public List<AdminUser> getOperateUsers() { return getApproval().getAuthConfig().getUsers(); }
public List<AdminRole> getOperateRoles() { return getApproval().getAuthConfig().getRoles(); }
public void cleanupAllUsagesOfRole(Role roleToDelete) { this.getApproval().getAuthConfig().remove(new AdminRole(roleToDelete)); }
private AllowedUsers pipelineOperators(PipelineConfig pipeline, Set<String> admins, AllowedUsers groupLevelOperators, Map<String, Collection<String>> rolesToUsers) { if (!pipeline.first().hasOperatePermissionDefined()) { return groupLevelOperators; } Set<String> stageLevelApproversOfFirstStage = namesOf(pipeline.first().getApproval().getAuthConfig(), rolesToUsers); Set<PluginRoleConfig> stageLevelPluginRoleApproversOfFirstStage = pluginRolesFor(goConfigService.security(), pipeline.first().getApproval().getAuthConfig().getRoles()); Set<String> pipelineOperators = new HashSet<>(); pipelineOperators.addAll(admins); pipelineOperators.addAll(stageLevelApproversOfFirstStage); return new AllowedUsers(pipelineOperators, stageLevelPluginRoleApproversOfFirstStage); } }
public static void toJSON(OutputWriter jsonWriter, Approval approval) { if (!approval.errors().isEmpty()) { jsonWriter.addChild("errors", errorWriter -> { new ErrorGetter(new HashMap<>()).toJSON(errorWriter, approval); }); } jsonWriter.add("type", approval.getType()); jsonWriter.addChild("authorization", authConfigWriter -> StageAuthorizationRepresenter.toJSON(authConfigWriter, approval.getAuthConfig())); }
public static void toJSON(OutputWriter jsonWriter, Approval approval) { if (!approval.errors().isEmpty()) { jsonWriter.addChild("errors", errorWriter -> { new ErrorGetter(new HashMap<>()).toJSON(errorWriter, approval); }); } jsonWriter.add("type", approval.getType()); jsonWriter.addChild("authorization", authConfigWriter -> StageAuthorizationRepresenter.toJSON(authConfigWriter, approval.getAuthConfig())); }
GoAcl readAclBy(String pipelineName, String stageName) { PipelineConfig pipelineConfig = pipelineConfigNamed(new CaseInsensitiveString(pipelineName)); StageConfig stageConfig = pipelineConfig.findBy(new CaseInsensitiveString(stageName)); AdminsConfig adminsConfig = stageConfig.getApproval().getAuthConfig(); List<CaseInsensitiveString> users = getAuthorizedUsers(adminsConfig); return new GoAcl(users); }
@Test public void shouldClearAllPermissionsWhenTheAttributesAreNull() { Approval approval = Approval.automaticApproval(); approval.getAuthConfig().add(new AdminUser(new CaseInsensitiveString("sachin"))); approval.getAuthConfig().add(new AdminRole(new CaseInsensitiveString("admin"))); approval.setOperatePermissions(null, null); assertThat(approval.getAuthConfig().isEmpty(), is(true)); }
@Test public void shouldClearAllPermissions() { Approval approval = Approval.automaticApproval(); approval.getAuthConfig().add(new AdminUser(new CaseInsensitiveString("sachin"))); approval.getAuthConfig().add(new AdminRole(new CaseInsensitiveString("admin"))); approval.removeOperatePermissions(); assertThat(approval.getAuthConfig().isEmpty(), is(true)); }
@Test public void shouldBeAbleToParseNewConfig() throws Exception { CruiseConfig newConfig = ConfigMigrator.loadWithMigration(CONFIG_WITH_AUTH).config; assertThat(newConfig.stageConfigByName(new CaseInsensitiveString("pipeline1"), new CaseInsensitiveString("stage1")).getApproval().getAuthConfig().size(), is(3)); }
public static void addApprovalWithUsers(StageConfig stage, String... users) { Approval approval = stage.getApproval(); for (String user : users) { approval.getAuthConfig().add(new AdminUser(new CaseInsensitiveString(user))); } stage.updateApproval(approval); }
private StageConfig stageWithAuth(String role) { StageConfig stage = stageWithJobResource("foo"); stage.getApproval().getAuthConfig().add(new AdminRole(new CaseInsensitiveString(role))); return stage; }
public static void addApprovalWithRoles(StageConfig stage, String... roles) { Approval approval = stage.getApproval(); for (String role : roles) { approval.getAuthConfig().add(new AdminRole(new CaseInsensitiveString(role))); } stage.updateApproval(approval); }
@Test public void shouldValidateTree() { Approval approval = new Approval(new AuthConfig(new AdminRole(new CaseInsensitiveString("role")))); BasicCruiseConfig cruiseConfig = GoConfigMother.defaultCruiseConfig(); cruiseConfig.server().security().adminsConfig().addRole(new AdminRole(new CaseInsensitiveString("super-admin"))); PipelineConfig pipelineConfig = new PipelineConfig(new CaseInsensitiveString("p1"), new MaterialConfigs()); cruiseConfig.addPipeline("g1", pipelineConfig); assertThat(approval.validateTree(PipelineConfigSaveValidationContext.forChain(true, "g1", cruiseConfig, pipelineConfig)), is(false)); assertThat(approval.getAuthConfig().errors().isEmpty(), is(false)); }
