Skip to content

Optionally use an api token instead of password to download plugins #398

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 15 commits into
base: master
Choose a base branch
from
Open

Optionally use an api token instead of password to download plugins #398

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
70231f9
Try generating api token to use instead of password
AMartindale98 Nov 8, 2024
521aa9f
Read force_basic_auth param based on api token's existence
AMartindale98 Nov 8, 2024
f8030f5
Use a separate groovy script for api token creation - security groovy…
AMartindale98 Nov 8, 2024
9b0e06d
Move retrieval of token
AMartindale98 Nov 8, 2024
418ac0c
groovy script edits
AMartindale98 Nov 8, 2024
66dcef3
We need the admin user - it's created too late
AMartindale98 Nov 8, 2024
ca71502
test
AMartindale98 Nov 8, 2024
e47c822
Debugging
AMartindale98 Nov 8, 2024
0c7d2d3
Timing edits
AMartindale98 Nov 8, 2024
b7582ec
Try using a jenkins readable file for api token
AMartindale98 Nov 11, 2024
b0f3be5
Version where we generate the token and save it to a file so it persists
AMartindale98 Nov 14, 2024
71c7157
Version where we provide the API token for Jenkins
AMartindale98 Nov 14, 2024
0f3558d
Clean up
AMartindale98 Nov 14, 2024
b5515f0
Use Ansible's regular community module
AMartindale98 Jan 20, 2025
1d949a4
Fix downloading plugins using api token
kwyland22 Jul 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,3 +62,5 @@ jenkins_init_folder: "/etc/systemd/system/jenkins.service.d"
jenkins_init_file: "{{ jenkins_init_folder }}/override.conf"

jenkins_restart_behavior: "service"

jenkins_use_api_token: false
11 changes: 1 addition & 10 deletions handlers/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,3 @@
---
- name: restart jenkins
include_tasks: tasks/restart.yml

- name: configure default users
template:
src: basic-security.groovy.j2
dest: "{{ jenkins_home }}/init.groovy.d/basic-security.groovy"
owner: "{{ jenkins_process_user }}"
group: "{{ jenkins_process_group }}"
mode: 0775
register: jenkins_users_config
include_tasks: tasks/restart.yml
5 changes: 0 additions & 5 deletions tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,10 +58,5 @@
delay: 10
check_mode: false

- name: Remove Jenkins security init scripts after first startup.
file:
path: "{{ jenkins_home }}/init.groovy.d/basic-security.groovy"
state: absent

# Update Jenkins and install configured plugins.
- include_tasks: plugins.yml
5 changes: 3 additions & 2 deletions tasks/plugins.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,13 +40,14 @@
path: "{{ jenkins_home }}/updates/default.json"
regexp: "1d;$d"

- name: Install Jenkins plugins using password.
- name: Install Jenkins plugins using password or API token.
jenkins_plugin:
name: "{{ item.name | default(item) }}"
version: "{{ item.version | default(omit) }}"
jenkins_home: "{{ jenkins_home }}"
url_username: "{{ jenkins_admin_username }}"
url_password: "{{ jenkins_admin_password }}"
force_basic_auth: "{{ jenkins_use_api_token }}"
url_password: "{{ jenkins_api_token | default(jenkins_admin_password) }}"
state: "{{ 'present' if item.version is defined else jenkins_plugins_state }}"
timeout: "{{ jenkins_plugin_timeout }}"
updates_expiration: "{{ jenkins_plugin_updates_expiration }}"
Expand Down
21 changes: 21 additions & 0 deletions tasks/settings.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,27 @@
group: "{{ jenkins_process_group }}"
mode: 0775

- name: Configure default users
template:
src: basic-security.groovy.j2
dest: "{{ jenkins_home }}/init.groovy.d/basic-security.groovy"
owner: "{{ jenkins_process_user }}"
group: "{{ jenkins_process_group }}"
mode: 0775
register: jenkins_users_config
notify: restart jenkins
when: jenkins_admin_password is defined and jenkins_admin_username is defined

- name: Generate API token for admin user
template:
src: api-token-setup.groovy.j2
dest: "{{ jenkins_home }}/init.groovy.d/api-token-setup.groovy"
owner: "{{ jenkins_process_user }}"
group: "{{ jenkins_process_group }}"
mode: 0775
when: jenkins_use_api_token | bool and jenkins_admin_username is defined and jenkins_api_token is defined
notify: restart jenkins

- name: Configure proxy config for Jenkins
template:
src: proxy.xml
Expand Down
2 changes: 0 additions & 2 deletions tasks/setup-Debian.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,10 +39,8 @@
deb: "/tmp/jenkins_{{ jenkins_version }}_all.deb"
state: present
when: jenkins_version is defined and specific_version.stat.exists
notify: configure default users

- name: Ensure Jenkins is installed.
apt:
name: jenkins
state: "{{ jenkins_package_state }}"
notify: configure default users
22 changes: 22 additions & 0 deletions templates/api-token-setup.groovy.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
#!groovy
import hudson.model.User
import jenkins.security.*

// Configuration - these variables will be replaced by Ansible templating
def adminUsername = "{{ jenkins_admin_username }}"
def apiTokenName = "{{ jenkins_admin_username }}-token"
def apiTokenValue = "{{ jenkins_api_token }}"

def user = User.get(adminUsername)
def apiTokenProperty = user.getProperty(ApiTokenProperty.class)

// Check if token property exists
if (!apiTokenProperty) {
user.addProperty(new ApiTokenProperty())
apiTokenProperty = user.getProperty(ApiTokenProperty.class)
}

// Generate a new token with a pre-defined value
def newToken = apiTokenProperty.tokenStore.addFixedNewToken(apiTokenName, apiTokenValue)

user.save()