GitHub puppet-jenkins

Puppet module for Jenkins

…t runs

<!--
Thank you for contributing to this project!

• This project has a Contributor Code of Conduct: https://voxpupuli.org/coc/
• Please check that here is no existing issue or PR that addresses your problem.
• Our vulnerabilities reporting process is at https://voxpupuli.org/security/

-->

Pull Request (PR) description

Passes credentials to jenkins-cli as environement variables by default so passwords aren't visible in the output of ps during puppet agent runs.

This Pull Request (PR) fixes the following issues

Not sure if this has an associated issue

This is useful on production Jenkins masters where non-scheduled restarts are
dangerous. Unit file changes and user changes that happen before tha package is
installed are not affected.

```
jenkins_exec{ 'job-dsl security':
script => @(END)
import jenkins.model.*

def j = Jenkins.getInstance()
def jobDsl = j.getDescriptor("javaposse.jobdsl.plugin.GlobalJobDslSecurityConfiguration")
jobDsl.setUseScriptSecurity(false)
END
}
```

Pull Request (PR) description

This change removes the start up script for macOS and moves the arguments to the plist template.

Retries is only used by the CLI providers. Puppet itself also provides retry functionality. This avoids the need to ensure a gem is installed in the right environment, which may not even work if it's a disconnected environment.

This does ignore a parameter for the maximum time to sleep. I'm looking for feedback on how to best deal with this.

… the Jenkins-cli.

https://github.com/voxpupuli/puppet-jenkins/issues/998

<!--
Thank you for contributing to this project!

• This project has a Contributor Code of Conduct: https://voxpupuli.org/coc/
• Please check that here is no existing issue or PR that addresses your problem.
• Our vulnerabilities reporting process is at https://voxpupuli.org/security/

-->

Pull Request (PR) description

<!--
Jenkins CLI is no longer available in the above path, so we need to download it directly from jnlpJars/jenkins-cli.jar
WEB-INF/jenkins-cli

-->

This Pull Request (PR) fixes the following issues

<!--
directly download jenkins-cli from jnlpJars/jenkins-cli.jar
-->

As of Jenkins 2.176.2 detached plugins were taking precedence over specified plugins due to a fix that was introduced for docker: https://issues.jenkins-ci.org/browse/JENKINS-57528.

The fix in Jenkins ensured stricter processing of plugins. the module was installing plugins as .hpi files where Jenkins expects them to be .jpi files.

This problem was highlighted in https://github.com/voxpupuli/puppet-jenkins/issues/926.

<!--
Thank you for contributing to this project!

• This project has a Contributor Code of Conduct: https://voxpupuli.org/coc/
• Please check that here is no existing issue or PR that addresses your problem.
• Our vulnerabilities reporting process is at https://voxpupuli.org/security/

-->

Pull Request (PR) description

<!--
Replace this comment with a description of your pull request.
-->

This Pull Request (PR) fixes the following issues

<!--
Replace this comment with the list of issues or n/a.
Use format:
Fixes #123
Fixes #124
-->

<!--
Thank you for contributing to this project!

• This project has a Contributor Code of Conduct: https://voxpupuli.org/coc/
• Please check that here is no existing issue or PR that addresses your problem.
• Our vulnerabilities reporting process is at https://voxpupuli.org/security/

-->

Pull Request (PR) description

This PR remove the deprecated hiera_array and change it to the new lookup.

This Pull Request (PR) fixes the following issues

Fixes #983

In case the Jenkins user doesn't exist, we can assume what's default in the package because it may be present in the future.

This is a test to see if this fixes the acceptance tests on EL7 when running under docker.

The manifest can contain UTF-8 data and if no LANG is set (like in minimal environments), this causes the read to fail. This forces it to read the file using UTF-8 encoding.

Pull Request (PR) description

When updating credentials or using the puppet debug flag credentials leak to the puppet log.
This PR is an attempt to avoid this without requiring the user to apply the Sensitive data type to all parameters.

This is incomplete, see the last commit message for details. Sharing here in case anyone has time to dig into it.

This PR adds support for OpenId Connect Authentication https://plugins.jenkins.io/oic-auth/ securityRealm.

I am not very happy with the use of the "Boolean:" construct that i added for boolean parameters.
This was necessary because one of the parameters for the OicSecurityRealm constructor is a classed Boolean opposed to all others being primitive booleans. I am not very fluent in Java so i did not know how to solve this a different way. If anyone can provide a more elegant way around this issue i would love to change it.

Pull Request (PR) description

This PR bumps metadata.json to v3.0.0 and updates the change log in preparation for a new release. The major version bump is a result of the fact that puppet 3.x code and other breaking changes have happened since the last release.

The service is now a native systemd service so there is no pidfile to be tracked. This means we can test on EL8 again.