Skip to content

Instantly share code, notes, and snippets.

@DavidPesticcio

DavidPesticcio/setup-users.groovy

Forked from johnbuhay/setup-users.groovy
Created May 14, 2023 10:39
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save DavidPesticcio/91a1839fdba651e4a8d32e5c9196c934 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save DavidPesticcio/91a1839fdba651e4a8d32e5c9196c934 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. John Buhay created this gist Jan 21, 2016.
    99 changes: 99 additions & 0 deletions setup-users.groovy
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,99 @@
    import jenkins.*
    import hudson.*
    import com.cloudbees.plugins.credentials.*
    import com.cloudbees.plugins.credentials.common.*
    import com.cloudbees.plugins.credentials.domains.*
    import com.cloudbees.jenkins.plugins.sshcredentials.impl.*
    import hudson.plugins.sshslaves.*;
    import hudson.model.*
    import jenkins.model.*
    import hudson.security.*

    global_domain = Domain.global()
    credentials_store =
    Jenkins.instance.getExtensionList(
    'com.cloudbees.plugins.credentials.SystemCredentialsProvider'
    )[0].getStore()

    credentials = new BasicSSHUserPrivateKey(CredentialsScope.GLOBAL,null,"root",new BasicSSHUserPrivateKey.UsersPrivateKeySource(),"","")

    credentials_store.addCredentials(global_domain, credentials)

    def hudsonRealm = new HudsonPrivateSecurityRealm(false)
    def adminUsername = System.getenv('JENKINS_ADMIN_USERNAME') ?: 'admin'
    def adminPassword = System.getenv('JENKINS_ADMIN_PASSWORD') ?: 'password'
    hudsonRealm.createAccount(adminUsername, adminPassword)
    //hudsonRealm.createAccount("charles", "charles")

    def instance = Jenkins.getInstance()
    instance.setSecurityRealm(hudsonRealm)
    instance.save()


    def strategy = new GlobalMatrixAuthorizationStrategy()

    // Slave Permissions
    //strategy.add(hudson.model.Computer.BUILD,'charles')
    //strategy.add(hudson.model.Computer.CONFIGURE,'charles')
    //strategy.add(hudson.model.Computer.CONNECT,'charles')
    //strategy.add(hudson.model.Computer.CREATE,'charles')
    //strategy.add(hudson.model.Computer.DELETE,'charles')
    //strategy.add(hudson.model.Computer.DISCONNECT,'charles')

    // Credential Permissions
    //strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.CREATE,'charles')
    //strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.DELETE,'charles')
    //strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.MANAGE_DOMAINS,'charles')
    //strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.UPDATE,'charles')
    //strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.VIEW,'charles')

    // Overall Permissions
    //strategy.add(hudson.model.Hudson.ADMINISTER,'charles')
    //strategy.add(hudson.PluginManager.CONFIGURE_UPDATECENTER,'charles')
    //strategy.add(hudson.model.Hudson.READ,'charles')
    //strategy.add(hudson.model.Hudson.RUN_SCRIPTS,'charles')
    //strategy.add(hudson.PluginManager.UPLOAD_PLUGINS,'charles')

    // Job Permissions
    //strategy.add(hudson.model.Item.BUILD,'charles')
    //strategy.add(hudson.model.Item.CANCEL,'charles')
    //strategy.add(hudson.model.Item.CONFIGURE,'charles')
    //strategy.add(hudson.model.Item.CREATE,'charles')
    //strategy.add(hudson.model.Item.DELETE,'charles')
    //strategy.add(hudson.model.Item.DISCOVER,'charles')
    //strategy.add(hudson.model.Item.READ,'charles')
    //strategy.add(hudson.model.Item.WORKSPACE,'charles')

    // Run Permissions
    //strategy.add(hudson.model.Run.DELETE,'charles')
    //strategy.add(hudson.model.Run.UPDATE,'charles')

    // View Permissions
    //strategy.add(hudson.model.View.CONFIGURE,'charles')
    //strategy.add(hudson.model.View.CREATE,'charles')
    //strategy.add(hudson.model.View.DELETE,'charles')
    //strategy.add(hudson.model.View.READ,'charles')

    // Setting Anonymous Permissions
    strategy.add(hudson.model.Hudson.READ,'anonymous')
    strategy.add(hudson.model.Item.BUILD,'anonymous')
    strategy.add(hudson.model.Item.CANCEL,'anonymous')
    strategy.add(hudson.model.Item.DISCOVER,'anonymous')
    strategy.add(hudson.model.Item.READ,'anonymous')

    // Setting Admin Permissions
    strategy.add(Jenkins.ADMINISTER, "admin")

    // Setting easy settings for local builds
    def local = System.getenv("BUILD").toString()
    if(local == "local") {
    // Overall Permissions
    strategy.add(hudson.model.Hudson.ADMINISTER,'anonymous')
    strategy.add(hudson.PluginManager.CONFIGURE_UPDATECENTER,'anonymous')
    strategy.add(hudson.model.Hudson.READ,'anonymous')
    strategy.add(hudson.model.Hudson.RUN_SCRIPTS,'anonymous')
    strategy.add(hudson.PluginManager.UPLOAD_PLUGINS,'anonymous')
    }

    instance.setAuthorizationStrategy(strategy)
    instance.save()