@Override public AdminsConfig group(Authorization authorization) { return authorization.getOperationConfig(); } @Override public void set(PresentationElement el) {
@Override public List<AdminUser> getOperateUsers() { return authorization.getOperationConfig().getUsers(); }
@Override public List<AdminRole> getOperateRoles() { return authorization.getOperationConfig().getRoles(); }
public void validateTree(ValidationContext validationContext) { for (Admin admin : getAdminsConfig()) { admin.validate(validationContext); this.getAdminsConfig().errors().addAll(admin.errors()); } for (Admin admin : getViewConfig()) { admin.validate(validationContext); this.getViewConfig().errors().addAll(admin.errors()); } for (Admin admin : getOperationConfig()) { admin.validate(validationContext); this.getOperationConfig().errors().addAll(admin.errors()); } }
public static PipelineConfigs groupWithOperatePermission(PipelineConfig pipelineConfig, String... users) { Authorization authorization = new Authorization(); for (String user : users) { authorization.getOperationConfig().add(new AdminUser(new CaseInsensitiveString(user))); } return new BasicPipelineConfigs("defaultGroup", authorization, pipelineConfig); }
private PipelineConfigs addUserAsOperatorToDefaultGroup(CruiseConfig cruiseConfig, String user) { PipelineConfigs group = cruiseConfig.findGroup(DEFAULT_GROUP); group.getAuthorization().getOperationConfig().add(new AdminUser(new CaseInsensitiveString(user))); return group; }
private void addRoleAsOperatorToDefaultGroup(CruiseConfig goConfig, String role) { PipelineConfigs group = goConfig.findGroup(DEFAULT_GROUP); group.getAuthorization().getOperationConfig().add(new AdminRole(new CaseInsensitiveString(role))); }
@Test public void shouldLoadOperationPermissionForPipelines() { CruiseConfig cruiseConfig = ConfigMigrator.load(configureAuthorization(OPERATION_PERMISSION)); PipelineConfigs group = cruiseConfig.getGroups().first(); assertThat(group.getAuthorization(), instanceOf(Authorization.class)); AdminsConfig actual = group.getAuthorization().getOperationConfig(); assertion(actual); }
@Test public void shouldReturnFalseIfUserDoesNotHaveOperatePermission() { PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1")); group.getAuthorization().getOperationConfig().add(new AdminUser(new CaseInsensitiveString("jez"))); assertThat(group.hasOperatePermission(new CaseInsensitiveString("anyone"), null), is(false)); }
public void addRoleAsOperatorOfPipelineGroup(CruiseConfig cruiseConfig, String roleName, String groupName) { PipelineConfigs group = cruiseConfig.getGroups().findGroup(groupName); group.getAuthorization().getOperationConfig().add(new AdminRole(new CaseInsensitiveString(roleName))); }
public void addUserAsOperatorOfPipelineGroup(CruiseConfig cruiseConfig, String userName, String groupName) { PipelineConfigs group = cruiseConfig.getGroups().findGroup(groupName); group.getAuthorization().getOperationConfig().add(new AdminUser(new CaseInsensitiveString(userName))); }
@Test public void shouldReturnFalseIfViewPermissionIsNotDefined() { PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1")); group.getAuthorization().getOperationConfig().add(new AdminUser(new CaseInsensitiveString("jez"))); assertThat(group.hasViewPermission(new CaseInsensitiveString("jez"), null), is(false)); }
@Test public void shouldReturnTrueIfUserHasOperatePermission() { PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1")); group.getAuthorization().getOperationConfig().add(new AdminUser(new CaseInsensitiveString("jez"))); assertThat(group.hasOperatePermission(new CaseInsensitiveString("jez"), null), is(true)); }
public static void toJSON(OutputWriter jsonWriter, Authorization authorization) { ViewConfig viewConfig = authorization.getViewConfig(); if (!viewConfig.isEmpty()) { jsonWriter.addChild("view", viewWriter -> writeUsersAndRoles(viewWriter, viewConfig.getUsers(), viewConfig.getRoles())); } AdminsConfig operationConfig = authorization.getOperationConfig(); if (!operationConfig.isEmpty()) { jsonWriter.addChild("operate", operateWriter -> writeUsersAndRoles(operateWriter, operationConfig.getUsers(), operationConfig.getRoles())); } AdminsConfig adminsConfig = authorization.getAdminsConfig(); if (!adminsConfig.isEmpty()) { jsonWriter.addChild("admins", adminsWriter -> writeUsersAndRoles(adminsWriter, adminsConfig.getUsers(), adminsConfig.getRoles())); } }
@Test public void shouldLoadOperationAndViewPermissionForPipelinesNoMatterTheConfigOrder() { CruiseConfig cruiseConfig = ConfigMigrator.load(configureAuthorization(OPERATION_PERMISSION + VIEW_PERMISSION)); PipelineConfigs group = cruiseConfig.getGroups().first(); assertThat(group.getAuthorization(), instanceOf(Authorization.class)); AdminsConfig actualView = group.getAuthorization().getViewConfig(); AdminsConfig actualOperation = group.getAuthorization().getOperationConfig(); assertion(actualView); assertion(actualOperation); }
