From 3320a4fc60f1c9c6a90a473d367eee1a3047bd6d Mon Sep 17 00:00:00 2001
From: Karan <kvish2012@gmail.com>
Date: Tue, 12 Mar 2019 18:06:20 -0700
Subject: [PATCH] Fix Jenkins on strict mode (#290)

---
 Dockerfile                              |  1 +
 scripts/init.groovy.d/mesos-auth.groovy | 54 +++++++++++++++++++++++++
 2 files changed, 55 insertions(+)
 create mode 100644 scripts/init.groovy.d/mesos-auth.groovy

diff --git a/Dockerfile b/Dockerfile
index c5d998e..c673b71 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -48,6 +48,7 @@ COPY conf/nginx/nginx.conf /etc/nginx/nginx.conf
 COPY conf/jenkins/config.xml "${JENKINS_STAGING}/config.xml"
 COPY conf/jenkins/jenkins.model.JenkinsLocationConfiguration.xml "${JENKINS_STAGING}/jenkins.model.JenkinsLocationConfiguration.xml"
 COPY conf/jenkins/nodeMonitors.xml "${JENKINS_STAGING}/nodeMonitors.xml"
+COPY scripts/init.groovy.d/mesos-auth.groovy "${JENKINS_STAGING}/init.groovy.d/mesos-auth.groovy"
 
 # add plugins
 COPY plugins.conf /tmp/
diff --git a/scripts/init.groovy.d/mesos-auth.groovy b/scripts/init.groovy.d/mesos-auth.groovy
new file mode 100644
index 0000000..9e5da84
--- /dev/null
+++ b/scripts/init.groovy.d/mesos-auth.groovy
@@ -0,0 +1,54 @@
+import com.cloudbees.plugins.credentials.*
+import com.cloudbees.plugins.credentials.domains.*
+import com.cloudbees.plugins.credentials.impl.*
+import hudson.tasks.*
+import jenkins.model.*
+import org.jenkinsci.plugins.mesos.MesosCloud
+
+def changePassword = { userName ->
+  def cloud = MesosCloud.get()
+  def credentialsId = cloud.getCredentialsId()
+  def credId = "mesos-${userName}"
+
+  if (credentialsId && credentialsId == credId) {
+    // do nothing if credential already exists
+    println "--> [mesos] credentials already selected"
+  } else {
+    // create a new credential with an expected ID
+    println "--> [mesos] creating new credentials"
+    String randomPwd = org.apache.commons.lang.RandomStringUtils.random(9, true, true)
+
+    mesosFrameworkCreds = new UsernamePasswordCredentialsImpl(
+      CredentialsScope.GLOBAL,
+      "mesos-${userName}",
+      "mesos authentication",
+      userName, randomPwd)
+    SystemCredentialsProvider.getInstance().getStore().addCredentials(Domain.global(), mesosFrameworkCreds)
+    cloud.setCredentialsId(mesosFrameworkCreds.getId())
+    Jenkins.getInstance().save()
+    cloud.restartMesos()
+
+    println "--> [mesos] creating new credentials... done"
+  }
+}
+
+// the env var is set by DCOS when using a service account to run Jenkins
+def accountCreds = System.getenv("DCOS_SERVICE_ACCOUNT_CREDENTIAL")
+def sleepTimeStr = System.getenv("DCOS_JENKINS_MESOS_PLUGIN_BOOT_TIME")
+def sleepTime = sleepTimeStr == null ? 60000 : Integer.parseInt(sleepTimeStr)
+if (accountCreds) {
+  Thread.start {
+    // wait 60s, this gives the mesos plugin time to start
+    sleep sleepTime
+    def credURL = new URL(accountCreds)
+    def credFile = new File(credURL.toURI())
+    def credJSON = new groovy.json.JsonSlurper().parseText(credFile.text)
+    if (credJSON && credJSON.uid) {
+        changePassword(credJSON.uid)
+    } else {
+      println "--> [mesos] Failed to read principal from credentials file"
+    }
+  }
+} else {
+  println "--> [mesos] No DC/OS account detected; skipping mesos auth"
+}