@Override public void update(CruiseConfig preprocessedConfig) { preprocessedConfig.server().security().addRole(role); }
public RolesConfig getRoles() { return goConfigService.serverConfig().security().getRoles(); }
private UpdateConfigCommand securityUpdater(final boolean shouldAllowAutoLogin) { return cruiseConfig -> { SecurityConfig securityConfig = cruiseConfig.server().security(); securityConfig.modifyAllowOnlyKnownUsers(!shouldAllowAutoLogin); return cruiseConfig; }; }
@Override public void onConfigChange(CruiseConfig newCruiseConfig) { List<PluginRoleConfig> pluginRolesAfterConfigUpdate = newCruiseConfig.server().security().getRoles().getPluginRoleConfigs(); pluginRoleUsersStore.removePluginRolesNotIn(pluginRolesAfterConfigUpdate); }
@Override public boolean isGroupAdministrator(final CaseInsensitiveString userName) { final List<Role> roles = server().security().memberRoleFor(userName); FindPipelineGroupAdminstrator finder = new FindPipelineGroupAdminstrator(userName, roles); groups.accept(finder); return finder.isGroupAdmin; }
@Override public boolean isValid(CruiseConfig preprocessedConfig) { preprocessedRole = preprocessedConfig.server().security().getRoles().findByNameAndType(role.getName(), role.getClass()); if (!preprocessedRole.validateTree(RolesConfigUpdateValidator.validationContextWithSecurityConfig(preprocessedConfig))) { BasicCruiseConfig.copyErrors(preprocessedRole, role); return false; } return true; }
@Override public boolean isValid(CruiseConfig preprocessedConfig) { preprocessedAdmin = preprocessedConfig.server().security().adminsConfig(); if (!preprocessedAdmin.validateTree(ConfigSaveValidationContext.forChain(preprocessedConfig))) { BasicCruiseConfig.copyErrors(preprocessedAdmin, admin); return false; } return true; }
private String pluginIdForRole(PluginRoleConfig role) { SecurityAuthConfig authConfig = goConfigService.cruiseConfig().server().security().securityAuthConfigs().find(role.getAuthConfigId()); if (authConfig == null) { return null; } return authConfig.getPluginId(); } }
@Override public boolean isValid(CruiseConfig preprocessedConfig) { preProcessedRolesConfig = preprocessedConfig.server().security().getRoles(); List<CaseInsensitiveString> roleNames = goCDRolesBulkUpdateRequest.getRolesToUpdate(); boolean isValid = new RolesConfigUpdateValidator(roleNames).isValid(preprocessedConfig); if (!isValid) { result.unprocessableEntity("Validations failed for bulk update of roles. Error(s): " + preprocessedConfig.getAllErrors()); } return isValid; }
private void addRole(Role role) { config.server().security().addRole(role); try { new MagicalGoConfigXmlWriter(new ConfigCache(), ConfigElementImplementationRegistryMother.withNoPlugins()).write(config, new ByteArrayOutputStream(), false); } catch (Exception e) { throw new RuntimeException(e); } }
public boolean hasOperatePermissionForGroup(final CaseInsensitiveString username, String groupName) { CruiseConfig cruiseConfig = goConfigService.getCurrentConfig(); if (!cruiseConfig.isSecurityEnabled()) { return true; } if (isUserAdmin(new Username(username))) { return true; } PipelineConfigs group = cruiseConfig.getGroups().findGroup(groupName); return isUserAdminOfGroup(username, group) || group.hasOperatePermission(username, new UserRoleMatcherImpl(cruiseConfig.server().security())); }
public boolean hasViewPermissionForGroup(String userName, String pipelineGroupName) { CruiseConfig cruiseConfig = goConfigService.getCurrentConfig(); if (!cruiseConfig.isSecurityEnabled()) { return true; } CaseInsensitiveString username = new CaseInsensitiveString(userName); if (isUserAdmin(new Username(username))) { return true; } PipelineConfigs group = cruiseConfig.getGroups().findGroup(pipelineGroupName); return isUserAdminOfGroup(username, group) || group.hasViewPermission(username, new UserRoleMatcherImpl(cruiseConfig.server().security())); }
@Test public void shouldGetServerSecurityConfig() { BasicCruiseConfig cruiseConfig = GoConfigMother.configWithPipelines("p1"); GoConfigMother.enableSecurityWithPasswordFilePlugin(cruiseConfig); ValidationContext context = ConfigSaveValidationContext.forChain(cruiseConfig); assertThat(context.getServerSecurityConfig(), is(cruiseConfig.server().security())); }
