private static void populateConfig(AdminsConfig config, JsonReader jsonReader) { jsonReader.readArrayIfPresent("users", users -> users.forEach(user -> config.add(new AdminUser(new CaseInsensitiveString(user.getAsString()))))); jsonReader.readArrayIfPresent("roles", roles -> roles.forEach(role -> config.add(new AdminRole(new CaseInsensitiveString(role.getAsString()))))); } }
public static AdminsConfig fromJSON(JsonReader jsonReader) { AdminsConfig adminsConfig = new AdminsConfig(); jsonReader.readArrayIfPresent("users", users -> { users.forEach(user -> adminsConfig.add(new AdminUser(new CaseInsensitiveString(user.getAsString())))); }); jsonReader.readArrayIfPresent("roles", roles -> { roles.forEach(role -> adminsConfig.add(new AdminRole(new CaseInsensitiveString(role.getAsString())))); }); return adminsConfig; }
public static AdminsConfig fromJSON(JsonReader jsonReader) { AdminsConfig adminsConfig = new AdminsConfig(); jsonReader.readArrayIfPresent("users", users -> { users.forEach(user -> adminsConfig.add(new AdminUser(new CaseInsensitiveString(user.getAsString())))); }); jsonReader.readArrayIfPresent("roles", roles -> { roles.forEach(role -> adminsConfig.add(new AdminRole(new CaseInsensitiveString(role.getAsString())))); }); return adminsConfig; }
@Test public void shouldSayThatAViewUserWithinARole_HasAdminOrViewPermissions() { CaseInsensitiveString viewUser = new CaseInsensitiveString("view"); RoleConfig role = new RoleConfig(new CaseInsensitiveString("role1"), new RoleUser(viewUser)); List<Role> roles = new ArrayList<>(); roles.add(role); Authorization authorization = new Authorization(new ViewConfig(new AdminRole(role))); assertThat(authorization.hasAdminOrViewPermissions(viewUser, roles), is(true)); }
@Test public void shouldReturnTrueIfAnUserBelongsToAnAdminRole() { Authorization authorization = new Authorization(new AdminsConfig(new AdminRole(new CaseInsensitiveString("bar1")), new AdminRole(new CaseInsensitiveString("bar2")))); assertThat(authorization.isUserAnAdmin(new CaseInsensitiveString("foo1"), Arrays.asList(new RoleConfig(new CaseInsensitiveString("bar1")), new RoleConfig(new CaseInsensitiveString("bar1") ))), is(true)); assertThat(authorization.isUserAnAdmin(new CaseInsensitiveString("foo2"), Arrays.asList(new RoleConfig(new CaseInsensitiveString("bar2")))), is(true)); assertThat(authorization.isUserAnAdmin(new CaseInsensitiveString("foo3"), Arrays.asList(new RoleConfig(new CaseInsensitiveString("bar1")))), is(true)); assertThat(authorization.isUserAnAdmin(new CaseInsensitiveString("foo4"), new ArrayList<>()), is(false)); }
@Test public void shouldReturnFalseIfUserWithinARoleCannotEditTemplate() { CaseInsensitiveString templateAdmin = new CaseInsensitiveString("template-admin"); Role securityConfigRole = getSecurityConfigRole(templateAdmin); List<Role> roles = setupRoles(securityConfigRole); String templateName = "template1"; PipelineTemplateConfig template = PipelineTemplateConfigMother.createTemplate(templateName, new Authorization(new AdminsConfig(new AdminRole(new CaseInsensitiveString("another-role")))), StageConfigMother.manualStage("random-stage")); TemplatesConfig templates = new TemplatesConfig(template); assertThat(templates.canUserEditTemplate(template, templateAdmin, roles), is(false)); }
private void assertion(AdminsConfig actualView) { assertThat(actualView, hasItem((Admin) new AdminUser(new CaseInsensitiveString("jez")))); assertThat(actualView, hasItem((Admin) new AdminUser(new CaseInsensitiveString("lqiao")))); assertThat(actualView, hasItem((Admin) new AdminRole(new CaseInsensitiveString("mingle")))); }
