@Override public AdminsConfig group(Authorization authorization) { return authorization.getViewConfig(); } @Override public void set(PresentationElement el) {
public void validateTree(ValidationContext validationContext) { for (Admin admin : getAdminsConfig()) { admin.validate(validationContext); this.getAdminsConfig().errors().addAll(admin.errors()); } for (Admin admin : getViewConfig()) { admin.validate(validationContext); this.getViewConfig().errors().addAll(admin.errors()); } for (Admin admin : getOperationConfig()) { admin.validate(validationContext); this.getOperationConfig().errors().addAll(admin.errors()); } }
Set<String> admins = new HashSet<>(); Set<String> pipelineGroupViewers = namesOf(group.getAuthorization().getViewConfig(), rolesToUsers); Set<String> pipelineGroupOperators = namesOf(group.getAuthorization().getOperationConfig(), rolesToUsers); Set<String> pipelineGroupAdmins = namesOf(group.getAuthorization().getAdminsConfig(), rolesToUsers); Set<PluginRoleConfig> pipelineGroupViewerRoles = pluginRolesFor(security, group.getAuthorization().getViewConfig().getRoles()); Set<PluginRoleConfig> pipelineGroupOperatorRoles = pluginRolesFor(security, group.getAuthorization().getOperationConfig().getRoles()); Set<PluginRoleConfig> pipelineGroupAdminRoles = pluginRolesFor(security, group.getAuthorization().getAdminsConfig().getRoles());
@Test public void hasViewPermissionDefinedShouldReturnTrueIfAuthorizationIsDefined() { PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1")); group.getAuthorization().getViewConfig().add(new AdminUser(new CaseInsensitiveString("jez"))); assertThat("hasViewPermissionDefinedShouldReturnTrueIfAuthorizationIsDefined", group.hasViewPermissionDefined(), is(true)); }
public void addRoleAsViewerOfPipelineGroup(CruiseConfig cruiseConfig, String roleName, String groupName) { PipelineConfigs group = cruiseConfig.getGroups().findGroup(groupName); group.getAuthorization().getViewConfig().add(new AdminRole(new CaseInsensitiveString(roleName))); }
public void addUserAsViewerOfPipelineGroup(CruiseConfig cruiseConfig, String userName, String groupName) { PipelineConfigs group = cruiseConfig.getGroups().findGroup(groupName); group.getAuthorization().getViewConfig().add(new AdminUser(new CaseInsensitiveString(userName))); }
@Test public void shouldReturnFalseIfOperatePermissionIsNotDefined() { PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1")); group.getAuthorization().getViewConfig().add(new AdminUser(new CaseInsensitiveString("jez"))); assertThat(group.hasOperatePermission(new CaseInsensitiveString("jez"), null), is(false)); }
@Test public void shouldReturnFalseIfUserDoesNotHaveViewPermission() { PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1")); group.getAuthorization().getViewConfig().add(new AdminUser(new CaseInsensitiveString("jez"))); assertThat(group.hasViewPermission(new CaseInsensitiveString("anyone"), null), is(false)); }
@Test public void shouldReturnTrueIfUserHasViewPermission() { PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1")); group.getAuthorization().getViewConfig().add(new AdminUser(new CaseInsensitiveString("jez"))); assertThat(group.hasViewPermission(new CaseInsensitiveString("jez"), null), is(true)); }
