public boolean canBeOperatedBy(Role role) { return getOperateRoles().contains(new AdminRole(role)); } }
private boolean containsRole(final CaseInsensitiveString roleName, List<AdminRole> roles){ for(AdminRole role : roles){ if (role.getName().equals(roleName)){ return true; } } return false; } }
@Test public void shouldThrowExceptionIfRoleNameInPipelinesAuthorizationDoesNotExist_ConfigSaveValidationContext() { AdminRole role = new AdminRole(new CaseInsensitiveString("role2")); PipelineConfigs pipelinesConfig = new BasicPipelineConfigs(new Authorization(new ViewConfig(role))); CruiseConfig config = new BasicCruiseConfig(pipelinesConfig); role.validate(ConfigSaveValidationContext.forChain(config)); ConfigErrors errors = role.errors(); assertThat(errors.isEmpty(), is(false)); assertThat(errors.on(AdminRole.NAME), is("Role \"role2\" does not exist.")); }
@Test public void shouldPopulateErrorsOnPresentationElementWhenAnInvalidRoleIsAddedToAdminList() { Authorization authorization = new Authorization(); AdminRole invalidRole = new AdminRole(new CaseInsensitiveString("boo_user")); invalidRole.addError(AdminUser.NAME, "some error"); AdminRole validRole = new AdminRole(new CaseInsensitiveString("valid_user")); authorization.getAdminsConfig().add(invalidRole); authorization.getAdminsConfig().add(validRole); List<Authorization.PresentationElement> roleAuthorizations = authorization.getRoleAuthorizations(); assertThat(roleAuthorizations.get(0).errors().isEmpty(), is(false)); assertThat(roleAuthorizations.get(0).errors().on(Admin.NAME), is("some error")); assertThat(roleAuthorizations.get(1).errors().isEmpty(), is(true)); }
@Test public void shouldThrowExceptionIfRoleNameInPipelinesAuthorizationAdminSectionDoesNotExist() { AdminRole role = new AdminRole(new CaseInsensitiveString("shilpaIsNotHere")); PipelineConfigs pipelineConfigs = new BasicPipelineConfigs(new Authorization(new AdminsConfig(role))); CruiseConfig config = new BasicCruiseConfig(pipelineConfigs); role.validate(ConfigSaveValidationContext.forChain(config)); ConfigErrors errors = role.errors(); assertThat(errors.isEmpty(), is(false)); assertThat(errors.on(AdminRole.NAME), is("Role \"shilpaIsNotHere\" does not exist.")); }
public void removeRole(Role role) { this.remove(new AdminRole(role)); }
@Test public void shouldAddValidationErrorWithPipelineNameIfRoleNameInPipelinesAuthorizationDoesNotExist_PipelineConfigSaveValidationContext() { AdminRole role = new AdminRole(new CaseInsensitiveString("role2")); PipelineConfig pipelineConfig = new PipelineConfig(); pipelineConfig.setName("foo"); PipelineConfigs pipelinesConfig = new BasicPipelineConfigs(new Authorization(new ViewConfig(role)), pipelineConfig); CruiseConfig config = new BasicCruiseConfig(pipelinesConfig); role.validate(PipelineConfigSaveValidationContext.forChain(true, "group",config, pipelineConfig)); ConfigErrors errors = role.errors(); assertThat(errors.isEmpty(), is(false)); assertThat(errors.on(AdminRole.NAME), is("Role \"role2\" does not exist.")); }
public static Set<PluginRoleConfig> pluginRolesFor(SecurityConfig securityConfig, List<AdminRole> roles) { Set<PluginRoleConfig> pluginRoleConfigs = new HashSet<>(); for (AdminRole role : roles) { PluginRoleConfig pluginRole = securityConfig.getPluginRole(role.getName()); if (pluginRole != null) { pluginRoleConfigs.add(pluginRole); } } return pluginRoleConfigs; }
@Test public void validate_shouldNotAllowRoleInApprovalListButNotInOperationList() throws Exception { CruiseConfig cruiseConfig = cruiseConfigWithSecurity( new RoleConfig(new CaseInsensitiveString("role"), new RoleUser(new CaseInsensitiveString("first")), new RoleUser(new CaseInsensitiveString("second"))), new AdminUser( new CaseInsensitiveString("admin"))); PipelineConfigs group = addUserAndRoleToDefaultGroup(cruiseConfig, "user", "role"); PipelineConfig pipeline = cruiseConfig.find(DEFAULT_GROUP, 0); StageConfig stage = pipeline.get(0); StageConfigMother.addApprovalWithRoles(stage, "not-present"); Approval approval = stage.getApproval(); approval.validate(ConfigSaveValidationContext.forChain(cruiseConfig, group, pipeline, stage)); AdminRole user = approval.getAuthConfig().getRoles().get(0); assertThat(user.errors().isEmpty(), is(false)); assertThat(user.errors().on("name"), is("Role \"not-present\" who is not authorized to operate pipeline group `defaultGroup` can not be authorized to approve stage")); }
