public boolean hasRole(PluginRoleConfig role) { return role.getAuthConfigId().equals(id); }
public PluginRoleConfig createPluginRole(String roleName, String pluginId) { return new PluginRoleConfig(roleName, pluginId); } }
private List<Map<String, Object>> getRoleConfigs(List<PluginRoleConfig> roleConfigs) { List<Map<String, Object>> configs = new ArrayList<>(); if (roleConfigs == null) { return configs; } for (PluginRoleConfig roleConfig : roleConfigs) { Map<String, Object> config = new HashMap<>(); config.put("name", roleConfig.getName().toString()); config.put("auth_config_id", roleConfig.getAuthConfigId()); config.put("configuration", roleConfig.getConfigurationAsMap(true)); configs.add(config); } return configs; }
@Override public String getProcessRoleConfigsResponseBody(List<PluginRoleConfig> roles) { List<Map> list = new ArrayList<>(); for (PluginRoleConfig role : roles) { LinkedHashMap<String, Object> e = new LinkedHashMap<>(); e.put("name", role.getName().toString()); e.put("configuration", role.getConfigurationAsMap(true)); list.add(e); } return GSON.toJson(list); }
public static PluginRoleConfig fromJSON(JsonReader jsonReader) { PluginRoleConfig model = new PluginRoleConfig(); if (jsonReader == null) { return model; } jsonReader.readStringIfPresent("auth_config_id", model::setAuthConfigId); model.addConfigurations(ConfigurationPropertyRepresenter.fromJSONArray(jsonReader, "properties")); return model; }
public void validatePresenceAuthConfigId(Validator v){ PluginRoleConfig role = new PluginRoleConfig("admin", ""); SecurityConfig securityConfig = new SecurityConfig(); v.validate(role, ValidationContextMother.validationContext(securityConfig)); assertThat(role.errors().size(), is(1)); assertThat(role.errors().get("authConfigId").size(), is(1)); assertThat(role.errors().get("authConfigId").get(0), is("Invalid plugin role authConfigId name ''. This must be alphanumeric and can" + " contain underscores and periods (however, it cannot start with a period). The maximum allowed length is 255 characters.")); }
private void validatePresenceOfRoleName(Validator v) { PluginRoleConfig role = new PluginRoleConfig("", "auth_config_id"); SecurityConfig securityConfig = new SecurityConfig(); securityConfig.securityAuthConfigs().add(new SecurityAuthConfig("auth_config_id", "plugin_id")); v.validate(role, ValidationContextMother.validationContext(securityConfig)); assertTrue(role.hasErrors()); assertThat(role.errors().size(), is(1)); assertThat(role.errors().get("name").get(0), is("Invalid role name name ''. This must be alphanumeric and can" + " contain underscores and periods (however, it cannot start with a period). The maximum allowed length is 255 characters.")); }
@Override public void validate(ValidationContext validationContext) { Role.super.validate(validationContext); if (!new NameTypeValidator().isNameValid(authConfigId)) { configErrors.add("authConfigId", NameTypeValidator.errorMessage("plugin role authConfigId", authConfigId)); } if (isNotBlank(authConfigId)) { SecurityAuthConfig securityAuthConfig = validationContext.getServerSecurityConfig().securityAuthConfigs().find(authConfigId); if (securityAuthConfig == null) { addError("authConfigId", String.format("No such security auth configuration present for id: `%s`", getAuthConfigId())); } } }
private void validateNullRoleName(Validator v) { PluginRoleConfig role = new PluginRoleConfig("", "auth_config_id"); role.setName(null); SecurityConfig securityConfig = new SecurityConfig(); securityConfig.securityAuthConfigs().add(new SecurityAuthConfig("auth_config_id", "plugin_id")); v.validate(role, ValidationContextMother.validationContext(securityConfig)); assertTrue(role.hasErrors()); assertThat(role.errors().size(), is(1)); assertThat(role.errors().get("name").get(0), is("Invalid role name name 'null'. This must be alphanumeric and can" + " contain underscores and periods (however, it cannot start with a period). The maximum allowed length is 255 characters.")); }
public void validate(PluginRoleConfig role, String pluginId) { try { ValidationResult result = authorizationExtension.validateRoleConfiguration(pluginId, role.getConfigurationAsMap(true)); if (!result.isSuccessful()) { for (ValidationError error : result.getErrors()) { ConfigurationProperty property = role.getProperty(error.getKey()); if (property == null) { role.addNewConfiguration(error.getKey(), false); property = role.getProperty(error.getKey()); } property.addError(error.getKey(), error.getMessage()); } } } catch (PluginNotFoundException e) { role.addError("pluginRole", String.format("Unable to validate `pluginRole` configuration, missing plugin: %s", pluginId)); } } }
