bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: use FullControlOnceLoggedIn auth strategy

Browse Source
This commit is contained in:
Brad Stein 2025-12-16 20:33:03 -03:00
parent 6759871b43
commit 0385a653af
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
services/jenkins/helmrelease.yaml
View File

@ -92,7 +92,7 @@ spec:
import jenkins.model.Jenkins import jenkins.model.Jenkins
import org.jenkinsci.plugins.oic.OicSecurityRealm import org.jenkinsci.plugins.oic.OicSecurityRealm
import org.jenkinsci.plugins.oic.OicServerWellKnownConfiguration import org.jenkinsci.plugins.oic.OicServerWellKnownConfiguration
import hudson.security.GlobalMatrixAuthorizationStrategy import hudson.security.FullControlOnceLoggedInAuthorizationStrategy
def env = System.getenv() def env = System.getenv()
if (!(env['ENABLE_OIDC'] ?: 'false').toBoolean()) { if (!(env['ENABLE_OIDC'] ?: 'false').toBoolean()) {
println("OIDC disabled (ENABLE_OIDC=false); keeping default security realm") println("OIDC disabled (ENABLE_OIDC=false); keeping default security realm")
@ -126,8 +126,8 @@ spec:
realm.setSendScopesInTokenRequest(true) realm.setSendScopesInTokenRequest(true)
def j = Jenkins.get() def j = Jenkins.get()
j.setSecurityRealm(realm) j.setSecurityRealm(realm)
def auth = new GlobalMatrixAuthorizationStrategy() def auth = new FullControlOnceLoggedInAuthorizationStrategy()
auth.add(Jenkins.ADMINISTER, "authenticated") auth.setAllowAnonymousRead(false)
j.setAuthorizationStrategy(auth) j.setAuthorizationStrategy(auth)
j.save() j.save()
println("Configured OIDC realm from init script (well-known)") println("Configured OIDC realm from init script (well-known)")