fix: use FullControlOnceLoggedIn auth strategy

2025-12-16 20:33:03 -03:00 · 2025-12-16 20:33:03 -03:00 · 0385a653af
commit 0385a653af
parent 6759871b43
1 changed files with 3 additions and 3 deletions
--- a/services/jenkins/helmrelease.yaml
+++ b/services/jenkins/helmrelease.yaml
@ -92,7 +92,7 @@ spec:
          import jenkins.model.Jenkins
          import org.jenkinsci.plugins.oic.OicSecurityRealm
          import org.jenkinsci.plugins.oic.OicServerWellKnownConfiguration
-          import hudson.security.GlobalMatrixAuthorizationStrategy
+          import hudson.security.FullControlOnceLoggedInAuthorizationStrategy
          def env = System.getenv()
          if (!(env['ENABLE_OIDC'] ?: 'false').toBoolean()) {
            println("OIDC disabled (ENABLE_OIDC=false); keeping default security realm")
@ -126,8 +126,8 @@ spec:
            realm.setSendScopesInTokenRequest(true)
            def j = Jenkins.get()
            j.setSecurityRealm(realm)
-            def auth = new GlobalMatrixAuthorizationStrategy()
-            auth.add(Jenkins.ADMINISTER, "authenticated")
+            def auth = new FullControlOnceLoggedInAuthorizationStrategy()
+            auth.setAllowAnonymousRead(false)
            j.setAuthorizationStrategy(auth)
            j.save()
            println("Configured OIDC realm from init script (well-known)")