Don't replace security realm or auth strategy unless necessary

jokimaki · Jun 29, 2016 · 420f8f6 · 420f8f6
1 parent 5b0b304
commit 420f8f6
Showing 1 changed file with 15 additions and 12 deletions.
diff --git a/templates/solita_jenkins_security_realm.groovy.j2 b/templates/solita_jenkins_security_realm.groovy.j2
@@ -7,25 +7,28 @@ def solita_jenkins_security_realm = '{{ solita_jenkins_security_realm }}'
 def jenkins = Jenkins.getInstance()
 
 if (solita_jenkins_security_realm == 'jenkins') {
-    def securityRealm = new HudsonPrivateSecurityRealm(false)
-    jenkins.setSecurityRealm(securityRealm)
+    if (!(jenkins.getSecurityRealm() instanceof HudsonPrivateSecurityRealm)) {
+        jenkins.setSecurityRealm(new HudsonPrivateSecurityRealm(false))
+    }
 
-    def strategy = new GlobalMatrixAuthorizationStrategy()
-    strategy.add(Jenkins.ADMINISTER, 'solita_jenkins')
-    jenkins.setAuthorizationStrategy(strategy)
+    if (!(jenkins.getAuthorizationStrategy() instanceof GlobalMatrixAuthorizationStrategy)) {
+        jenkins.setAuthorizationStrategy(new GlobalMatrixAuthorizationStrategy())
+    }
 
-    def user = securityRealm.createAccount('solita_jenkins', '{{ lookup("password", inventory_dir + "/solita_jenkins_default_password/solita_jenkins") }}')
-    user.addProperty(new UserPropertyImpl('{{ solita_jenkins_public_key }}'));
-    user.save()
+    def currentUsers = jenkins.getSecurityRealm().getAllUsers().collect { it.getId() }
 
-    jenkins.save()
+    if (!('solita_jenkins' in currentUsers)) {
+        def user = jenkins.getSecurityRealm().createAccount('solita_jenkins', '{{ lookup("password", inventory_dir + "/solita_jenkins_default_password/solita_jenkins") }}')
+        user.addProperty(new UserPropertyImpl('{{ solita_jenkins_public_key }}'));
+        user.save()
+
+        jenkins.getAuthorizationStrategy().add(Jenkins.ADMINISTER, 'solita_jenkins')
+    }
 } else if (solita_jenkins_security_realm == 'none') {
     // If we leave the user, further attempts to use jenkins-cli.jar with
     // key-based authentication enabled fail for some reason. Clearing the
     // user's SSH key wasn't enough to solve the problem.
     jenkins.getUser('solita_jenkins').delete()
-
     jenkins.disableSecurity()
-
-    jenkins.save()
 }
+jenkins.save()