Removed NEXUS_USERNAME and NEXUS_PASSWORD on Jenkins DeploymentConfig as are no longer used

CHANGELOG.md

@@ -10,7 +10,7 @@
 ### Changed
 - Update SonarQube to 9.9.5 and configure resources for Nexus and Sonarqube in ods-configuration ([#1283](https://github.com/opendevstack/ods-core/pull/1283))
 - Update Nexus to 3.68.1-java11 to address a critical vulnerability ([#1286](https://github.com/opendevstack/ods-core/pull/1286))
-
+- Removed NEXUS_USERNAME and NEXUS_PASSWORD on Jenkins DeploymentConfig as are no longer used ([#1289]https://github.com/opendevstack/ods-core/pull/1289)
 ## [4.4.0] - 2024-04-22
 
 ### Fixed

configuration-sample/ods-core.env.sample

@@ -56,16 +56,8 @@ NEXUS_HOST=nexus-cd.192.168.56.101.nip.io
 # The domain should be equal to OPENSHIFT_APPS_BASEDOMAIN (see below).
 NEXUS_URL=https://nexus-cd.192.168.56.101.nip.io
 
-# Username and password for Nexus
-NEXUS_USERNAME=developer
-NEXUS_PASSWORD=changeme
-NEXUS_PASSWORD_B64=changeme
-# Password of Nexus administrator - should be set to a secure password
-# of your choice.
 NEXUS_ADMIN_PASSWORD=changeme
 NEXUS_ADMIN_PASSWORD_B64=changeme
-# Nexus (basic) authentication username:password
-NEXUS_AUTH=developer:changeme
 
 # Nexus JVM parameters, adjust acording to organization size
 # See https://help.sonatype.com/en/sonatype-nexus-repository-system-requirements.html

jenkins/master/configuration/grapeConfig.xml

@@ -1,6 +1,6 @@
 <ivysettings>
   <settings defaultResolver="downloadGrapes"/>
-      <credentials host="__NEXUS_HOST_NO_URL" realm="Sonatype Nexus Repository Manager" username="__NEXUS_USER" passwd="__NEXUS_PW"/>
+      <credentials host="__NEXUS_HOST_NO_URL" realm="Sonatype Nexus Repository Manager"/>
       <property name="nexus-public" value="__NEXUS_HOST/repository/maven-central/"/>
   <resolvers>
     <chain name="downloadGrapes" returnFirst="true">

jenkins/master/ods-run.sh

@@ -47,8 +47,6 @@ mkdir -p $HOME/.groovy
 cp /opt/openshift/configuration/grapeConfig.xml $HOME/.groovy/
 sed -i.bak -e "s|__NEXUS_HOST_NO_URL|$NEXUS_SHORT|g" $HOME/.groovy/grapeConfig.xml
 sed -i.bak -e "s|__NEXUS_HOST|$nexusUrl|g" $HOME/.groovy/grapeConfig.xml
-sed -i.bak -e "s|__NEXUS_USER|$NEXUS_USERNAME|g" $HOME/.groovy/grapeConfig.xml
-sed -i.bak -e "s|__NEXUS_PW|$NEXUS_PASSWORD|g" $HOME/.groovy/grapeConfig.xml
 
 if [ -e "${JENKINS_HOME}/plugins" ]; then
   # RHEL base images install plugins (defined in the yum package jenkins-2-plugins)

