@Override public void update(CruiseConfig preprocessedConfig) { preprocessedConfig.server().security().addRole(role); }
public void addRole(CruiseConfig cruiseConfig, Role role) { cruiseConfig.server().security().addRole(role); }
public static SecurityConfig security(SecurityAuthConfig securityAuthConfig, AdminsConfig admins) { final SecurityConfig security = new SecurityConfig(admins); if (securityAuthConfig != null) { security.securityAuthConfigs().add(securityAuthConfig); } for (Role role : DEFAULT_ROLES) { security.addRole(role); } return security; }
private void addRole(Role role) { config.server().security().addRole(role); try { new MagicalGoConfigXmlWriter(new ConfigCache(), ConfigElementImplementationRegistryMother.withNoPlugins()).write(config, new ByteArrayOutputStream(), false); } catch (Exception e) { throw new RuntimeException(e); } }
@Test public void getPluginRole_shouldReturnPluginRoleMatchingTheGivenName() throws Exception { PluginRoleConfig role = new PluginRoleConfig("foo", "ldap"); SecurityConfig securityConfig = new SecurityConfig(); securityConfig.addRole(role); assertThat(securityConfig.getPluginRole(new CaseInsensitiveString("FOO")), is(role)); }
@Test public void getPluginRolesConfig_shouldReturnNothingWhenBadPluginIdSpecified() throws Exception { SecurityConfig securityConfig = new SecurityConfig(); securityConfig.addRole(new PluginRoleConfig("foo", "ldap")); securityConfig.addRole(new PluginRoleConfig("bar", "github")); securityConfig.addRole(new RoleConfig(new CaseInsensitiveString("xyz"))); securityConfig.securityAuthConfigs().add(new SecurityAuthConfig("ldap", "cd.go.ldap")); securityConfig.securityAuthConfigs().add(new SecurityAuthConfig("github", "cd.go.github")); List<PluginRoleConfig> pluginRolesConfig = securityConfig.getPluginRoles("non-existant-plugin"); assertThat(pluginRolesConfig, hasSize(0)); }
@Test public void shouldGetPluginRolesWhichBelogsToSpecifiedPlugin() throws Exception { SecurityConfig securityConfig = new SecurityConfig(); securityConfig.addRole(new PluginRoleConfig("foo", "ldap")); securityConfig.addRole(new PluginRoleConfig("bar", "github")); securityConfig.addRole(new RoleConfig(new CaseInsensitiveString("xyz"))); securityConfig.securityAuthConfigs().add(new SecurityAuthConfig("ldap", "cd.go.ldap")); securityConfig.securityAuthConfigs().add(new SecurityAuthConfig("github", "cd.go.github")); List<PluginRoleConfig> pluginRolesConfig = securityConfig.getPluginRoles("cd.go.ldap"); assertThat(pluginRolesConfig, hasSize(1)); assertThat(pluginRolesConfig, contains(new PluginRoleConfig("foo", "ldap"))); }
@Test public void shouldGetAllGroupsForUserInAnAdminRole() { GoConfigMother goConfigMother = new GoConfigMother(); BasicCruiseConfig cruiseConfig = GoConfigMother.defaultCruiseConfig(); goConfigMother.addPipelineWithGroup(cruiseConfig, "group", "p1", "s1", "j1"); GoConfigMother.enableSecurityWithPasswordFilePlugin(cruiseConfig); Role role = goConfigMother.createRole("role1", "foo", "bar"); cruiseConfig.server().security().addRole(role); goConfigMother.addRoleAsSuperAdmin(cruiseConfig, "role1"); ArrayList<Role> roles = new ArrayList<>(); roles.add(role); List<String> groupsForUser = cruiseConfig.getGroupsForUser(new CaseInsensitiveString("foo"), roles); assertThat(groupsForUser, contains("group")); }
@Test public void shouldGetSpecificGroupsForAUserInGroupAdminRole() { GoConfigMother goConfigMother = new GoConfigMother(); BasicCruiseConfig cruiseConfig = GoConfigMother.defaultCruiseConfig(); GoConfigMother.enableSecurityWithPasswordFilePlugin(cruiseConfig); GoConfigMother.addUserAsSuperAdmin(cruiseConfig, "superadmin"); goConfigMother.addPipelineWithGroup(cruiseConfig, "group1", "p1", "s1", "j1"); goConfigMother.addPipelineWithGroup(cruiseConfig, "group2", "p2", "s1", "j1"); goConfigMother.addPipelineWithGroup(cruiseConfig, "group3", "p3", "s1", "j1"); Role role = goConfigMother.createRole("role1", "foo", "bar"); cruiseConfig.server().security().addRole(role); goConfigMother.addAdminRoleForPipelineGroup(cruiseConfig, "role1", "group1"); goConfigMother.addAdminRoleForPipelineGroup(cruiseConfig, "role1", "group2"); ArrayList<Role> roles = new ArrayList<>(); roles.add(role); List<String> groupsForUser = cruiseConfig.getGroupsForUser(new CaseInsensitiveString("foo"), roles); assertThat(groupsForUser, not(contains("group3"))); assertThat(groupsForUser, containsInAnyOrder("group2", "group1")); }
public static SecurityConfig securityConfigWithRole(SecurityConfig securityConfig, String roleName, String... users) { RoleConfig role = new RoleConfig(new CaseInsensitiveString(roleName)); for (String user : users) { role.addUser(new RoleUser(new CaseInsensitiveString(user))); } securityConfig.addRole(role); return securityConfig; } }