@Test public void shouldReturnFalseIfUserWithinARoleCannotViewTemplate() { CaseInsensitiveString templateViewUser = new CaseInsensitiveString("template-admin"); Role securityConfigRole = getSecurityConfigRole(templateViewUser); List<Role> roles = setupRoles(securityConfigRole); String templateName = "template1"; PipelineTemplateConfig template = PipelineTemplateConfigMother.createTemplate(templateName, StageConfigMother.manualStage("stage")); template.setAuthorization(new Authorization(new ViewConfig(new AdminRole(new CaseInsensitiveString("another-role"))))); TemplatesConfig templates = new TemplatesConfig(template); assertThat(templates.hasViewAccessToTemplate(template, templateViewUser, roles, false), is(false)); }
private PipelineConfigs addRoleAsAdminToDefaultGroup(CruiseConfig cruiseConfig, String role) { PipelineConfigs group = cruiseConfig.findGroup(DEFAULT_GROUP); group.getAuthorization().getAdminsConfig().add(new AdminRole(new CaseInsensitiveString(role))); return group; }
private StageConfig stageWithAuth(String role) { StageConfig stage = stageWithJobResource("foo"); stage.getApproval().getAuthConfig().add(new AdminRole(new CaseInsensitiveString(role))); return stage; }
@Test public void shouldUnderstandIfAUserIsAnAdminThroughRole() { AdminsConfig adminsConfig = new AdminsConfig(new AdminUser(new CaseInsensitiveString("loser")), new AdminRole(new CaseInsensitiveString("Role1"))); assertThat(adminsConfig.isAdminRole(Arrays.asList(new RoleConfig(new CaseInsensitiveString("first")), new RoleConfig(new CaseInsensitiveString("role1")))), is(true)); assertThat(adminsConfig.isAdminRole(Arrays.asList(new RoleConfig(new CaseInsensitiveString("role2")))), is(false)); assertThat(adminsConfig.isAdminRole(Arrays.asList(new RoleConfig(new CaseInsensitiveString("loser")))), is(false)); }
public CruiseConfig addApprovalForStage(CruiseConfig cruiseConfig, String pipelineName, String stageName, String roleName) { Approval stageApproval = cruiseConfig.stageConfigByName(new CaseInsensitiveString(pipelineName), new CaseInsensitiveString(stageName)).getApproval(); stageApproval.addAdmin(new AdminRole(new CaseInsensitiveString(roleName))); return cruiseConfig; }
public GoConfigMother addAdminRoleForPipelineGroup(CruiseConfig config, String roleName, String groupName) { PipelineConfigs group = config.getGroups().findGroup(groupName); group.getAuthorization().getAdminsConfig().add(new AdminRole(new CaseInsensitiveString(roleName))); return this; }
@Test public void shouldValidateRoleNamesInTemplateViewAuthorization() { BasicCruiseConfig cruiseConfig = GoConfigMother.defaultCruiseConfig(); ServerConfig serverConfig = new ServerConfig(new SecurityConfig(new AdminsConfig(new AdminUser(new CaseInsensitiveString("admin")))), null); cruiseConfig.setServerConfig(serverConfig); GoConfigMother.enableSecurityWithPasswordFilePlugin(cruiseConfig); RoleConfig roleConfig = new RoleConfig(new CaseInsensitiveString("non-existent-role"), new RoleUser("non-existent-user")); PipelineTemplateConfig template = new PipelineTemplateConfig(new CaseInsensitiveString("template"), new Authorization(new ViewConfig(new AdminRole(roleConfig))), StageConfigMother.manualStage("stage2"), StageConfigMother.manualStage("stage")); template.validate(ConfigSaveValidationContext.forChain(cruiseConfig)); assertThat(template.getAllErrors().get(0).getAllOn("name"), is(Arrays.asList("Role \"non-existent-role\" does not exist."))); }
@Test public void shouldValidateRoleNamesInTemplateAdminAuthorization() { BasicCruiseConfig cruiseConfig = GoConfigMother.defaultCruiseConfig(); ServerConfig serverConfig = new ServerConfig(new SecurityConfig(new AdminsConfig(new AdminUser(new CaseInsensitiveString("admin")))), null); cruiseConfig.setServerConfig(serverConfig); GoConfigMother.enableSecurityWithPasswordFilePlugin(cruiseConfig); RoleConfig roleConfig = new RoleConfig(new CaseInsensitiveString("non-existent-role"), new RoleUser("non-existent-user")); PipelineTemplateConfig template = new PipelineTemplateConfig(new CaseInsensitiveString("template"), new Authorization(new AdminsConfig(new AdminRole(roleConfig))), StageConfigMother.manualStage("stage2"), StageConfigMother.manualStage("stage")); template.validate(ConfigSaveValidationContext.forChain(cruiseConfig)); assertThat(template.getAllErrors().get(0).getAllOn("name"), is(Arrays.asList("Role \"non-existent-role\" does not exist."))); }
@Test public void shouldListItselfWhenARoleExists() { Role firstRole = new RoleConfig(new CaseInsensitiveString("role1"), new RoleUser(new CaseInsensitiveString("USER1")), new RoleUser(new CaseInsensitiveString("user2"))); Role secondRole = new RoleConfig(new CaseInsensitiveString("ROLE2"), new RoleUser(new CaseInsensitiveString("user1")), new RoleUser(new CaseInsensitiveString("user3"))); RolesConfig rolesConfig = new RolesConfig(firstRole, secondRole); assertThat(rolesConfig.memberRoles(new AdminRole(new CaseInsensitiveString("role1"))), is(asList(firstRole))); assertThat(rolesConfig.memberRoles(new AdminRole(new CaseInsensitiveString("role2"))), is(asList(secondRole))); }
@Test public void shouldClearAllPermissionsWhenTheAttributesAreNull() { Approval approval = Approval.automaticApproval(); approval.getAuthConfig().add(new AdminUser(new CaseInsensitiveString("sachin"))); approval.getAuthConfig().add(new AdminRole(new CaseInsensitiveString("admin"))); approval.setOperatePermissions(null, null); assertThat(approval.getAuthConfig().isEmpty(), is(true)); }
@Test public void shouldSetViewPermissionByDefaultIfNameIsPresentAndPermissionsAreOff_whileSettingAttributes() { PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1")); group.setConfigAttributes(m(BasicPipelineConfigs.AUTHORIZATION, a( m(Authorization.NAME, "user1", Authorization.TYPE, USER.toString(), Authorization.PRIVILEGES, privileges(OFF, OFF, OFF)), m(Authorization.NAME, "role1", Authorization.TYPE, ROLE.toString(), Authorization.PRIVILEGES, privileges(OFF, OFF, OFF))))); Authorization authorization = group.getAuthorization(); assertThat(authorization.getViewConfig().size(), is(2)); assertThat(authorization.getViewConfig(), hasItems(new AdminRole(new CaseInsensitiveString("role1")), new AdminUser(new CaseInsensitiveString("user1")))); assertThat(authorization.getOperationConfig().size(), is(0)); assertThat(authorization.getAdminsConfig().size(), is(0)); }
@Test public void shouldNotThrowExceptionIfRoleNameExistInPipelinesAuthorization() { AdminRole role = new AdminRole(new CaseInsensitiveString("role2")); PipelineConfigs pipelinesConfig = new BasicPipelineConfigs(new Authorization(new ViewConfig(role))); CruiseConfig config = new BasicCruiseConfig(pipelinesConfig); config.server().security().addRole(new RoleConfig(new CaseInsensitiveString("role2"))); role.validate(ConfigSaveValidationContext.forChain(config)); assertThat(role.errors().isEmpty(), is(true)); }
@Test public void shouldNotThrowExceptionIfRoleNameExist() { AdminRole role = new AdminRole(new CaseInsensitiveString("role1")); StageConfig stage = StageConfigMother.custom("ft", new AuthConfig(role)); PipelineConfigs pipelineConfigs = new BasicPipelineConfigs(new PipelineConfig(new CaseInsensitiveString("pipeline"), new MaterialConfigs(), stage)); CruiseConfig config = new BasicCruiseConfig(pipelineConfigs); config.server().security().addRole(new RoleConfig(new CaseInsensitiveString("role1"))); role.validate(ConfigSaveValidationContext.forChain(config)); assertThat(role.errors().isEmpty(), is(true)); }