jenkins/ocp-config/deploy/jenkins-master.yml

@@ -42,10 +42,6 @@ parameters:
   required: true
 - name: NEXUS_URL
   required: true
-- name: NEXUS_USERNAME
-  required: true
-- name: NEXUS_PASSWORD_B64
-  required: true
 - name: JIRA_URL
   required: true
 - name: JENKINS_HOME
@@ -83,16 +79,6 @@ objects:
     labels:
       template: ods-jenkins-template
   type: opaque
-- apiVersion: v1
-  data:
-    password: '${NEXUS_PASSWORD_B64}'
-  kind: Secret
-  metadata:
-    labels:
-      template: ods-jenkins-template
-      app: jenkins
-    name: nexus
-  type: opaque
 - apiVersion: route.openshift.io/v1
   kind: Route
   metadata:
@@ -173,13 +159,6 @@ objects:
               value: '${JENKINS_CONTAINER_HEAP_PERCENT}'
             - name: NEXUS_URL
               value: '${NEXUS_URL}'
-            - name: NEXUS_USERNAME
-              value: '${NEXUS_USERNAME}'
-            - name: NEXUS_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  key: password
-                  name: nexus
             - name: JIRA_URL
               value: '${JIRA_URL}'
             - name: JENKINS_HOME

nexus/configure.sh

@@ -23,7 +23,6 @@ echo_info(){
 ADMIN_USER="admin"
 ADMIN_DEFAULT_PASSWORD=
 ADMIN_PASSWORD=
-DEVELOPER_PASSWORD=
 NEXUS_URL=
 LOCAL_CONTAINER_ID=
 NAMESPACE="ods"
@@ -64,9 +63,6 @@ while [[ "$#" -gt 0 ]]; do
     -a|--admin-password) ADMIN_PASSWORD="$2"; shift;;
     -a=*|--admin-password=*) ADMIN_PASSWORD="${1#*=}";;
 
-    -d|--developer-password) DEVELOPER_PASSWORD="$2"; shift;;
-    -d=*|--developer-password=*) DEVELOPER_PASSWORD="${1#*=}";;
-
     -n|--nexus) NEXUS_URL="$2"; shift;;
     -n=*|--nexus=*) NEXUS_URL="${1#*=}";;
 
@@ -103,25 +99,6 @@ if [ -z "${ADMIN_PASSWORD}" ]; then
     ADMIN_PASSWORD=${input:-""}
 fi
 
-if [ -z "${DEVELOPER_PASSWORD}" ]; then
-    if [ -f "${ODS_CORE_DIR}/../ods-configuration/ods-core.env" ]; then
-        echo_info "Configuration located, checking if password is changed from sample value"
-        samplePassword=$(grep NEXUS_PASSWORD_B64 "${ODS_CORE_DIR}/configuration-sample/ods-core.env.sample" | cut -d "=" -f 2-)
-        configuredPassword=$(grep NEXUS_PASSWORD_B64 "${ODS_CORE_DIR}/../ods-configuration/ods-core.env" | cut -d "=" -f 2- | base64 --decode)
-        if [ "${configuredPassword}" == "${samplePassword}" ]; then
-            echo_info "Developer password in ods-configuration/ods-core.env is the sample value"
-        else
-            echo_info "Setting developer password from ods-configuration/ods-core.env"
-            DEVELOPER_PASSWORD=${configuredPassword}
-        fi
-    fi
-    if [ -z "${DEVELOPER_PASSWORD}" ]; then
-        echo "Please enter Nexus developer password:"
-        read -r -e -s input
-        DEVELOPER_PASSWORD=${input:-""}
-    fi
-fi
-
 function waitForReady {
     echo_info "Wait for Nexus to become responsive"
     set +e
@@ -259,11 +236,6 @@ runJsonScript "deactivateAnonymous"
 echo_info "Setup developer role"
 runJsonScript "createRole" "-d @json/developer-role.json"
 
-echo_info "Setup developer user"
-sed "s|@developer_password@|${DEVELOPER_PASSWORD}|g" json/developer-user.json > json/developer-user-with-password.json
-runJsonScript "createUser" "-d @json/developer-user-with-password.json"
-rm json/developer-user-with-password.json
-
 if [ -z "${LOCAL_CONTAINER_ID}" ]; then
     changeScriptSetting "false"
     waitForReady

nexus/test.sh

@@ -22,7 +22,6 @@ function usage {
 
 VERIFY_ONLY=false
 ADMIN_PASSWORD=
-DEVELOPER_PASSWORD=
 PROMPTS=true
 INSECURE=""
 
