#!groovy

/*
 * This script loads different kinds 
 * of credentials from files into the 
 * Jenkins credential store.
 */

import jenkins.model.*
import com.cloudbees.plugins.credentials.*
import com.cloudbees.plugins.credentials.common.*
import com.cloudbees.plugins.credentials.domains.*
import com.cloudbees.plugins.credentials.impl.*
import com.cloudbees.jenkins.plugins.sshcredentials.impl.*
import org.jenkinsci.plugins.plaincredentials.*
import org.jenkinsci.plugins.plaincredentials.impl.*
import hudson.util.Secret

///////////////////
// Helper functions
///////////////////
def getStore() {
    return Jenkins.instance.getExtensionList('com.cloudbees.plugins.credentials.SystemCredentialsProvider')[0].getStore()
}

def getContent(filePath) {
    return new File(filePath).text
}

// This function reads the contents of a key file and returns
// a Jenkins SSH private key object with the given user as owner
def getSSHKeyCredential(id, path, user) {
    return new BasicSSHUserPrivateKey(
        CredentialsScope.GLOBAL,
        id,
        user,
        new BasicSSHUserPrivateKey.DirectEntryPrivateKeySource(getContent(path)),
        "",
        "SSH key ${id}"
    )
}

// Get master credential store
domain = Domain.global()

//////////////////////////////
// Add username/password pairs
//////////////////////////////
userPasswords = [
    [id: 'docker-registry', description: 'Docker Registry Credentials', userNameFile: '/var/jenkins_home/secrets/dockerUserName', userPasswordFile: '/var/jenkins_home/secrets/dockerUserPassword'],
    [id: 'github-ci-user', description: 'GitHub CI User Credentials', userNameFile: '/var/jenkins_home/secrets/githubCIUserName', userPasswordFile: '/var/jenkins_home/secrets/githubCIUserToken'], 
]

for(userPassword in userPasswords) {
    Credentials cred = (Credentials) new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, userPassword.id, userPassword.description, getContent(userPassword.userNameFile), getContent(userPassword.userPasswordFile))
    getStore().addCredentials(domain, registryCreds)
}

/////////////
// Add tokens
/////////////
secretTokens = [
    [id: 'slack-token', description: 'Slack Token', tokenFile: '/var/jenkins_home/secrets/slackToken'],
    [id: 'vault-approle-secret', description: 'Vault AppRole Secret', tokenFile: '/var/jenkins_home/secrets/vaultAppRoleSecret'],
    [id: 'vault-approle-id', description: 'Vault AppRole ID', tokenFile: '/var/jenkins_home/secrets/vaultAppRoleID'],
    [id: 'github-ci-user-token', description: 'Github CI User Token', tokenFile: '/var/jenkins_home/secrets/githubCIUserToken']
]

for(secretToken in secretTokens) {
    Credentials token = (Credentials) new StringCredentialsImpl(CredentialsScope.GLOBAL, tokenSecret.id, tokenSecret.description, Secret.fromString(getContent(tokenSecret.tokenFile)))
    getStore().addCredentials(domain, token)
}

///////////////
// Add ssh keys
///////////////
sshKeys = [
    [id: 'ssh-deploy-key-service-a', path: '/var/jenkins_home/.ssh/deploy-key-service-a', user: 'root'],
    [id: 'ssh-slave-access', path: '/var/jenkins_home/.ssh/slave-access', user: 'jenkins'],
    [id: 'ssh-global-shared-library', path: '/var/jenkins_home/.ssh/global-shared-library', user: 'root'],
]

for(sshKey in sshKeys) {
    getStore().addCredentials(domain, getKeyCredential(sshKey.id, sshKey.path, sshKey.user))
}