BRANCH', extraVars.get('MONITORING_SCRIPTS_BRANCH', 'master'),
'e.g. tagname or origin/branchname')
}

multiscm {
git {
remote {
url('$MONITORING_SCRIPTS_REPO')
branch('$MONITORING_SCRIPTS_BRANCH')
if (gitCredentialId) {
credentials(gitCredentialId)
}
}
extensions {
cleanAfterCheckout()
pruneBranches()
relativeTargetDirectory('monitoring-scripts')
}
}
}

triggers {
cron("H 15 * * * ")
}

environmentVariables {
env('REGION', extraVars.get('REGION', 'us-east-1'))
env('DAYS', extraVars.get('DAYS', 90))
env('SAML_SECRET', inner_config.get('saml_secret'))
env('SECRET_KEY', inner_config.get('secret_key'))
}

steps {
shell(dslFactory.readFileFromWorkspace('devops/resources/saml-ssl-expiration-check.sh'))
}

if (extraVars.get('NOTIFY_ON_FAILURE')) {
publishers {
mailer(extraVars.get('NOTIFY_ON_FAILURE'), false, false)
}
}

}
}
}
}
}
1 change: 0 additions & 1 deletion devops/jobs/SSLExpirationCheck.groovy
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,6 @@ class SSLExpirationCheck{
}

def gitCredentialId = extraVars.get('SECURE_GIT_CREDENTIALS','')
assert extraVars.containsKey('SYSADMIN_REPO') : "Please define a system admin repo where the SSL expiration check script is located"

parameters{
stringParam('CONFIGURATION_REPO', extraVars.get('CONFIGURATION_REPO', 'https://github.com/edx/configuration.git'),
Expand Down
6 changes: 3 additions & 3 deletions devops/resources/saml-ssl-expiration-check.sh
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,11 @@ HOME=/edx/var/jenkins
env
set -x

cd $WORKSPACE/sysadmin

cd $WORKSPACE/monitoring-scripts
pip install -r requirements/base.txt
pip install awscli
cd saml_ssl_expiration_check

cd jenkins
set +x

export SSL=$($SAML_SECRET | sed 's/\\"/"/g' | jq -r ".$SECRET_KEY")
Expand Down

0 comments on commit a62ebc4

Please sign in to comment.