public List<AdminUser> getOperateUsers() { return getApproval().getAuthConfig().getUsers(); }
@Test public void shouldValidateApprovalType() throws Exception { Approval approval = new Approval(); approval.setConfigAttributes(Collections.singletonMap(Approval.TYPE, "not-manual-or-success")); assertThat(approval.getType(), is("not-manual-or-success")); approval.validate(ConfigSaveValidationContext.forChain(new BasicCruiseConfig(), new BasicPipelineConfigs())); assertThat(approval.errors().firstError(), is("You have defined approval type as 'not-manual-or-success'. Approval can only be of the type 'manual' or 'success'.")); }
public Approval toApproval(CRApproval crApproval) { if (crApproval == null) return Approval.automaticApproval(); Approval approval; if (crApproval.getType() == CRApprovalCondition.manual) approval = Approval.manualApproval(); else approval = Approval.automaticApproval(); AuthConfig authConfig = approval.getAuthConfig(); for (String user : crApproval.getAuthorizedUsers()) { authConfig.add(new AdminUser(new CaseInsensitiveString(user))); } for (String user : crApproval.getAuthorizedRoles()) { authConfig.add(new AdminRole(new CaseInsensitiveString(user))); } return approval; }
public void setOperatePermissions(List<Map<String, String>> usersMap, List<Map<String, String>> rolesMap) { authConfig.clear(); Iterable<String> i; if (usersMap != null) { addAdmin(extractAdminUsers(usersMap)); } if (rolesMap != null) { addAdmin(extractAdminRole(rolesMap)); } }
public static Approval fromJSON(JsonReader jsonReader) { Approval approval = new Approval(); jsonReader.readStringIfPresent("type", approval::setType); AuthConfig authConfig = StageAuthorizationRepresenter.fromJSON(jsonReader.readJsonObject("authorization")); approval.setAuthConfig(authConfig); return approval; } }
private void validateStageApprovalAuthorization(StageConfig stageConfig, PipelineConfigSaveValidationContext contextForChildren) { Approval approval = stageConfig.getApproval(); if (!approval.validateTree(contextForChildren)) { for (ConfigErrors errors : approval.getAllErrors()) { this.errors().addAll(errors); } } }
@Test public void shouldShowBugWhichAllowsAUserWithoutOperatePermissionToOperateAStage() throws Exception { CruiseConfig cruiseConfig = cruiseConfigWithSecurity( new RoleConfig(new CaseInsensitiveString("role"), new RoleUser(new CaseInsensitiveString("first")), new RoleUser(new CaseInsensitiveString("second"))), new AdminUser(new CaseInsensitiveString("admin"))); addRoleAsAdminToDefaultGroup(cruiseConfig, "role"); PipelineConfig pipeline = cruiseConfig.find(DEFAULT_GROUP, 0); StageConfig stage = pipeline.get(0); StageConfigMother.addApprovalWithUsers(stage, "first", "some-other-user-who-is-not-operate-authorized"); Approval approval = stage.getApproval(); approval.validate(PipelineConfigSaveValidationContext.forChain(true, DEFAULT_GROUP, cruiseConfig, pipeline, stage)); assertNoErrors(approval.getAuthConfig().getUsers().get(0)); /* https://github.com/gocd/gocd/pull/1779#issuecomment-170161521 */ assertNoErrors(approval.getAuthConfig().getUsers().get(1)); }
public static void toJSON(OutputWriter jsonWriter, Approval approval) { if (!approval.errors().isEmpty()) { jsonWriter.addChild("errors", errorWriter -> { new ErrorGetter(new HashMap<>()).toJSON(errorWriter, approval); }); } jsonWriter.add("type", approval.getType()); jsonWriter.addChild("authorization", authConfigWriter -> StageAuthorizationRepresenter.toJSON(authConfigWriter, approval.getAuthConfig())); }
@Test public void shouldClearAllPermissionsWhenTheAttributesAreNull() { Approval approval = Approval.automaticApproval(); approval.getAuthConfig().add(new AdminUser(new CaseInsensitiveString("sachin"))); approval.getAuthConfig().add(new AdminRole(new CaseInsensitiveString("admin"))); approval.setOperatePermissions(null, null); assertThat(approval.getAuthConfig().isEmpty(), is(true)); }
public static final Approval automaticApproval() { return new Approval(SUCCESS); }
@Test public void shouldValidateTree() { Approval approval = new Approval(new AuthConfig(new AdminRole(new CaseInsensitiveString("role")))); BasicCruiseConfig cruiseConfig = GoConfigMother.defaultCruiseConfig(); cruiseConfig.server().security().adminsConfig().addRole(new AdminRole(new CaseInsensitiveString("super-admin"))); PipelineConfig pipelineConfig = new PipelineConfig(new CaseInsensitiveString("p1"), new MaterialConfigs()); cruiseConfig.addPipeline("g1", pipelineConfig); assertThat(approval.validateTree(PipelineConfigSaveValidationContext.forChain(true, "g1", cruiseConfig, pipelineConfig)), is(false)); assertThat(approval.getAuthConfig().errors().isEmpty(), is(false)); }
