Approved scripts
diff --git a/jenkins/files/hudson.model.UpdateCenter.xml b/jenkins/files/hudson.model.UpdateCenter.xml
index 72a1189..7ea703a 100644
--- a/jenkins/files/hudson.model.UpdateCenter.xml
+++ b/jenkins/files/hudson.model.UpdateCenter.xml
@@ -1,8 +1,8 @@
-{%- from "jenkins/map.jinja" import server with context %}
+{%- from "jenkins/map.jinja" import master with context %}
<?xml version='1.0' encoding='UTF-8'?>
<sites>
<site>
<id>default</id>
- <url>{{ server.update_site_url }}</url>
+ <url>{{ master.update_site_url }}</url>
</site>
</sites>
\ No newline at end of file
diff --git a/jenkins/files/scriptApproval.xml b/jenkins/files/scriptApproval.xml
new file mode 100644
index 0000000..25d9528
--- /dev/null
+++ b/jenkins/files/scriptApproval.xml
@@ -0,0 +1,15 @@
+{%- from "jenkins/map.jinja" import master with context %}
+<?xml version='1.0' encoding='UTF-8'?>
+<scriptApproval plugin="script-security@1.22">
+ <approvedScriptHashes/>
+ <approvedSignatures>
+ {%- for script in master.approved_scripts %}
+ <string>{{ script }}</string>
+ {%- endfor %}
+ </approvedSignatures>
+ <aclApprovedSignatures/>
+ <approvedClasspathEntries/>
+ <pendingScripts/>
+ <pendingSignatures/>
+ <pendingClasspathEntries/>
+</scriptApproval>
diff --git a/jenkins/master/service.sls b/jenkins/master/service.sls
index d01a001..c073316 100644
--- a/jenkins/master/service.sls
+++ b/jenkins/master/service.sls
@@ -30,6 +30,8 @@
- require:
- pkg: jenkins_packages
+{%- if master.update_site_url is defined %}
+
/var/lib/jenkins/hudson.model.UpdateCenter.xml:
file.managed:
- source: salt://jenkins/files/hudson.model.UpdateCenter.xml
@@ -38,6 +40,20 @@
- require:
- pkg: jenkins_packages
+{%- endif %}
+
+{%- if master.approved_scripts is defined %}
+
+/var/lib/jenkins/scriptApproval.xml:
+ file.managed:
+ - source: salt://jenkins/files/scriptApproval.xml
+ - template: jinja
+ - user: jenkins
+ - require:
+ - pkg: jenkins_packages
+
+{%- endif %}
+
{%- if master.get('sudo', false) %}
/etc/sudoers.d/99-jenkins-user: