private Admin[] extractAdminUsers(List<Map<String, String>> map) { List<Admin> result = new ArrayList<>(map.size()); for (Map<String, String> usernameMap : map) { String value = usernameMap.get("name").trim(); if (!StringUtils.isBlank(value)) { result.add(new AdminUser(new CaseInsensitiveString(value))); } } return result.toArray(new Admin[result.size()]); }
@Test public void shouldReturnTrueIfOperationPermissionDefined() { Authorization authorization = new Authorization(new OperationConfig(new AdminUser(new CaseInsensitiveString("baby")))); assertThat(authorization.hasOperationPermissionDefined(), is(true)); }
@Test public void shouldResolveConfigValue() throws NoSuchFieldException { PipelineConfig pipelineConfig = PipelineConfigMother.createPipelineConfig("cruise", "dev", "ant"); pipelineConfig.setLabelTemplate("2.1-${COUNT}-#{foo}-bar-#{bar}"); StageConfig stageConfig = pipelineConfig.get(0); stageConfig.updateApproval(new Approval(new AuthConfig(new AdminUser(new CaseInsensitiveString("#{foo}")), new AdminUser(new CaseInsensitiveString("#{bar}"))))); new ParamResolver(new ParamSubstitutionHandlerFactory(params(param("foo", "pavan"), param("bar", "jj"))), fieldCache).resolve(pipelineConfig); assertThat(pipelineConfig.getLabelTemplate(), is("2.1-${COUNT}-pavan-bar-jj")); assertThat(stageConfig.getApproval().getAuthConfig(), is(new AuthConfig(new AdminUser(new CaseInsensitiveString("pavan")), new AdminUser(new CaseInsensitiveString("jj"))))); }
@Test public void shouldReturnTrueIfUserCanViewTemplate() { CaseInsensitiveString templateViewUser = new CaseInsensitiveString("view"); String templateName = "template"; PipelineTemplateConfig template = PipelineTemplateConfigMother.createTemplate(templateName, StageConfigMother.manualStage("stage")); template.setAuthorization(new Authorization(new ViewConfig(new AdminUser(templateViewUser)))); TemplatesConfig templates = new TemplatesConfig(template); assertThat(templates.hasViewAccessToTemplate(template, templateViewUser, null, false), is(true)); }
@Test public void shouldReturnTrueIfAUserIsAnAdmin() { AdminsConfig adminsConfig = new AdminsConfig(new AdminUser(new CaseInsensitiveString("USER1"))); assertThat(adminsConfig.isAdmin(new AdminUser(new CaseInsensitiveString("user1")), Arrays.asList(new RoleConfig(new CaseInsensitiveString("first") ), new RoleConfig(new CaseInsensitiveString("role1")))), is(true)); }
@Test public void shouldKnowIfRoleIsAdmin() throws Exception { SecurityConfig security = security(passwordFileAuthConfig(), admins(role("role1"))); assertThat(security.isAdmin(new AdminUser(new CaseInsensitiveString("chris"))), is(true)); assertThat(security.isAdmin(new AdminUser(new CaseInsensitiveString("jez"))), is(true)); assertThat(security.isAdmin(new AdminUser(new CaseInsensitiveString("evilHacker"))), is(false)); }
@Test public void shouldKnowIfUserIsAdmin() throws Exception { SecurityConfig security = security(null, admins(user("chris"))); assertThat(security.isAdmin(new AdminUser(new CaseInsensitiveString("chris"))), is(true)); assertThat(security.isAdmin(new AdminUser(new CaseInsensitiveString("evilHacker"))), is(true)); security = security(passwordFileAuthConfig(), admins(user("chris"))); assertThat(security.isAdmin(new AdminUser(new CaseInsensitiveString("chris"))), is(true)); assertThat(security.isAdmin(new AdminUser(new CaseInsensitiveString("evilHacker"))), is(false)); }
@Test public void shouldNotCareIfValidUserInRoleOrUser() throws Exception { SecurityConfig security = security(passwordFileAuthConfig(), admins(role("role2"))); assertThat(security.isAdmin(new AdminUser(new CaseInsensitiveString("chris"))), is(true)); assertThat(security.isAdmin(new AdminUser(new CaseInsensitiveString("jez"))), is(false)); security = security(passwordFileAuthConfig(), admins(role("role2"), user("jez"))); assertThat(security.isAdmin(new AdminUser(new CaseInsensitiveString("chris"))), is(true)); assertThat(security.isAdmin(new AdminUser(new CaseInsensitiveString("jez"))), is(true)); }
@Test public void shouldSetAuthorizationInFile() { BasicPipelineConfigs filePart = new BasicPipelineConfigs(); filePart.setOrigin(new FileConfigOrigin()); MergePipelineConfigs merge = new MergePipelineConfigs(filePart,new BasicPipelineConfigs()); Authorization auth = new Authorization(new AdminsConfig(new AdminUser(new CaseInsensitiveString("buddy")))); merge.setAuthorization(auth); assertThat(filePart.getAuthorization(),is(auth)); }
