Fix failing creation of content selectors in nexus v3.20 (#239)

* Add tests for content selectors
* Fix create_content_selector.groovy fail in nexus 3.20

files/groovy/create_content_selector.groovy

@@ -1,21 +1,19 @@
 import groovy.json.JsonSlurper
-import org.sonatype.nexus.selector.SelectorManager
 import org.sonatype.nexus.selector.SelectorConfiguration
+import org.sonatype.nexus.selector.SelectorManager
 
 parsed_args = new JsonSlurper().parseText(args)
 
-selectorManager = container.lookup(SelectorManager.class.name)
+SelectorManager selectorManager = container.lookup(SelectorManager.class.name)
 
-def selectorConfig
 boolean update = true
 
-selectorConfig = selectorManager.browse().find { it -> it.name == parsed_args.name } 
+SelectorConfiguration selectorConfig = selectorManager.browse().find { it -> it.name == parsed_args.name }
 
 if (selectorConfig == null) {
     update = false
-    selectorConfig = new SelectorConfiguration(
-        'name': parsed_args.name
-    )
+    selectorConfig = selectorManager.newSelectorConfiguration()
+    selectorConfig.setName(parsed_args.name)
 }
 
 selectorConfig.setDescription(parsed_args.description)

molecule/nexus_common_test_vars.yml

@@ -31,6 +31,15 @@ nexus_audit_enabled: true
 nexus_rut_auth_realm: false
 nexus_rut_auth_header: "CUSTOM_RUT_HEADER"
 
+nexus_repos_cleanup_policies:
+  - name: mvn_cleanup
+    format: maven2
+    mode:
+    notes: ""
+    criteria:
+      lastBlobUpdated: 60
+      lastDownloaded: 120
+
 nexus_repos_maven_proxy:
   - name: central
     remote_url: 'https://repo1.maven.org/maven2/'
@@ -80,6 +89,13 @@ nexus_repos_yum_group:
       - private_yum_centos_7
       - epel_centos_7_x86_64
 
+nexus_repos_docker_hosted:
+  - name: docker-private
+    http_port: "5000"
+    force_basic_auth: true
+    v1_enabled: true
+    write_policy: allow
+
 nexus_repos_apt_hosted:
   - name: private_ubuntu_18.04
     distribution: bionic
@@ -176,6 +192,129 @@ nexus_repos_apt_proxy:
     maximum_metadata_age: -1
     negative_cache_ttl: 60
 
+nexus_content_selectors:
+  # Docker by namespace. For mode details see:
+  # https://help.sonatype.com/repomanager3/formats/docker-registry/content-selectors-and-docker
+  - name: docker-login-search
+    description: Selector for docker login privilege
+    search_expression: format == "docker" and (path == "/v2/" of path == "/v1/search")
+  - name: docker-private-team1
+    description: Selector for docker team1
+    search_expression: format == "docker" and path =^ "/v2/team1/"
+  - name: docker-private-team2
+    description: Selector for docker team2
+    search_expression: format == "docker" and path =^ "/v2/team2/"
+
+nexus_privileges:
+  - name: all-repos-read
+    description: 'Read & Browse access to all repos'
+    repository: '*'
+    actions:
+      - read
+      - browse
+  - name: wildcard1
+    type: wildcard
+    description: first wilcard
+    pattern: nexus:repository-view:yum:*
+  - name: some_application
+    type: application
+    description: some nexus configuration
+    domain: some_nexus_domain
+    actions:
+      - some action
+  - name: script1
+    type: script
+    description: first script
+    script_name: the_script_name
+    actions:
+      - some actions
+  - name: docker-login-search-all
+    type: repository-content-selector
+    contentSelector: docker-login-search
+    description: "Login to and search docker registry"
+    repository: "*"
+    actions:
+      - read
+  - name: docker-private-team1-rw
+    type: repository-content-selector
+    contentSelector: docker-private-team1
+    description: write access to /team1 namespace on docker-private
+    repository: docker-private
+    actions:
+      - read,
+      - add
+      - edit
+      - browse
+  - name: docker-private-team2-rw
+    type: repository-content-selector
+    contentSelector: docker-private-team2
+    description: write access to /team2 namespace on docker-hosted
+    repository: docker-private
+    actions:
+      - read
+      - add
+      - edit
+      - browse
+
+nexus_roles:
+  - name: c-ro-private_yum_centos_7
+    id: c-ro-private_yum_centos_7
+    description: "Custrom read-only role for private_yum_centos_7 hosted repository"
+    privileges:
+      - 'nx-repository-view-yum-private_yum_centos_7-read'
+      - 'nx-repository-view-yum-private_yum_centos_7-browse'
+  - name: developers
+    id: developers
+    description: "Developers"
+    privileges:
+      - all-repos-read
+      - wildcard1
+      - docker-login-search-all
+  - name: role-team1
+    id: role-team1
+    description: "team1"
+    privileges:
+      - docker-private-team1-rw
+  - name: role-team2
+    id: role-team2
+    description: "team2"
+    privileges:
+      - docker-private-team2-rw
+
+nexus_local_users:
+  - username: jenkins
+    first_name: Jenkins
+    last_name: CI
+    email: [email protected]
+    password: "s3cr3t"
+    roles:
+      - developers
+  - username: olduser  # make sure this old account is removed
+    state: absent
+  - username: test_roles
+    first_name: Test
+    last_name: Roles
+    email: [email protected]
+    password: "s3cr3t"
+    roles:
+      - c-ro-private_yum_centos_7
+  - username: team1
+    first_name: team
+    last_name: one
+    email: [email protected]
+    password: "theone"
+    roles:
+      - developers
+      - role-team1
+  - username: team2
+    first_name: team
+    last_name: two
+    email: [email protected]
+    password: "thetwo"
+    roles:
+      - developers
+      - role-team2
+
 nexus_scheduled_tasks:
   #  Example task to purge maven snapshots with cron schedule
   - name: Purge maven snapshots
@@ -246,71 +385,6 @@ nexus_scheduled_tasks:
       repositoryName: "*"
       lastUsed: "7"
 
