public void revokeAllRolesFor(String username) { final RoleUser roleUser = new RoleUser(username); synchronized (roleToUsersMappings) { Set<PluginRoleConfig> pluginRoles = new HashSet<>(roleToUsersMappings.keySet()); for (PluginRoleConfig pluginRole : pluginRoles) { roleToUsersMappings.get(pluginRole).remove(roleUser); } } }
public static RoleConfig fromJSON(JsonReader jsonReader) { RoleConfig model = new RoleConfig(); if (jsonReader == null) { return model; } jsonReader.readArrayIfPresent("users", users -> { users.forEach(user -> model.addUser(new RoleUser(user.getAsString()))); }); return model; }
public static RoleConfig fromJSON(JsonReader jsonReader) { RoleConfig model = new RoleConfig(); if (jsonReader == null) { return model; } jsonReader.readArrayIfPresent("users", users -> { users.forEach(user -> model.addUser(new RoleUser(user.getAsString()))); }); return model; }
private RoleUser[] toRoleUsers(String[] users) { RoleUser[] roleUsers = new RoleUser[users.length]; for (int i = 0; i < users.length; i++) { roleUsers[i] = new RoleUser(new CaseInsensitiveString(users[i])); } return roleUsers; }
@Test public void shouldGiveAListOfAllRolesAUserBelongsTo() { Role firstRole = new RoleConfig(new CaseInsensitiveString("role1"), new RoleUser(new CaseInsensitiveString("USER1")), new RoleUser(new CaseInsensitiveString("user2"))); Role secondRole = new RoleConfig(new CaseInsensitiveString("role2"), new RoleUser(new CaseInsensitiveString("user1")), new RoleUser(new CaseInsensitiveString("user3"))); Role thirdRole = new RoleConfig(new CaseInsensitiveString("role3"), new RoleUser(new CaseInsensitiveString("user2")), new RoleUser(new CaseInsensitiveString("user3"))); RolesConfig rolesConfig = new RolesConfig(firstRole, secondRole, thirdRole); assertThat(rolesConfig.memberRoles(new AdminUser(new CaseInsensitiveString("user1"))), is(asList(firstRole, secondRole))); }
@Test public void shouldListItselfWhenARoleExists() { Role firstRole = new RoleConfig(new CaseInsensitiveString("role1"), new RoleUser(new CaseInsensitiveString("USER1")), new RoleUser(new CaseInsensitiveString("user2"))); Role secondRole = new RoleConfig(new CaseInsensitiveString("ROLE2"), new RoleUser(new CaseInsensitiveString("user1")), new RoleUser(new CaseInsensitiveString("user3"))); RolesConfig rolesConfig = new RolesConfig(firstRole, secondRole); assertThat(rolesConfig.memberRoles(new AdminRole(new CaseInsensitiveString("role1"))), is(asList(firstRole))); assertThat(rolesConfig.memberRoles(new AdminRole(new CaseInsensitiveString("role2"))), is(asList(secondRole))); }
@Test public void shouldThrowExceptionIfRoleDoesNotExist() { RolesConfig rolesConfig = new RolesConfig(new RoleConfig(new CaseInsensitiveString("role1"), new RoleUser(new CaseInsensitiveString("user1")))); try { rolesConfig.isUserMemberOfRole(new CaseInsensitiveString("anyone"), new CaseInsensitiveString("invalid-role-name")); } catch (Exception e) { assertThat(e.getMessage(), is("Role \"invalid-role-name\" does not exist!")); } }
@Test public void shouldSayThatAViewUserWithinARole_HasAdminOrViewPermissions() { CaseInsensitiveString viewUser = new CaseInsensitiveString("view"); RoleConfig role = new RoleConfig(new CaseInsensitiveString("role1"), new RoleUser(viewUser)); List<Role> roles = new ArrayList<>(); roles.add(role); Authorization authorization = new Authorization(new ViewConfig(new AdminRole(role))); assertThat(authorization.hasAdminOrViewPermissions(viewUser, roles), is(true)); }
