diff --git a/CHANGELOG.md b/CHANGELOG.md index 2bb7d17..7ea0568 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,6 @@ # Changelog +## [v1.3.0] - 2024-11-09 +- Added support for Content Selectors API endpoint ## [v1.2.0] - 2024-11-09 ### Added diff --git a/defaults/main.yml b/defaults/main.yml index d9cbed3..ac3f7cf 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -88,3 +88,5 @@ nexus_user_tokens_capability: protectContent: true expirationEnabled: true expirationDays: 30 + +nexus_content_selectors: [] diff --git a/molecule/default/group_vars/all.yml b/molecule/default/group_vars/all.yml index ebe4dc8..b14aa6e 100644 --- a/molecule/default/group_vars/all.yml +++ b/molecule/default/group_vars/all.yml @@ -6,6 +6,20 @@ nexus_admin_username: admin nexus_admin_password: changeme nexus_enable_pro: true +nexus_content_selectors: + - name: raw-selector + type: csel + description: raw-selectorrr + expression: format == "raw" + - name: maven-org-selector + type: csel + description: maven-org-selectorrr + expression: format == "maven2" and path =^ "/org" + - name: maven-com-selector + type: csel + description: maven-com-selector + expression: format == "maven2" and path =^ "/com" + nexus_user_tokens_capability: enabled: true protectContent: true diff --git a/tasks/content-selectors-api.yml b/tasks/content-selectors-api.yml new file mode 100644 index 0000000..4a8bf1b --- /dev/null +++ b/tasks/content-selectors-api.yml @@ -0,0 +1,24 @@ +--- +- name: Construct API url + set_fact: + api_url: > + {% if method in ['POST'] %} + {{ nexus_protocol }}://{{ nexus_hostname }}:{{ nexus_port }}/service/rest/v1/security/content-selectors + {% elif method in ['PUT', 'DELETE'] %} + {{ nexus_protocol }}://{{ nexus_hostname }}:{{ nexus_port }}/service/rest/v1/security/content-selectors/{{ item.name }} + {% endif %} + tags: content-selectors + +- name: "{{ method }} {{ item.name }} content seelctor" + uri: + url: "{{ api_url }}" + method: "{{ method }}" + validate_certs: false + status_code: 204 + user: "{{ nexus_admin_username }}" + password: "{{ nexus_admin_password }}" + force_basic_auth: true + body: "{{ item }}" + body_format: json + changed_when: true + tags: content-selectors diff --git a/tasks/main.yml b/tasks/main.yml index 9508bdb..ddc77c9 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -12,6 +12,90 @@ nexus_repos_cleanup_policies_to_update: [] nexus_routing_rules_to_update: [] nexus_users_to_update: [] + nexus_content_selectors_to_update: [] + tags: always + +########### Content Selectors ########### + +- name: Get all Content Selectors + uri: + url: "{{ nexus_protocol }}://{{ nexus_hostname }}:{{ nexus_port }}/service/rest/v1/security/content-selectors" + method: GET + validate_certs: false + status_code: 200 + user: "{{ nexus_admin_username }}" + password: "{{ nexus_admin_password }}" + force_basic_auth: true + register: __nexus_content_selectors__ + tags: content-selectors + +- name: Determine content selectors to create + set_fact: + nexus_content_selectors_to_create: "{{ nexus_content_selectors | rejectattr('name', 'in', __nexus_content_selectors__.json | map(attribute='name') | list) | list }}" + tags: content-selectors + +- name: Determine content selectors to delete + set_fact: + nexus_content_selectors_to_delete: "{{ __nexus_content_selectors__.json | rejectattr('name', 'in', nexus_content_selectors | map(attribute='name') | list) | list }}" + tags: content-selectors + +- name: Compare content selectors for changes + set_fact: + nexus_content_selectors_to_update: "{{ nexus_content_selectors_to_update + [ item ] }}" + loop: "{{ nexus_content_selectors | list }}" + when: > + ( __nexus_content_selectors__.json | selectattr('name', 'equalto', item.name) | first) is not defined or + ( __nexus_content_selectors__.json | selectattr('name', 'equalto', item.name) | first).description | default(omit) != item.description | default(omit) or + ( __nexus_content_selectors__.json | selectattr('name', 'equalto', item.name) | first).type | default(omit) != item.type | default(omit) or + ( __nexus_content_selectors__.json | selectattr('name', 'equalto', item.name) | first).expression | default(omit) != item.expression | default(omit) + tags: content-selectors + +- name: Show nexus_content_selectors_to_create + debug: + var: nexus_content_selectors_to_create | length + tags: content-selectors + +- name: Show nexus_content_selectors_to_update + debug: + var: nexus_content_selectors_to_update | length + tags: content-selectors + +- name: Show nexus_content_selectors_to_delete + debug: + var: nexus_content_selectors_to_delete | length + tags: content-selectors + +- name: Create configured Content Selectors using Nexus API + ansible.builtin.include_tasks: content-selectors-api.yml + vars: + selectors: "{{ item | default([]) }}" + method: POST + with_items: + - "{{ nexus_content_selectors_to_create | default([]) }}" + when: nexus_content_selectors_to_create | length > 0 + tags: content-selectors + +- name: Update configured Content Selectors using Nexus API + ansible.builtin.include_tasks: content-selectors-api.yml + vars: + selectors: "{{ item | default([]) }}" + method: PUT + with_items: + - "{{ nexus_content_selectors_to_update | default([]) }}" + when: nexus_content_selectors_to_update | length > 0 + tags: content-selectors + +- name: Delete Content Selectors using Nexus API + ansible.builtin.include_tasks: content-selectors-api.yml + vars: + selectors: "{{ item | default([]) }}" + method: DELETE + with_items: + - "{{ nexus_content_selectors_to_delete | default([]) }}" + when: nexus_content_selectors_to_delete | length > 0 + tags: content-selectors + +############ End Content Selectors ############ ########### Users ############