@Test public void shouldReturnFalseIfAUserBelongsToAnAdminRoleNoRolesGiven() { CaseInsensitiveString username = new CaseInsensitiveString("USER1"); AdminsConfig adminsConfig = new AdminsConfig(new AdminRole(username)); // this is how isAdmin() is used in TemplatesConfig assertThat(adminsConfig.isAdmin(new AdminUser(username), null), is(false)); }
@Test public void shouldReturnAllTheUsersAndRoleThatCanOperateThisStage() { StageConfig stage = StageConfigMother.stageConfig("stage"); StageConfigMother.addApprovalWithUsers(stage, "user1", "user2"); StageConfigMother.addApprovalWithRoles(stage, "role1", "role2"); assertThat(stage.getOperateUsers(), is(Arrays.asList(new AdminUser(new CaseInsensitiveString("user1")), new AdminUser(new CaseInsensitiveString("user2"))))); assertThat(stage.getOperateRoles(), is(Arrays.asList(new AdminRole(new CaseInsensitiveString("role1")), new AdminRole(new CaseInsensitiveString("role2"))))); }
private PipelineConfigs addUserAsOperatorToDefaultGroup(CruiseConfig cruiseConfig, String user) { PipelineConfigs group = cruiseConfig.findGroup(DEFAULT_GROUP); group.getAuthorization().getOperationConfig().add(new AdminUser(new CaseInsensitiveString(user))); return group; }
@Test public void hasViewPermissionDefinedShouldReturnTrueIfAuthorizationIsDefined() { PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1")); group.getAuthorization().getViewConfig().add(new AdminUser(new CaseInsensitiveString("jez"))); assertThat("hasViewPermissionDefinedShouldReturnTrueIfAuthorizationIsDefined", group.hasViewPermissionDefined(), is(true)); }
@Test public void shouldValidateNonBlankUsers() { AdminUser adminUser = new AdminUser(new CaseInsensitiveString("foo")); adminUser.validate(null); assertNull(adminUser.errors().on(AdminUser.NAME)); } }
@Test public void shouldValidateRoleNamesInTemplateAdminAuthorization() { BasicCruiseConfig cruiseConfig = GoConfigMother.defaultCruiseConfig(); ServerConfig serverConfig = new ServerConfig(new SecurityConfig(new AdminsConfig(new AdminUser(new CaseInsensitiveString("admin")))), null); cruiseConfig.setServerConfig(serverConfig); GoConfigMother.enableSecurityWithPasswordFilePlugin(cruiseConfig); RoleConfig roleConfig = new RoleConfig(new CaseInsensitiveString("non-existent-role"), new RoleUser("non-existent-user")); PipelineTemplateConfig template = new PipelineTemplateConfig(new CaseInsensitiveString("template"), new Authorization(new AdminsConfig(new AdminRole(roleConfig))), StageConfigMother.manualStage("stage2"), StageConfigMother.manualStage("stage")); template.validate(ConfigSaveValidationContext.forChain(cruiseConfig)); assertThat(template.getAllErrors().get(0).getAllOn("name"), is(Arrays.asList("Role \"non-existent-role\" does not exist."))); }
@Test public void shouldReturnFalseIfViewPermissionIsNotDefined() { PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1")); group.getAuthorization().getOperationConfig().add(new AdminUser(new CaseInsensitiveString("jez"))); assertThat(group.hasViewPermission(new CaseInsensitiveString("jez"), null), is(false)); }
@Test public void shouldReturnTrueIfUserHasOperatePermission() { PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1")); group.getAuthorization().getOperationConfig().add(new AdminUser(new CaseInsensitiveString("jez"))); assertThat(group.hasOperatePermission(new CaseInsensitiveString("jez"), null), is(true)); }
@Test public void shouldReturnFalseIfUserDoesNotHaveViewPermission() { PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1")); group.getAuthorization().getViewConfig().add(new AdminUser(new CaseInsensitiveString("jez"))); assertThat(group.hasViewPermission(new CaseInsensitiveString("anyone"), null), is(false)); }
@Test public void shouldClearAllPermissions() { Approval approval = Approval.automaticApproval(); approval.getAuthConfig().add(new AdminUser(new CaseInsensitiveString("sachin"))); approval.getAuthConfig().add(new AdminRole(new CaseInsensitiveString("admin"))); approval.removeOperatePermissions(); assertThat(approval.getAuthConfig().isEmpty(), is(true)); }
@Test public void shouldReturnFalseIfViewPermissionIsNotDefined_When2ConfigParts() { BasicPipelineConfigs filePart = new BasicPipelineConfigs(PipelineConfigMother.pipelineConfig("pipeline3")); filePart.setOrigin(new FileConfigOrigin()); PipelineConfigs group = new MergePipelineConfigs( new BasicPipelineConfigs(PipelineConfigMother.pipelineConfig("pipeline1")), new BasicPipelineConfigs(PipelineConfigMother.pipelineConfig("pipeline2")),filePart); group.getAuthorization().getOperationConfig().add(new AdminUser(new CaseInsensitiveString("jez"))); assertThat(group.hasViewPermission(new CaseInsensitiveString("jez"), null), is(false)); }