Support dynamic extra Jenkins user permissions.

author: Paul Sokolovsky <paul.sokolovsky@linaro.org> 2013-11-26 05:02:58 +0200
committer: Paul Sokolovsky <paul.sokolovsky@linaro.org> 2013-11-26 05:02:58 +0200
commit: a0caff586f5d418d193069771448f38df7f3fbd0 (patch)
tree: c9888f88f15fe62c35ab6d853acc183566106de3
parent: e0ed53032994547ffda69640a8e9b013bf31df83 (diff)
3 files changed, 9 insertions, 6 deletions
diff --git a/ansible-deploy/files/jenkins_users.xml b/ansible-deploy/files/jenkins_users.xml
new file mode 100644
index 0000000..c3c4cb5
--- /dev/null
+++ b/ansible-deploy/files/jenkins_users.xml
@@ -0,0 +1,6 @@
+    <permission>hudson.model.Hudson.Read:frontend</permission>
+    <permission>hudson.model.Item.Build:frontend</permission>
+    <permission>hudson.model.Item.Configure:frontend</permission>
+    <permission>hudson.model.Item.Create:frontend</permission>
+    <permission>hudson.model.Item.Delete:frontend</permission>
+    <permission>hudson.model.Item.Read:frontend</permission>
diff --git a/ansible-deploy/jenkins.yml b/ansible-deploy/jenkins.yml
index b421062..b7a5def 100644
--- a/ansible-deploy/jenkins.yml
+++ b/ansible-deploy/jenkins.yml
@@ -8,6 +8,7 @@
     - ssl_cert: /etc/ssl/certs/{{site_name}}.crt
     - ssl_key: /etc/ssl/private/{{site_name}}.key
     - private_vars: ../ansible-private-vars/main.yml
+    - jenkins_extra_users: files/jenkins_users.xml
     # "native" or "crowd"
     - jenkins_auth: crowd
   vars_files:
diff --git a/ansible-deploy/roles/jenkins/templates/jenkins-config/config.xml b/ansible-deploy/roles/jenkins/templates/jenkins-config/config.xml
index 5bebf65..5cf8ea0 100644
--- a/ansible-deploy/roles/jenkins/templates/jenkins-config/config.xml
+++ b/ansible-deploy/roles/jenkins/templates/jenkins-config/config.xml
@@ -8,13 +8,9 @@
     <permission>hudson.model.Hudson.Administer:admin</permission>
     <permission>hudson.model.Hudson.Administer:infrastructure</permission>
     <permission>hudson.model.Hudson.Read:anonymous</permission>
-    <permission>hudson.model.Hudson.Read:frontend</permission>
-    <permission>hudson.model.Item.Build:frontend</permission>
-    <permission>hudson.model.Item.Configure:frontend</permission>
-    <permission>hudson.model.Item.Create:frontend</permission>
-    <permission>hudson.model.Item.Delete:frontend</permission>
     <permission>hudson.model.Item.Read:anonymous</permission>
-    <permission>hudson.model.Item.Read:frontend</permission>
+{% include jenkins_extra_users %}
+
   </authorizationStrategy>
 {% if jenkins_auth == "native" %}
   <securityRealm class="hudson.security.HudsonPrivateSecurityRealm">
author	Paul Sokolovsky <paul.sokolovsky@linaro.org>	2013-11-26 05:02:58 +0200
committer	Paul Sokolovsky <paul.sokolovsky@linaro.org>	2013-11-26 05:02:58 +0200
commit	a0caff586f5d418d193069771448f38df7f3fbd0 (patch)
tree	c9888f88f15fe62c35ab6d853acc183566106de3
parent	e0ed53032994547ffda69640a8e9b013bf31df83 (diff)