@Override public List<AdminRole> getOperateRoles() { return authorization.getOperationConfig().getRoles(); }
private boolean isRoleAnAdmin(final CaseInsensitiveString roleName){ return containsRole(roleName, adminsConfig.getRoles()); }
public static boolean noSuperAdminsDefined(SecurityConfig securityConfig) { AdminsConfig adminsConfig = securityConfig.adminsConfig(); return adminsConfig.getRoles().isEmpty() && adminsConfig.getUsers().isEmpty(); }
/** * Compiles a list of users from an {@link AdminsConfig}, denormalizing roles to the underlying * members. * * @param adminsConfig the config fragment * @param rolesToUsers a {@link Map} of member users to their respective roles * @return a {@link Set} of user names from the config */ public static Set<String> namesOf(AdminsConfig adminsConfig, Map<String, Collection<String>> rolesToUsers) { List<AdminUser> admins = adminsConfig.getUsers(); Set<String> adminNames = new HashSet<>(); for (AdminUser admin : admins) { adminNames.add(admin.getName().toLower()); } for (AdminRole adminRole : adminsConfig.getRoles()) { adminNames.addAll(emptyIfNull(rolesToUsers.get(adminRole.getName().toLower()))); } return adminNames; }
public static void toJSONWithoutLinks(OutputWriter jsonWriter, AdminsConfig admin) { jsonWriter.addChildList("roles", rolesAsString(admin.getRoles())); jsonWriter.addChildList("users", userAsString(admin.getUsers())); if (admin.hasErrors()) { jsonWriter.addChild("errors", errorWriter -> new ErrorGetter(Collections.singletonMap("SystemAdmin", "system_admin")) .toJSON(errorWriter, admin)); } }
final Map<String, Collection<String>> rolesToUsers = rolesToUsers(security); final Set<String> superAdminUsers = namesOf(security.adminsConfig(), rolesToUsers); final Set<PluginRoleConfig> superAdminPluginRoles = pluginRolesFor(security, security.adminsConfig().getRoles()); final boolean hasNoAdminsDefinedAtRootLevel = noSuperAdminsDefined(security); Set<PluginRoleConfig> pipelineGroupOperatorRoles = pluginRolesFor(security, group.getAuthorization().getOperationConfig().getRoles()); Set<PluginRoleConfig> pipelineGroupAdminRoles = pluginRolesFor(security, group.getAuthorization().getAdminsConfig().getRoles());
public static void toJSON(OutputWriter jsonWriter, AdminsConfig admin) { jsonWriter.addLinks( outputLinkWriter -> outputLinkWriter.addAbsoluteLink("doc", Routes.SystemAdmins.DOC) .addLink("self", Routes.SystemAdmins.BASE)); jsonWriter.addChildList("roles", rolesAsString(admin.getRoles())); jsonWriter.addChildList("users", userAsString(admin.getUsers())); if (admin.hasErrors()) { jsonWriter.addChild("errors", errorWriter -> new ErrorGetter(Collections.singletonMap("SystemAdmin", "system_admin")) .toJSON(errorWriter, admin)); } }
private Users superAdmins() { final SecurityConfig security = goConfigService.security(); final Map<String, Collection<String>> rolesToUsersMap = rolesToUsers(security); final Set<String> superAdminUsers = namesOf(security.adminsConfig(), rolesToUsersMap); final Set<PluginRoleConfig> superAdminPluginRoles = pluginRolesFor(security, security.adminsConfig().getRoles()); if (!goConfigService.isSecurityEnabled() || noSuperAdminsDefined(security)) { return Everyone.INSTANCE; } return new AllowedUsers(superAdminUsers, superAdminPluginRoles); }
public static void toJSON(OutputWriter jsonWriter, Authorization authorization) { ViewConfig viewConfig = authorization.getViewConfig(); if (!viewConfig.isEmpty()) { jsonWriter.addChild("view", viewWriter -> writeUsersAndRoles(viewWriter, viewConfig.getUsers(), viewConfig.getRoles())); } AdminsConfig operationConfig = authorization.getOperationConfig(); if (!operationConfig.isEmpty()) { jsonWriter.addChild("operate", operateWriter -> writeUsersAndRoles(operateWriter, operationConfig.getUsers(), operationConfig.getRoles())); } AdminsConfig adminsConfig = authorization.getAdminsConfig(); if (!adminsConfig.isEmpty()) { jsonWriter.addChild("admins", adminsWriter -> writeUsersAndRoles(adminsWriter, adminsConfig.getUsers(), adminsConfig.getRoles())); } }
@Test public void shouldAllowEmptyAuthorizationTagUnderEachTemplateWhileLoading() throws Exception { String configString = "<cruise schemaVersion='" + CONFIG_SCHEMA_VERSION + "'>\n" + " <templates>" + " <pipeline name='template-name'>" + " <authorization>" + " <admins>" + " </admins>" + " </authorization>" + " <stage name='stage-name'>" + " <jobs>" + " <job name='job-name'/>" + " </jobs>" + " </stage>" + " </pipeline>" + " </templates>" + "</cruise>"; CruiseConfig configForEdit = ConfigMigrator.loadWithMigration(configString).configForEdit; PipelineTemplateConfig template = configForEdit.getTemplateByName(new CaseInsensitiveString("template-name")); Authorization authorization = template.getAuthorization(); assertThat(authorization, is(not(nullValue()))); assertThat(authorization.getAdminsConfig().getUsers(), is(empty())); assertThat(authorization.getAdminsConfig().getRoles(), is(empty())); }