private Admin[] extractAdminRole(List<Map<String, String>> map) { List<Admin> result = new ArrayList<>(map.size()); for (Map<String, String> usernameMap : map) { String value = usernameMap.get("name").trim(); if (!StringUtils.isBlank(value)) { result.add(new AdminRole(new CaseInsensitiveString(value))); } } return result.toArray(new Admin[result.size()]); }
@Test public void shouldNotThrowExceptionIfRoleNameExistInPipelinesAuthorization() { AdminRole role = new AdminRole(new CaseInsensitiveString("role2")); PipelineConfigs pipelinesConfig = new BasicPipelineConfigs(new Authorization(new ViewConfig(role))); CruiseConfig config = new BasicCruiseConfig(pipelinesConfig); config.server().security().addRole(new RoleConfig(new CaseInsensitiveString("role2"))); role.validate(ConfigSaveValidationContext.forChain(config)); assertThat(role.errors().isEmpty(), is(true)); }
private static List<String> rolesAsString(List<AdminRole> roles) { return roles.stream().map(role -> role.getName().toString()).collect(Collectors.toList()); }
@Override public Admin makeUser(String name) { return new AdminRole(new CaseInsensitiveString(name)); }};
@Test public void shouldNotThrowExceptionIfRoleNameInPipelinesAuthorizationAdminSectionExists() { AdminRole role = new AdminRole(new CaseInsensitiveString("shilpaIsHere")); PipelineConfigs pipelineConfigs = new BasicPipelineConfigs(new Authorization(new AdminsConfig(role))); CruiseConfig config = new BasicCruiseConfig(pipelineConfigs); config.server().security().addRole(new RoleConfig(new CaseInsensitiveString("shilpaIsHere"))); role.validate(ConfigSaveValidationContext.forChain(config)); assertThat(role.errors().isEmpty(), is(true)); } }
private static List<String> rolesAsString(List<AdminRole> roles) { return roles.stream().map(role -> role.getName().toString()).collect(Collectors.toList()); }
public void cleanupAllUsagesOfRole(Role roleToDelete) { this.getApproval().getAuthConfig().remove(new AdminRole(roleToDelete)); }
@Test public void shouldThrowExceptionIfRoleNameInStageAuthorizationDoesNotExist() { AdminRole role = new AdminRole(new CaseInsensitiveString("role2")); StageConfig stage = StageConfigMother.custom("ft", new AuthConfig(role)); CruiseConfig config = new BasicCruiseConfig(new BasicPipelineConfigs(new PipelineConfig(new CaseInsensitiveString("pipeline"), new MaterialConfigs(), stage))); role.validate(ConfigSaveValidationContext.forChain(config)); ConfigErrors configErrors = role.errors(); assertThat(configErrors.isEmpty(), is(false)); assertThat(configErrors.on(AdminRole.NAME), is("Role \"role2\" does not exist.")); }
@Override public List<String> getOperateRoleNames() { List<String> roles = new ArrayList<>(); for (AdminRole role : getOperateRoles()) { roles.add(CaseInsensitiveString.str(role.getName())); } return roles; }
public BulkUpdateAdminsResult bulkUpdate(Username currentUser, List<String> usersToAdd, List<String> usersToRemove, List<String> rolesToAdd, List<String> rolesToRemove, String md5) { Set<Admin> existingAdmins = new HashSet<>(systemAdmins()); BulkUpdateAdminsResult result = validateUsersAndRolesForBulkUpdate(usersToRemove, rolesToRemove, existingAdmins); if (!result.isSuccessful()) { return result; } usersToAdd.forEach(user -> existingAdmins.add(new AdminUser(user))); rolesToAdd.forEach(role -> existingAdmins.add(new AdminRole(role))); usersToRemove.forEach(user -> existingAdmins.remove(new AdminUser(new CaseInsensitiveString(user)))); rolesToRemove.forEach(role -> existingAdmins.remove(new AdminRole(new CaseInsensitiveString(role)))); AdminsConfigUpdateCommand command = new AdminsConfigUpdateCommand(goConfigService, new AdminsConfig(existingAdmins), currentUser, result, entityHashingService, md5); updateConfig(currentUser, result, command); result.setAdminsConfig(command.getEntity()); return result; }