Adding User permissions with groovy

[Anthony Green]

Has anyone managed to script the authorisation levels of a user with Groovy?

I have the beginnings of a script:

import jenkins.model.*

import hudson.security.*

def instance = Jenkins.getInstance()

def hudsonRealm = new HudsonPrivateSecurityRealm(false)

instance.setSecurityRealm(hudsonRealm)

hudsonRealm.createAccount("admin_username", "admin_password")

hudsonRealm.createAccount("developer_username", "developer_password")

def adminStrategy = new GlobalMatrixAuthorizationStrategy()

    adminStrategy.add(Jenkins.ADMINISTER, "admin_username")

    

instance.setAuthorizationStrategy(adminStrategy)

instance.save()

but I can't figure out how to add READ permissions for the user 'developer'

[Anthony Green]

This was my solution

import jenkins.model.*

import hudson.security.*

def instance = Jenkins.getInstance()

def strategy = new GlobalMatrixAuthorizationStrategy()

    strategy.add(Jenkins.ADMINISTER, "foo")

    strategy.add(Jenkins.READ, 'baz')

    strategy.add(Item.DISCOVER, 'baz')

    strategy.add(Item.READ, 'baz')

    strategy.add(Item.BUILD, 'baz')

instance.setAuthorizationStrategy(strategy)

instance.save()

[Anthony Green]

Actually although this worked in the script console it doesn't work in init.groovy.d 

you get the error

Failed to run script file:/var/jenkins_home/init.groovy.d/ConfigureSecurity.groovy
groovy.lang.MissingPropertyException: No such property: Item for class: ConfigureSecurity
	at org.codehaus.groovy.runtime.ScriptBytecodeAdapter.unwrap(ScriptBytecodeAdapter.java:50)
	at org.codehaus.groovy.runtime.callsite.PogoGetPropertySite.getProperty(PogoGetPropertySite.java:49)
	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callGroovyObjectGetProperty(AbstractCallSite.java:231)

restarting jenkins and the settings are applied.

Any pointers as to what's going wrong? 

[str...@gmail.com]

Hi,

any solution to this? Im running into the same problem, via script-console its working, but even after a restart i get the following error:

Mar 09, 2016 9:10:32 PM jenkins.util.groovy.GroovyHookScript execute

WARNING: Failed to run script file:/var/jenkins_home/init.groovy.d/50_active-directory.groovy

groovy.lang.MissingPropertyException: No such property: Item for class: 50_active-directory

at org.codehaus.groovy.runtime.ScriptBytecodeAdapter.unwrap(ScriptBytecodeAdapter.java:50)

at org.codehaus.groovy.runtime.callsite.PogoGetPropertySite.getProperty(PogoGetPropertySite.java:49)

at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callGroovyObjectGetProperty(AbstractCallSite.java:231)

at 50_active-directory.run(50_active-directory.groovy:34)

at groovy.lang.GroovyShell.evaluate(GroovyShell.java:580)

at jenkins.util.groovy.GroovyHookScript.execute(GroovyHookScript.java:136)

at jenkins.util.groovy.GroovyHookScript.execute(GroovyHookScript.java:127)

at jenkins.util.groovy.GroovyHookScript.run(GroovyHookScript.java:110)

at hudson.init.impl.GroovyInitScript.init(GroovyInitScript.java:41)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:106)

at hudson.init.TaskMethodFinder$TaskImpl.run(TaskMethodFinder.java:176)

at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:282)

at jenkins.model.Jenkins$8.runTask(Jenkins.java:924)

at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:210)

at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:117)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

at java.lang.Thread.run(Thread.java:745)

regards,

roman

[str...@gmail.com]

just for future reference and others having the some trouble...

i had to "import hudson.model.*" too, and the error was gone.