@Test public void validate_shouldAllowUserWhoIsDefinedInGroup() throws Exception { CruiseConfig cruiseConfig = cruiseConfigWithSecurity( new RoleConfig(new CaseInsensitiveString("role"), new RoleUser(new CaseInsensitiveString("first")), new RoleUser(new CaseInsensitiveString("second"))), new AdminUser( new CaseInsensitiveString("admin"))); PipelineConfigs group = addUserAndRoleToDefaultGroup(cruiseConfig, "user", "role"); PipelineConfig pipeline = cruiseConfig.find(DEFAULT_GROUP, 0); StageConfig stage = pipeline.get(0); StageConfigMother.addApprovalWithUsers(stage, "user"); Approval approval = stage.getApproval(); approval.validate(ConfigSaveValidationContext.forChain(cruiseConfig, group, pipeline, stage)); assertNoErrors(approval.getAuthConfig().getUsers().get(0)); }
@Test public void validate_shouldAllowUserWhenSecurityIsNotDefinedInGroup() throws Exception { CruiseConfig cruiseConfig = cruiseConfigWithSecurity( new RoleConfig(new CaseInsensitiveString("role"), new RoleUser(new CaseInsensitiveString("first")), new RoleUser(new CaseInsensitiveString("second"))), new AdminUser( new CaseInsensitiveString("admin"))); PipelineConfigs group = cruiseConfig.findGroup(DEFAULT_GROUP); PipelineConfig pipeline = cruiseConfig.find(DEFAULT_GROUP, 0); StageConfig stage = pipeline.get(0); StageConfigMother.addApprovalWithUsers(stage, "user"); Approval approval = stage.getApproval(); approval.validate(ConfigSaveValidationContext.forChain(cruiseConfig, group, pipeline, stage)); assertNoErrors(approval.getAuthConfig().getUsers().get(0)); }
@Test public void validate_shouldAllowAdminToOperateOnAStage() throws Exception { CruiseConfig cruiseConfig = cruiseConfigWithSecurity( new RoleConfig(new CaseInsensitiveString("role"), new RoleUser(new CaseInsensitiveString("first")), new RoleUser(new CaseInsensitiveString("second"))), new AdminUser( new CaseInsensitiveString("admin"))); PipelineConfigs group = addUserAndRoleToDefaultGroup(cruiseConfig, "user", "role"); PipelineConfig pipeline = cruiseConfig.find(DEFAULT_GROUP, 0); StageConfig stage = pipeline.get(0); StageConfigMother.addApprovalWithUsers(stage, "admin"); Approval approval = stage.getApproval(); approval.validate(ConfigSaveValidationContext.forChain(cruiseConfig, group, pipeline, stage)); assertNoErrors(approval.getAuthConfig().getUsers().get(0)); }
@Test public void validate_shouldAllowUserWhoseRoleHasOperatePermission() throws Exception { CruiseConfig cruiseConfig = cruiseConfigWithSecurity( new RoleConfig(new CaseInsensitiveString("role"), new RoleUser(new CaseInsensitiveString("first")), new RoleUser(new CaseInsensitiveString("second"))), new AdminUser( new CaseInsensitiveString("admin"))); PipelineConfigs group = addUserAndRoleToDefaultGroup(cruiseConfig, "user", "role"); PipelineConfig pipeline = cruiseConfig.find(DEFAULT_GROUP, 0); StageConfig stage = pipeline.get(0); StageConfigMother.addApprovalWithUsers(stage, "first"); Approval approval = stage.getApproval(); approval.validate(ConfigSaveValidationContext.forChain(cruiseConfig, group, pipeline, stage)); assertNoErrors(approval.getAuthConfig().getUsers().get(0)); }
@Test public void validate_shouldNotTryAndValidateWhenWithinTemplate() throws Exception { CruiseConfig cruiseConfig = cruiseConfigWithSecurity( new RoleConfig(new CaseInsensitiveString("role"), new RoleUser(new CaseInsensitiveString("first")), new RoleUser(new CaseInsensitiveString("second"))), new AdminUser( new CaseInsensitiveString("admin"))); PipelineConfigs group = addUserAndRoleToDefaultGroup(cruiseConfig, "user", "role"); PipelineConfig pipeline = cruiseConfig.find(DEFAULT_GROUP, 0); StageConfig stage = pipeline.get(0); StageConfigMother.addApprovalWithUsers(stage, "not-present"); Approval approval = stage.getApproval(); approval.validate(ConfigSaveValidationContext.forChain(cruiseConfig, new TemplatesConfig(), stage)); assertNoErrors(approval.getAuthConfig().getUsers().get(0)); }
@Test public void shouldResolveConfigValue() throws NoSuchFieldException { PipelineConfig pipelineConfig = PipelineConfigMother.createPipelineConfig("cruise", "dev", "ant"); pipelineConfig.setLabelTemplate("2.1-${COUNT}-#{foo}-bar-#{bar}"); StageConfig stageConfig = pipelineConfig.get(0); stageConfig.updateApproval(new Approval(new AuthConfig(new AdminUser(new CaseInsensitiveString("#{foo}")), new AdminUser(new CaseInsensitiveString("#{bar}"))))); new ParamResolver(new ParamSubstitutionHandlerFactory(params(param("foo", "pavan"), param("bar", "jj"))), fieldCache).resolve(pipelineConfig); assertThat(pipelineConfig.getLabelTemplate(), is("2.1-${COUNT}-pavan-bar-jj")); assertThat(stageConfig.getApproval().getAuthConfig(), is(new AuthConfig(new AdminUser(new CaseInsensitiveString("pavan")), new AdminUser(new CaseInsensitiveString("jj"))))); }