Feature/oic auth

files/puppet_helper.groovy

@@ -143,8 +143,17 @@ class Util {
       }
     } else {
       // XXX explicit type declaration is required here
+      // def Class[] signature = args.collect {
+      //   it instanceof Boolean ? boolean.class : it.class
+      // }
       def Class[] signature = args.collect {
-        it instanceof Boolean ? boolean.class : it.class
+        if ( ( it instanceof String ) && ( it.startsWith('Boolean:') ) ) {
+          Boolean.class
+        } else if ( it instanceof Boolean ) {
+          boolean.class
+        } else {
+          it.class
+        }
       }
 
       ctor = c.getDeclaredConstructor(signature)
@@ -159,6 +168,15 @@ class Util {
         break
     }
 
+    args = args.collect {
+      if ( ( it instanceof String ) && ( it.startsWith('Boolean:') ) ) {
+        Boolean boolean_object = new Boolean(it.replace('Boolean:','')); 
+        boolean_object
+      } else {
+        it
+      }
+    }
+
     ctor.newInstance(*args)
   }
 
@@ -823,15 +841,47 @@ class Actions {
         ]
         break
 
+      //  Open ID
+      case 'org.jenkinsci.plugins.oic.OicSecurityRealm':
+        config = [
+          setSecurityRealm: [
+            (className): [
+              realm.getClientId(),
+              realm.getClientSecret().plainText,
+              realm.getWellKnownOpenIDConfigurationUrl(),
+              realm.getTokenServerUrl(),
+              realm.getAuthorizationServerUrl(),
+              realm.getUserInfoServerUrl(),
+              realm.getUserNameField(),
+              realm.getTokenFieldToCheckKey(),
+              realm.getTokenFieldToCheckValue(),
+              realm.getFullNameFieldName(),
+              realm.getEmailFieldName(),
+              realm.getScopes(),
+              realm.getGroupsFieldName(),
+              realm.isDisableSslVerification(),
+              realm.isLogoutFromOpenidProvider(),
+              realm.getEndSessionEndpoint(),
+              realm.getPostLogoutRedirectUrl(),
+              realm.isEscapeHatchEnabled(),
+              realm.getEscapeHatchUsername(),
+              realm.getEscapeHatchSecret().plainText,
+              realm.getEscapeHatchGroup(),
+              realm.getAutomanualconfigure()
+            ],
+          ],
+        ]
+        break
+
       // constructor with no arguments
       // "Delegate to servlet container"
       case 'hudson.security.LegacySecurityRealm':
       default:
         config = [
           setSecurityRealm: [
             (realm.getClass().getName()): [],
-         ],
-       ]
+        ],
+      ]
     }
 
     def builder = new groovy.json.JsonBuilder(config)

lib/puppet/type/jenkins_security_realm.rb

@@ -12,6 +12,30 @@
 
   newproperty(:arguments, array_matching: :all) do
     desc 'List of arguments to security realm class constructor'
+
+    def insync?(is)
+      is_insync = true
+      reason = ''
+
+      is.each.with_index do |val, index|
+        item_is_not_insync = false
+        if val == :undef
+          item_is_not_insync = true if should[index].class != NilClass
+          reason = 'undef/nil'
+        elsif should[index].class == String && should[index].start_with?('Boolean:')
+          item_is_not_insync = true if should[index].gsub(%r{Boolean:}, '') != val.to_s
+          reason = 'Boolean'
+        elsif val != should[index]
+          item_is_not_insync = true
+          reason = 'N-EQ'
+        end
+
+        debug("Type jenkins_security_realm. Arguments NOT insync? Index: #{index} - is: '#{val}' - should: '#{should[index]}' - reason: #{reason}") if item_is_not_insync
+        is_insync = false if item_is_not_insync
+      end
+
+      is_insync
+    end
   end
 
   # require all instances of jenkins_user, as does