@Override public AdminsConfig group(Authorization authorization) { return authorization.getAdminsConfig(); } @Override public void set(PresentationElement el) {
@Test public void shouldAllowEmptyAuthorizationTagUnderEachTemplateWhileLoading() throws Exception { String configString = "<cruise schemaVersion='" + CONFIG_SCHEMA_VERSION + "'>\n" + " <templates>" + " <pipeline name='template-name'>" + " <authorization>" + " <admins>" + " </admins>" + " </authorization>" + " <stage name='stage-name'>" + " <jobs>" + " <job name='job-name'/>" + " </jobs>" + " </stage>" + " </pipeline>" + " </templates>" + "</cruise>"; CruiseConfig configForEdit = ConfigMigrator.loadWithMigration(configString).configForEdit; PipelineTemplateConfig template = configForEdit.getTemplateByName(new CaseInsensitiveString("template-name")); Authorization authorization = template.getAuthorization(); assertThat(authorization, is(not(nullValue()))); assertThat(authorization.getAdminsConfig().getUsers(), is(empty())); assertThat(authorization.getAdminsConfig().getRoles(), is(empty())); }
Set<String> pipelineGroupAdmins = namesOf(group.getAuthorization().getAdminsConfig(), rolesToUsers); Set<PluginRoleConfig> pipelineGroupAdminRoles = pluginRolesFor(security, group.getAuthorization().getAdminsConfig().getRoles());
public void validateTree(ValidationContext validationContext) { for (Admin admin : getAdminsConfig()) { admin.validate(validationContext); this.getAdminsConfig().errors().addAll(admin.errors()); } for (Admin admin : getViewConfig()) { admin.validate(validationContext); this.getViewConfig().errors().addAll(admin.errors()); } for (Admin admin : getOperationConfig()) { admin.validate(validationContext); this.getOperationConfig().errors().addAll(admin.errors()); } }
@Test public void shouldPopulateErrorsOnPresentationElementWhenAnInvalidRoleIsAddedToAdminList() { Authorization authorization = new Authorization(); AdminRole invalidRole = new AdminRole(new CaseInsensitiveString("boo_user")); invalidRole.addError(AdminUser.NAME, "some error"); AdminRole validRole = new AdminRole(new CaseInsensitiveString("valid_user")); authorization.getAdminsConfig().add(invalidRole); authorization.getAdminsConfig().add(validRole); List<Authorization.PresentationElement> roleAuthorizations = authorization.getRoleAuthorizations(); assertThat(roleAuthorizations.get(0).errors().isEmpty(), is(false)); assertThat(roleAuthorizations.get(0).errors().on(Admin.NAME), is("some error")); assertThat(roleAuthorizations.get(1).errors().isEmpty(), is(true)); }
@Test public void shouldPopulateErrorsOnPresentationElementWhenAnInvalidUserIsAddedToAdminList() { Authorization authorization = new Authorization(); AdminUser invalidUser = new AdminUser(new CaseInsensitiveString("boo_user")); invalidUser.addError(AdminUser.NAME, "some error"); AdminUser validUser = new AdminUser(new CaseInsensitiveString("valid_user")); authorization.getAdminsConfig().add(invalidUser); authorization.getAdminsConfig().add(validUser); List<Authorization.PresentationElement> userAuthorizations = authorization.getUserAuthorizations(); assertThat(userAuthorizations.get(0).errors().isEmpty(), is(false)); assertThat(userAuthorizations.get(0).errors().on(Admin.NAME), is("some error")); assertThat(userAuthorizations.get(1).errors().isEmpty(), is(true)); }
private PipelineConfigs addRoleAsAdminToDefaultGroup(CruiseConfig cruiseConfig, String role) { PipelineConfigs group = cruiseConfig.findGroup(DEFAULT_GROUP); group.getAuthorization().getAdminsConfig().add(new AdminRole(new CaseInsensitiveString(role))); return group; }
public GoConfigMother addAdminRoleForPipelineGroup(CruiseConfig config, String roleName, String groupName) { PipelineConfigs group = config.getGroups().findGroup(groupName); group.getAuthorization().getAdminsConfig().add(new AdminRole(new CaseInsensitiveString(roleName))); return this; }
