Commit 220ca55c authored by intrigeri's avatar intrigeri
Browse files

jenkins-job-builder: use a real user + API token to authenticate to Jenkins

Without disabling CSRF (complicated, will probably become impossible at some
point), we did not manage to have jenkins-job-builder use the API
with current Jenkins LTS. Using the standard security setup
(https://wiki.jenkins.io/display/JENKINS/Standard+Security+Setup),
an actual user, and its API token, repairs communication with the API.

refs tails/sysadmin#16955
parent 13c23edd
......@@ -9,6 +9,7 @@
class tails::jenkins::master (
String $jenkins_jobs_repo,
String $api_token,
String $version = '2.235.1',
String $tails_repo = 'https://gitlab.tails.boum.org/tails/tails.git',
......@@ -16,6 +17,7 @@ class tails::jenkins::master (
Enum['present', 'absent'] $automatic_iso_jobs_generator = 'present',
Integer $active_branches_max_age_in_days = 49,
String $gitolite_pubkey_name = 'gitolite@puppet-git',
String $api_user = 'admin',
Boolean $manage_mount = false,
$mount_device = false,
......@@ -561,7 +563,7 @@ class tails::jenkins::master (
owner => root,
group => jenkins,
mode => '0640',
source => 'puppet:///modules/tails/jenkins/master/jenkins_jobs.ini',
content => template('tails/jenkins/orchestrator/jenkins_jobs.ini.erb'),
require => [
Package['jenkins'],
Package['jenkins-job-builder'],
......
......@@ -3,6 +3,6 @@ recursive=True
[jenkins]
query_plugins_info=True
user=placeholder
password=placeholder
user=<%= @api_user %>
password=<%= @api_token %>
url=http://127.0.0.1:8080/
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment