Gatling tests use LDAP authentication

Testing gerrit with DEVELOPMENT_BECOME_ANY_ACCOUNT does not represent a
very realistic use-case, since such authentication type is not used in a
real production deployment.

Setup instead a Gerrit instance configured to talk to a real LDAP
server.

LDAP parameters can be configured. By default point to a GerritForge
deployment.

Bug: Issue 15308
Change-Id: I4c95edad9b2eaf0e965fd9f42d973edf61147bfd
diff --git a/jenkins/gatling-test-pipeline.groovy b/jenkins/gatling-test-pipeline.groovy
index fa03e11..76f431b 100644
--- a/jenkins/gatling-test-pipeline.groovy
+++ b/jenkins/gatling-test-pipeline.groovy
@@ -32,6 +32,13 @@
             string(name: 'GIT_HTTP_USERNAME', defaultValue: '', description: 'Username for Git/HTTP testing, use vault by default')
             password(name: 'GIT_HTTP_PASSWORD', defaultValue: '', description: 'Password for Git/HTTP testing, use vault by default')
 
+            string(name: 'LDAP_SERVER', defaultValue: 'ldaps://ldap.gerritforge.com', description: 'URL of the LDAP server to query for user information and group membership')
+            string(name: 'LDAP_USERNAME', defaultValue: 'cn=admin,dc=gerritforge,dc=com', description: 'Username to bind to the LDAP server with')
+            string(name: 'LDAP_ACCOUNT_BASE', defaultValue: 'dc=gerritforge,dc=com', description: 'Root of the tree containing all user accounts')
+            string(name: 'LDAP_GROUP_BASE', defaultValue: 'dc=gerritforge,dc=com', description: 'Root of the tree containing all group objects')
+            string(name: 'LDAP_LOGIN_USERNAME', defaultValue: '', description: 'The login identity to acquire a valid cookie, use vault by default')
+            password(name: 'LDAP_LOGIN_PASSWORD', defaultValue: '', description: 'The login identity password, use vault by default')
+
             string(name: 'S3_EXPORT_LOGS_BUCKET_NAME', defaultValue: 'gerritforge-export-logs', description: 'S3 bucket to export logs to')
 
             string(name: 'GERRIT_PROJECT', defaultValue: 'load-test', description: 'Gerrit project for load test')
@@ -63,7 +70,6 @@
                     dir ('aws-gerrit/gerrit/etc') {
                         script {
                             def gerritConfig = readFile(file:"gerrit.config.template")
-                            gerritConfig = gerritConfig.replace("type = ldap","type = DEVELOPMENT_BECOME_ANY_ACCOUNT")
                             gerritConfig = gerritConfig.replace("smtpUser = {{ SMTP_USER }}\n    enable = true","smtpUser = {{ SMTP_USER }}\n    enable = false")
 
                             writeFile(file:"gerrit.config.template", text: gerritConfig)
@@ -84,6 +90,11 @@
                                 setupData = resolveParameter(setupData, 'HTTP_SUBDOMAIN', "${env.HTTP_SUBDOMAIN}")
                                 setupData = resolveParameter(setupData, 'SSH_SUBDOMAIN', "${env.SSH_SUBDOMAIN}")
 
+                                setupData = resolveParameter(setupData, "LDAP_SERVER", "${params.LDAP_SERVER}")
+                                setupData = resolveParameter(setupData, "LDAP_USERNAME", "${params.LDAP_USERNAME}")
+                                setupData = resolveParameter(setupData, "LDAP_ACCOUNT_BASE", "${params.LDAP_ACCOUNT_BASE}")
+                                setupData = resolveParameter(setupData, "LDAP_GROUP_BASE", "${params.LDAP_GROUP_BASE}")
+
                                 setupData = setupData + "\nGERRIT_KEY_PREFIX:= ${params.GERRIT_KEY_PREFIX}"
                                 setupData = setupData + "\nGERRIT_VOLUME_SNAPSHOT_ID:= ${params.GERRIT_VOLUME_SNAPSHOT_ID}"
 
@@ -102,10 +113,22 @@
             }
             stage('Extract Gatling test user credentials from Gerrit') {
                 steps {
+                    withCredentials([usernamePassword(usernameVariable: "DEFAULT_LDAP_USERNAME",
+                            passwordVariable: "DEFAULT_LDAP_PASSWORD",
+                            credentialsId: "AWS-Gerrit-LDAP")]) {
                     retry(50) {
                         sleep(10)
-                        sh "curl --fail -L -I '${env.GERRIT_HTTP_URL}/config/server/healthcheck~status' 2>/dev/null"
-                        sh "curl -L -c cookies -i -X POST '${env.GERRIT_HTTP_URL}/login/%2Fq%2Fstatus%3Aopen%2B-is%3Awip?account_id=1000000'"
+                        script {
+                            def ldapUsername = ("${params.LDAP_LOGIN_USERNAME}"?.trim()) ?: "${env.DEFAULT_LDAP_USERNAME}"
+                            def ldapPassword = ("${params.LDAP_LOGIN_PASSWORD}"?.trim()) ?: "${env.DEFAULT_LDAP_PASSWORD}"
+
+                            sh "curl --fail -L -I '${env.GERRIT_HTTP_URL}/config/server/healthcheck~status' 2>/dev/null"
+                            sh """
+                                set +x
+                                curl -L -c cookies -i '${env.GERRIT_HTTP_URL}/login/%2Fq%2Fstatus%3Aopen%2B-is%3Awip' --data-raw 'username=${ldapUsername}&password=${ldapPassword}'
+                                set -x
+                            """
+                        }
                     }
                     script {
                         def cookies = readFile(file:"cookies")
@@ -121,6 +144,7 @@
                         accountCookie = cookiesMap['GerritAccount']
                         xsrfToken = cookiesMap['XSRF_TOKEN']
                     }
+                  }
                 }
             }
             stage('Pull newest Gatling tests docker image') {