From 420f8f6761b02d72b05b7e873932b94a0d48f095 Mon Sep 17 00:00:00 2001
From: Timo Mihaljov <timo.mihaljov@solita.fi>
Date: Wed, 29 Jun 2016 14:48:33 +0300
Subject: [PATCH] Don't replace security realm or auth strategy unless
 necessary

---
 .../solita_jenkins_security_realm.groovy.j2   | 27 ++++++++++---------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/templates/solita_jenkins_security_realm.groovy.j2 b/templates/solita_jenkins_security_realm.groovy.j2
index 6b6065b..973e5b1 100644
--- a/templates/solita_jenkins_security_realm.groovy.j2
+++ b/templates/solita_jenkins_security_realm.groovy.j2
@@ -7,25 +7,28 @@ def solita_jenkins_security_realm = '{{ solita_jenkins_security_realm }}'
 def jenkins = Jenkins.getInstance()
 
 if (solita_jenkins_security_realm == 'jenkins') {
-    def securityRealm = new HudsonPrivateSecurityRealm(false)
-    jenkins.setSecurityRealm(securityRealm)
+    if (!(jenkins.getSecurityRealm() instanceof HudsonPrivateSecurityRealm)) {
+        jenkins.setSecurityRealm(new HudsonPrivateSecurityRealm(false))
+    }
 
-    def strategy = new GlobalMatrixAuthorizationStrategy()
-    strategy.add(Jenkins.ADMINISTER, 'solita_jenkins')
-    jenkins.setAuthorizationStrategy(strategy)
+    if (!(jenkins.getAuthorizationStrategy() instanceof GlobalMatrixAuthorizationStrategy)) {
+        jenkins.setAuthorizationStrategy(new GlobalMatrixAuthorizationStrategy())
+    }
 
-    def user = securityRealm.createAccount('solita_jenkins', '{{ lookup("password", inventory_dir + "/solita_jenkins_default_password/solita_jenkins") }}')
-    user.addProperty(new UserPropertyImpl('{{ solita_jenkins_public_key }}'));
-    user.save()
+    def currentUsers = jenkins.getSecurityRealm().getAllUsers().collect { it.getId() }
 
-    jenkins.save()
+    if (!('solita_jenkins' in currentUsers)) {
+        def user = jenkins.getSecurityRealm().createAccount('solita_jenkins', '{{ lookup("password", inventory_dir + "/solita_jenkins_default_password/solita_jenkins") }}')
+        user.addProperty(new UserPropertyImpl('{{ solita_jenkins_public_key }}'));
+        user.save()
+
+        jenkins.getAuthorizationStrategy().add(Jenkins.ADMINISTER, 'solita_jenkins')
+    }
 } else if (solita_jenkins_security_realm == 'none') {
     // If we leave the user, further attempts to use jenkins-cli.jar with
     // key-based authentication enabled fail for some reason. Clearing the
     // user's SSH key wasn't enough to solve the problem.
     jenkins.getUser('solita_jenkins').delete()
-
     jenkins.disableSecurity()
-
-    jenkins.save()
 }
+jenkins.save()