@Override public boolean isSecurityEnabled() { return server().isSecurityEnabled(); }
@Override public SecurityConfig getServerSecurityConfig() { return cruiseConfig.server().security(); }
@Override public String adminEmail() { return server().mailHost().getAdminMail(); }
private boolean hasAdminPrivileges(Admin admin) { return server().security().isAdmin(admin); }
@Override public boolean isGroupAdministrator(final CaseInsensitiveString userName) { final List<Role> roles = server().security().memberRoleFor(userName); FindPipelineGroupAdminstrator finder = new FindPipelineGroupAdminstrator(userName, roles); groups.accept(finder); return finder.isGroupAdmin; }
@Override public boolean isSmtpEnabled() { MailHost mailHost = server().mailHost(); return mailHost != null && !mailHost.equals(new MailHost(new GoCipher())); }
private List<Role> rolesForUser(CaseInsensitiveString username) { return server().security().getRoles().memberRoles(new AdminUser(username)); }
@Test public void shouldAllowSaveIfTokenGenerationKeyIsUnChanged() throws Exception { final BasicCruiseConfig cruiseConfig = GoConfigMother.defaultCruiseConfig(); tokenGenerationKeyImmutabilityValidator.validate(cruiseConfig); assertThat(tokenGenerationKeyImmutabilityValidator.getTokenGenerationKey(), is(cruiseConfig.server().getTokenGenerationKey())); cruiseConfig.server().useSecurity(new SecurityConfig()); tokenGenerationKeyImmutabilityValidator.validate(cruiseConfig); assertThat(tokenGenerationKeyImmutabilityValidator.getTokenGenerationKey(), is(cruiseConfig.server().getTokenGenerationKey())); } }
@Test public void shouldRememberTokenGenerationKeyOnStartup() throws Exception { final BasicCruiseConfig cruiseConfig = GoConfigMother.defaultCruiseConfig(); tokenGenerationKeyImmutabilityValidator.validate(cruiseConfig); assertThat(tokenGenerationKeyImmutabilityValidator.getTokenGenerationKey(), is(cruiseConfig.server().getTokenGenerationKey())); }
@Test public void shouldGetServerSecurityConfig() { BasicCruiseConfig cruiseConfig = GoConfigMother.configWithPipelines("p1"); GoConfigMother.enableSecurityWithPasswordFilePlugin(cruiseConfig); ValidationContext context = ConfigSaveValidationContext.forChain(cruiseConfig); assertThat(context.getServerSecurityConfig(), is(cruiseConfig.server().security())); }
@Test public void shouldGetAllGroupsForUserInAnAdminRole() { GoConfigMother goConfigMother = new GoConfigMother(); BasicCruiseConfig cruiseConfig = GoConfigMother.defaultCruiseConfig(); goConfigMother.addPipelineWithGroup(cruiseConfig, "group", "p1", "s1", "j1"); GoConfigMother.enableSecurityWithPasswordFilePlugin(cruiseConfig); Role role = goConfigMother.createRole("role1", "foo", "bar"); cruiseConfig.server().security().addRole(role); goConfigMother.addRoleAsSuperAdmin(cruiseConfig, "role1"); ArrayList<Role> roles = new ArrayList<>(); roles.add(role); List<String> groupsForUser = cruiseConfig.getGroupsForUser(new CaseInsensitiveString("foo"), roles); assertThat(groupsForUser, contains("group")); }
@Test public void shouldErrorOutIfTokenGenerationKeyIsChanged() throws Exception { final BasicCruiseConfig cruiseConfig = GoConfigMother.defaultCruiseConfig(); tokenGenerationKeyImmutabilityValidator.validate(cruiseConfig); assertThat(tokenGenerationKeyImmutabilityValidator.getTokenGenerationKey(), is(cruiseConfig.server().getTokenGenerationKey())); thrown.expect(RuntimeException.class); thrown.expectMessage("The value of 'tokenGenerationKey' cannot be modified while the server is online. If you really want to make this change, you may do so while the server is offline. Please note: updating 'tokenGenerationKey' will invalidate all registration tokens issued to the agents so far."); tokenGenerationKeyImmutabilityValidator.validate(GoConfigMother.defaultCruiseConfig()); }