public void addAdminUserForPipelineGroup(CruiseConfig cruiseConfig, String user, String groupName) { PipelineConfigs group = cruiseConfig.getGroups().findGroup(groupName); group.getAuthorization().getAdminsConfig().add(new AdminUser(new CaseInsensitiveString(user))); }
@Test public void shouldUpdateAuthorization() { PipelineTemplateConfig templateConfig = PipelineTemplateConfigMother.createTemplate("template-1"); templateConfig.setConfigAttributes(m(BasicPipelineConfigs.AUTHORIZATION, a( DataStructureUtils.m(Authorization.NAME, "loser", Authorization.TYPE, Authorization.UserType.USER.toString(), Authorization.PRIVILEGES, a(DataStructureUtils.m(Authorization.PrivilegeType.ADMIN.toString(), Authorization.PrivilegeState.ON.toString()))), DataStructureUtils.m(Authorization.NAME, "boozer", Authorization.TYPE, Authorization.UserType.USER.toString(), Authorization.PRIVILEGES, a(DataStructureUtils.m(Authorization.PrivilegeType.ADMIN.toString(), Authorization.PrivilegeState.ON.toString()))), DataStructureUtils.m(Authorization.NAME, "geezer", Authorization.TYPE, Authorization.UserType.USER.toString(), Authorization.PRIVILEGES, a(DataStructureUtils.m(Authorization.PrivilegeType.ADMIN.toString(), Authorization.PrivilegeState.ON.toString())))))); Authorization authorization = templateConfig.getAuthorization(); assertThat(authorization.getAdminsConfig().size(), Matchers.is(3)); assertThat(authorization.getAdminsConfig(), hasItem(new AdminUser(new CaseInsensitiveString("loser")))); assertThat(authorization.getAdminsConfig(), hasItem(new AdminUser(new CaseInsensitiveString("boozer")))); assertThat(authorization.getAdminsConfig(), hasItem(new AdminUser(new CaseInsensitiveString("geezer")))); assertThat(authorization.getOperationConfig().size(), Matchers.is(0)); assertThat(authorization.getViewConfig().size(), Matchers.is(0)); }
public static void toJSON(OutputWriter jsonWriter, Authorization authorization) { ViewConfig viewConfig = authorization.getViewConfig(); if (!viewConfig.isEmpty()) { jsonWriter.addChild("view", viewWriter -> writeUsersAndRoles(viewWriter, viewConfig.getUsers(), viewConfig.getRoles())); } AdminsConfig operationConfig = authorization.getOperationConfig(); if (!operationConfig.isEmpty()) { jsonWriter.addChild("operate", operateWriter -> writeUsersAndRoles(operateWriter, operationConfig.getUsers(), operationConfig.getRoles())); } AdminsConfig adminsConfig = authorization.getAdminsConfig(); if (!adminsConfig.isEmpty()) { jsonWriter.addChild("admins", adminsWriter -> writeUsersAndRoles(adminsWriter, adminsConfig.getUsers(), adminsConfig.getRoles())); } }
@Test public void shouldReturnAuthorizationMapForView() { Authorization authorization = new Authorization(); authorization.getAdminsConfig().add(new AdminRole(new CaseInsensitiveString("group_of_losers"))); authorization.getOperationConfig().addAll(a(new AdminUser(new CaseInsensitiveString("loser")), new AdminRole(new CaseInsensitiveString("group_of_losers")), new AdminRole( new CaseInsensitiveString("gang_of_boozers")))); authorization.getViewConfig().addAll(a(new AdminUser(new CaseInsensitiveString("boozer")), new AdminUser(new CaseInsensitiveString("loser")))); List<Authorization.PresentationElement> userAuthMap = authorization.getUserAuthorizations(); assertThat(userAuthMap.size(), is(2)); assetEntry(userAuthMap.get(0), "boozer", Authorization.PrivilegeState.OFF, Authorization.PrivilegeState.ON, Authorization.PrivilegeState.OFF, Authorization.UserType.USER); assetEntry(userAuthMap.get(1), "loser", Authorization.PrivilegeState.OFF, Authorization.PrivilegeState.ON, Authorization.PrivilegeState.ON, Authorization.UserType.USER); List<Authorization.PresentationElement> roleAuthMap = authorization.getRoleAuthorizations(); assertThat(roleAuthMap.size(), is(2)); assetEntry(roleAuthMap.get(0), "gang_of_boozers", Authorization.PrivilegeState.OFF, Authorization.PrivilegeState.OFF, Authorization.PrivilegeState.ON, Authorization.UserType.ROLE); assetEntry(roleAuthMap.get(1), "group_of_losers", Authorization.PrivilegeState.ON, Authorization.PrivilegeState.DISABLED, Authorization.PrivilegeState.DISABLED, Authorization.UserType.ROLE); }
