frezbo/RBAC_Grants.groovy

## RBAC_Grants.groovy
import hudson.model.*
import hudson.security.*
import jenkins.*
import jenkins.model.*
import java.util.*
import com.michelin.cio.hudson.plugins.rolestrategy.*
import java.lang.reflect.*

RoleBasedAuthorizationStrategy roleBasedAuthenticationStrategy = Hudson.instance.getAuthorizationStrategy()

Method assignRoleMethod = RoleBasedAuthorizationStrategy.class.getDeclaredMethod("assignRole", String.class, Role.class, String.class)
assignRoleMethod.setAccessible(true)

def properties = [ grant_groups: [ global_grants: [ type: RoleBasedAuthorizationStrategy.PROJECT, grants: [ test_admin: [ identity: "deployprod", grant_roles: ["test_prsdsoject_role"]]]]]];

properties.grant_groups.each { grant_group_key,grant_group_value  ->

    grant_group_value.grants.each { grant_key, grant_value ->

        grant_value.grant_roles.each { grant_role ->

            Role assignedRole = roleBasedAuthenticationStrategy.getRoleMap(grant_group_value.type).getRole(grant_role);

            if (!assignedRole) {
                println("WARN! Role ${grant_role} doesn't exist. Skip assigning this role to ${grant_value.identity} identity")
                return
            }
            roleBasedAuthenticationStrategy.assignRole(grant_group_value.type, assignedRole, grant_value.identity );
            println ("OK! Role ${grant_role} assigned to ${grant_value.identity}")
        }
    }
}

## RBAC_Roles.groovy
import hudson.model.*
import hudson.security.*
import jenkins.*
import jenkins.model.*
import java.util.*
import com.michelin.cio.hudson.plugins.rolestrategy.*
import java.lang.reflect.*

def global_admin = "hudson.model.Hudson.Administer"
def global_read = "hudson.model.Hudson.Read"
def global_uploadPlugins = "hudson.modelHu.dson.UploadPlugins"
def global_configureUpdateCenter = "hudson.modelHu.dson.ConfigureUpdateCenter"
def global_scmTag = "hudson.model.scm.SCM.Tag"
def global_runScripts = "hudson.model.RunScripts"

def computer_connect = "hudson.model.Computer.Connect"
def computer_create ="hudson.model.Computer.Create"
def computer_build = "hudson.model.Computer.Build"
def computer_delete = "hudson.model.Computer.Delete"
def computer_donfigure = "hudson.model.Computer.Configure"
def computer_disconnect = "hudson.model.Computer.Disconnect"

def run_delete = "hudson.model.Run.Delete"
def run_update =" hudson.model.Run.Update"

def item_configure = "hudson.model.Item.Configure"
def item_cancel = "hudson.model.Item.Cancel"
def item_read = "hudson.model.Item.Read"
def item_build = "hudson.model.Item.Build"
def item_discover = "hudson.model.Item.Discover"
def item_create = "hudson.model.Item.Create"
def item_move = "hudson.model.Item.Move"
def item_workspace = "hudson.model.Item.Workspace"

def item_delete = "hudson.model.Item.Delete"
def view_create = "hudson.model.View.Create"
def view_configure = "hudson.model.View.Configure"
def view_read = "hudson.model.View.Read"
def view_delete = "hudson.model.View.Delete"

def credentialsprovider_manageDomains = "com.cloudbees.plugins.credentials.credentialsprovider_managedomains"
def credentialsprovider_create = "com.cloudbees.plugins.credentials.credentialsprovider_create"
def credentialsprovider_update = "com.cloudbees.plugins.credentials.credentialsprovider_update"
def credentialsprovider_view = "com.cloudbees.plugins.credentials.credentialsprovider_view"
def credentialsprovider_delete = "com.cloudbees.plugins.credentials.credentialsprovider_delete"

RoleBasedAuthorizationStrategy roleBasedAuthenticationStrategy = Hudson.instance.getAuthorizationStrategy()

// Add global roles

// def properties = [ role_groups: [ global_roles: [ type: RoleBasedAuthorizationStrategy.SLAVE, roles: [ test_admin: [ name: "test_project_rolse", pattern: "^.*-prod", permissions: [ computer_build , computer_disconnect]]]]]]

properties.role_groups.each { role_group_key,role_group_value  ->

  role_group_value.roles.each { role_key, role_value ->

    Set<Permission> permissionSet = new HashSet<Permission>();

    role_value.permissions.each { p ->
      def permission = Permission.fromId(p);
      if (permission != null) {
          permissionSet.add(permission);
      } else {
          println("WARN! ${p} is not a valid permission ID (ignoring) for ${role_value.name}")
      }
    }

    def pattern = ".*"

    if (role_value.pattern) {
      pattern = role_value.pattern
    }

    Role newRole = new Role(role_value.name,pattern,permissionSet)

    roleBasedAuthenticationStrategy.addRole(role_group_value.type, newRole);
    println ("OK! Role ${role_value.name} created")
  }
}
	import hudson.model.*
	import hudson.security.*
	import jenkins.*
	import jenkins.model.*
	import java.util.*
	import com.michelin.cio.hudson.plugins.rolestrategy.*
	import java.lang.reflect.*

	RoleBasedAuthorizationStrategy roleBasedAuthenticationStrategy = Hudson.instance.getAuthorizationStrategy()

	Method assignRoleMethod = RoleBasedAuthorizationStrategy.class.getDeclaredMethod("assignRole", String.class, Role.class, String.class)
	assignRoleMethod.setAccessible(true)

	def properties = [ grant_groups: [ global_grants: [ type: RoleBasedAuthorizationStrategy.PROJECT, grants: [ test_admin: [ identity: "deployprod", grant_roles: ["test_prsdsoject_role"]]]]]];

	properties.grant_groups.each { grant_group_key,grant_group_value ->

	grant_group_value.grants.each { grant_key, grant_value ->

	grant_value.grant_roles.each { grant_role ->

	Role assignedRole = roleBasedAuthenticationStrategy.getRoleMap(grant_group_value.type).getRole(grant_role);

	if (!assignedRole) {
	println("WARN! Role ${grant_role} doesn't exist. Skip assigning this role to ${grant_value.identity} identity")
	return
	}
	roleBasedAuthenticationStrategy.assignRole(grant_group_value.type, assignedRole, grant_value.identity );
	println ("OK! Role ${grant_role} assigned to ${grant_value.identity}")
	}
	}
	}