bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feature/bstein-dev-home #7

Merged
bstein merged 95 commits from feature/bstein-dev-home into main 2025-12-18 04:23:02 +00:00
Conversation 0 Commits 95 Files Changed 74 +3 -3
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 0385a653af - Show all commits

6
services/jenkins/helmrelease.yaml
View File

@ -92,7 +92,7 @@ spec:
import jenkins.model.Jenkins import jenkins.model.Jenkins
import org.jenkinsci.plugins.oic.OicSecurityRealm import org.jenkinsci.plugins.oic.OicSecurityRealm
import org.jenkinsci.plugins.oic.OicServerWellKnownConfiguration import org.jenkinsci.plugins.oic.OicServerWellKnownConfiguration
import hudson.security.GlobalMatrixAuthorizationStrategy import hudson.security.FullControlOnceLoggedInAuthorizationStrategy
def env = System.getenv() def env = System.getenv()
if (!(env['ENABLE_OIDC'] ?: 'false').toBoolean()) { if (!(env['ENABLE_OIDC'] ?: 'false').toBoolean()) {
println("OIDC disabled (ENABLE_OIDC=false); keeping default security realm") println("OIDC disabled (ENABLE_OIDC=false); keeping default security realm")
@ -126,8 +126,8 @@ spec:
realm.setSendScopesInTokenRequest(true) realm.setSendScopesInTokenRequest(true)
def j = Jenkins.get() def j = Jenkins.get()
j.setSecurityRealm(realm) j.setSecurityRealm(realm)
def auth = new GlobalMatrixAuthorizationStrategy() def auth = new FullControlOnceLoggedInAuthorizationStrategy()
auth.add(Jenkins.ADMINISTER, "authenticated") auth.setAllowAnonymousRead(false)
j.setAuthorizationStrategy(auth) j.setAuthorizationStrategy(auth)
j.save() j.save()
println("Configured OIDC realm from init script (well-known)") println("Configured OIDC realm from init script (well-known)")