@Test public void shouldNotAssignType() throws Exception { Approval approval = new Approval(); approval.setConfigAttributes(Collections.singletonMap(Approval.TYPE, Approval.SUCCESS)); assertThat(approval.getType(), is(Approval.SUCCESS)); approval.setConfigAttributes(new HashMap()); assertThat(approval.getType(), is(Approval.SUCCESS)); approval.setConfigAttributes(Collections.singletonMap(Approval.TYPE, Approval.MANUAL)); assertThat(approval.getType(), is(Approval.MANUAL)); approval.setConfigAttributes(new HashMap()); assertThat(approval.getType(), is(Approval.MANUAL)); }
private CRApproval approvalToCRApproval(Approval approval) { CRApproval crApproval = new CRApproval(); for(AdminUser user: approval.getAuthConfig().getUsers()) { crApproval.addAuthorizedUser(user.getName().toString()); } for(AdminRole role: approval.getAuthConfig().getRoles()) { crApproval.addAuthorizedRole(role.getName().toString()); } if (approval.getType().equals(Approval.SUCCESS)) { crApproval.setApprovalCondition(CRApprovalCondition.success); } else { crApproval.setApprovalCondition(CRApprovalCondition.manual); } return crApproval; }
@Test public void shouldClearAllPermissions() { Approval approval = Approval.automaticApproval(); approval.getAuthConfig().add(new AdminUser(new CaseInsensitiveString("sachin"))); approval.getAuthConfig().add(new AdminRole(new CaseInsensitiveString("admin"))); approval.removeOperatePermissions(); assertThat(approval.getAuthConfig().isEmpty(), is(true)); }
@Test public void shouldResolveConfigValue() throws NoSuchFieldException { PipelineConfig pipelineConfig = PipelineConfigMother.createPipelineConfig("cruise", "dev", "ant"); pipelineConfig.setLabelTemplate("2.1-${COUNT}-#{foo}-bar-#{bar}"); StageConfig stageConfig = pipelineConfig.get(0); stageConfig.updateApproval(new Approval(new AuthConfig(new AdminUser(new CaseInsensitiveString("#{foo}")), new AdminUser(new CaseInsensitiveString("#{bar}"))))); new ParamResolver(new ParamSubstitutionHandlerFactory(params(param("foo", "pavan"), param("bar", "jj"))), fieldCache).resolve(pipelineConfig); assertThat(pipelineConfig.getLabelTemplate(), is("2.1-${COUNT}-pavan-bar-jj")); assertThat(stageConfig.getApproval().getAuthConfig(), is(new AuthConfig(new AdminUser(new CaseInsensitiveString("pavan")), new AdminUser(new CaseInsensitiveString("jj"))))); }
@Test public void shouldAssignApprovalTypeOnFirstStageAsAuto() throws Exception { Map approvalAttributes = Collections.singletonMap(Approval.TYPE, Approval.SUCCESS); Map<String, Map> map = Collections.singletonMap(StageConfig.APPROVAL, approvalAttributes); PipelineConfig pipelineConfig = PipelineConfigMother.createPipelineConfig("p1", "s1", "j1"); pipelineConfig.get(0).updateApproval(Approval.manualApproval()); pipelineConfig.setConfigAttributes(map); assertThat(pipelineConfig.get(0).getApproval().getType(), is(Approval.SUCCESS)); }
@Test public void shouldAssignApprovalTypeOnFirstStageAsManualAndRestOfStagesAsUntouched() throws Exception { Map approvalAttributes = Collections.singletonMap(Approval.TYPE, Approval.MANUAL); Map<String, Map> map = Collections.singletonMap(StageConfig.APPROVAL, approvalAttributes); PipelineConfig pipelineConfig = PipelineConfigMother.pipelineConfig("p1", StageConfigMother.custom("s1", Approval.automaticApproval()), StageConfigMother.custom("s2", Approval.automaticApproval())); pipelineConfig.setConfigAttributes(map); assertThat(pipelineConfig.get(0).getApproval().getType(), is(Approval.MANUAL)); assertThat(pipelineConfig.get(1).getApproval().getType(), is(Approval.SUCCESS)); }
@Test public void shouldReturnDisplayNameForApprovalType() { Approval approval = Approval.automaticApproval(); assertThat(approval.getDisplayName(), is("On Success")); approval = Approval.manualApproval(); assertThat(approval.getDisplayName(), is("Manual")); }
@Test public void shouldSetAutoApprovalOnStageInstance() { StageConfig stageConfig = StageConfigMother.custom("test", Approval.automaticApproval()); Stage instance = instanceFactory.createStageInstance(stageConfig, new DefaultSchedulingContext("anyone"), "md5", new TimeProvider()); assertThat(instance.getApprovalType(), is(GoConstants.APPROVAL_SUCCESS)); }
public boolean validateTree(ValidationContext validationContext) { validate(validationContext); boolean isValid = errors.isEmpty(); ValidationContext contextForChildren = validationContext.withParent(this); isValid = jobConfigs.validateTree(contextForChildren) && isValid; isValid = approval.validateTree(contextForChildren) && isValid; isValid = variables.validateTree(contextForChildren) && isValid; return isValid; }