Implemented jenkins scripts approving from client size
Change-Id: Ieb3d5d6b8c315487e304c05f05e507417acd88b3
diff --git a/README.rst b/README.rst
index 3438cb2..5e8a6e9 100644
--- a/README.rst
+++ b/README.rst
@@ -81,6 +81,16 @@
password: "smtp-password"
port: 25
+Script approvals from client
+
+.. code-block:: yaml
+
+ jenkins:
+ client:
+ approved_scripts:
+ - method groovy.json.JsonSlurperClassic parseText java.lang.String
+
+
Script approvals
.. code-block:: yaml
diff --git a/_states/jenkins_approval.py b/_states/jenkins_approval.py
new file mode 100644
index 0000000..63df775
--- /dev/null
+++ b/_states/jenkins_approval.py
@@ -0,0 +1,126 @@
+import logging
+logger = logging.getLogger(__name__)
+
+approve_signature_groovy = """\
+import org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval
+import org.jenkinsci.plugins.scriptsecurity.scripts.languages.GroovyLanguage
+import org.jenkinsci.plugins.scriptsecurity.scripts.ApprovalContext
+def signature = "{signature}"
+def scriptApproval = ScriptApproval.get()
+def approvedSignatures = Arrays.asList(scriptApproval.approvedSignatures)
+if(approvedSignatures.contains(signature)){{
+ println("EXISTS")
+}}else{{
+ try{{
+ scriptApproval.pendingSignatures.add(new ScriptApproval.PendingSignature(signature, false, ApprovalContext.create()))
+ scriptApproval.approveSignature(signature)
+ if(approvedSignatures.contains(signature)){{
+ print("SUCCESS")
+ }}else{{
+ print("FAILED")
+ }}
+ }}catch(e){{
+ print(e)
+ }}
+}}
+""" # noqa
+
+deny_signature_groovy = """\
+import org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval
+import org.jenkinsci.plugins.scriptsecurity.scripts.languages.GroovyLanguage
+import org.jenkinsci.plugins.scriptsecurity.scripts.ApprovalContext
+def signature = "{signature}"
+def scriptApproval = ScriptApproval.get()
+def approvedSignatures = Arrays.asList(scriptApproval.approvedSignatures)
+if(approvedSignatures.contains(signature)){{
+ try{{
+ scriptApproval.denySignature(signature)
+ if(!scriptApproval.approvedSignatures.contains(signature)){{
+ print("SUCCESS")
+ }}else{{
+ print("FAILED")
+ }}
+ }}catch(e){{
+ print(e)
+ }}
+}}else{{
+ print("NOT PRESENT")
+}}
+
+
+"""
+
+def approved(name):
+ """
+ Jenkins Script approval approve state method
+
+ :param name: signature to approve
+ :returns: salt-specified state dict
+ """
+ test = __opts__['test'] # noqa
+ ret = {
+ 'name': name,
+ 'changes': {},
+ 'result': False,
+ 'comment': '',
+ }
+ result = False
+ if test:
+ status = "SUCCESS"
+ ret['changes'][name] = status
+ ret['comment'] = 'Jenkins script approval config %s %s' % (name, status.lower())
+ else:
+ call_result = __salt__['jenkins_common.call_groovy_script'](
+ approve_signature_groovy, {"signature":name})
+ if call_result["code"] == 200 and call_result["msg"] in ["SUCCESS", "EXISTS"]:
+ status = call_result["msg"]
+ if status == "SUCCESS":
+ ret['changes'][name] = status
+ ret['comment'] = 'Jenkins script approval config %s %s' % (name, status.lower())
+ result = True
+ else:
+ status = 'FAILED'
+ logger.error(
+ "Jenkins script approval API call failure: %s", call_result["msg"])
+ ret['comment'] = 'Jenkins script approval API call failure: %s' % (call_result[
+ "msg"])
+ ret['result'] = None if test else result
+ return ret
+
+
+def denied(name):
+ """
+ Jenkins Script approval deny state method
+
+ :param name: signature to deny
+ :returns: salt-specified state dict
+ """
+ test = __opts__['test'] # noqa
+ ret = {
+ 'name': name,
+ 'changes': {},
+ 'result': False,
+ 'comment': '',
+ }
+ result = False
+ if test:
+ status = "SUCCESS"
+ ret['changes'][name] = status
+ ret['comment'] = 'Jenkins script approval config %s %s' % (name, status.lower())
+ else:
+ call_result = __salt__['jenkins_common.call_groovy_script'](
+ deny_signature_groovy, {"signature":name})
+ if call_result["code"] == 200 and call_result["msg"] in ["SUCCESS", "NOT PRESENT"]:
+ status = call_result["msg"]
+ if status == "SUCCESS":
+ ret['changes'][name] = status
+ ret['comment'] = 'Jenkins script approval config %s %s' % (name, status.lower())
+ result = True
+ else:
+ status = 'FAILED'
+ logger.error(
+ "Jenkins script approval API call failure: %s", call_result["msg"])
+ ret['comment'] = 'Jenkins script approval lib API call failure: %s' % (call_result[
+ "msg"])
+ ret['result'] = None if test else result
+ return ret
diff --git a/jenkins/client/approval.sls b/jenkins/client/approval.sls
new file mode 100644
index 0000000..ed09f70
--- /dev/null
+++ b/jenkins/client/approval.sls
@@ -0,0 +1,6 @@
+{% from "jenkins/map.jinja" import client with context %}
+{% for approval in client.get("approved_scripts",[]) %}
+ approve_jenkins_signature_{{ approval }}:
+ jenkins_approval.approved:
+ - name: {{ approval) }}
+{% endfor %}
\ No newline at end of file
diff --git a/jenkins/client/init.sls b/jenkins/client/init.sls
index e3d2d10..553fe6b 100644
--- a/jenkins/client/init.sls
+++ b/jenkins/client/init.sls
@@ -41,6 +41,9 @@
{%- if client.theme is defined %}
- jenkins.client.theme
{%- endif %}
+{%- if client.approved_scripts is defined %}
+ - jenkins.client.approval
+{%- endif %}
jenkins_client_install: