Advice on User Authentication - jenkins

We're looking for a simple open source software, that is easily containerised, that we can use as a single sign on machine inside our cloud development environment.
The servers that it will need to handle authentication for are
gitlab nexus jenkins sonarqube
So far I've looked at freeIPa
https://github.com/freeipa/freeipa-container
Having a few teething troubles getting this setup, and was hoping to get some other suggestions.
To be honest I'm not even certain freeIPA will work with all those software titles anyway, something I'll check now.
Any tips or advice more than welcome.
Here's a basic diagram of what we're trying to achieve

Related

Is it possible to develop a Jira plugin with RESTful capabilities for creating issues programatically?

I have developed a Django app which hosts a bunch of forms that collect information about issues and I want to use this data to create Jira issues programmatically.
I have a conceptual idea of how that can be achieved but my problem is that I am a complete software development newbie and also have never used Jira to this date, hence googling stuff is quite hard as I have an almost non-existent vocabulary in these regards and things get quite overwhelming really fast. I want to know if what I have in mind even makes sense before I delve deeper into documentations and figuring out how to implement stuff.
So I'm going to send POST requests from my Django app containing the issue information in JSON format. These POST requests would then be handled by some Java service which in turn uses the JRJC to create issues on Jira. In my head this implies that I have to develop a whole server (or use some kind of framework for that matter) for django to send its requests to and handle them. Would it be possible to write a plugin for JIRA that bypasses the need for such a server so I could just write the service for handling the requests and expose it on some URL based on the domain of my Jira instance?
I apologize if my question appears vague or ill-structured. Any attempts to shine light on my incompetence or pointing fingers in some direction will be greatly appreciated!
I assume that you're talking about Jira Server (hosted by you) rather than Jira Cloud (hosted by Atlassian).
A Jira plugin can expose a REST endpoint, so yes, you can write such a plugin and POST to an endpoint you define, which then uses the Jira Java API to create issues.
See https://developer.atlassian.com/server/framework/atlassian-sdk/rest-plugin-module/ for information on putting REST endpoints in your plugin.

Jenkins and GitLab -- Gitlab Hook plugin is the right choice?

There are so many posts about this, and being inexperienced in Git doesn't help to get a good grip on this.
I just joined a new company that dont have CI at all, so jumped on the opportunity to create a proof of concept (using Jenkins locally on my Windows box for now, until I get a dedicated server for it). I've used and semi-configured Jenkins in the past, using SVN, and it was so simple and fast to get it working. In this company, they don't use SVN, only GitLab (I believe its private - we have our own site, not .gitlab.com), and nothing works for me.
I followed a few turorials, but mainly this seemed like the one that meets my needs. It didn't work (the reasons and symptoms are probably worth a post of its own).
When I look at Gitlab Hook plugin in Jenkins, I see a big red warning saying it is not safe ("Gitlab API token stored and displayed in plain text").
So my question, for this POC that i am working on, how serious is this warning? Should I avoid this plugin and then this method altogether because of this?
And while i'm at it, I might also throw an additional general question to open up my options here ... If I want Jenkins to work with Gitlab (meaning, I checkin something and it triggers a build), do I absolutely need to use the SSH method, or it could work with HTTPS as well?
Thank you.
This is indeed SECURITY-263 / CVE-2018-1000196
Gitlab Hook Plugin does not encrypt the Gitlab API token used to access Gitlab. This can be used by users with master file system access to obtain GitHub credentials.
Additionally, the Gitlab API token round-trips in its plaintext form, and is displayed in a regular text field to users with Overall/Administer permission. This exposes the API token to people viewing a Jenkins administrator’s screen, browser extensions, cross-site scripting vulnerabilities, etc.
As of publication of this advisory, there is no fix.
So:
how serious is this warning?
Serious, but it does require access to the Jenkins server filesystem, or it requires Jenkins administration level. So that risk can be documented, acknowledged and, for now, set aside, provided mitigation steps are in place, ie.:
the access to the Jenkins server is properly monitored
the list of Jenkins admin account is properly and regularly reviewed.
do I absolutely need to use the SSH method, or it could work with HTTPS as well?
You can use https for accessing GitLab repositories in a Jenkins job.
But for the GitLab hook plugin, SSH remains the recommended way, considering you would use a token (instead of a user account name/password), that you can revoke at any time.

Laravel 5.1 application deployment

I have developed an application with Laravel5.1. Now I need hosting suggestion for deploying my application. I know it's a silly question but I want a reliable answer. Before buying a hosting I want to know which hosting service will provide proper environment to run a laravel5.1 application.
Php version required >= 5.5.9
This is such a hard question to answer as it all depends on what you're after.
Some questions to consider:
Do you want to set the server up yourself?
If this is the case then any unmanaged provider will do the trick, you'll just need to set it all up; LAMP, Git, Composer etc.
Do you want to manage the server itself but you aren't sure how to set it up?
Digital Ocean (and other providers I'm sure) offer one-click apps where you can deploy whatever you want. For Laravel you would probably want to pick the LAMP app install. These deploy all the packages you will require and set them up for you so that you don't need to - the rest of the server management would be up to you from there.
Do you want to use Managed Hosting where they do it all for you?
OVH have been pretty good for me in the past, I've never used their managed option, although I know they have it - and I've had great service from them too.
If you're still not sure then I would suggest looking for a provider that provides servers that come with a LAMP stack (as this covers everything you need for Laravel) or one that supports PHP applications - if you're not sure then just contact the company and ask. Or find someone (a friend or a professional) who can help you get started online.
One suggestion because you are using Laravel is to look at https://forge.laravel.com/ where you can handle servers that runs in Digital Ocean and other providers.
Fits perfectly for Laravel.

How to setup Gerrit without any authentication?

I downloaded Gerrit, unpacked it and started the server with bin/gerrit.sh start. Then I noticed that I cannot log into the web frontend and looked for my options. Since all I would like to do is add a test project and play around with it to explore the features, I would actually like to avoid authentication at all.
Is there a way to get this going without openid or ldap. auth.type=http would be just right, but this again requires an apache in front. Or can I just configure jetty to do it. If so, how?

Connecting to users local machine from my WebApp

I have a Web App that i have developed I am looking to develop a plugin for this app so that i can pull information from the users accounts package such as sage or quickbooks(offline version). Ideally I would like to do this without them having to have a static ip etc.
Unfortunately this is way over my head I currently have no idea on how to do this.
Please can some one guide me in the right direction I will probably use json data between the webapp and the client service that I will make and im fine with that part its just the initial connection that I am confused about.
Any help would be really really appreciated I hope this makes sense.
Thanks
Ash
The way the Shopify Quickbooks integration (Quickify) works is by setting up a tiny local server that listens on a high port number and is able to play with the local filesystem. The web app part of the solution sends JSON back to it.

Resources