public List<AdminRole> getOperateRoles() { return getApproval().getAuthConfig().getRoles(); }
public boolean isFirstStageManualApproval() { if (isEmpty()) { throw new IllegalStateException(format("Pipeline [%s] doesn't have any stage", name)); } return getFirstStageConfig().getApproval().isManual(); }
private AllowedUsers pipelineOperators(PipelineConfig pipeline, Set<String> admins, AllowedUsers groupLevelOperators, Map<String, Collection<String>> rolesToUsers) { if (!pipeline.first().hasOperatePermissionDefined()) { return groupLevelOperators; } Set<String> stageLevelApproversOfFirstStage = namesOf(pipeline.first().getApproval().getAuthConfig(), rolesToUsers); Set<PluginRoleConfig> stageLevelPluginRoleApproversOfFirstStage = pluginRolesFor(goConfigService.security(), pipeline.first().getApproval().getAuthConfig().getRoles()); Set<String> pipelineOperators = new HashSet<>(); pipelineOperators.addAll(admins); pipelineOperators.addAll(stageLevelApproversOfFirstStage); return new AllowedUsers(pipelineOperators, stageLevelPluginRoleApproversOfFirstStage); } }
private void validateStageApprovalAuthorization(StageConfig stageConfig, PipelineConfigSaveValidationContext contextForChildren) { Approval approval = stageConfig.getApproval(); if (!approval.validateTree(contextForChildren)) { for (ConfigErrors errors : approval.getAllErrors()) { this.errors().addAll(errors); } } }
@Test public void shouldSetApprovalFromConfigAttrs() throws Exception{ StageConfig config = new StageConfig(); config.setConfigAttributes(Collections.singletonMap(StageConfig.APPROVAL, Collections.singletonMap(Approval.TYPE, Approval.MANUAL))); assertThat(config.getApproval().getType(), is(Approval.MANUAL)); config.setConfigAttributes(new HashMap()); assertThat(config.getApproval().getType(), is(Approval.MANUAL)); config.setConfigAttributes(Collections.singletonMap(StageConfig.APPROVAL, Collections.singletonMap(Approval.TYPE, Approval.SUCCESS))); assertThat(config.getApproval().getType(), is(Approval.SUCCESS)); config.setConfigAttributes(new HashMap()); assertThat(config.getApproval().getType(), is(Approval.SUCCESS)); }
public static Pipeline schedule(PipelineConfig pipelineConfig, BuildCause cause) { String approvedBy = "cruise"; if (pipelineConfig.getFirstStageConfig().getApproval().isManual()) { approvedBy = "test"; } return createPipelineInstance(pipelineConfig, cause, approvedBy); }
GoAcl readAclBy(String pipelineName, String stageName) { PipelineConfig pipelineConfig = pipelineConfigNamed(new CaseInsensitiveString(pipelineName)); StageConfig stageConfig = pipelineConfig.findBy(new CaseInsensitiveString(stageName)); AdminsConfig adminsConfig = stageConfig.getApproval().getAuthConfig(); List<CaseInsensitiveString> users = getAuthorizedUsers(adminsConfig); return new GoAcl(users); }
@Test public void shouldAssignApprovalTypeOnFirstStageAsManualAndRestOfStagesAsUntouched() throws Exception { Map approvalAttributes = Collections.singletonMap(Approval.TYPE, Approval.MANUAL); Map<String, Map> map = Collections.singletonMap(StageConfig.APPROVAL, approvalAttributes); PipelineConfig pipelineConfig = PipelineConfigMother.pipelineConfig("p1", StageConfigMother.custom("s1", Approval.automaticApproval()), StageConfigMother.custom("s2", Approval.automaticApproval())); pipelineConfig.setConfigAttributes(map); assertThat(pipelineConfig.get(0).getApproval().getType(), is(Approval.MANUAL)); assertThat(pipelineConfig.get(1).getApproval().getType(), is(Approval.SUCCESS)); }
@Test public void shouldAssignApprovalTypeOnFirstStageAsAuto() throws Exception { Map approvalAttributes = Collections.singletonMap(Approval.TYPE, Approval.SUCCESS); Map<String, Map> map = Collections.singletonMap(StageConfig.APPROVAL, approvalAttributes); PipelineConfig pipelineConfig = PipelineConfigMother.createPipelineConfig("p1", "s1", "j1"); pipelineConfig.get(0).updateApproval(Approval.manualApproval()); pipelineConfig.setConfigAttributes(map); assertThat(pipelineConfig.get(0).getApproval().getType(), is(Approval.SUCCESS)); }
@Test public void shouldAssignApprovalTypeOnFirstStageAsManual() throws Exception { Map approvalAttributes = Collections.singletonMap(Approval.TYPE, Approval.MANUAL); Map<String, Map> map = Collections.singletonMap(StageConfig.APPROVAL, approvalAttributes); PipelineConfig pipelineConfig = PipelineConfigMother.createPipelineConfig("p1", "s1", "j1"); pipelineConfig.get(0).updateApproval(Approval.manualApproval()); pipelineConfig.setConfigAttributes(map); assertThat(pipelineConfig.get(0).getApproval().getType(), is(Approval.MANUAL)); }
private StageConfig stageWithAuth(String role) { StageConfig stage = stageWithJobResource("foo"); stage.getApproval().getAuthConfig().add(new AdminRole(new CaseInsensitiveString(role))); return stage; }
@Test public void shouldBeAbleToParseNewConfig() throws Exception { CruiseConfig newConfig = ConfigMigrator.loadWithMigration(CONFIG_WITH_AUTH).config; assertThat(newConfig.stageConfigByName(new CaseInsensitiveString("pipeline1"), new CaseInsensitiveString("stage1")).getApproval().getAuthConfig().size(), is(3)); }