@Test public void shouldLoadOperationAndViewPermissionForPipelinesNoMatterTheConfigOrder() { CruiseConfig cruiseConfig = ConfigMigrator.load(configureAuthorization(OPERATION_PERMISSION + VIEW_PERMISSION)); PipelineConfigs group = cruiseConfig.getGroups().first(); assertThat(group.getAuthorization(), instanceOf(Authorization.class)); AdminsConfig actualView = group.getAuthorization().getViewConfig(); AdminsConfig actualOperation = group.getAuthorization().getOperationConfig(); assertion(actualView); assertion(actualOperation); }
@Test public void shouldLoadViewAndOperationPermissionForPipelinesNoMatterTheConfigOrder() { CruiseConfig cruiseConfig = ConfigMigrator.load(configureAuthorization(VIEW_PERMISSION + OPERATION_PERMISSION)); PipelineConfigs group = cruiseConfig.getGroups().first(); assertThat(group.getAuthorization(), instanceOf(Authorization.class)); AdminsConfig actualView = group.getAuthorization().getViewConfig(); AdminsConfig actualOperation = group.getAuthorization().getOperationConfig(); assertion(actualView); assertion(actualOperation); }
public static void toJSON(OutputWriter jsonWriter, Authorization authorization) { ViewConfig viewConfig = authorization.getViewConfig(); if (!viewConfig.isEmpty()) { jsonWriter.addChild("view", viewWriter -> writeUsersAndRoles(viewWriter, viewConfig.getUsers(), viewConfig.getRoles())); } AdminsConfig operationConfig = authorization.getOperationConfig(); if (!operationConfig.isEmpty()) { jsonWriter.addChild("operate", operateWriter -> writeUsersAndRoles(operateWriter, operationConfig.getUsers(), operationConfig.getRoles())); } AdminsConfig adminsConfig = authorization.getAdminsConfig(); if (!adminsConfig.isEmpty()) { jsonWriter.addChild("admins", adminsWriter -> writeUsersAndRoles(adminsWriter, adminsConfig.getUsers(), adminsConfig.getRoles())); } }
@Test public void shouldSetViewPermissionByDefaultIfNameIsPresentAndPermissionsAreOff_whileSettingAttributes() { PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1")); group.setConfigAttributes(m(BasicPipelineConfigs.AUTHORIZATION, a( m(Authorization.NAME, "user1", Authorization.TYPE, USER.toString(), Authorization.PRIVILEGES, privileges(OFF, OFF, OFF)), m(Authorization.NAME, "role1", Authorization.TYPE, ROLE.toString(), Authorization.PRIVILEGES, privileges(OFF, OFF, OFF))))); Authorization authorization = group.getAuthorization(); assertThat(authorization.getViewConfig().size(), is(2)); assertThat(authorization.getViewConfig(), hasItems(new AdminRole(new CaseInsensitiveString("role1")), new AdminUser(new CaseInsensitiveString("user1")))); assertThat(authorization.getOperationConfig().size(), is(0)); assertThat(authorization.getAdminsConfig().size(), is(0)); }
@Test public void shouldReturnAuthorizationMapForView() { Authorization authorization = new Authorization(); authorization.getAdminsConfig().add(new AdminRole(new CaseInsensitiveString("group_of_losers"))); authorization.getOperationConfig().addAll(a(new AdminUser(new CaseInsensitiveString("loser")), new AdminRole(new CaseInsensitiveString("group_of_losers")), new AdminRole( new CaseInsensitiveString("gang_of_boozers")))); authorization.getViewConfig().addAll(a(new AdminUser(new CaseInsensitiveString("boozer")), new AdminUser(new CaseInsensitiveString("loser")))); List<Authorization.PresentationElement> userAuthMap = authorization.getUserAuthorizations(); assertThat(userAuthMap.size(), is(2)); assetEntry(userAuthMap.get(0), "boozer", Authorization.PrivilegeState.OFF, Authorization.PrivilegeState.ON, Authorization.PrivilegeState.OFF, Authorization.UserType.USER); assetEntry(userAuthMap.get(1), "loser", Authorization.PrivilegeState.OFF, Authorization.PrivilegeState.ON, Authorization.PrivilegeState.ON, Authorization.UserType.USER); List<Authorization.PresentationElement> roleAuthMap = authorization.getRoleAuthorizations(); assertThat(roleAuthMap.size(), is(2)); assetEntry(roleAuthMap.get(0), "gang_of_boozers", Authorization.PrivilegeState.OFF, Authorization.PrivilegeState.OFF, Authorization.PrivilegeState.ON, Authorization.UserType.ROLE); assetEntry(roleAuthMap.get(1), "group_of_losers", Authorization.PrivilegeState.ON, Authorization.PrivilegeState.DISABLED, Authorization.PrivilegeState.DISABLED, Authorization.UserType.ROLE); }
@Test public void shouldReInitializeAuthorizationIfWeClearAllPermissions() { PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1")); group.setConfigAttributes(m(BasicPipelineConfigs.AUTHORIZATION, a( m(Authorization.NAME, "loser", Authorization.TYPE, USER.toString(), Authorization.PRIVILEGES, privileges(ON, DISABLED, DISABLED)), m(Authorization.NAME, "boozer", Authorization.TYPE, USER.toString(), Authorization.PRIVILEGES, privileges(OFF, ON, ON)), m(Authorization.NAME, "geezer", Authorization.TYPE, USER.toString(), Authorization.PRIVILEGES, privileges(DISABLED, OFF, ON)), m(Authorization.NAME, "gang_of_losers", Authorization.TYPE, ROLE.toString(), Authorization.PRIVILEGES, privileges(DISABLED, OFF, ON)), m(Authorization.NAME, "blinds", Authorization.TYPE, ROLE.toString(), Authorization.PRIVILEGES, privileges(ON, ON, OFF))))); Authorization authorization = group.getAuthorization(); assertThat(authorization.getAdminsConfig().size(), is(2)); assertThat(authorization.getOperationConfig().size(), is(2)); assertThat(authorization.getViewConfig().size(), is(3)); group.setConfigAttributes(m()); authorization = group.getAuthorization(); assertThat(authorization.getAdminsConfig().size(), is(0)); assertThat(authorization.getOperationConfig().size(), is(0)); assertThat(authorization.getViewConfig().size(), is(0)); }
@Test public void shouldIgnoreBlankUserOrRoleNames_whileSettingAttributes() { PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1")); group.setConfigAttributes(m(BasicPipelineConfigs.AUTHORIZATION, a( m(Authorization.NAME, "", Authorization.TYPE, USER.toString(), Authorization.PRIVILEGES, privileges(ON, DISABLED, DISABLED)), m(Authorization.NAME, null, Authorization.TYPE, USER.toString(), Authorization.PRIVILEGES, privileges(OFF, ON, ON)), m(Authorization.NAME, "geezer", Authorization.TYPE, USER.toString(), Authorization.PRIVILEGES, privileges(DISABLED, OFF, ON)), m(Authorization.NAME, "", Authorization.TYPE, ROLE.toString(), Authorization.PRIVILEGES, privileges(DISABLED, ON, ON)), m(Authorization.NAME, null, Authorization.TYPE, ROLE.toString(), Authorization.PRIVILEGES, privileges(ON, OFF, ON)), m(Authorization.NAME, "blinds", Authorization.TYPE, ROLE.toString(), Authorization.PRIVILEGES, privileges(ON, ON, OFF))))); Authorization authorization = group.getAuthorization(); assertThat(authorization.getAdminsConfig().size(), is(1)); assertThat(authorization.getAdminsConfig(), hasItem((Admin) new AdminRole(new CaseInsensitiveString("blinds")))); assertThat(authorization.getOperationConfig().size(), is(1)); assertThat(authorization.getOperationConfig(), hasItem((Admin) new AdminRole(new CaseInsensitiveString("blinds")))); assertThat(authorization.getViewConfig().size(), is(1)); assertThat(authorization.getViewConfig(), hasItem((Admin) new AdminUser(new CaseInsensitiveString("geezer")))); }