-nexus_local_users:
-  - username: jenkins
-    first_name: Jenkins
-    last_name: CI
-    email: [email protected]
-    password: "s3cr3t"
-    roles:
-      - developers
-  - username: olduser  # make sure this old account is removed
-    state: absent
-  - username: test_roles
-    first_name: Test
-    last_name: Roles
-    email: [email protected]
-    password: "s3cr3t"
-    roles:
-      - c-ro-private_yum_centos_7
-
-nexus_privileges:
-  - name: all-repos-read
-    description: 'Read & Browse access to all repos'
-    repository: '*'
-    actions:
-      - read
-      - browse
-  - name: wildcard1
-    type: wildcard
-    description: first wilcard
-    pattern: nexus:repository-view:yum:*
-  - name: some_application
-    type: application
-    description: some nexus configuration
-    domain: some_nexus_domain
-    actions:
-      - some action
-  - name: script1
-    type: script
-    description: first script
-    script_name: the_script_name
-    actions:
-      - some actions
-
-nexus_roles:
-  - name: c-ro-private_yum_centos_7
-    id: c-ro-private_yum_centos_7
-    description: "Custrom read-only role for private_yum_centos_7 hosted repository"
-    privileges:
-      - 'nx-repository-view-yum-private_yum_centos_7-read'
-      - 'nx-repository-view-yum-private_yum_centos_7-browse'
-  - name: developers
-    id: developers
-    description: "Developers"
-    privileges:
-      - all-repos-read
-      - wildcard1
-
-nexus_repos_cleanup_policies:
-  - name: mvn_cleanup
-    format: maven2
-    mode:
-    notes: ""
-    criteria:
-      lastBlobUpdated: 60
-      lastDownloaded: 120
-
 # proxy configuration depending on env
 nexus_with_http_proxy: "{{ lookup('env', 'http_proxy') | length > 0 | bool }}"
 nexus_http_proxy_host: "{{ lookup('env', 'http_proxy') | urlsplit('hostname') }}"

molecule/test_apt_repo.py

@@ -1,3 +1,5 @@
+"""testinfra file for apt specific tests."""
+
 import os
 import testinfra.utils.ansible_runner
 
@@ -8,7 +10,7 @@
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('nexus')
 
-apt_pub_key="""
+apt_pub_key = """
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 
 mQGNBF2Ym3ABDACtu4R3enO2TehVslkRXc4ZcMkaAMIcJgOLo/IQBUnN8dInGLFR
@@ -52,11 +54,14 @@
 -----END PGP PUBLIC KEY BLOCK-----
 """
 
+
 def test_apt_package_upload(host: testinfra.host.Host):
+    """Test we can upload an apt package to repository."""
     # Copy debian test package
     host.ansible(
         "get_url",
-        "url=https://github.com/ansible-ThoTeam/nexushello-apt-package/releases/download/v1.0.1/nexushello_1.0.1_all.deb dest=/tmp",
+        "url=https://github.com/ansible-ThoTeam/nexushello-apt-package/releases"
+        "/download/v1.0.1/nexushello_1.0.1_all.deb dest=/tmp",
         check=False
     )
 
@@ -86,19 +91,15 @@ def test_apt_package_upload(host: testinfra.host.Host):
     )
 
     # Import gpg key of our repo
-    #host.run('echo "{}" | apt-key add -'.format(apt_pub_key))
     host.run('echo "{}" > /tmp/pub.key'.format(apt_pub_key))
     host.run("apt-key add /tmp/pub.key")
 
     # Install package
-    install_package = host.ansible(
+    host.ansible(
         "apt",
         "name=nexushello state=present update-cache=true",
         check=False,
         become=True
     )
 
     assert host.run("nexushello").stdout == "Hello nexus !\n"
-
-
-

molecule/test_default.py

@@ -1,3 +1,5 @@
+"""Default testinfra file for the role."""
+
 import os
 
 import testinfra.utils.ansible_runner
@@ -7,6 +9,7 @@
 
 
 def test_npm_scoped_package_download(host):
+    """Test if we can download npm scoped packages."""
     test_package_url = \
         "https://localhost/repository/npm-public/@angular%2fcore"