diff options
author | Paul Sokolovsky <paul.sokolovsky@linaro.org> | 2013-11-26 05:02:58 +0200 |
---|---|---|
committer | Paul Sokolovsky <paul.sokolovsky@linaro.org> | 2013-11-26 05:02:58 +0200 |
commit | a0caff586f5d418d193069771448f38df7f3fbd0 (patch) | |
tree | c9888f88f15fe62c35ab6d853acc183566106de3 | |
parent | e0ed53032994547ffda69640a8e9b013bf31df83 (diff) |
Support dynamic extra Jenkins user permissions.
-rw-r--r-- | ansible-deploy/files/jenkins_users.xml | 6 | ||||
-rw-r--r-- | ansible-deploy/jenkins.yml | 1 | ||||
-rw-r--r-- | ansible-deploy/roles/jenkins/templates/jenkins-config/config.xml | 8 |
3 files changed, 9 insertions, 6 deletions
diff --git a/ansible-deploy/files/jenkins_users.xml b/ansible-deploy/files/jenkins_users.xml new file mode 100644 index 0000000..c3c4cb5 --- /dev/null +++ b/ansible-deploy/files/jenkins_users.xml @@ -0,0 +1,6 @@ + <permission>hudson.model.Hudson.Read:frontend</permission> + <permission>hudson.model.Item.Build:frontend</permission> + <permission>hudson.model.Item.Configure:frontend</permission> + <permission>hudson.model.Item.Create:frontend</permission> + <permission>hudson.model.Item.Delete:frontend</permission> + <permission>hudson.model.Item.Read:frontend</permission> diff --git a/ansible-deploy/jenkins.yml b/ansible-deploy/jenkins.yml index b421062..b7a5def 100644 --- a/ansible-deploy/jenkins.yml +++ b/ansible-deploy/jenkins.yml @@ -8,6 +8,7 @@ - ssl_cert: /etc/ssl/certs/{{site_name}}.crt - ssl_key: /etc/ssl/private/{{site_name}}.key - private_vars: ../ansible-private-vars/main.yml + - jenkins_extra_users: files/jenkins_users.xml # "native" or "crowd" - jenkins_auth: crowd vars_files: diff --git a/ansible-deploy/roles/jenkins/templates/jenkins-config/config.xml b/ansible-deploy/roles/jenkins/templates/jenkins-config/config.xml index 5bebf65..5cf8ea0 100644 --- a/ansible-deploy/roles/jenkins/templates/jenkins-config/config.xml +++ b/ansible-deploy/roles/jenkins/templates/jenkins-config/config.xml @@ -8,13 +8,9 @@ <permission>hudson.model.Hudson.Administer:admin</permission> <permission>hudson.model.Hudson.Administer:infrastructure</permission> <permission>hudson.model.Hudson.Read:anonymous</permission> - <permission>hudson.model.Hudson.Read:frontend</permission> - <permission>hudson.model.Item.Build:frontend</permission> - <permission>hudson.model.Item.Configure:frontend</permission> - <permission>hudson.model.Item.Create:frontend</permission> - <permission>hudson.model.Item.Delete:frontend</permission> <permission>hudson.model.Item.Read:anonymous</permission> - <permission>hudson.model.Item.Read:frontend</permission> +{% include jenkins_extra_users %} + </authorizationStrategy> {% if jenkins_auth == "native" %} <securityRealm class="hudson.security.HudsonPrivateSecurityRealm"> |