protected SecurityAuthConfigs getPluginProfiles() { return goConfigService.security().securityAuthConfigs(); }
@Override protected List<SecurityAuthConfig> getSecurityAuthConfigsToAuthenticateWith(String pluginId) { return goConfigService.security().securityAuthConfigs(); }
@Override protected List<SecurityAuthConfig> getSecurityAuthConfigsToAuthenticateWith(String pluginId) { return goConfigService.security().securityAuthConfigs().findByPluginId(pluginId); }
@Override protected SecurityAuthConfigs getPluginProfiles(CruiseConfig preprocessedConfig) { return preprocessedConfig.server().security().securityAuthConfigs(); }
private List<SecurityAuthConfig> getAuthConfigs(String pluginId) { return goConfigService.security().securityAuthConfigs().findByPluginId(pluginId); }
private List<com.thoughtworks.go.plugin.access.authorization.models.User> getUsersConfiguredViaPlugin(String pluginId, String searchTerm) { List<com.thoughtworks.go.plugin.access.authorization.models.User> users = new ArrayList<>(); if (authorizationExtension.canHandlePlugin(pluginId)) { List<SecurityAuthConfig> authConfigs = goConfigService.security().securityAuthConfigs().findByPluginId(pluginId); users.addAll(authorizationExtension.searchUsers(pluginId, searchTerm, authConfigs)); } return users; }
private LinkedHashMap<String, Object> securityInformation() { final LinkedHashMap<String, Object> security = new LinkedHashMap<>(); final ArrayList<Map<String, Object>> pluginsConfigured = new ArrayList<>(); security.put("Plugins", pluginsConfigured); if (goConfigService.security().securityAuthConfigs().isEmpty()) { security.put("Enabled", false); return security; } security.put("Enabled", true); for (AuthorizationPluginInfo pluginInfo : authorizationMetadataStore.allPluginInfos()) { final String pluginName = pluginInfo.getDescriptor().about().name(); final boolean hashAuthConfig = !goConfigService.security().securityAuthConfigs().findByPluginId(pluginInfo.getDescriptor().id()).isEmpty(); pluginsConfigured.add(singletonMap(pluginName, hashAuthConfig)); } return security; }
@Override public void validate(ValidationContext validationContext) { Role.super.validate(validationContext); if (!new NameTypeValidator().isNameValid(authConfigId)) { configErrors.add("authConfigId", NameTypeValidator.errorMessage("plugin role authConfigId", authConfigId)); } if (isNotBlank(authConfigId)) { SecurityAuthConfig securityAuthConfig = validationContext.getServerSecurityConfig().securityAuthConfigs().find(authConfigId); if (securityAuthConfig == null) { addError("authConfigId", String.format("No such security auth configuration present for id: `%s`", getAuthConfigId())); } } }
private String pluginIdForRole(PluginRoleConfig role) { SecurityAuthConfig authConfig = goConfigService.cruiseConfig().server().security().securityAuthConfigs().find(role.getAuthConfigId()); if (authConfig == null) { return null; } return authConfig.getPluginId(); } }
public static SecurityConfig security(SecurityAuthConfig securityAuthConfig, AdminsConfig admins) { final SecurityConfig security = new SecurityConfig(admins); if (securityAuthConfig != null) { security.securityAuthConfigs().add(securityAuthConfig); } for (Role role : DEFAULT_ROLES) { security.addRole(role); } return security; }
public static SecurityConfig securityConfigWith(String passwordFilePath) { final SecurityConfig securityConfig = new SecurityConfig(true); final SecurityAuthConfig passwordFile = new SecurityAuthConfig("file", "cd.go.authentication.passwordfile", create("PasswordFilePath", false, passwordFilePath)); securityConfig.securityAuthConfigs().add(passwordFile); return securityConfig; }
public static void enableSecurityWithPasswordFilePlugin(CruiseConfig cruiseConfig) { cruiseConfig.server().security().securityAuthConfigs().add(new SecurityAuthConfig("file", "cd.go.authentication.passwordfile")); }
private void validatePresenceOfRoleName(Validator v) { PluginRoleConfig role = new PluginRoleConfig("", "auth_config_id"); SecurityConfig securityConfig = new SecurityConfig(); securityConfig.securityAuthConfigs().add(new SecurityAuthConfig("auth_config_id", "plugin_id")); v.validate(role, ValidationContextMother.validationContext(securityConfig)); assertTrue(role.hasErrors()); assertThat(role.errors().size(), is(1)); assertThat(role.errors().get("name").get(0), is("Invalid role name name ''. This must be alphanumeric and can" + " contain underscores and periods (however, it cannot start with a period). The maximum allowed length is 255 characters.")); }
