jenkins: drop JCasC OIDC script to unblock startup

2025-12-14 18:10:49 -03:00 · 2025-12-14 18:10:49 -03:00 · fc0fa59981
commit fc0fa59981
parent 0286f4f317
1 changed files with 0 additions and 50 deletions
--- a/services/jenkins/helmrelease.yaml
+++ b/services/jenkins/helmrelease.yaml
@ -81,56 +81,6 @@ spec:
              name: jenkins-oidc
              key: logoutUrl
              optional: true
-      JCasC:
-        defaultConfig: true
-        configScripts:
-          01-oidc.groovy: |
-            import jenkins.model.*
-            def env = System.getenv()
-            def enable = (env['ENABLE_OIDC'] ?: 'false').toBoolean()
-            if (!enable) {
-              println("OIDC disabled (ENABLE_OIDC=false); keeping default security realm")
-              return
-            }
-            def required = ['OIDC_CLIENT_ID','OIDC_CLIENT_SECRET','OIDC_AUTH_URL','OIDC_TOKEN_URL','OIDC_USERINFO_URL']
-            if (!required.every { env[it] }) {
-              println("OIDC enabled but missing one or more env vars: ${required}")
-              return
-            }
-            try {
-              def realm = new org.jenkinsci.plugins.oic.OicSecurityRealm(
-                env['OIDC_CLIENT_ID'],
-                env['OIDC_CLIENT_SECRET'],
-                env['OIDC_TOKEN_URL'],
-                env['OIDC_AUTH_URL'],
-                env['OIDC_USERINFO_URL'],
-                true, // logout from provider
-                env['OIDC_LOGOUT_URL'] ?: "",
-                "", // postLogoutRedirectUrl
-                "openid email profile",
-                "", // prompt
-                "preferred_username",
-                "name",
-                "email",
-                false, // disableSslVerification
-                true,  // escapeHatchEnabled
-                "admin",
-                "",    // escapeHatchSecret
-                "",    // escapeHatchGroup
-                true,  // loadUserInfo
-                true,  // validateScopes
-                false, // allowUnsignedIdTokens
-                false, // enforceValidIssuers
-                "",    // issuer
-                false  // disableUserInfoFetch
-              )
-              def instance = Jenkins.get()
-              instance.setSecurityRealm(realm)
-              instance.save()
-              println("Configured OIDC security realm from env")
-            } catch (Exception e) {
-              println("Failed to configure OIDC realm: ${e}")
-            }
    persistence:
      enabled: true
      storageClass: astreae