@@ -42,9 +41,6 @@ while [[ "$#" -gt 0 ]]; do
     -a|--admin-password) ADMIN_PASSWORD="$2"; shift;;
     -a=*|--admin-password=*) ADMIN_PASSWORD="${1#*=}";;
 
-    -d|--developer-password) DEVELOPER_PASSWORD="$2"; shift;;
-    -d=*|--developer-password=*) DEVELOPER_PASSWORD="${1#*=}";;
-
     -s|--nexus-image) NEXUS_IMAGE="$2"; shift;;
     -s=*|--nexus-image=*) NEXUS_IMAGE="${1#*=}";;
 
@@ -73,13 +69,10 @@ if ! $VERIFY_ONLY; then
     NEXUS_URL="http://localhost:${HOST_PORT}"
     NEXUS_ADMIN_USERNAME="admin"
     NEXUS_ADMIN_PASSWORD=${ADMIN_PASSWORD:-"s3cr3t"}
-    NEXUS_USERNAME="developer"
-    NEXUS_PASSWORD=${DEVELOPER_PASSWORD:-"geHeim"}
 
     echo "Run configure.sh"
     "${SCRIPT_DIR}"/configure.sh \
         --admin-password="${NEXUS_ADMIN_PASSWORD}" \
-        --developer-password="${NEXUS_PASSWORD}" \
         --nexus="${NEXUS_URL}" \
         --local-container-id="${containerId}"
 else
@@ -97,19 +90,13 @@ else
     source verify-nexus.env
     rm verify-nexus.env
 
-    NEXUS_USERNAME=${NEXUS_USERNAME-"developer"}
     NEXUS_ADMIN_USERNAME=${NEXUS_ADMIN_USERNAME-"admin"}
     if $PROMPTS; then
         if [ -z "${ADMIN_PASSWORD}" ] && [ -z "${NEXUS_ADMIN_PASSWORD-}" ]; then
             echo "Please enter Nexus $NEXUS_ADMIN_USERNAME password:"
             read -r -e -s input
             NEXUS_ADMIN_PASSWORD=${input:-""}
         fi
-        if [ -z "${DEVELOPER_PASSWORD}" ] && [ -z "${NEXUS_PASSWORD-}" ]; then
-            echo "Please enter Nexus $NEXUS_USERNAME password:"
-            read -r -e -s input
-            NEXUS_PASSWORD=${input:-""}
-        fi
     fi
 fi
 
@@ -157,7 +144,7 @@ expectedRepos=( "candidates:hosted"
                 "leva-documentation:hosted")
 
 actualRepos=$(curl -sSf ${INSECURE} \
-    --user "${NEXUS_USERNAME}:${NEXUS_PASSWORD}" \
+    --user "${NEXUS_ADMIN_USERNAME}:${NEXUS_ADMIN_PASSWORD}" \
     ${NEXUS_URL}/service/rest/v1/repositories)
 
 for repo in "${expectedRepos[@]}"; do
@@ -186,22 +173,12 @@ else
     echo "Anonymous access is disabled"
 fi
 
-echo "Check developer access"
-if curl -sSf ${INSECURE} \
-    --user "${NEXUS_USERNAME}:${NEXUS_PASSWORD}" \
-    ${NEXUS_URL}/service/rest/v1/repositories | jq -e "length == 0" > /dev/null; then
-    echo "Developer access not possible"
-    exit 1
-else
-    echo "Developer access possible"
-fi
-
 artifact_url="${NEXUS_URL}/repository/maven-public/org/springframework/boot/spring-boot/2.3.0.RELEASE/spring-boot-2.3.0.RELEASE.pom"
 
 echo "Downloading sample artifact: $artifact_url"
 # retrieves an xml doc.
 http_code=$(curl -sSf ${INSECURE} --location -o /dev/null -w "%{http_code}" \
-    --user "${NEXUS_USERNAME}:${NEXUS_PASSWORD}" \
+    --user "${NEXUS_ADMIN_USERNAME}:${NEXUS_ADMIN_PASSWORD}" \
     "$artifact_url")
 exit_code=$?
 if [ $exit_code -ne 0 ]; then