使用groovy脚本自动化Jenkins Keycloak插件

问题描述 投票:1回答:1

我尝试使用Keycloak插件和Docker-compose 100%自动化Jenkins的部署。目的是我们除了执行单个命令外不愿做任何事情。

为了使Jenkins自动化,我尝试使用Jenkins API,但Groovy脚本似乎是最好,最简单的解决方案。问题是我不是开发人员...

我尝试过类似的操作,但是在Keycloak conf上失败了:

Failed to run script file:/var/jenkins_home/init.groovy.d/init.groovy groovy.lang.GroovyRuntimeException: Could not find matching constructor for: org.jenkinsci.plugins.KeycloakSecurityRealm(java.lang.Boolean)

import jenkins.model.*
import hudson.security.*
import org.jenkinsci.plugins.*

def instance = Jenkins.getInstance()
def env = System.getenv()

def hudsonRealm = new HudsonPrivateSecurityRealm(false)
String password = env.JENKINS_PASSWORD
hudsonRealm.createAccount("admin", password)
instance.setSecurityRealm(hudsonRealm)
instance.save()

def keycloak_realm = new KeycloakSecurityRealm(true)
instance.setSecurityRealm(keycloak_realm)

instance.setAuthorizationStrategy(new FullControlOnceLoggedInAuthorizationStrategy())

instance.save()

最后,我想

  • 创建管理员用户

  • 配置Keycloak插件

  • 设置用户自动权限。

感谢您的帮助:)

jenkins docker-compose keycloak jenkins-groovy
1个回答
0
投票

一个可能已过时的问题,但是我想分享一下,在init.groovy.d中使用Groovy脚本维护Jenkins中的配置(包括Keycloak配置)时,我也遇到了问题。解决此问题的最佳方法是使用Jenkins Configuration as Code (JCasC)插件通过声明性模型。

示例:

[Keycloak

jenkins:
  securityRealm: keycloak

unclassified:
  keycloakSecurityRealm:
    keycloakJson: |-
      {
        "realm": "my-realm",
        "auth-server-url": "https://my-keycloak-url/auth",
        "ssl-required": "all",
        "resource": "jenkins",
        "public-client": true,
        "confidential-port": 0
      }

来源:https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos/keycloak

凭证

credentials:
  system:
    domainCredentials:
      - domain:
          name: "test.com"
          description: "test.com domain"
          specifications:
            - hostnameSpecification:
                includes: "*.test.com"
        credentials:
          - usernamePassword:
              scope: SYSTEM
              id: sudo_password
              username: root
              password: ${SUDO_PASSWORD}

来源:https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos/credentials

© www.soinside.com 2019 - 2024. All rights reserved.