diff --git a/pkg/apis/jenkins/v1alpha2/jenkins_types.go b/pkg/apis/jenkins/v1alpha2/jenkins_types.go index 5ad7a66d..90d35cd6 100644 --- a/pkg/apis/jenkins/v1alpha2/jenkins_types.go +++ b/pkg/apis/jenkins/v1alpha2/jenkins_types.go @@ -310,6 +310,9 @@ type JenkinsMaster struct { // Plugins contains plugins required by user // +optional Plugins []Plugin `json:"plugins,omitempty"` + + // DisableCSRFProtection allows you to toggle CSRF Protection on Jenkins + DisableCSRFProtection bool `json:"disableCSRFProtection"` } // Service defines Kubernetes service attributes diff --git a/pkg/controller/jenkins/configuration/base/resources/base_configuration_configmap.go b/pkg/controller/jenkins/configuration/base/resources/base_configuration_configmap.go index aca8b03b..022a7a20 100644 --- a/pkg/controller/jenkins/configuration/base/resources/base_configuration_configmap.go +++ b/pkg/controller/jenkins/configuration/base/resources/base_configuration_configmap.go @@ -9,6 +9,17 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) +const ( + basicSettingsGroovyScriptName = "1-basic-settings.groovy" + enableCSRFGroovyScriptName = "2-enable-csrf.groovy" + disableUsageStatsGroovyScriptName = "3-disable-usage-stats.groovy" + enableMasterAccessControlGroovyScriptName = "4-enable-master-access-control.groovy" + disableInsecureFeaturesGroovyScriptName = "5-disable-insecure-features.groovy" + configureKubernetesPluginGroovyScriptName = "6-configure-kubernetes-plugin.groovy" + configureViewsGroovyScriptName = "7-configure-views.groovy" + disableJobDslScriptApprovalGroovyScriptName = "8-disable-job-dsl-script-approval.groovy" +) + const basicSettingsFmt = ` import jenkins.model.Jenkins import jenkins.model.JenkinsLocationConfiguration @@ -168,23 +179,26 @@ func GetBaseConfigurationConfigMapName(jenkins *v1alpha2.Jenkins) string { // NewBaseConfigurationConfigMap builds Kubernetes config map used to base configuration func NewBaseConfigurationConfigMap(meta metav1.ObjectMeta, jenkins *v1alpha2.Jenkins) *corev1.ConfigMap { meta.Name = GetBaseConfigurationConfigMapName(jenkins) - + groovyScriptsMap := map[string]string{ + basicSettingsGroovyScriptName: fmt.Sprintf(basicSettingsFmt, constants.DefaultAmountOfExecutors), + enableCSRFGroovyScriptName: enableCSRF, + disableUsageStatsGroovyScriptName: disableUsageStats, + enableMasterAccessControlGroovyScriptName: enableMasterAccessControl, + disableInsecureFeaturesGroovyScriptName: disableInsecureFeatures, + configureKubernetesPluginGroovyScriptName: fmt.Sprintf(configureKubernetesPluginFmt, + jenkins.ObjectMeta.Namespace, + fmt.Sprintf("http://%s.%s:%d", GetJenkinsHTTPServiceName(jenkins), jenkins.ObjectMeta.Namespace, jenkins.Spec.Service.Port), + fmt.Sprintf("%s.%s:%d", GetJenkinsSlavesServiceName(jenkins), jenkins.ObjectMeta.Namespace, jenkins.Spec.SlaveService.Port), + ), + configureViewsGroovyScriptName: configureViews, + disableJobDslScriptApprovalGroovyScriptName: disableJobDSLScriptApproval, + } + if jenkins.Spec.Master.DisableCSRFProtection { + delete(groovyScriptsMap, enableCSRFGroovyScriptName) + } return &corev1.ConfigMap{ TypeMeta: buildConfigMapTypeMeta(), ObjectMeta: meta, - Data: map[string]string{ - "1-basic-settings.groovy": fmt.Sprintf(basicSettingsFmt, constants.DefaultAmountOfExecutors), - "2-enable-csrf.groovy": enableCSRF, - "3-disable-usage-stats.groovy": disableUsageStats, - "4-enable-master-access-control.groovy": enableMasterAccessControl, - "5-disable-insecure-features.groovy": disableInsecureFeatures, - "6-configure-kubernetes-plugin.groovy": fmt.Sprintf(configureKubernetesPluginFmt, - jenkins.ObjectMeta.Namespace, - fmt.Sprintf("http://%s.%s:%d", GetJenkinsHTTPServiceName(jenkins), jenkins.ObjectMeta.Namespace, jenkins.Spec.Service.Port), - fmt.Sprintf("%s.%s:%d", GetJenkinsSlavesServiceName(jenkins), jenkins.ObjectMeta.Namespace, jenkins.Spec.SlaveService.Port), - ), - "7-configure-views.groovy": configureViews, - "8-disable-job-dsl-script-approval.groovy": disableJobDSLScriptApproval, - }, + Data: groovyScriptsMap, } }