@Test public void shouldSayThatAnAdminWithinARole_HasAdminOrViewPermissions() { CaseInsensitiveString adminUser = new CaseInsensitiveString("admin"); RoleConfig role = new RoleConfig(new CaseInsensitiveString("role1"), new RoleUser(adminUser)); List<Role> roles = new ArrayList<>(); roles.add(role); Authorization authorization = new Authorization(new AdminsConfig(new AdminRole(role))); assertThat(authorization.hasAdminOrViewPermissions(adminUser, roles), is(true)); }
@Test public void assignRole_ShouldAssignPluginRoleToAnUser() throws Exception { assertThat(pluginRoleUsersStore.pluginRoles(), hasSize(0)); PluginRoleConfig pluginRoleConfig = new PluginRoleConfig("spacetiger", "ldap"); pluginRoleUsersStore.assignRole("wing-commander", pluginRoleConfig); assertThat(pluginRoleUsersStore.pluginRoles(), hasSize(1)); assertThat(pluginRoleUsersStore.usersInRole(pluginRoleConfig), hasItem(new RoleUser("wing-commander"))); }
@Test public void shouldReturnTrueIfUserIsMemberOfRole() { RolesConfig rolesConfig = new RolesConfig(new RoleConfig(new CaseInsensitiveString("role1"), new RoleUser(new CaseInsensitiveString("user1")))); assertThat("shouldReturnTrueIfUserIsMemberOfRole", rolesConfig.isUserMemberOfRole(new CaseInsensitiveString("user1"), new CaseInsensitiveString("role1")), is(true)); }
@Test public void shouldReturnFalseIfUserIsNotMemberOfRole() { RolesConfig rolesConfig = new RolesConfig(new RoleConfig(new CaseInsensitiveString("role1"), new RoleUser(new CaseInsensitiveString("user1")))); assertThat("shouldReturnFalseIfUserIsNotMemberOfRole", rolesConfig.isUserMemberOfRole(new CaseInsensitiveString("user2"), new CaseInsensitiveString("role1")), is(false)); }
@Test public void removePluginRole_ShouldRemovePluginRoleFromStore() throws Exception { PluginRoleConfig pluginRoleConfig = new PluginRoleConfig("spacetiger", "ldap"); pluginRoleUsersStore.assignRole("wing-commander", pluginRoleConfig); assertThat(pluginRoleUsersStore.pluginRoles(), hasSize(1)); assertThat(pluginRoleUsersStore.usersInRole(pluginRoleConfig), hasItem(new RoleUser("wing-commander"))); pluginRoleUsersStore.remove(pluginRoleConfig); assertThat(pluginRoleUsersStore.pluginRoles(), hasSize(0)); }
@Test public void shouldReturnFalseForNonAdminNonViewUserWithinARole() { CaseInsensitiveString viewUser = new CaseInsensitiveString("view"); RoleConfig role = new RoleConfig(new CaseInsensitiveString("role1"), new RoleUser(viewUser)); List<Role> roles = new ArrayList<>(); roles.add(role); Authorization authorization = new Authorization(new ViewConfig(new AdminUser(new CaseInsensitiveString("other-user")))); assertThat(authorization.hasAdminOrViewPermissions(viewUser, roles), is(false)); }
@Test public void validate_shouldAllowUserWhoseRoleHasOperatePermission() throws Exception { CruiseConfig cruiseConfig = cruiseConfigWithSecurity( new RoleConfig(new CaseInsensitiveString("role"), new RoleUser(new CaseInsensitiveString("first")), new RoleUser(new CaseInsensitiveString("second"))), new AdminUser( new CaseInsensitiveString("admin"))); PipelineConfigs group = addUserAndRoleToDefaultGroup(cruiseConfig, "user", "role"); PipelineConfig pipeline = cruiseConfig.find(DEFAULT_GROUP, 0); StageConfig stage = pipeline.get(0); StageConfigMother.addApprovalWithUsers(stage, "first"); Approval approval = stage.getApproval(); approval.validate(ConfigSaveValidationContext.forChain(cruiseConfig, group, pipeline, stage)); assertNoErrors(approval.getAuthConfig().getUsers().get(0)); }
