Example 1 with Role
use of com.michelin.cio.hudson.plugins.rolestrategy.Role in project configuration-as-code-plugin by jenkinsci.
the class RoleStrategyTest method shouldReadRolesCorrectly.
@Test
@Issue("Issue #48")
@ConfiguredWithCode("RoleStrategy1.yml")
public void shouldReadRolesCorrectly() throws Exception {
j.jenkins.setSecurityRealm(j.createDummySecurityRealm());
User admin = User.get("admin");
User user1 = User.get("user1");
User user2 = User.get("user2");
Computer agent1 = j.jenkins.getComputer("agent1");
Computer agent2 = j.jenkins.getComputer("agent2");
Folder folderA = j.jenkins.createProject(Folder.class, "A");
FreeStyleProject jobA1 = folderA.createProject(FreeStyleProject.class, "1");
Folder folderB = j.jenkins.createProject(Folder.class, "B");
FreeStyleProject jobB2 = folderB.createProject(FreeStyleProject.class, "2");
AuthorizationStrategy s = j.jenkins.getAuthorizationStrategy();
assertThat("Authorization Strategy has been read incorrectly", s, instanceOf(RoleBasedAuthorizationStrategy.class));
RoleBasedAuthorizationStrategy rbas = (RoleBasedAuthorizationStrategy) s;
Map<Role, Set<String>> globalRoles = rbas.getGrantedRoles(RoleBasedAuthorizationStrategy.GLOBAL);
assertThat(globalRoles.size(), equalTo(2));
// Admin has configuration access
assertHasPermission(admin, j.jenkins, Jenkins.ADMINISTER, Jenkins.READ);
assertHasPermission(user1, j.jenkins, Jenkins.READ);
assertHasNoPermission(user1, j.jenkins, Jenkins.ADMINISTER, Jenkins.RUN_SCRIPTS);
// Folder A is restricted to admin
assertHasPermission(admin, folderA, Item.CONFIGURE);
assertHasPermission(user1, folderA, Item.READ, Item.DISCOVER);
assertHasNoPermission(user1, folderA, Item.CONFIGURE, Item.DELETE, Item.BUILD);
// But they have access to jobs in Folder A
assertHasPermission(admin, folderA, Item.CONFIGURE, Item.CANCEL);
assertHasPermission(user1, jobA1, Item.READ, Item.DISCOVER, Item.CONFIGURE, Item.BUILD, Item.DELETE);
assertHasPermission(user2, jobA1, Item.READ, Item.DISCOVER, Item.CONFIGURE, Item.BUILD, Item.DELETE);
assertHasNoPermission(user1, folderA, Item.CANCEL);
// FolderB is editable by user2, but he cannot delete it
assertHasPermission(user2, folderB, Item.READ, Item.DISCOVER, Item.CONFIGURE, Item.BUILD);
assertHasNoPermission(user2, folderB, Item.DELETE);
assertHasNoPermission(user1, folderB, Item.CONFIGURE, Item.BUILD, Item.DELETE);
// Only user1 can run on agent1, but he still cannot configure it
assertHasPermission(admin, agent1, Computer.CONFIGURE, Computer.DELETE, Computer.BUILD);
assertHasPermission(user1, agent1, Computer.BUILD);
assertHasNoPermission(user1, agent1, Computer.CONFIGURE, Computer.DISCONNECT);
// Same user still cannot build on agent2
assertHasNoPermission(user1, agent2, Computer.BUILD);
}
Also used :
Role(com.michelin.cio.hudson.plugins.rolestrategy.Role)
AuthorizationStrategy(hudson.security.AuthorizationStrategy)
RoleBasedAuthorizationStrategy(com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy)
User(hudson.model.User)
Set(java.util.Set)
Computer(hudson.model.Computer)
Folder(com.cloudbees.hudson.plugins.folder.Folder)
FreeStyleProject(hudson.model.FreeStyleProject)
RoleBasedAuthorizationStrategy(com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy)
Issue(org.jvnet.hudson.test.Issue)
Test(org.junit.Test)
ConfiguredWithCode(org.jenkinsci.plugins.casc.misc.ConfiguredWithCode)
Example 2 with Role
use of com.michelin.cio.hudson.plugins.rolestrategy.Role in project configuration-as-code-plugin by jenkinsci.
the class RoleDefinition method getRole.
public final Role getRole() {
if (role == null) {
HashSet<String> resolvedIds = new HashSet<>();
for (String id : permissions) {
String resolvedId = PermissionFinder.findPermissionId(id);
if (resolvedId != null) {
resolvedIds.add(resolvedId);
} else {
throw new IllegalStateException("Cannot resolve permission for ID: " + id);
}
}
role = new Role(name, pattern, resolvedIds, description);
}
return role;
}Example 3 with Role
use of com.michelin.cio.hudson.plugins.rolestrategy.Role in project configuration-as-code-plugin by jenkinsci.
the class RoleBasedAuthorizationStrategyConfigurator method retrieveRoleMap.
@Nonnull
private static RoleMap retrieveRoleMap(@Nonnull Object config, @Nonnull String name, Configurator<RoleDefinition> configurator) throws Exception {
Map map = (Map) config;
final Collection<?> c = (Collection<?>) map.get(name);
TreeMap<Role, Set<String>> resMap = new TreeMap<>();
if (c == null) {
// we cannot return emptyMap here due to the Role Strategy code
return new RoleMap(resMap);
}
for (Object entry : c) {
RoleDefinition definition = configurator.configure(entry);
resMap.put(definition.getRole(), definition.getAssignments());
}
return new RoleMap(resMap);
}
Also used :
Role(com.michelin.cio.hudson.plugins.rolestrategy.Role)
Set(java.util.Set)
HashSet(java.util.HashSet)
Collection(java.util.Collection)
TreeMap(java.util.TreeMap)
HashMap(java.util.HashMap)
TreeMap(java.util.TreeMap)
Map(java.util.Map)
RoleMap(com.michelin.cio.hudson.plugins.rolestrategy.RoleMap)
RoleMap(com.michelin.cio.hudson.plugins.rolestrategy.RoleMap)
Nonnull(javax.annotation.Nonnull)
Aggregations
Role (com.michelin.cio.hudson.plugins.rolestrategy.Role)3
HashSet (java.util.HashSet)2
Set (java.util.Set)2
Folder (com.cloudbees.hudson.plugins.folder.Folder)1
RoleBasedAuthorizationStrategy (com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy)1
RoleMap (com.michelin.cio.hudson.plugins.rolestrategy.RoleMap)1
Computer (hudson.model.Computer)1
FreeStyleProject (hudson.model.FreeStyleProject)1
User (hudson.model.User)1
AuthorizationStrategy (hudson.security.AuthorizationStrategy)1
Collection (java.util.Collection)1
HashMap (java.util.HashMap)1
Map (java.util.Map)1
TreeMap (java.util.TreeMap)1
Nonnull (javax.annotation.Nonnull)1
ConfiguredWithCode (org.jenkinsci.plugins.casc.misc.ConfiguredWithCode)1
Test (org.junit.Test)1
Issue (org.jvnet.hudson.test.Issue)1
