public static Map<String, Collection<String>> rolesToUsers(SecurityConfig securityConfig) { Map<String, Collection<String>> rolesToUsers = new HashMap<>(); for (Role role : securityConfig.getRoles()) { if (role instanceof RoleConfig) { rolesToUsers.put(role.getName().toLower(), role.usersOfRole()); } } return rolesToUsers; }
public Collection<Role> allRoles(CruiseConfig cruiseConfig) { return cruiseConfig.server().security().getRoles(); }
public RolesConfig getRoles() { return goConfigService.serverConfig().security().getRoles(); }
private void addRoleUsers(List<CaseInsensitiveString> users, final CaseInsensitiveString roleName) { Role role = security().getRoles().findByName(roleName); if (role != null) { for (RoleUser roleUser : role.getUsers()) { users.add(roleUser.getName()); } } }
private void removeFromSecurity(CruiseConfig preprocessedConfig) { preprocessedConfig.server().security().getRoles().removeIfExists(role); }
private void removeFromServerRole(CruiseConfig preprocessedConfig, Role existingRole) { preprocessedConfig.server().security().getRoles().removeIfExists(existingRole); }
private PluginRoleConfig pluginRole(String roleName) { return goConfigService.security().getRoles().findPluginRoleByName(new CaseInsensitiveString(roleName)); }
public List<Role> rolesForUser(final CaseInsensitiveString user) { return security().getRoles().memberRoles(new AdminUser(user)); }
@Override public void onConfigChange(CruiseConfig newCruiseConfig) { List<PluginRoleConfig> pluginRolesAfterConfigUpdate = newCruiseConfig.server().security().getRoles().getPluginRoleConfigs(); pluginRoleUsersStore.removePluginRolesNotIn(pluginRolesAfterConfigUpdate); }
@Override public void update(CruiseConfig preprocessedConfig) { preprocessedConfig.server().security().getRoles().replace(findExistingRole(preprocessedConfig), role); }
private List<Role> rolesForUser(CaseInsensitiveString username) { return server().security().getRoles().memberRoles(new AdminUser(username)); }
final Role findExistingRole(CruiseConfig cruiseConfig) { return cruiseConfig.server().security().getRoles().findByName(role.getName()); }
public AdminAndRoleSelections getAdminAndRoleSelections(List<String> users) { final SecurityConfig securityConfig = goConfigService.security(); Set<Role> roles = new HashSet<>(securityConfig.getRoles().getRoleConfigs()); final List<TriStateSelection> roleSelections = TriStateSelection.forRoles(roles, users); final TriStateSelection adminSelection = TriStateSelection.forSystemAdmin(securityConfig.adminsConfig(), roles, new SecurityService.UserRoleMatcherImpl(securityConfig), users); return new AdminAndRoleSelections(adminSelection, roleSelections); }
@Override public boolean isValid(CruiseConfig preprocessedConfig) { preprocessedRole = preprocessedConfig.server().security().getRoles().findByNameAndType(role.getName(), role.getClass()); if (!preprocessedRole.validateTree(RolesConfigUpdateValidator.validationContextWithSecurityConfig(preprocessedConfig))) { BasicCruiseConfig.copyErrors(preprocessedRole, role); return false; } return true; }
@Override public boolean isValid(CruiseConfig preprocessedConfig) { boolean isValid = true; for (CaseInsensitiveString role : roles) { Role roleConfig = preprocessedConfig.server().security().getRoles().findByName(role); if (roleConfig == null) { isValid = false; } else { isValid = roleConfig.validateTree(validationContextWithSecurityConfig(preprocessedConfig)) && isValid; } } return isValid; }
@Override public boolean isValid(CruiseConfig preprocessedConfig) { preProcessedRolesConfig = preprocessedConfig.server().security().getRoles(); List<CaseInsensitiveString> roleNames = goCDRolesBulkUpdateRequest.getRolesToUpdate(); boolean isValid = new RolesConfigUpdateValidator(roleNames).isValid(preprocessedConfig); if (!isValid) { result.unprocessableEntity("Validations failed for bulk update of roles. Error(s): " + preprocessedConfig.getAllErrors()); } return isValid; }
public void validateUniquenessOfRoleName(Validator v) throws Exception { RoleConfig role = new RoleConfig(new CaseInsensitiveString("admin")); SecurityConfig securityConfig = new SecurityConfig(); ValidationContext validationContext = ValidationContextMother.validationContext(securityConfig); securityConfig.getRoles().add(new RoleConfig(new CaseInsensitiveString("admin"))); securityConfig.getRoles().add(role); v.validate(role, validationContext); assertThat(role.errors().size(), is(1)); assertThat(role.errors().get("name").get(0), is("Role names should be unique. Role with the same name exists.")); }
public void validateUniquenessOfRoleName(Validator v) throws Exception { PluginRoleConfig role = new PluginRoleConfig("admin", "auth_config_id"); SecurityConfig securityConfig = new SecurityConfig(); ValidationContext validationContext = ValidationContextMother.validationContext(securityConfig); securityConfig.securityAuthConfigs().add(new SecurityAuthConfig("auth_config_id", "plugin_id")); securityConfig.getRoles().add(new RoleConfig(new CaseInsensitiveString("admin"))); securityConfig.getRoles().add(role); v.validate(role, validationContext); assertThat(role.errors().size(), is(1)); assertThat(role.errors().get("name").get(0), is("Role names should be unique. Role with the same name exists.")); }
@Override public void update(CruiseConfig preprocessedConfig) throws Exception { RolesConfig rolesInConfig = preprocessedConfig.server().security().getRoles(); for (GoCDRolesBulkUpdateRequest.Operation operation : goCDRolesBulkUpdateRequest.getOperations()) { RoleConfig existingRole = rolesInConfig.findByNameAndType(new CaseInsensitiveString(operation.getRoleName()), RoleConfig.class); if (existingRole == null) { result.unprocessableEntity(resourceNotFound("Role", operation.getRoleName())); throw new NoSuchRoleException(operation.getRoleName()); } existingRole.addUsersWithName(operation.getUsersToAdd()); existingRole.removeUsersWithName(operation.getUsersToRemove()); } }
@Test public void shouldResolve_ConfigValue_MappedAsObject() { SecurityConfig securityConfig = new SecurityConfig(); securityConfig.adminsConfig().add(new AdminUser(new CaseInsensitiveString("lo#{foo}"))); securityConfig.addRole(new RoleConfig(new CaseInsensitiveString("boo#{bar}"), new RoleUser(new CaseInsensitiveString("choo#{foo}")))); new ParamResolver(new ParamSubstitutionHandlerFactory(params(param("foo", "ser"), param("bar", "zer"))), fieldCache).resolve(securityConfig); assertThat(CaseInsensitiveString.str(securityConfig.adminsConfig().get(0).getName()), is("loser")); assertThat(CaseInsensitiveString.str(securityConfig.getRoles().get(0).getName()), is("boozer")); assertThat(CaseInsensitiveString.str(securityConfig.getRoles().get(0).getUsers().get(0).getName()), is("chooser")); }