commit 2953edf3ca9d0cae6016b1e8c0f361c3d2c1b0ed
author Dmitry Burmistrov <dburmistrov@mirantis.com> Thu May 24 11:32:54 2018 +0400
committer Dmitry Burmistrov <dburmistrov@mirantis.com> Thu May 24 11:47:39 2018 +0400
tree f3a2713dbc99d7a0afed09b7b5b1aa75bfe44f1f
parent 2af1da7d7d00cb5294045b3805693bc14c6c0e17

Extend security state

   Implement management of:
     - CSRF protection
     - Content Security Policy
     - Agent to Master security

   Closes-PROD: https://mirantis.jira.com/browse/PROD-20183

Change-Id: I09439bbe534b84ad760091b7db471b5c07274a76

README.rst

diff --git a/README.rst b/README.rst
index fc3c109..88e9eff 100644
--- a/README.rst
+++ b/README.rst
@@ -2,8 +2,8 @@
 Jenkins formula
 ===============
 
-Jenkins CI is an open source automation server written in Java. Jenkins 
-helps to automate the non-human part of software development process, with 
+Jenkins CI is an open source automation server written in Java. Jenkins
+helps to automate the non-human part of software development process, with
 continuous integration and facilitating technical aspects of continuous delivery.
 
 (*Source*: `Wikipedia <https://en.wikipedia.org/wiki/Jenkins_(software)>`_ )
@@ -509,7 +509,7 @@
         security:
           matrix:
             # set true for use ProjectMatrixAuthStrategy instead of GlobalMatrixAuthStrategy
-            project_based: false  
+            project_based: false
             permissions:
               Jenkins:
                 # administrator access
@@ -521,14 +521,14 @@
                   - user1
                   - user2
                 # agents permissions
-                MasterComputer: 
-                  BUILD: 
+                MasterComputer:
+                  BUILD:
                     - user3
               # jobs permissions
-              hudson: 
+              hudson:
                 model:
                   Item:
-                    BUILD: 
+                    BUILD:
                       - user4
 
 `Common matrix strategies <https://github.com/arbabnazar/configuration/blob/c08a5eaf4e04a68d2481375502a926517097b253/playbooks/roles/tools_jenkins/templates/projectBasedMatrixSecurity.groovy.j2>`_
@@ -697,7 +697,7 @@
 Slack plugin configuration
 
 .. code-block:: yaml
-    
+
     jenkins:
       client:
         slack:
@@ -735,15 +735,15 @@
 
 Jenkins Global env properties enforcing
 
- .. code-block:: yaml
+.. code-block:: yaml
 
-     jenkins:
-       client:
-         globalenvprop:
-           OFFLINE_DEPLOYMENT:
-             enabled: true
-             name: "OFFLINE_DEPLOYMENT" # optional, default using dict key
-             value: "true"
+    jenkins:
+      client:
+        globalenvprop:
+          OFFLINE_DEPLOYMENT:
+            enabled: true
+            name: "OFFLINE_DEPLOYMENT" # optional, default using dict key
+            value: "true"
 
 Throttle categories management from client (requires
 `Throttle Concurrent Builds <https://plugins.jenkins.io/throttle-concurrents>`_
@@ -825,6 +825,40 @@
             authkey: |
               SOMESSHKEY
 
+CSRF Protection configuration
+
+.. code-block:: yaml
+
+    jenkins:
+      client:
+        security:
+          csrf:
+            enabled: true
+            proxy_compat: false
+
+
+Agent to Master Access Control
+
+.. code-block:: yaml
+
+    jenkins:
+      client:
+        security:
+          agent2master:
+            enabled: true
+            whitelisted: ''
+            file_path_rules: ''
+
+Content Security Policy configuration
+
+.. code-block:: yaml
+
+    jenkins:
+      client:
+        security:
+          csp: "sandbox; default-src 'none'; img-src 'self'; style-src 'self';"
+
+
 Usage
 =====