@Test public void shouldGetSpecificGroupsForAUserInGroupAdminRole() { GoConfigMother goConfigMother = new GoConfigMother(); BasicCruiseConfig cruiseConfig = GoConfigMother.defaultCruiseConfig(); GoConfigMother.enableSecurityWithPasswordFilePlugin(cruiseConfig); GoConfigMother.addUserAsSuperAdmin(cruiseConfig, "superadmin"); goConfigMother.addPipelineWithGroup(cruiseConfig, "group1", "p1", "s1", "j1"); goConfigMother.addPipelineWithGroup(cruiseConfig, "group2", "p2", "s1", "j1"); goConfigMother.addPipelineWithGroup(cruiseConfig, "group3", "p3", "s1", "j1"); Role role = goConfigMother.createRole("role1", "foo", "bar"); cruiseConfig.server().security().addRole(role); goConfigMother.addAdminRoleForPipelineGroup(cruiseConfig, "role1", "group1"); goConfigMother.addAdminRoleForPipelineGroup(cruiseConfig, "role1", "group2"); ArrayList<Role> roles = new ArrayList<>(); roles.add(role); List<String> groupsForUser = cruiseConfig.getGroupsForUser(new CaseInsensitiveString("foo"), roles); assertThat(groupsForUser, not(contains("group3"))); assertThat(groupsForUser, containsInAnyOrder("group2", "group1")); }
@Test public void shouldGetServerSecurityContext() { BasicCruiseConfig cruiseConfig = new BasicCruiseConfig(); SecurityConfig securityConfig = new SecurityConfig(); securityConfig.addRole(new RoleConfig(new CaseInsensitiveString("admin"))); securityConfig.adminsConfig().add(new AdminUser(new CaseInsensitiveString("super-admin"))); cruiseConfig.server().useSecurity(securityConfig); PipelineConfigSaveValidationContext context = PipelineConfigSaveValidationContext.forChain(true, "group", cruiseConfig); Assert.assertThat(context.getServerSecurityConfig(), is(securityConfig)); }
@Test public void shouldValidateTree() { Approval approval = new Approval(new AuthConfig(new AdminRole(new CaseInsensitiveString("role")))); BasicCruiseConfig cruiseConfig = GoConfigMother.defaultCruiseConfig(); cruiseConfig.server().security().adminsConfig().addRole(new AdminRole(new CaseInsensitiveString("super-admin"))); PipelineConfig pipelineConfig = new PipelineConfig(new CaseInsensitiveString("p1"), new MaterialConfigs()); cruiseConfig.addPipeline("g1", pipelineConfig); assertThat(approval.validateTree(PipelineConfigSaveValidationContext.forChain(true, "g1", cruiseConfig, pipelineConfig)), is(false)); assertThat(approval.getAuthConfig().errors().isEmpty(), is(false)); }
@Test public void shouldValidateStagePermissionsOfATemplateStageInTheContextOfPipelineUsingTheTemplate() { StageConfig stageConfig = StageConfigMother.custom("stage", new JobConfigs(new JobConfig(new CaseInsensitiveString("defaultJob")))); stageConfig.setApproval(new Approval(new AuthConfig(new AdminUser(new CaseInsensitiveString("non-admin-non-operate"))))); PipelineTemplateConfig template = PipelineTemplateConfigMother.createTemplate("template", stageConfig); PipelineConfig pipelineConfig = PipelineConfigMother.pipelineConfigWithTemplate("pipeline", "template"); pipelineConfig.usingTemplate(template); BasicCruiseConfig cruiseConfig = GoConfigMother.defaultCruiseConfig(); cruiseConfig.addTemplate(template); cruiseConfig.addPipelineWithoutValidation("group", pipelineConfig); PipelineConfigs group = cruiseConfig.findGroup("group"); group.setAuthorization(new Authorization(new ViewConfig(), new OperationConfig(new AdminUser(new CaseInsensitiveString("foo"))), new AdminsConfig())); cruiseConfig.server().security().securityAuthConfigs().add(new SecurityAuthConfig()); cruiseConfig.server().security().adminsConfig().add(new AdminUser(new CaseInsensitiveString("super-admin"))); template.validateTree(ConfigSaveValidationContext.forChain(cruiseConfig), cruiseConfig, false); assertThat(template.errors().getAllOn("name"), is(Arrays.asList("User \"non-admin-non-operate\" who is not authorized to operate pipeline group `group` can not be authorized to approve stage"))); }