private void validateNullRoleName(Validator v) { PluginRoleConfig role = new PluginRoleConfig("", "auth_config_id"); role.setName(null); SecurityConfig securityConfig = new SecurityConfig(); securityConfig.securityAuthConfigs().add(new SecurityAuthConfig("auth_config_id", "plugin_id")); v.validate(role, ValidationContextMother.validationContext(securityConfig)); assertTrue(role.hasErrors()); assertThat(role.errors().size(), is(1)); assertThat(role.errors().get("name").get(0), is("Invalid role name name 'null'. This must be alphanumeric and can" + " contain underscores and periods (however, it cannot start with a period). The maximum allowed length is 255 characters.")); }
@Test public void shouldGetPluginRolesWhichBelogsToSpecifiedPlugin() throws Exception { SecurityConfig securityConfig = new SecurityConfig(); securityConfig.addRole(new PluginRoleConfig("foo", "ldap")); securityConfig.addRole(new PluginRoleConfig("bar", "github")); securityConfig.addRole(new RoleConfig(new CaseInsensitiveString("xyz"))); securityConfig.securityAuthConfigs().add(new SecurityAuthConfig("ldap", "cd.go.ldap")); securityConfig.securityAuthConfigs().add(new SecurityAuthConfig("github", "cd.go.github")); List<PluginRoleConfig> pluginRolesConfig = securityConfig.getPluginRoles("cd.go.ldap"); assertThat(pluginRolesConfig, hasSize(1)); assertThat(pluginRolesConfig, contains(new PluginRoleConfig("foo", "ldap"))); }
@Test public void getPluginRolesConfig_shouldReturnNothingWhenBadPluginIdSpecified() throws Exception { SecurityConfig securityConfig = new SecurityConfig(); securityConfig.addRole(new PluginRoleConfig("foo", "ldap")); securityConfig.addRole(new PluginRoleConfig("bar", "github")); securityConfig.addRole(new RoleConfig(new CaseInsensitiveString("xyz"))); securityConfig.securityAuthConfigs().add(new SecurityAuthConfig("ldap", "cd.go.ldap")); securityConfig.securityAuthConfigs().add(new SecurityAuthConfig("github", "cd.go.github")); List<PluginRoleConfig> pluginRolesConfig = securityConfig.getPluginRoles("non-existant-plugin"); assertThat(pluginRolesConfig, hasSize(0)); }
private CruiseConfig cruiseConfigWithSecurity(Role roleDefinition, Admin admins) { CruiseConfig cruiseConfig = GoConfigMother.configWithPipelines("pipeline"); SecurityConfig securityConfig = cruiseConfig.server().security(); securityConfig.securityAuthConfigs().add(new SecurityAuthConfig("file", "cd.go.authentication.passwordfile")); securityConfig.addRole(roleDefinition); securityConfig.adminsConfig().add(admins); return cruiseConfig; }
public void validateUniquenessOfRoleName(Validator v) throws Exception { PluginRoleConfig role = new PluginRoleConfig("admin", "auth_config_id"); SecurityConfig securityConfig = new SecurityConfig(); ValidationContext validationContext = ValidationContextMother.validationContext(securityConfig); securityConfig.securityAuthConfigs().add(new SecurityAuthConfig("auth_config_id", "plugin_id")); securityConfig.getRoles().add(new RoleConfig(new CaseInsensitiveString("admin"))); securityConfig.getRoles().add(role); v.validate(role, validationContext); assertThat(role.errors().size(), is(1)); assertThat(role.errors().get("name").get(0), is("Role names should be unique. Role with the same name exists.")); }
@Test public void hasErrors_shouldBeTrueIfRoleHasErrors() throws Exception { Role role = new PluginRoleConfig("", "auth_config_id"); SecurityConfig securityConfig = new SecurityConfig(); securityConfig.securityAuthConfigs().add(new SecurityAuthConfig("auth_config_id", "plugin_id")); role.validate(ValidationContextMother.validationContext(securityConfig)); assertTrue(role.hasErrors()); }
@Test public void shouldValidateStagePermissionsOfATemplateStageInTheContextOfPipelineUsingTheTemplate() { StageConfig stageConfig = StageConfigMother.custom("stage", new JobConfigs(new JobConfig(new CaseInsensitiveString("defaultJob")))); stageConfig.setApproval(new Approval(new AuthConfig(new AdminUser(new CaseInsensitiveString("non-admin-non-operate"))))); PipelineTemplateConfig template = PipelineTemplateConfigMother.createTemplate("template", stageConfig); PipelineConfig pipelineConfig = PipelineConfigMother.pipelineConfigWithTemplate("pipeline", "template"); pipelineConfig.usingTemplate(template); BasicCruiseConfig cruiseConfig = GoConfigMother.defaultCruiseConfig(); cruiseConfig.addTemplate(template); cruiseConfig.addPipelineWithoutValidation("group", pipelineConfig); PipelineConfigs group = cruiseConfig.findGroup("group"); group.setAuthorization(new Authorization(new ViewConfig(), new OperationConfig(new AdminUser(new CaseInsensitiveString("foo"))), new AdminsConfig())); cruiseConfig.server().security().securityAuthConfigs().add(new SecurityAuthConfig()); cruiseConfig.server().security().adminsConfig().add(new AdminUser(new CaseInsensitiveString("super-admin"))); template.validateTree(ConfigSaveValidationContext.forChain(cruiseConfig), cruiseConfig, false); assertThat(template.errors().getAllOn("name"), is(Arrays.asList("User \"non-admin-non-operate\" who is not authorized to operate pipeline group `group` can not be authorized to approve stage"))); }