jhoblitt
commented
6 years ago You need to have auth configured. See: https://github.com/voxpupuli/puppet-jenkins/blob/master/NATIVE_TYPES_AND_PROVIDERS.md#configuration
Closed ABrehm264 closed 6 years ago
jhoblitt
commented
6 years ago You need to have auth configured. See: https://github.com/voxpupuli/puppet-jenkins/blob/master/NATIVE_TYPES_AND_PROVIDERS.md#configuration
ABrehm264
commented
6 years ago Yeah, I've reread that file several times, but I still think I'm missing something.
My code looks like:
jenkins_authorization_strategy { 'hudson.security.FullControlOnceLoggedInAuthorizationStrategy':
ensure => 'present',
}
jenkins_security_realm { 'hudson.security.HudsonPrivateSecurityRealm':
ensure => 'present',
arguments => [false, false, undef], # AllowSignup, enableCaptcha, {blank}
}and after running puppet, my auth strategy still has the "allow anonymous read access" flag enabled like this:
From your documentation, and what little I could read from your code (I'm a puppet and groovy newbie), the only thing that I can see where you actually disable anonymous read is via the github auth strategy.
but I'm not using that strategy, so I don't think it's applicable.
Am I missing something? or is there maybe a cli command that I should be running after that fact?
Thanks
jhoblitt
commented
6 years ago OK - I thought you were reporting an error message from the CLI. The value of arguments has to match the parameters of [one of the] constructor(s) of the class that provides the strategy.
In this case, you are configuring http://javadoc.jenkins-ci.org/hudson/security/FullControlOnceLoggedInAuthorizationStrategy.html#FullControlOnceLoggedInAuthorizationStrategy
Which appears to not accept any arguments via its constructor. So either the puppet provider and the puppet_helper.groovy script need special handling for this class to call methods on it or new constructor needs to be added to https://github.com/kohsuke/jenkins/blob/master/core/src/main/java/hudson/security/FullControlOnceLoggedInAuthorizationStrategy.java
ABrehm264
commented
6 years ago I did this to make it work: augeas { 'jenkins_config.xml - deny anonymous read access' : incl => '/var/lib/jenkins/config.xml', lens => 'Xml.lns', context => '/files/var/lib/jenkins/config.xml/hudson', changes => "set authorizationStrategy/denyAnonymousReadAccess/#text true", onlyif => "get authorizationStrategy/denyAnonymousReadAccess/#text != true", subscribe => Jenkins_user[$jenkins_admin_username], notify => Service['jenkins.service'], }
I've been trying to scour the documentation, but I'm not seeing where I could set anonymous read to off in Jenkins after setting the auth strategy to fullcontrolonceloggedin.
Any help would be appreciated.
Thanks