New version of jenkins user enforcing
Change-Id: I85964803961b009a73ffedeacbb5b2da5b81e3fb
diff --git a/_states/jenkins_user.py b/_states/jenkins_user.py
index 0441b42..ec102b1 100644
--- a/_states/jenkins_user.py
+++ b/_states/jenkins_user.py
@@ -5,20 +5,36 @@
import jenkins.model.*
import hudson.security.*
def instance = Jenkins.getInstance()
-def hudsonRealm = new HudsonPrivateSecurityRealm(false)
-def result=hudsonRealm.createAccount("{username}","{password}")
-instance.setSecurityRealm(hudsonRealm)
-def strategy = new hudson.security.FullControlOnceLoggedInAuthorizationStrategy()
-strategy.setAllowAnonymousRead(false)
-instance.setAuthorizationStrategy(strategy)
-instance.save()
-print(result)
+if(hudson.model.User.getAll().find{{u->u.fullName.equals("{username}")}}){{
+ print("EXISTS")
+}}else{{
+ def hudsonRealm = new HudsonPrivateSecurityRealm(false)
+ def result=hudsonRealm.createAccount("{username}","{password}")
+ instance.setSecurityRealm(hudsonRealm)
+ def strategy = new hudson.security.FullControlOnceLoggedInAuthorizationStrategy()
+ strategy.setAllowAnonymousRead(false)
+ instance.setAuthorizationStrategy(strategy)
+ instance.save()
+ if(result.toString().equals("{username}")){{
+ print("SUCCESS")
+ }}else{{
+ print("FAILED")
+ }}
+}}
""" # noqa
create_user_groovy = u"""\
-def result=jenkins.model.Jenkins.instance.securityRealm.createAccount("{username}", "{password}")
-print(result)
+if(hudson.model.User.getAll().find{{u->u.fullName.equals("{username}")}}){{
+ print("EXISTS")
+}}else{{
+ def result=jenkins.model.Jenkins.instance.securityRealm.createAccount("{username}", "{password}")
+ if(result.toString().equals("{username}")){{
+ print("SUCCESS")
+ }}else{{
+ print("FAILED")
+ }}
+}}
""" # noqa
@@ -45,29 +61,21 @@
ret['changes'][username] = status
ret['comment'] = 'User %s %s' % (username, status.lower())
else:
- # try to call jenkins script api with given user and password to prove
- # his existence
- user_exists_result = __salt__['jenkins_common.call_groovy_script'](
- "print(\"TEST\")", {"username": username}, username, password, [200, 401])
- user_exists = user_exists_result and user_exists_result[
- "code"] == 200 and user_exists_result["msg"].count("TEST") == 1
- if not user_exists:
- call_result = __salt__['jenkins_common.call_groovy_script'](
- create_admin_groovy if admin else create_user_groovy, {"username": username, "password": password})
- if call_result["code"] == 200 and call_result["msg"].count(username) == 1:
+ call_result = __salt__['jenkins_common.call_groovy_script'](
+ create_admin_groovy if admin else create_user_groovy, {"username": username, "password": password})
+ if call_result["code"] == 200 and call_result["msg"] in ["SUCCESS", "EXISTS"]:
+ if call_result["msg"] == "SUCCESS":
status = "CREATED" if not admin else "ADMIN CREATED"
ret['changes'][username] = status
- ret['comment'] = 'User %s %s' % (username, status.lower())
- result = True
else:
- status = 'FAILED'
- logger.error("Jenkins user API call failure: %s",
- call_result["msg"])
- ret['comment'] = 'Jenkins user API call failure: %s' % (call_result[
- "msg"])
- else:
- status = "EXISTS"
+ status = "EXISTS"
ret['comment'] = 'User %s %s' % (username, status.lower())
result = True
+ else:
+ status = 'FAILED'
+ logger.error("Jenkins user API call failure: %s",
+ call_result["msg"])
+ ret['comment'] = 'Jenkins user API call failure: %s' % (call_result[
+ "msg"])
ret['result'] = None if test else result
return ret