Added github auth configuration groovy script

Author: Darren Jones

.gitignore

@@ -14,3 +14,4 @@ releases/**/*.tgz
 #*
 tmp
 import.yml
+import.yml*

jobs/jenkins-master/spec

@@ -22,6 +22,7 @@ templates:
   config/config.xml.erb: config/config.xml
   config/config-oauth.xml.erb: config/config-oauth.xml
   config/configure-access.groovy.erb: init.groovy.d/configure-access.groovy
+  config/configure-github-access.groovy.erb: init.groovy.d/configure-github-access.groovy
   config/configure-master-access-control.groovy.erb: init.groovy.d/configure-master-access-control.groovy
   config/configure-maven.groovy.erb: init.groovy.d/configure-maven.groovy
   config/envInject.xml.erb: config/envInject.xml

jobs/jenkins-master/templates/bin/pre-start.erb

@@ -4,7 +4,7 @@ set -e # exit immediately if a simple command exits with a non-zero status
 set -u # report the usage of uninitialized variables
 
 mkdir -p /var/vcap/store/jenkins-master
-mkdir -p /var/vcap/store/jenkins-master/init.groovy.d	
+mkdir -p /var/vcap/store/jenkins-master/init.groovy.d
 mkdir -p /var/vcap/store/jenkins-master/plugins
 
 JENKINS_CONFIG="<%= p('jenkins.config') %>"
@@ -21,11 +21,14 @@ fi
 if [[ $(ls /var/vcap/jobs/jenkins-master/init.groovy.d/*.groovy) ]]; then
     echo "Copying Groovy..."
     cp /var/vcap/jobs/jenkins-master/init.groovy.d/*.groovy /var/vcap/store/jenkins-master/init.groovy.d/
+    # We want standard Jenkins managed access unless defined
+    rm /var/vcap/store/jenkins-master/init.groovy.d/configure-github-access.groovy
 fi
 
 if [ ${JENKINS_CONFIG} == "config-oauth.xml" ]; then
     # This is temporary until we use this groovy script to construct the config
     rm /var/vcap/store/jenkins-master/init.d/configure-access.groovy
+    cp /var/vcap/jobs/jenkins-master/init.groovy.d/configure-github-access.groovy /var/vcap/store/jenkins-master/init.groovy.d/configure-github-access.groovy
 fi
 
 echo "Configuring Plugins..."

jobs/jenkins-master/templates/config/configure-github-access.groovy.erb

@@ -0,0 +1,43 @@
+import hudson.security.SecurityRealm
+import org.jenkinsci.plugins.GithubSecurityRealm
+import org.jenkinsci.plugins.GithubAuthorizationStrategy
+import hudson.security.AuthorizationStrategy
+
+String githubWebUri = '<%= p('jenkins.github.oauth.url.web') %>'
+String githubApiUri = '<%= p('jenkins.github.oauth.url.api') %>'
+String clientID = '<%= p('jenkins.github.oauth.client.id') %>'
+String clientSecret = '<%= p('jenkins.github.oauth.client.secret') %>'
+String oauthScopes = 'read:org'
+
+SecurityRealm github_realm = new GithubSecurityRealm(githubWebUri, githubApiUri, clientID, clientSecret, oauthScopes)
+//check for equality, no need to modify the runtime if no settings changed
+if(!github_realm.equals(Jenkins.instance.getSecurityRealm())) {
+    Jenkins.instance.setSecurityRealm(github_realm)
+    Jenkins.instance.save()
+}
+
+String adminUserNames = '<%= p('jenkins.github.oauth.admins.admin1') %>,<%= p('jenkins.github.oauth.admins.admin2') %>,<%= p('jenkins.github.oauth.admins.admin3') %>'
+String organizationNames = '<%= p('jenkins.github.oauth.org_name')  %>'
+boolean useRepositoryPermissions = true
+boolean authenticatedUserReadPermission = false
+boolean authenticatedUserCreateJobPermission = false
+boolean allowGithubWebHookPermission = false
+boolean allowCcTrayPermission = false
+boolean allowAnonymousReadPermission = false
+boolean allowAnonymousJobStatusPermission = false
+
+AuthorizationStrategy github_authorization = new GithubAuthorizationStrategy(adminUserNames,
+    authenticatedUserReadPermission,
+    useRepositoryPermissions,
+    authenticatedUserCreateJobPermission,
+    organizationNames,
+    allowGithubWebHookPermission,
+    allowCcTrayPermission,
+    allowAnonymousReadPermission,
+    allowAnonymousJobStatusPermission)
+
+//check for equality, no need to modify the runtime if no settings changed
+if(!github_authorization.equals(Jenkins.instance.getAuthorizationStrategy())) {
+    Jenkins.instance.setAuthorizationStrategy(github_authorization)
+    Jenkins.instance.save()
+}