private Map<CaseInsensitiveString, PluginRoleConfig> getPluginRoles(String pluginId) { Map<CaseInsensitiveString, PluginRoleConfig> result = new HashMap<>(); List<PluginRoleConfig> pluginRoles = goConfigService.security().getPluginRoles(pluginId); for (PluginRoleConfig pluginRole : pluginRoles) { result.put(pluginRole.getName(), pluginRole); } return result; }
public void validatePresenceOfAuthConfigIdInSecurityConfig(Validator v) throws Exception { PluginRoleConfig role = new PluginRoleConfig("admin", "auth_config_id"); SecurityConfig securityConfig = new SecurityConfig(); v.validate(role, ValidationContextMother.validationContext(securityConfig)); assertThat(role.errors().size(), is(1)); assertThat(role.errors().get("authConfigId").size(), is(1)); assertThat(role.errors().get("authConfigId").get(0), is("No such security auth configuration present for id: `auth_config_id`")); }
public static PluginRoleConfig fromJSON(JsonReader jsonReader) { PluginRoleConfig model = new PluginRoleConfig(); if (jsonReader == null) { return model; } jsonReader.readStringIfPresent("auth_config_id", model::setAuthConfigId); model.addConfigurations(ConfigurationPropertyRepresenter.fromJSONArray(jsonReader, "properties")); return model; }
@Test public void hasErrors_shouldBeTrueIfConfigurationPropertiesHasErrors() throws Exception { ConfigurationProperty property = new ConfigurationProperty(new ConfigurationKey("username"), new ConfigurationValue("view")); PluginRoleConfig roleConfig = new PluginRoleConfig("admin", "auth_id", property); property.addError("username", "username format is incorrect"); assertTrue(roleConfig.hasErrors()); assertTrue(roleConfig.errors().isEmpty()); }
public PluginRoleConfig getPluginRole(CaseInsensitiveString roleName) { for (PluginRoleConfig pluginRoleConfig : rolesConfig.getPluginRoleConfigs()) { if (pluginRoleConfig.getName().equals(roleName)) { return pluginRoleConfig; } } return null; } }
@Test public void shouldCareAboutPluginRoleConfigChange() { SecurityConfigChangeListener securityConfigChangeListener = new SecurityConfigChangeListener() { @Override public void onEntityConfigChange(Object entity) { } }; assertThat(securityConfigChangeListener.shouldCareAbout(new PluginRoleConfig()), is(true)); }
public List<PluginRoleConfig> pluginRoleConfigsFor(String authConfigId) { List<PluginRoleConfig> rolesConfig = new ArrayList<>(); for (Role role : this) { if (role instanceof PluginRoleConfig) { if (((PluginRoleConfig) role).getAuthConfigId().equals(authConfigId)) { rolesConfig.add((PluginRoleConfig) role); } } } return rolesConfig; }
public void validateUniquenessOfRoleName(Validator v) throws Exception { PluginRoleConfig role = new PluginRoleConfig("admin", "auth_config_id"); SecurityConfig securityConfig = new SecurityConfig(); ValidationContext validationContext = ValidationContextMother.validationContext(securityConfig); securityConfig.securityAuthConfigs().add(new SecurityAuthConfig("auth_config_id", "plugin_id")); securityConfig.getRoles().add(new RoleConfig(new CaseInsensitiveString("admin"))); securityConfig.getRoles().add(role); v.validate(role, validationContext); assertThat(role.errors().size(), is(1)); assertThat(role.errors().get("name").get(0), is("Role names should be unique. Role with the same name exists.")); }
public PluginRoleConfig findPluginRoleByName(CaseInsensitiveString pluginRoleName) { for (PluginRoleConfig pluginRoleConfig : getPluginRoleConfigs()) { if (pluginRoleConfig.getName().equals(pluginRoleName)) { return pluginRoleConfig; } } return null; }
@Test public void shouldBeAbleToFetchPluginRolesForAAuthConfig() throws Exception { PluginRoleConfig admin = new PluginRoleConfig("admin", "corporate_ldap"); PluginRoleConfig view = new PluginRoleConfig("view", "corporate_ldap"); PluginRoleConfig operator = new PluginRoleConfig("operator", "internal_ldap"); RolesConfig rolesConfig = new RolesConfig(admin, view, operator, new RoleConfig(new CaseInsensitiveString("committer"))); assertThat(rolesConfig.pluginRoleConfigsFor("corporate_ldap"), hasSize(2)); assertThat(rolesConfig.pluginRoleConfigsFor("corporate_ldap"), containsInAnyOrder(admin, view)); assertThat(rolesConfig.pluginRoleConfigsFor("internal_ldap"), hasSize(1)); assertThat(rolesConfig.pluginRoleConfigsFor("internal_ldap"), containsInAnyOrder(operator)); }