@Test public void shouldIgnoreBlankUserWhileSettingAttributes() { PipelineTemplateConfig templateConfig = PipelineTemplateConfigMother.createTemplate("template-1"); templateConfig.setConfigAttributes(m(BasicPipelineConfigs.AUTHORIZATION, a( DataStructureUtils.m(Authorization.NAME, "", Authorization.TYPE, Authorization.UserType.USER.toString(), Authorization.PRIVILEGES, a(DataStructureUtils.m(Authorization.PrivilegeType.ADMIN.toString(), Authorization.PrivilegeState.ON.toString()))), DataStructureUtils.m(Authorization.NAME, null, Authorization.TYPE, Authorization.UserType.USER.toString(), Authorization.PRIVILEGES, a(DataStructureUtils.m(Authorization.PrivilegeType.ADMIN.toString(), Authorization.PrivilegeState.ON.toString()))), DataStructureUtils.m(Authorization.NAME, "geezer", Authorization.TYPE, Authorization.UserType.USER.toString(), Authorization.PRIVILEGES, a(DataStructureUtils.m(Authorization.PrivilegeType.ADMIN.toString(), Authorization.PrivilegeState.ON.toString())))))); Authorization authorization = templateConfig.getAuthorization(); assertThat(authorization.getAdminsConfig().size(), Matchers.is(1)); assertThat(authorization.getAdminsConfig(), hasItem(new AdminUser(new CaseInsensitiveString("geezer")))); }
@Test public void shouldReInitializeAuthorizationIfWeClearAllPermissions() { PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1")); group.setConfigAttributes(m(BasicPipelineConfigs.AUTHORIZATION, a( m(Authorization.NAME, "loser", Authorization.TYPE, USER.toString(), Authorization.PRIVILEGES, privileges(ON, DISABLED, DISABLED)), m(Authorization.NAME, "boozer", Authorization.TYPE, USER.toString(), Authorization.PRIVILEGES, privileges(OFF, ON, ON)), m(Authorization.NAME, "geezer", Authorization.TYPE, USER.toString(), Authorization.PRIVILEGES, privileges(DISABLED, OFF, ON)), m(Authorization.NAME, "gang_of_losers", Authorization.TYPE, ROLE.toString(), Authorization.PRIVILEGES, privileges(DISABLED, OFF, ON)), m(Authorization.NAME, "blinds", Authorization.TYPE, ROLE.toString(), Authorization.PRIVILEGES, privileges(ON, ON, OFF))))); Authorization authorization = group.getAuthorization(); assertThat(authorization.getAdminsConfig().size(), is(2)); assertThat(authorization.getOperationConfig().size(), is(2)); assertThat(authorization.getViewConfig().size(), is(3)); group.setConfigAttributes(m()); authorization = group.getAuthorization(); assertThat(authorization.getAdminsConfig().size(), is(0)); assertThat(authorization.getOperationConfig().size(), is(0)); assertThat(authorization.getViewConfig().size(), is(0)); }
@Test public void shouldReInitializeAuthorizationIfWeClearAllPermissions() { PipelineTemplateConfig templateConfig = PipelineTemplateConfigMother.createTemplate("template-1"); templateConfig.setConfigAttributes(m(BasicPipelineConfigs.AUTHORIZATION, a( DataStructureUtils.m(Authorization.NAME, "loser", Authorization.TYPE, Authorization.UserType.USER.toString(), Authorization.PRIVILEGES, a(DataStructureUtils.m(Authorization.PrivilegeType.ADMIN.toString(), Authorization.PrivilegeState.ON.toString()))), DataStructureUtils.m(Authorization.NAME, "boozer", Authorization.TYPE, Authorization.UserType.USER.toString(), Authorization.PRIVILEGES, a(DataStructureUtils.m(Authorization.PrivilegeType.ADMIN.toString(), Authorization.PrivilegeState.ON.toString()))), DataStructureUtils.m(Authorization.NAME, "geezer", Authorization.TYPE, Authorization.UserType.USER.toString(), Authorization.PRIVILEGES, a(DataStructureUtils.m(Authorization.PrivilegeType.ADMIN.toString(), Authorization.PrivilegeState.ON.toString())))))); Authorization authorization = templateConfig.getAuthorization(); assertThat(authorization.getAdminsConfig().size(), Matchers.is(3)); templateConfig.setConfigAttributes(m()); authorization = templateConfig.getAuthorization(); assertThat(authorization.getAdminsConfig().size(), Matchers.is(0)); }
