From 99013f853a65b7bc4669ac12a2137d82619e3073 Mon Sep 17 00:00:00 2001
From: Wei Tang <hi@that.world>
Date: Thu, 2 Mar 2017 14:05:47 +0800
Subject: jenkins-job-builder: allow setting access tokens for reloading

---
 .../continuous-integration/jenkins/job-builder.nix | 26 ++++++++++++++++++----
 1 file changed, 22 insertions(+), 4 deletions(-)

(limited to 'nixos/modules/services/continuous-integration/jenkins/job-builder.nix')

diff --git a/nixos/modules/services/continuous-integration/jenkins/job-builder.nix b/nixos/modules/services/continuous-integration/jenkins/job-builder.nix
index 7b1fe6269fe..861b46a2d64 100644
--- a/nixos/modules/services/continuous-integration/jenkins/job-builder.nix
+++ b/nixos/modules/services/continuous-integration/jenkins/job-builder.nix
@@ -29,6 +29,22 @@ in {
         '';
       };
 
+      accessUser = mkOption {
+        default = "";
+        type = types.str;
+        description = ''
+          User id in Jenkins used to reload config.
+        '';
+      };
+
+      accessToken = mkOption {
+        default = "";
+        type = types.str;
+        description = ''
+          User token in Jenkins used to reload config.
+        '';
+      };
+
       yamlJobs = mkOption {
         default = "";
         type = types.lines;
@@ -110,6 +126,11 @@ in {
           # Stamp file is placed in $JENKINS_HOME/jobs/$JOB_NAME/ to indicate
           # ownership. Enables tracking and removal of stale jobs.
           ownerStamp = ".config-xml-managed-by-nixos-jenkins-job-builder";
+          reloadScript = ''
+            echo "Asking Jenkins to reload config"
+            CRUMB=$(curl -s 'http://${cfg.accessUser}:${cfg.accessToken}@${jenkinsCfg.listenAddress}:${toString jenkinsCfg.port}${jenkinsCfg.prefix}/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)')
+            curl --silent -X POST -H "$CRUMB" http://${cfg.accessUser}:${cfg.accessToken}@${jenkinsCfg.listenAddress}:${toString jenkinsCfg.port}${jenkinsCfg.prefix}/reload
+          '';
         in
           ''
             rm -rf ${jobBuilderOutputDir}
@@ -142,10 +163,7 @@ in {
                 echo "Deleting stale job \"$jobname\""
                 rm -rf "$jobdir"
             done
-
-            echo "Asking Jenkins to reload config"
-            curl --silent -X POST http://${jenkinsCfg.listenAddress}:${toString jenkinsCfg.port}${jenkinsCfg.prefix}/reload
-          '';
+          '' + (if cfg.accessUser != "" then reloadScript else "");
       serviceConfig = {
         User = jenkinsCfg.user;
         RuntimeDirectory = "jenkins-job-builder";
-- 
cgit 1.4.1