commit 3de91af0e07c04d3150d9b07ddbaf33a6aff1d86
author Jakub Josef <jakub.josef@gmail.com> Thu Dec 08 17:03:33 2016 +0100
committer Jakub Josef <jakub.josef@gmail.com> Thu Dec 08 18:10:46 2016 +0100
tree 5edb80b5eeac95f5696f8a93d8fd6e86ac568546
parent e13e2e7b5c11563fc1fce18f922064cbd6b6b89f

Implemented jenkins user enforcing by script API from client side

_states/jenkins_users.py

diff --git a/_states/jenkins_users.py b/_states/jenkins_users.py
new file mode 100644
index 0000000..29a2f64
--- /dev/null
+++ b/_states/jenkins_users.py
@@ -0,0 +1,59 @@
+import logging
+logger = logging.getLogger(__name__)
+
+create_admin_groovy = u"""\
+import jenkins.model.*
+import hudson.security.*
+def instance = Jenkins.getInstance()
+def hudsonRealm = new HudsonPrivateSecurityRealm(false)
+def result=hudsonRealm.createAccount("{username}","{password}")
+instance.setSecurityRealm(hudsonRealm)
+def strategy = new hudson.security.FullControlOnceLoggedInAuthorizationStrategy()
+strategy.setAllowAnonymousRead(false)
+instance.setAuthorizationStrategy(strategy)
+instance.save()
+print(result)
+"""  #noqa
+
+
+create_user_groovy = u"""\
+def result=jenkins.model.Jenkins.instance.securityRealm.createAccount("{username}", "{password}")
+print(result)
+"""  # noqa
+
+
+def present(name, username, password, admin=False):
+    """
+    Main jenkins users state method
+
+    :param username: user name
+    :param password: user password
+    :param admin:  is admin user flag (username will be always admin)
+    :returns: salt-specified state dict
+    """
+    test = __opts__['test']  # noqa
+    ret = {
+        'name': username,
+        'changes': {},
+        'result': False,
+        'comment': '',
+    }
+
+    result = False
+    if test:
+        status = 'CREATED'
+        ret['changes'][username] = status
+        ret['comment'] = 'User %s %s' % (username, status.lower())
+    else:
+        call_result = __salt__['jenkins_common.call_groovy_script'](create_admin_groovy if admin else create_user_groovy, {"username": username, "password":password})
+        if call_result["code"] == 200 and call_result["msg"].count(username) == 1:
+            status = "CREATED" if not admin else "ADMIN CREATED"
+            ret['changes'][username] = status
+            ret['comment'] = 'User %s %s' % (username, status.lower())
+            result = True
+        else:
+            status = 'FAILED'
+            logger.error("Jenkins user API call failure: %s", call_result["msg"])
+            ret['comment'] = 'Jenkins user API call failure: %s' % (call_result["msg"])
+    ret['result'] = None if test else result
+    return ret