@Test public void shouldLoadViewAndOperationPermissionForPipelinesNoMatterTheConfigOrder() { CruiseConfig cruiseConfig = ConfigMigrator.load(configureAuthorization(VIEW_PERMISSION + OPERATION_PERMISSION)); PipelineConfigs group = cruiseConfig.getGroups().first(); assertThat(group.getAuthorization(), instanceOf(Authorization.class)); AdminsConfig actualView = group.getAuthorization().getViewConfig(); AdminsConfig actualOperation = group.getAuthorization().getOperationConfig(); assertion(actualView); assertion(actualOperation); }
@Test public void shouldSetViewPermissionByDefaultIfNameIsPresentAndPermissionsAreOff_whileSettingAttributes() { PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1")); group.setConfigAttributes(m(BasicPipelineConfigs.AUTHORIZATION, a( m(Authorization.NAME, "user1", Authorization.TYPE, USER.toString(), Authorization.PRIVILEGES, privileges(OFF, OFF, OFF)), m(Authorization.NAME, "role1", Authorization.TYPE, ROLE.toString(), Authorization.PRIVILEGES, privileges(OFF, OFF, OFF))))); Authorization authorization = group.getAuthorization(); assertThat(authorization.getViewConfig().size(), is(2)); assertThat(authorization.getViewConfig(), hasItems(new AdminRole(new CaseInsensitiveString("role1")), new AdminUser(new CaseInsensitiveString("user1")))); assertThat(authorization.getOperationConfig().size(), is(0)); assertThat(authorization.getAdminsConfig().size(), is(0)); }
@Test public void shouldReturnFalseIfViewPermissionIsNotDefined_When2ConfigParts() { BasicPipelineConfigs filePart = new BasicPipelineConfigs(PipelineConfigMother.pipelineConfig("pipeline3")); filePart.setOrigin(new FileConfigOrigin()); PipelineConfigs group = new MergePipelineConfigs( new BasicPipelineConfigs(PipelineConfigMother.pipelineConfig("pipeline1")), new BasicPipelineConfigs(PipelineConfigMother.pipelineConfig("pipeline2")),filePart); group.getAuthorization().getOperationConfig().add(new AdminUser(new CaseInsensitiveString("jez"))); assertThat(group.hasViewPermission(new CaseInsensitiveString("jez"), null), is(false)); }
@Test public void shouldUpdateAuthorization() { PipelineTemplateConfig templateConfig = PipelineTemplateConfigMother.createTemplate("template-1"); templateConfig.setConfigAttributes(m(BasicPipelineConfigs.AUTHORIZATION, a( DataStructureUtils.m(Authorization.NAME, "loser", Authorization.TYPE, Authorization.UserType.USER.toString(), Authorization.PRIVILEGES, a(DataStructureUtils.m(Authorization.PrivilegeType.ADMIN.toString(), Authorization.PrivilegeState.ON.toString()))), DataStructureUtils.m(Authorization.NAME, "boozer", Authorization.TYPE, Authorization.UserType.USER.toString(), Authorization.PRIVILEGES, a(DataStructureUtils.m(Authorization.PrivilegeType.ADMIN.toString(), Authorization.PrivilegeState.ON.toString()))), DataStructureUtils.m(Authorization.NAME, "geezer", Authorization.TYPE, Authorization.UserType.USER.toString(), Authorization.PRIVILEGES, a(DataStructureUtils.m(Authorization.PrivilegeType.ADMIN.toString(), Authorization.PrivilegeState.ON.toString())))))); Authorization authorization = templateConfig.getAuthorization(); assertThat(authorization.getAdminsConfig().size(), Matchers.is(3)); assertThat(authorization.getAdminsConfig(), hasItem(new AdminUser(new CaseInsensitiveString("loser")))); assertThat(authorization.getAdminsConfig(), hasItem(new AdminUser(new CaseInsensitiveString("boozer")))); assertThat(authorization.getAdminsConfig(), hasItem(new AdminUser(new CaseInsensitiveString("geezer")))); assertThat(authorization.getOperationConfig().size(), Matchers.is(0)); assertThat(authorization.getViewConfig().size(), Matchers.is(0)); }
@Test public void shouldUpdateAuthorization() { PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1")); group.setConfigAttributes(m(BasicPipelineConfigs.AUTHORIZATION, a( m(Authorization.NAME, "loser", Authorization.TYPE, USER.toString(), Authorization.PRIVILEGES, privileges(ON, DISABLED, DISABLED)), m(Authorization.NAME, "boozer", Authorization.TYPE, USER.toString(), Authorization.PRIVILEGES, privileges(OFF, ON, ON)), m(Authorization.NAME, "geezer", Authorization.TYPE, USER.toString(), Authorization.PRIVILEGES, privileges(DISABLED, OFF, ON)), m(Authorization.NAME, "gang_of_losers", Authorization.TYPE, ROLE.toString(), Authorization.PRIVILEGES, privileges(DISABLED, OFF, ON)), m(Authorization.NAME, "blinds", Authorization.TYPE, ROLE.toString(), Authorization.PRIVILEGES, privileges(ON, ON, OFF))))); Authorization authorization = group.getAuthorization(); assertThat(authorization.getAdminsConfig().size(), is(2)); assertThat(authorization.getAdminsConfig(), hasItems(new AdminUser(new CaseInsensitiveString("loser")), new AdminRole(new CaseInsensitiveString("blinds")))); assertThat(authorization.getOperationConfig().size(), is(2)); assertThat(authorization.getOperationConfig(), hasItems(new AdminUser(new CaseInsensitiveString("boozer")), new AdminRole(new CaseInsensitiveString("blinds")))); assertThat(authorization.getViewConfig().size(), is(3)); assertThat(authorization.getViewConfig(), hasItems(new AdminUser(new CaseInsensitiveString("boozer")), new AdminUser(new CaseInsensitiveString("geezer")), new AdminRole( new CaseInsensitiveString("gang_of_losers")))); }