@Test public void validate_shouldNotTryAndValidateWhenWithinTemplate() throws Exception { CruiseConfig cruiseConfig = cruiseConfigWithSecurity( new RoleConfig(new CaseInsensitiveString("role"), new RoleUser(new CaseInsensitiveString("first")), new RoleUser(new CaseInsensitiveString("second"))), new AdminUser( new CaseInsensitiveString("admin"))); PipelineConfigs group = addUserAndRoleToDefaultGroup(cruiseConfig, "user", "role"); PipelineConfig pipeline = cruiseConfig.find(DEFAULT_GROUP, 0); StageConfig stage = pipeline.get(0); StageConfigMother.addApprovalWithUsers(stage, "not-present"); Approval approval = stage.getApproval(); approval.validate(ConfigSaveValidationContext.forChain(cruiseConfig, new TemplatesConfig(), stage)); assertNoErrors(approval.getAuthConfig().getUsers().get(0)); }
public static SecurityConfig securityConfigWithRole(SecurityConfig securityConfig, String roleName, String... users) { RoleConfig role = new RoleConfig(new CaseInsensitiveString(roleName)); for (String user : users) { role.addUser(new RoleUser(new CaseInsensitiveString(user))); } securityConfig.addRole(role); return securityConfig; } }
@Test public void shouldResolve_ConfigValue_MappedAsObject() { SecurityConfig securityConfig = new SecurityConfig(); securityConfig.adminsConfig().add(new AdminUser(new CaseInsensitiveString("lo#{foo}"))); securityConfig.addRole(new RoleConfig(new CaseInsensitiveString("boo#{bar}"), new RoleUser(new CaseInsensitiveString("choo#{foo}")))); new ParamResolver(new ParamSubstitutionHandlerFactory(params(param("foo", "ser"), param("bar", "zer"))), fieldCache).resolve(securityConfig); assertThat(CaseInsensitiveString.str(securityConfig.adminsConfig().get(0).getName()), is("loser")); assertThat(CaseInsensitiveString.str(securityConfig.getRoles().get(0).getName()), is("boozer")); assertThat(CaseInsensitiveString.str(securityConfig.getRoles().get(0).getUsers().get(0).getName()), is("chooser")); }
@Test public void shouldValidateRoleNamesInTemplateViewAuthorization() { BasicCruiseConfig cruiseConfig = GoConfigMother.defaultCruiseConfig(); ServerConfig serverConfig = new ServerConfig(new SecurityConfig(new AdminsConfig(new AdminUser(new CaseInsensitiveString("admin")))), null); cruiseConfig.setServerConfig(serverConfig); GoConfigMother.enableSecurityWithPasswordFilePlugin(cruiseConfig); RoleConfig roleConfig = new RoleConfig(new CaseInsensitiveString("non-existent-role"), new RoleUser("non-existent-user")); PipelineTemplateConfig template = new PipelineTemplateConfig(new CaseInsensitiveString("template"), new Authorization(new ViewConfig(new AdminRole(roleConfig))), StageConfigMother.manualStage("stage2"), StageConfigMother.manualStage("stage")); template.validate(ConfigSaveValidationContext.forChain(cruiseConfig)); assertThat(template.getAllErrors().get(0).getAllOn("name"), is(Arrays.asList("Role \"non-existent-role\" does not exist."))); }
@Test public void shouldValidateRoleNamesInTemplateAdminAuthorization() { BasicCruiseConfig cruiseConfig = GoConfigMother.defaultCruiseConfig(); ServerConfig serverConfig = new ServerConfig(new SecurityConfig(new AdminsConfig(new AdminUser(new CaseInsensitiveString("admin")))), null); cruiseConfig.setServerConfig(serverConfig); GoConfigMother.enableSecurityWithPasswordFilePlugin(cruiseConfig); RoleConfig roleConfig = new RoleConfig(new CaseInsensitiveString("non-existent-role"), new RoleUser("non-existent-user")); PipelineTemplateConfig template = new PipelineTemplateConfig(new CaseInsensitiveString("template"), new Authorization(new AdminsConfig(new AdminRole(roleConfig))), StageConfigMother.manualStage("stage2"), StageConfigMother.manualStage("stage")); template.validate(ConfigSaveValidationContext.forChain(cruiseConfig)); assertThat(template.getAllErrors().get(0).getAllOn("name"), is(Arrays.asList("Role \"non-existent-role\" does not exist."))); }