@Test public void shouldUpdateAuthorization() { PipelineTemplateConfig templateConfig = PipelineTemplateConfigMother.createTemplate("template-1"); templateConfig.setConfigAttributes(m(BasicPipelineConfigs.AUTHORIZATION, a( DataStructureUtils.m(Authorization.NAME, "loser", Authorization.TYPE, Authorization.UserType.USER.toString(), Authorization.PRIVILEGES, a(DataStructureUtils.m(Authorization.PrivilegeType.ADMIN.toString(), Authorization.PrivilegeState.ON.toString()))), DataStructureUtils.m(Authorization.NAME, "boozer", Authorization.TYPE, Authorization.UserType.USER.toString(), Authorization.PRIVILEGES, a(DataStructureUtils.m(Authorization.PrivilegeType.ADMIN.toString(), Authorization.PrivilegeState.ON.toString()))), DataStructureUtils.m(Authorization.NAME, "geezer", Authorization.TYPE, Authorization.UserType.USER.toString(), Authorization.PRIVILEGES, a(DataStructureUtils.m(Authorization.PrivilegeType.ADMIN.toString(), Authorization.PrivilegeState.ON.toString())))))); Authorization authorization = templateConfig.getAuthorization(); assertThat(authorization.getAdminsConfig().size(), Matchers.is(3)); assertThat(authorization.getAdminsConfig(), hasItem(new AdminUser(new CaseInsensitiveString("loser")))); assertThat(authorization.getAdminsConfig(), hasItem(new AdminUser(new CaseInsensitiveString("boozer")))); assertThat(authorization.getAdminsConfig(), hasItem(new AdminUser(new CaseInsensitiveString("geezer")))); assertThat(authorization.getOperationConfig().size(), Matchers.is(0)); assertThat(authorization.getViewConfig().size(), Matchers.is(0)); }
@Test public void shouldUpdateAuthorization() { PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1")); group.setConfigAttributes(m(BasicPipelineConfigs.AUTHORIZATION, a( m(Authorization.NAME, "loser", Authorization.TYPE, USER.toString(), Authorization.PRIVILEGES, privileges(ON, DISABLED, DISABLED)), m(Authorization.NAME, "boozer", Authorization.TYPE, USER.toString(), Authorization.PRIVILEGES, privileges(OFF, ON, ON)), m(Authorization.NAME, "geezer", Authorization.TYPE, USER.toString(), Authorization.PRIVILEGES, privileges(DISABLED, OFF, ON)), m(Authorization.NAME, "gang_of_losers", Authorization.TYPE, ROLE.toString(), Authorization.PRIVILEGES, privileges(DISABLED, OFF, ON)), m(Authorization.NAME, "blinds", Authorization.TYPE, ROLE.toString(), Authorization.PRIVILEGES, privileges(ON, ON, OFF))))); Authorization authorization = group.getAuthorization(); assertThat(authorization.getAdminsConfig().size(), is(2)); assertThat(authorization.getAdminsConfig(), hasItems(new AdminUser(new CaseInsensitiveString("loser")), new AdminRole(new CaseInsensitiveString("blinds")))); assertThat(authorization.getOperationConfig().size(), is(2)); assertThat(authorization.getOperationConfig(), hasItems(new AdminUser(new CaseInsensitiveString("boozer")), new AdminRole(new CaseInsensitiveString("blinds")))); assertThat(authorization.getViewConfig().size(), is(3)); assertThat(authorization.getViewConfig(), hasItems(new AdminUser(new CaseInsensitiveString("boozer")), new AdminUser(new CaseInsensitiveString("geezer")), new AdminRole( new CaseInsensitiveString("gang_of_losers")))); }
ViewConfig expectedViewConfig = new ViewConfig(new AdminUser(new CaseInsensitiveString("foo")), new AdminRole(new RoleConfig(new CaseInsensitiveString("role1"), new RoleUser("duck"), new RoleUser("jyoti")))); assertThat(cruiseConfig.getTemplateByName(new CaseInsensitiveString("template1")).getAuthorization().getViewConfig(), is(expectedViewConfig));