diff --git a/services/jenkins/helmrelease.yaml b/services/jenkins/helmrelease.yaml index 3d65a2c..d4ccca5 100644 --- a/services/jenkins/helmrelease.yaml +++ b/services/jenkins/helmrelease.yaml @@ -81,56 +81,6 @@ spec: name: jenkins-oidc key: logoutUrl optional: true - JCasC: - defaultConfig: true - configScripts: - 01-oidc.groovy: | - import jenkins.model.* - def env = System.getenv() - def enable = (env['ENABLE_OIDC'] ?: 'false').toBoolean() - if (!enable) { - println("OIDC disabled (ENABLE_OIDC=false); keeping default security realm") - return - } - def required = ['OIDC_CLIENT_ID','OIDC_CLIENT_SECRET','OIDC_AUTH_URL','OIDC_TOKEN_URL','OIDC_USERINFO_URL'] - if (!required.every { env[it] }) { - println("OIDC enabled but missing one or more env vars: ${required}") - return - } - try { - def realm = new org.jenkinsci.plugins.oic.OicSecurityRealm( - env['OIDC_CLIENT_ID'], - env['OIDC_CLIENT_SECRET'], - env['OIDC_TOKEN_URL'], - env['OIDC_AUTH_URL'], - env['OIDC_USERINFO_URL'], - true, // logout from provider - env['OIDC_LOGOUT_URL'] ?: "", - "", // postLogoutRedirectUrl - "openid email profile", - "", // prompt - "preferred_username", - "name", - "email", - false, // disableSslVerification - true, // escapeHatchEnabled - "admin", - "", // escapeHatchSecret - "", // escapeHatchGroup - true, // loadUserInfo - true, // validateScopes - false, // allowUnsignedIdTokens - false, // enforceValidIssuers - "", // issuer - false // disableUserInfoFetch - ) - def instance = Jenkins.get() - instance.setSecurityRealm(realm) - instance.save() - println("Configured OIDC security realm from env") - } catch (Exception e) { - println("Failed to configure OIDC realm: ${e}") - } persistence: enabled: true storageClass: astreae