pipeline {
    agent { label 'docker-paas-agent' } 
    
    environment {
        ORCHENT_AGENT_ACCOUNT='infn-cloud'
        ORCHENT_URL='https://my.cloud.infn.it/orchestrator'
    }
    
    stages {
        stage ('Test environment'){
            steps {
                withCredentials([
                    usernamePassword(credentialsId: "jenkins_scans_creds", usernameVariable: 'GMP_USER', passwordVariable: 'GMP_PASSWORD')
                ]) {
                    sh '''#!/bin/bash
                        # oidc-agent initialization
                        eval `oidc-agent-service use`
                        oidc-add infn-cloud-ops
                        
                        env 
                        
                        # Orchent connection test
                        orchent depls > depls.output
                        if grep -q ERROR depls.output
                        then 
                            echo "orchent depls: NOT ok" 
                            cat depls.output 
                            exit 1
                        else 
                            echo "orchent depls: OK" 
                        fi

                        # Greenbone connection test
                        /var/lib/jenkins/.local/bin/gvm-cli --gmp-username $GMP_USER --gmp-password $GMP_PASSWORD    tls --hostname $HOST_IP --xml "<get_version/>" > gvm.output
                        if grep -q OK gvm.output
                        then 
                            echo "gvm check: OK" 
                        else 
                            echo "gvm check: NOT ok" 
                            cat gvm.output 
                            exit 1
                        fi
                    '''
                }
            }
        }
        stage ('Create test deployment'){
            steps {
                sh '''#!/bin/bash
                    eval `oidc-agent-service use`
                    oidc-add infn-cloud-ops
                    wget -O site.yaml "${PLAYBOOK_URL}"
                    ansible-playbook site.yaml --extra-vars "paas_ci_test_step='create_deployment'"  
                '''
            }
        }         
        stage ('Scan endpoints'){
            steps {
                withCredentials([
                    sshUserPrivateKey(credentialsId: "ssh_scans", keyFileVariable: 'keyfile'),
                    usernamePassword(credentialsId: "jenkins_scans_creds", usernameVariable: 'GMP_USER', passwordVariable: 'GMP_PASSWORD')
                ]) {
                    sh '''#!/bin/bash   
                        eval `oidc-agent-service use`
                        oidc-add infn-cloud-ops
                        cp ${keyfile} /home/jenkins/.ssh/id_rsa
                        ansible-playbook site.yaml --extra-vars "paas_ci_test_step='scan'"  
                    '''
                }
            }
            post {
                failure {
                    archiveArtifacts artifacts: '*report.txt', allowEmptyArchive: true
                    emailext attachmentsPattern: '*report.txt', body: '$DEFAULT_CONTENT', subject: '$PROJECT_NAME - Build # $BUILD_NUMBER: Vulnerabilities detected!', to: '$DEFAULT_RECIPIENTS'
                }
            }
        }    
    }
    post { 
        always { 
            sh '''#!/bin/bash
            eval `oidc-agent-service use`
            oidc-add infn-cloud-ops
            ansible-playbook site.yaml --extra-vars "paas_ci_test_step='clean'" 
            '''
        }
        failure {
            script {
                if ( fileExists ('severity.json')) {
                    emailext body: '$DEFAULT_CONTENT', subject: '$DEFAULT_SUBJECT', to: '$DEFAULT_RECIPIENTS'
                }    
            }    
        }
    }   
}