commit 0c290cf05eded09d96d0ed7a509779719caa5688
author Aleš Komárek <mail@newt.cz> Sat Nov 19 10:51:16 2016 +0100
committer Aleš Komárek <mail@newt.cz> Sat Nov 19 10:51:16 2016 +0100
tree 49b81f4686cdb6e56e9674bbe2be2a3196c875eb
parent 31883bb1b79cf50fc092d3d42b788ebf83699394
parent cdd40100458e0bacad2cda77a65f3ac04d3883ee

Merge branch 'master' into 'master'

First version of jenkins credentials enforcement.

First version of Jenkins credentials enforcement.
Use

See merge request !4

jenkins/files/credentials.xml

diff --git a/jenkins/files/credentials.xml b/jenkins/files/credentials.xml
new file mode 100644
index 0000000..4451ad4
--- /dev/null
+++ b/jenkins/files/credentials.xml
@@ -0,0 +1,35 @@
+{%- from "jenkins/map.jinja" import master with context %}
+<?xml version='1.0' encoding='UTF-8'?>
+<com.cloudbees.plugins.credentials.SystemCredentialsProvider plugin="credentials@2.1.4">
+  <domainCredentialsMap class="hudson.util.CopyOnWriteMap$Hash">
+    <entry>
+      <com.cloudbees.plugins.credentials.domains.Domain>
+        <specifications/>
+      </com.cloudbees.plugins.credentials.domains.Domain>
+      <java.util.concurrent.CopyOnWriteArrayList>
+        {%- for credential in master.credentials %}
+            {%- if credential.type == "username_password" %}
+            <com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl>
+                <scope>{{ credential.scope }}</scope>
+                <id>{{ credential.id }}</id>
+                <description>{{ credential.desc }}</description>
+                <username>{{ credential.username }}</username>
+                <password>{{ credential.password_hash }}</password>
+            </com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl>
+            {%- elif credential.type == "ssh_key" %}
+            <com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey plugin="ssh-credentials@1.12">
+                <scope>{{ credential.scope }}</scope>
+                <id>{{ credential.id }}</id>
+                <description>{{ credential.desc }}</description>
+                <username>{{ credential.username }}</username>
+                <passphrase>{{ credential.password_hash }}</passphrase>
+                <privateKeySource class="com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey$DirectEntryPrivateKeySource">
+                    <privateKey> {{ credential.key }}</privateKey>
+                </privateKeySource>
+            </com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey>
+            {%- endif %}
+        {%- endfor %}
+      </java.util.concurrent.CopyOnWriteArrayList>
+    </entry>
+  </domainCredentialsMap>
+</com.cloudbees.plugins.credentials.SystemCredentialsProvider>
\ No newline at end of file

jenkins/master/service.sls

diff --git a/jenkins/master/service.sls b/jenkins/master/service.sls
index 0f72e02..e923e25 100644
--- a/jenkins/master/service.sls
+++ b/jenkins/master/service.sls
@@ -66,6 +66,18 @@
 
 {%- endif %}
 
+{%- if master.credentials is defined %}
+
+/var/lib/jenkins/credentials.xml:
+  file.managed:
+  - source: salt://jenkins/files/credentials.xml
+  - template: jinja
+  - user: jenkins
+  - require:
+    - pkg: jenkins_packages
+
+{%- endif %}
+
 {%- if master.get('sudo', false) %}
 
 /etc/sudoers.d/99-jenkins-user: