CODEWITHSUNDEEP
jenkinsgroovy
Gerb
Gerb

Reputation: 945

Jenkins: Add project default build authorization programmatically

I using DSLs to create my different jobs. However, when I start up my Jenkins container, I get this error of:

Processing DSL script neojob.groovy
ERROR: script not yet approved for use
Finished: FAILURE

To fix this error, I need to select "Run as User who triggered Build under" project default build authorization, like so:

enter image description here My question is how do I do that in a groovy script or in a programmatic way so my container can fully initialize Jenkins.

Any help would be greatly appreciated.

Upvotes: 6

Views: 2498

Answers (1)

fishi0x01
fishi0x01

Reputation: 3759

For me the following groovy code is working to programmatically configure the Authorize Project Plugin in Jenkins' Global Security section. I place the script in Jenkins' init.groovy.d/ directory to trigger it on every start. 

import jenkins.*
import jenkins.model.*
import hudson.model.*
import jenkins.model.Jenkins
import org.jenkinsci.plugins.authorizeproject.*
import org.jenkinsci.plugins.authorizeproject.strategy.*
import jenkins.security.QueueItemAuthenticatorConfiguration

def instance = Jenkins.getInstance()

// Define which strategies you want to allow to be set per project
def strategyMap = [
  (instance.getDescriptor(AnonymousAuthorizationStrategy.class).getId()): true, 
  (instance.getDescriptor(TriggeringUsersAuthorizationStrategy.class).getId()): true,
  (instance.getDescriptor(SpecificUsersAuthorizationStrategy.class).getId()): true,
  (instance.getDescriptor(SystemAuthorizationStrategy.class).getId()): false
]

def authenticators = QueueItemAuthenticatorConfiguration.get().getAuthenticators()
def configureProjectAuthenticator = true
for(authenticator in authenticators) {
  if(authenticator instanceof ProjectQueueItemAuthenticator) {
    // only add if it does not already exist
    configureProjectAuthenticator = false
  }
}

if(configureProjectAuthenticator) {
  authenticators.add(new ProjectQueueItemAuthenticator(strategyMap))
}

instance.save()

Their plugin's javadoc helps to know about the classes. Further, I had a look at their tests on github, to figure out how to configure those objects in Jenkins.

From now on I can set a job's authorization rule via the JobDSL Plugin like this:

job("SEED/SeedMainJobs") {
  properties {
    authorizeProjectProperty {
      strategy {
        triggeringUsersAuthorizationStrategy()
      }   
    }   
  }

  ...
}

Upvotes: 9

Related Questions