private CruiseConfig cruiseConfigWithSecurity(Role roleDefinition, Admin admins) { CruiseConfig cruiseConfig = GoConfigMother.configWithPipelines("pipeline"); SecurityConfig securityConfig = cruiseConfig.server().security(); securityConfig.securityAuthConfigs().add(new SecurityAuthConfig("file", "cd.go.authentication.passwordfile")); securityConfig.addRole(roleDefinition); securityConfig.adminsConfig().add(admins); return cruiseConfig; }
@Test public void shouldGetServerSecurityContext() { BasicCruiseConfig cruiseConfig = new BasicCruiseConfig(); SecurityConfig securityConfig = new SecurityConfig(); securityConfig.addRole(new RoleConfig(new CaseInsensitiveString("admin"))); securityConfig.adminsConfig().add(new AdminUser(new CaseInsensitiveString("super-admin"))); cruiseConfig.server().useSecurity(securityConfig); PipelineConfigSaveValidationContext context = PipelineConfigSaveValidationContext.forChain(true, "group", cruiseConfig); Assert.assertThat(context.getServerSecurityConfig(), is(securityConfig)); }
@Test public void shouldAllowRoleWithParamsForStageInTemplate() throws Exception { CruiseConfig cruiseConfig = new BasicCruiseConfig(); cruiseConfig.server().security().addRole(new RoleConfig(new CaseInsensitiveString("role"))); cruiseConfig.addTemplate(new PipelineTemplateConfig(new CaseInsensitiveString("template"), stageWithAuth("#{ROLE}"))); PipelineConfig pipelineConfig = new PipelineConfig(new CaseInsensitiveString("pipeline"), new MaterialConfigs()); pipelineConfig.setTemplateName(new CaseInsensitiveString("template")); pipelineConfig.addParam(new ParamConfig("ROLE", "role")); cruiseConfig.addPipeline("group", pipelineConfig); List<ConfigErrors> errorses = MagicalGoConfigXmlLoader.validate(cruiseConfig); assertThat(errorses.isEmpty(), is(true)); }
@Test public void shouldResolve_ConfigValue_MappedAsObject() { SecurityConfig securityConfig = new SecurityConfig(); securityConfig.adminsConfig().add(new AdminUser(new CaseInsensitiveString("lo#{foo}"))); securityConfig.addRole(new RoleConfig(new CaseInsensitiveString("boo#{bar}"), new RoleUser(new CaseInsensitiveString("choo#{foo}")))); new ParamResolver(new ParamSubstitutionHandlerFactory(params(param("foo", "ser"), param("bar", "zer"))), fieldCache).resolve(securityConfig); assertThat(CaseInsensitiveString.str(securityConfig.adminsConfig().get(0).getName()), is("loser")); assertThat(CaseInsensitiveString.str(securityConfig.getRoles().get(0).getName()), is("boozer")); assertThat(CaseInsensitiveString.str(securityConfig.getRoles().get(0).getUsers().get(0).getName()), is("chooser")); }
@Test public void shouldNotThrowExceptionIfRoleNameExistInPipelinesAuthorization() { AdminRole role = new AdminRole(new CaseInsensitiveString("role2")); PipelineConfigs pipelinesConfig = new BasicPipelineConfigs(new Authorization(new ViewConfig(role))); CruiseConfig config = new BasicCruiseConfig(pipelinesConfig); config.server().security().addRole(new RoleConfig(new CaseInsensitiveString("role2"))); role.validate(ConfigSaveValidationContext.forChain(config)); assertThat(role.errors().isEmpty(), is(true)); }
@Test public void shouldNotThrowExceptionIfRoleNameInPipelinesAuthorizationAdminSectionExists() { AdminRole role = new AdminRole(new CaseInsensitiveString("shilpaIsHere")); PipelineConfigs pipelineConfigs = new BasicPipelineConfigs(new Authorization(new AdminsConfig(role))); CruiseConfig config = new BasicCruiseConfig(pipelineConfigs); config.server().security().addRole(new RoleConfig(new CaseInsensitiveString("shilpaIsHere"))); role.validate(ConfigSaveValidationContext.forChain(config)); assertThat(role.errors().isEmpty(), is(true)); } }
@Test public void shouldNotThrowExceptionIfRoleNameExist() { AdminRole role = new AdminRole(new CaseInsensitiveString("role1")); StageConfig stage = StageConfigMother.custom("ft", new AuthConfig(role)); PipelineConfigs pipelineConfigs = new BasicPipelineConfigs(new PipelineConfig(new CaseInsensitiveString("pipeline"), new MaterialConfigs(), stage)); CruiseConfig config = new BasicCruiseConfig(pipelineConfigs); config.server().security().addRole(new RoleConfig(new CaseInsensitiveString("role1"))); role.validate(ConfigSaveValidationContext.forChain(config)); assertThat(role.errors().isEmpty(), is(true)); }
@Test public void shouldNotThrowExceptionIfNoRoleUsed() { StageConfig stage = new StageConfig(new CaseInsensitiveString("stage-foo"), new JobConfigs(new JobConfig(new CaseInsensitiveString("build-1"), new ResourceConfigs(), new ArtifactConfigs(), new Tasks(new ExecTask("ls", "-la", "work")) )) ); PipelineConfigs pipelinesConfig = new BasicPipelineConfigs("group", new Authorization(), new PipelineConfig(new CaseInsensitiveString("pipeline"), new MaterialConfigs(), stage)); CruiseConfig config = new BasicCruiseConfig(pipelinesConfig); config.server().security().addRole(new RoleConfig(new CaseInsensitiveString("role1"))); pipelinesConfig.validate(ConfigSaveValidationContext.forChain(config)); assertThat(pipelinesConfig.errors().isEmpty(), is(true)); }