private CruiseConfig cruiseConfigWithSecurity(Role roleDefinition, Admin admins) { CruiseConfig cruiseConfig = GoConfigMother.configWithPipelines("pipeline"); SecurityConfig securityConfig = cruiseConfig.server().security(); securityConfig.securityAuthConfigs().add(new SecurityAuthConfig("file", "cd.go.authentication.passwordfile")); securityConfig.addRole(roleDefinition); securityConfig.adminsConfig().add(admins); return cruiseConfig; }
@Test public void shouldAllowRoleWithParamsForStageInTemplate() throws Exception { CruiseConfig cruiseConfig = new BasicCruiseConfig(); cruiseConfig.server().security().addRole(new RoleConfig(new CaseInsensitiveString("role"))); cruiseConfig.addTemplate(new PipelineTemplateConfig(new CaseInsensitiveString("template"), stageWithAuth("#{ROLE}"))); PipelineConfig pipelineConfig = new PipelineConfig(new CaseInsensitiveString("pipeline"), new MaterialConfigs()); pipelineConfig.setTemplateName(new CaseInsensitiveString("template")); pipelineConfig.addParam(new ParamConfig("ROLE", "role")); cruiseConfig.addPipeline("group", pipelineConfig); List<ConfigErrors> errorses = MagicalGoConfigXmlLoader.validate(cruiseConfig); assertThat(errorses.isEmpty(), is(true)); }
@Test public void shouldNotThrowExceptionIfRoleNameExistInPipelinesAuthorization() { AdminRole role = new AdminRole(new CaseInsensitiveString("role2")); PipelineConfigs pipelinesConfig = new BasicPipelineConfigs(new Authorization(new ViewConfig(role))); CruiseConfig config = new BasicCruiseConfig(pipelinesConfig); config.server().security().addRole(new RoleConfig(new CaseInsensitiveString("role2"))); role.validate(ConfigSaveValidationContext.forChain(config)); assertThat(role.errors().isEmpty(), is(true)); }
@Test public void shouldNotThrowExceptionIfRoleNameInPipelinesAuthorizationAdminSectionExists() { AdminRole role = new AdminRole(new CaseInsensitiveString("shilpaIsHere")); PipelineConfigs pipelineConfigs = new BasicPipelineConfigs(new Authorization(new AdminsConfig(role))); CruiseConfig config = new BasicCruiseConfig(pipelineConfigs); config.server().security().addRole(new RoleConfig(new CaseInsensitiveString("shilpaIsHere"))); role.validate(ConfigSaveValidationContext.forChain(config)); assertThat(role.errors().isEmpty(), is(true)); } }
@Test public void shouldValidateTree() { Approval approval = new Approval(new AuthConfig(new AdminRole(new CaseInsensitiveString("role")))); BasicCruiseConfig cruiseConfig = GoConfigMother.defaultCruiseConfig(); cruiseConfig.server().security().adminsConfig().addRole(new AdminRole(new CaseInsensitiveString("super-admin"))); PipelineConfig pipelineConfig = new PipelineConfig(new CaseInsensitiveString("p1"), new MaterialConfigs()); cruiseConfig.addPipeline("g1", pipelineConfig); assertThat(approval.validateTree(PipelineConfigSaveValidationContext.forChain(true, "g1", cruiseConfig, pipelineConfig)), is(false)); assertThat(approval.getAuthConfig().errors().isEmpty(), is(false)); }
@Test public void shouldNotThrowExceptionIfRoleNameExist() { AdminRole role = new AdminRole(new CaseInsensitiveString("role1")); StageConfig stage = StageConfigMother.custom("ft", new AuthConfig(role)); PipelineConfigs pipelineConfigs = new BasicPipelineConfigs(new PipelineConfig(new CaseInsensitiveString("pipeline"), new MaterialConfigs(), stage)); CruiseConfig config = new BasicCruiseConfig(pipelineConfigs); config.server().security().addRole(new RoleConfig(new CaseInsensitiveString("role1"))); role.validate(ConfigSaveValidationContext.forChain(config)); assertThat(role.errors().isEmpty(), is(true)); }
@Test public void shouldNotThrowExceptionIfNoRoleUsed() { StageConfig stage = new StageConfig(new CaseInsensitiveString("stage-foo"), new JobConfigs(new JobConfig(new CaseInsensitiveString("build-1"), new ResourceConfigs(), new ArtifactConfigs(), new Tasks(new ExecTask("ls", "-la", "work")) )) ); PipelineConfigs pipelinesConfig = new BasicPipelineConfigs("group", new Authorization(), new PipelineConfig(new CaseInsensitiveString("pipeline"), new MaterialConfigs(), stage)); CruiseConfig config = new BasicCruiseConfig(pipelinesConfig); config.server().security().addRole(new RoleConfig(new CaseInsensitiveString("role1"))); pipelinesConfig.validate(ConfigSaveValidationContext.forChain(config)); assertThat(pipelinesConfig.errors().isEmpty(), is(true)); }