public static void addApprovalWithRoles(StageConfig stage, String... roles) { Approval approval = stage.getApproval(); for (String role : roles) { approval.getAuthConfig().add(new AdminRole(new CaseInsensitiveString(role))); } stage.updateApproval(approval); }
public static void addApprovalWithUsers(StageConfig stage, String... users) { Approval approval = stage.getApproval(); for (String user : users) { approval.getAuthConfig().add(new AdminUser(new CaseInsensitiveString(user))); } stage.updateApproval(approval); }
public CruiseConfig addApprovalForStage(CruiseConfig cruiseConfig, String pipelineName, String stageName, String roleName) { Approval stageApproval = cruiseConfig.stageConfigByName(new CaseInsensitiveString(pipelineName), new CaseInsensitiveString(stageName)).getApproval(); stageApproval.addAdmin(new AdminRole(new CaseInsensitiveString(roleName))); return cruiseConfig; }
@Test public void validate_shouldAllowUserWhenSecurityIsNotDefinedInGroup() throws Exception { CruiseConfig cruiseConfig = cruiseConfigWithSecurity( new RoleConfig(new CaseInsensitiveString("role"), new RoleUser(new CaseInsensitiveString("first")), new RoleUser(new CaseInsensitiveString("second"))), new AdminUser( new CaseInsensitiveString("admin"))); PipelineConfigs group = cruiseConfig.findGroup(DEFAULT_GROUP); PipelineConfig pipeline = cruiseConfig.find(DEFAULT_GROUP, 0); StageConfig stage = pipeline.get(0); StageConfigMother.addApprovalWithUsers(stage, "user"); Approval approval = stage.getApproval(); approval.validate(ConfigSaveValidationContext.forChain(cruiseConfig, group, pipeline, stage)); assertNoErrors(approval.getAuthConfig().getUsers().get(0)); }
@Test public void validate_shouldAllowAdminToOperateOnAStage() throws Exception { CruiseConfig cruiseConfig = cruiseConfigWithSecurity( new RoleConfig(new CaseInsensitiveString("role"), new RoleUser(new CaseInsensitiveString("first")), new RoleUser(new CaseInsensitiveString("second"))), new AdminUser( new CaseInsensitiveString("admin"))); PipelineConfigs group = addUserAndRoleToDefaultGroup(cruiseConfig, "user", "role"); PipelineConfig pipeline = cruiseConfig.find(DEFAULT_GROUP, 0); StageConfig stage = pipeline.get(0); StageConfigMother.addApprovalWithUsers(stage, "admin"); Approval approval = stage.getApproval(); approval.validate(ConfigSaveValidationContext.forChain(cruiseConfig, group, pipeline, stage)); assertNoErrors(approval.getAuthConfig().getUsers().get(0)); }
@Test public void validate_shouldAllowUserWhoseRoleHasOperatePermission() throws Exception { CruiseConfig cruiseConfig = cruiseConfigWithSecurity( new RoleConfig(new CaseInsensitiveString("role"), new RoleUser(new CaseInsensitiveString("first")), new RoleUser(new CaseInsensitiveString("second"))), new AdminUser( new CaseInsensitiveString("admin"))); PipelineConfigs group = addUserAndRoleToDefaultGroup(cruiseConfig, "user", "role"); PipelineConfig pipeline = cruiseConfig.find(DEFAULT_GROUP, 0); StageConfig stage = pipeline.get(0); StageConfigMother.addApprovalWithUsers(stage, "first"); Approval approval = stage.getApproval(); approval.validate(ConfigSaveValidationContext.forChain(cruiseConfig, group, pipeline, stage)); assertNoErrors(approval.getAuthConfig().getUsers().get(0)); }
@Test public void validate_shouldNotTryAndValidateWhenWithinTemplate() throws Exception { CruiseConfig cruiseConfig = cruiseConfigWithSecurity( new RoleConfig(new CaseInsensitiveString("role"), new RoleUser(new CaseInsensitiveString("first")), new RoleUser(new CaseInsensitiveString("second"))), new AdminUser( new CaseInsensitiveString("admin"))); PipelineConfigs group = addUserAndRoleToDefaultGroup(cruiseConfig, "user", "role"); PipelineConfig pipeline = cruiseConfig.find(DEFAULT_GROUP, 0); StageConfig stage = pipeline.get(0); StageConfigMother.addApprovalWithUsers(stage, "not-present"); Approval approval = stage.getApproval(); approval.validate(ConfigSaveValidationContext.forChain(cruiseConfig, new TemplatesConfig(), stage)); assertNoErrors(approval.getAuthConfig().getUsers().get(0)); }
@Test public void shouldResolveConfigValue() throws NoSuchFieldException { PipelineConfig pipelineConfig = PipelineConfigMother.createPipelineConfig("cruise", "dev", "ant"); pipelineConfig.setLabelTemplate("2.1-${COUNT}-#{foo}-bar-#{bar}"); StageConfig stageConfig = pipelineConfig.get(0); stageConfig.updateApproval(new Approval(new AuthConfig(new AdminUser(new CaseInsensitiveString("#{foo}")), new AdminUser(new CaseInsensitiveString("#{bar}"))))); new ParamResolver(new ParamSubstitutionHandlerFactory(params(param("foo", "pavan"), param("bar", "jj"))), fieldCache).resolve(pipelineConfig); assertThat(pipelineConfig.getLabelTemplate(), is("2.1-${COUNT}-pavan-bar-jj")); assertThat(stageConfig.getApproval().getAuthConfig(), is(new AuthConfig(new AdminUser(new CaseInsensitiveString("pavan")), new AdminUser(new CaseInsensitiveString("jj"))))); }