chromko · June 14, 2019 06:14
diff --git a/RBAC_Grants.groovy b/RBAC_Grants.groovy
 import hudson.model.*
 import hudson.security.*
 import jenkins.*
 import jenkins.model.*
 import java.util.*
 import com.michelin.cio.hudson.plugins.rolestrategy.*
 import java.lang.reflect.*

 RoleBasedAuthorizationStrategy roleBasedAuthenticationStrategy = Hudson.instance.getAuthorizationStrategy()

 Method assignRoleMethod = RoleBasedAuthorizationStrategy.class.getDeclaredMethod("assignRole", String.class, Role.class, String.class)
 assignRoleMethod.setAccessible(true)

 def properties = [ grant_groups: [ global_grants: [ type: RoleBasedAuthorizationStrategy.PROJECT, grants: [ test_admin: [ identity: "deployprod", grant_roles: ["test_prsdsoject_role"]]]]]];

 properties.grant_groups.each { grant_group_key,grant_group_value  ->

    grant_group_value.grants.each { grant_key, grant_value ->

        grant_value.grant_roles.each { grant_role ->

            Role assignedRole = roleBasedAuthenticationStrategy.getRoleMap(grant_group_value.type).getRole(grant_role);

            if (!assignedRole) {
                println("WARN! Role ${grant_role} doesn't exist. Skip assigning this role to ${grant_value.identity} identity")
                return
            }
            roleBasedAuthenticationStrategy.assignRole(grant_group_value.type, assignedRole, grant_value.identity );
            println ("OK! Role ${grant_role} assigned to ${grant_value.identity}")
        }
    }
 }
diff --git a/RBAC_Roles.groovy b/RBAC_Roles.groovy
 import hudson.model.*
 import hudson.security.*
 import jenkins.*
 import jenkins.model.*
 import java.util.*
 import com.michelin.cio.hudson.plugins.rolestrategy.*
 import java.lang.reflect.*

 def global_admin = "hudson.model.Hudson.Administer"
 def global_read = "hudson.model.Hudson.Read"
 def global_uploadPlugins = "hudson.modelHu.dson.UploadPlugins"
 def global_configureUpdateCenter = "hudson.modelHu.dson.ConfigureUpdateCenter"
 def global_scmTag = "hudson.model.scm.SCM.Tag"
 def global_runScripts = "hudson.model.RunScripts"

 def computer_connect = "hudson.model.Computer.Connect"
 def computer_create ="hudson.model.Computer.Create"
 def computer_build = "hudson.model.Computer.Build"
 def computer_delete = "hudson.model.Computer.Delete"
 def computer_donfigure = "hudson.model.Computer.Configure"
 def computer_disconnect = "hudson.model.Computer.Disconnect"

 def run_delete = "hudson.model.Run.Delete"
 def run_update =" hudson.model.Run.Update"

 def item_configure = "hudson.model.Item.Configure"
 def item_cancel = "hudson.model.Item.Cancel"
 def item_read = "hudson.model.Item.Read"
 def item_build = "hudson.model.Item.Build"
 def item_discover = "hudson.model.Item.Discover"
 def item_create = "hudson.model.Item.Create"
 def item_move = "hudson.model.Item.Move"
 def item_workspace = "hudson.model.Item.Workspace"

 def item_delete = "hudson.model.Item.Delete"
 def view_create = "hudson.model.View.Create"
 def view_configure = "hudson.model.View.Configure"
 def view_read = "hudson.model.View.Read"
 def view_delete = "hudson.model.View.Delete"

 def credentialsprovider_manageDomains = "com.cloudbees.plugins.credentials.credentialsprovider_managedomains"
 def credentialsprovider_create = "com.cloudbees.plugins.credentials.credentialsprovider_create"
 def credentialsprovider_update = "com.cloudbees.plugins.credentials.credentialsprovider_update"
 def credentialsprovider_view = "com.cloudbees.plugins.credentials.credentialsprovider_view"
 def credentialsprovider_delete = "com.cloudbees.plugins.credentials.credentialsprovider_delete"

 RoleBasedAuthorizationStrategy roleBasedAuthenticationStrategy = Hudson.instance.getAuthorizationStrategy()

 // Add global roles

 // def properties = [ role_groups: [ global_roles: [ type: RoleBasedAuthorizationStrategy.SLAVE, roles: [ test_admin: [ name: "test_project_rolse", pattern: "^.*-prod", permissions: [ computer_build , computer_disconnect]]]]]]

 properties.role_groups.each { role_group_key,role_group_value  ->

  role_group_value.roles.each { role_key, role_value ->

    Set<Permission> permissionSet = new HashSet<Permission>();

    role_value.permissions.each { p ->
      def permission = Permission.fromId(p);
      if (permission != null) {
          permissionSet.add(permission);
      } else {
          println("WARN! ${p} is not a valid permission ID (ignoring) for ${role_value.name}")
      }
    }

    def pattern = ".*"

    if (role_value.pattern) {
      pattern = role_value.pattern
    }

    Role newRole = new Role(role_value.name,pattern,permissionSet)

    roleBasedAuthenticationStrategy.addRole(role_group_value.type, newRole);
    println ("OK! Role ${role_value.name} created")
  }
 }
	import hudson.model.*
	import hudson.security.*
	import jenkins.*
	import jenkins.model.*
	import java.util.*
	import com.michelin.cio.hudson.plugins.rolestrategy.*
	import java.lang.reflect.*

	RoleBasedAuthorizationStrategy roleBasedAuthenticationStrategy = Hudson.instance.getAuthorizationStrategy()

	Method assignRoleMethod = RoleBasedAuthorizationStrategy.class.getDeclaredMethod("assignRole", String.class, Role.class, String.class)
	assignRoleMethod.setAccessible(true)

	def properties = [ grant_groups: [ global_grants: [ type: RoleBasedAuthorizationStrategy.PROJECT, grants: [ test_admin: [ identity: "deployprod", grant_roles: ["test_prsdsoject_role"]]]]]];

	properties.grant_groups.each { grant_group_key,grant_group_value ->

	grant_group_value.grants.each { grant_key, grant_value ->

	grant_value.grant_roles.each { grant_role ->

	Role assignedRole = roleBasedAuthenticationStrategy.getRoleMap(grant_group_value.type).getRole(grant_role);

	if (!assignedRole) {
	println("WARN! Role ${grant_role} doesn't exist. Skip assigning this role to ${grant_value.identity} identity")
	return
	}
	roleBasedAuthenticationStrategy.assignRole(grant_group_value.type, assignedRole, grant_value.identity );
	println ("OK! Role ${grant_role} assigned to ${grant_value.identity}")
	}
	}
	}