@Test public void shouldIgnoreBlankUserOrRoleNames_whileSettingAttributes() { PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1")); group.setConfigAttributes(m(BasicPipelineConfigs.AUTHORIZATION, a( m(Authorization.NAME, "", Authorization.TYPE, USER.toString(), Authorization.PRIVILEGES, privileges(ON, DISABLED, DISABLED)), m(Authorization.NAME, null, Authorization.TYPE, USER.toString(), Authorization.PRIVILEGES, privileges(OFF, ON, ON)), m(Authorization.NAME, "geezer", Authorization.TYPE, USER.toString(), Authorization.PRIVILEGES, privileges(DISABLED, OFF, ON)), m(Authorization.NAME, "", Authorization.TYPE, ROLE.toString(), Authorization.PRIVILEGES, privileges(DISABLED, ON, ON)), m(Authorization.NAME, null, Authorization.TYPE, ROLE.toString(), Authorization.PRIVILEGES, privileges(ON, OFF, ON)), m(Authorization.NAME, "blinds", Authorization.TYPE, ROLE.toString(), Authorization.PRIVILEGES, privileges(ON, ON, OFF))))); Authorization authorization = group.getAuthorization(); assertThat(authorization.getAdminsConfig().size(), is(1)); assertThat(authorization.getAdminsConfig(), hasItem((Admin) new AdminRole(new CaseInsensitiveString("blinds")))); assertThat(authorization.getOperationConfig().size(), is(1)); assertThat(authorization.getOperationConfig(), hasItem((Admin) new AdminRole(new CaseInsensitiveString("blinds")))); assertThat(authorization.getViewConfig().size(), is(1)); assertThat(authorization.getViewConfig(), hasItem((Admin) new AdminUser(new CaseInsensitiveString("geezer")))); }
@Test public void shouldSetViewPermissionByDefaultIfNameIsPresentAndPermissionsAreOff_whileSettingAttributes() { PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1")); group.setConfigAttributes(m(BasicPipelineConfigs.AUTHORIZATION, a( m(Authorization.NAME, "user1", Authorization.TYPE, USER.toString(), Authorization.PRIVILEGES, privileges(OFF, OFF, OFF)), m(Authorization.NAME, "role1", Authorization.TYPE, ROLE.toString(), Authorization.PRIVILEGES, privileges(OFF, OFF, OFF))))); Authorization authorization = group.getAuthorization(); assertThat(authorization.getViewConfig().size(), is(2)); assertThat(authorization.getViewConfig(), hasItems(new AdminRole(new CaseInsensitiveString("role1")), new AdminUser(new CaseInsensitiveString("user1")))); assertThat(authorization.getOperationConfig().size(), is(0)); assertThat(authorization.getAdminsConfig().size(), is(0)); }
@Test public void shouldUpdateAuthorization() { PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1")); group.setConfigAttributes(m(BasicPipelineConfigs.AUTHORIZATION, a( m(Authorization.NAME, "loser", Authorization.TYPE, USER.toString(), Authorization.PRIVILEGES, privileges(ON, DISABLED, DISABLED)), m(Authorization.NAME, "boozer", Authorization.TYPE, USER.toString(), Authorization.PRIVILEGES, privileges(OFF, ON, ON)), m(Authorization.NAME, "geezer", Authorization.TYPE, USER.toString(), Authorization.PRIVILEGES, privileges(DISABLED, OFF, ON)), m(Authorization.NAME, "gang_of_losers", Authorization.TYPE, ROLE.toString(), Authorization.PRIVILEGES, privileges(DISABLED, OFF, ON)), m(Authorization.NAME, "blinds", Authorization.TYPE, ROLE.toString(), Authorization.PRIVILEGES, privileges(ON, ON, OFF))))); Authorization authorization = group.getAuthorization(); assertThat(authorization.getAdminsConfig().size(), is(2)); assertThat(authorization.getAdminsConfig(), hasItems(new AdminUser(new CaseInsensitiveString("loser")), new AdminRole(new CaseInsensitiveString("blinds")))); assertThat(authorization.getOperationConfig().size(), is(2)); assertThat(authorization.getOperationConfig(), hasItems(new AdminUser(new CaseInsensitiveString("boozer")), new AdminRole(new CaseInsensitiveString("blinds")))); assertThat(authorization.getViewConfig().size(), is(3)); assertThat(authorization.getViewConfig(), hasItems(new AdminUser(new CaseInsensitiveString("boozer")), new AdminUser(new CaseInsensitiveString("geezer")), new AdminRole( new CaseInsensitiveString("gang_of_losers")))); }