Example 1 with RoleBasedAuthorizationStrategy
use of com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy in project configuration-as-code-plugin by jenkinsci.
the class RoleStrategyTest method shouldReadRolesCorrectly.
@Test
@Issue("Issue #48")
@ConfiguredWithCode("RoleStrategy1.yml")
public void shouldReadRolesCorrectly() throws Exception {
j.jenkins.setSecurityRealm(j.createDummySecurityRealm());
User admin = User.get("admin");
User user1 = User.get("user1");
User user2 = User.get("user2");
Computer agent1 = j.jenkins.getComputer("agent1");
Computer agent2 = j.jenkins.getComputer("agent2");
Folder folderA = j.jenkins.createProject(Folder.class, "A");
FreeStyleProject jobA1 = folderA.createProject(FreeStyleProject.class, "1");
Folder folderB = j.jenkins.createProject(Folder.class, "B");
FreeStyleProject jobB2 = folderB.createProject(FreeStyleProject.class, "2");
AuthorizationStrategy s = j.jenkins.getAuthorizationStrategy();
assertThat("Authorization Strategy has been read incorrectly", s, instanceOf(RoleBasedAuthorizationStrategy.class));
RoleBasedAuthorizationStrategy rbas = (RoleBasedAuthorizationStrategy) s;
Map<Role, Set<String>> globalRoles = rbas.getGrantedRoles(RoleBasedAuthorizationStrategy.GLOBAL);
assertThat(globalRoles.size(), equalTo(2));
// Admin has configuration access
assertHasPermission(admin, j.jenkins, Jenkins.ADMINISTER, Jenkins.READ);
assertHasPermission(user1, j.jenkins, Jenkins.READ);
assertHasNoPermission(user1, j.jenkins, Jenkins.ADMINISTER, Jenkins.RUN_SCRIPTS);
// Folder A is restricted to admin
assertHasPermission(admin, folderA, Item.CONFIGURE);
assertHasPermission(user1, folderA, Item.READ, Item.DISCOVER);
assertHasNoPermission(user1, folderA, Item.CONFIGURE, Item.DELETE, Item.BUILD);
// But they have access to jobs in Folder A
assertHasPermission(admin, folderA, Item.CONFIGURE, Item.CANCEL);
assertHasPermission(user1, jobA1, Item.READ, Item.DISCOVER, Item.CONFIGURE, Item.BUILD, Item.DELETE);
assertHasPermission(user2, jobA1, Item.READ, Item.DISCOVER, Item.CONFIGURE, Item.BUILD, Item.DELETE);
assertHasNoPermission(user1, folderA, Item.CANCEL);
// FolderB is editable by user2, but he cannot delete it
assertHasPermission(user2, folderB, Item.READ, Item.DISCOVER, Item.CONFIGURE, Item.BUILD);
assertHasNoPermission(user2, folderB, Item.DELETE);
assertHasNoPermission(user1, folderB, Item.CONFIGURE, Item.BUILD, Item.DELETE);
// Only user1 can run on agent1, but he still cannot configure it
assertHasPermission(admin, agent1, Computer.CONFIGURE, Computer.DELETE, Computer.BUILD);
assertHasPermission(user1, agent1, Computer.BUILD);
assertHasNoPermission(user1, agent1, Computer.CONFIGURE, Computer.DISCONNECT);
// Same user still cannot build on agent2
assertHasNoPermission(user1, agent2, Computer.BUILD);
}
Also used :
Role(com.michelin.cio.hudson.plugins.rolestrategy.Role)
AuthorizationStrategy(hudson.security.AuthorizationStrategy)
RoleBasedAuthorizationStrategy(com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy)
User(hudson.model.User)
Set(java.util.Set)
Computer(hudson.model.Computer)
Folder(com.cloudbees.hudson.plugins.folder.Folder)
FreeStyleProject(hudson.model.FreeStyleProject)
RoleBasedAuthorizationStrategy(com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy)
Issue(org.jvnet.hudson.test.Issue)
Test(org.junit.Test)
ConfiguredWithCode(org.jenkinsci.plugins.casc.misc.ConfiguredWithCode)
Example 2 with RoleBasedAuthorizationStrategy
use of com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy in project configuration-as-code-plugin by jenkinsci.
the class RoleBasedAuthorizationStrategyConfigurator method configure.
@Override
public RoleBasedAuthorizationStrategy configure(Object config) throws Exception {
// TODO: API should return a qualified type
final Configurator<RoleDefinition> roleDefinitionConfigurator = (Configurator<RoleDefinition>) Configurator.lookup(RoleDefinition.class);
if (roleDefinitionConfigurator == null) {
throw new IOException("Cannot find configurator for" + RoleDefinition.class);
}
Map map = (Map) config;
Map<String, RoleMap> grantedRoles = new HashMap<>();
Object rolesConfig = map.get("roles");
if (rolesConfig != null) {
grantedRoles.put(RoleBasedAuthorizationStrategy.GLOBAL, retrieveRoleMap(rolesConfig, "global", roleDefinitionConfigurator));
grantedRoles.put(RoleBasedAuthorizationStrategy.PROJECT, retrieveRoleMap(rolesConfig, "items", roleDefinitionConfigurator));
grantedRoles.put(RoleBasedAuthorizationStrategy.SLAVE, retrieveRoleMap(rolesConfig, "agents", roleDefinitionConfigurator));
}
return new RoleBasedAuthorizationStrategy(grantedRoles);
}
Also used :
HashMap(java.util.HashMap)
Configurator(org.jenkinsci.plugins.casc.Configurator)
RootElementConfigurator(org.jenkinsci.plugins.casc.RootElementConfigurator)
IOException(java.io.IOException)
HashMap(java.util.HashMap)
TreeMap(java.util.TreeMap)
Map(java.util.Map)
RoleMap(com.michelin.cio.hudson.plugins.rolestrategy.RoleMap)
RoleBasedAuthorizationStrategy(com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy)
RoleMap(com.michelin.cio.hudson.plugins.rolestrategy.RoleMap)
Aggregations
RoleBasedAuthorizationStrategy (com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy)2
Folder (com.cloudbees.hudson.plugins.folder.Folder)1
Role (com.michelin.cio.hudson.plugins.rolestrategy.Role)1
RoleMap (com.michelin.cio.hudson.plugins.rolestrategy.RoleMap)1
Computer (hudson.model.Computer)1
FreeStyleProject (hudson.model.FreeStyleProject)1
User (hudson.model.User)1
AuthorizationStrategy (hudson.security.AuthorizationStrategy)1
IOException (java.io.IOException)1
HashMap (java.util.HashMap)1
Map (java.util.Map)1
Set (java.util.Set)1
TreeMap (java.util.TreeMap)1
Configurator (org.jenkinsci.plugins.casc.Configurator)1
RootElementConfigurator (org.jenkinsci.plugins.casc.RootElementConfigurator)1
ConfiguredWithCode (org.jenkinsci.plugins.casc.misc.ConfiguredWithCode)1
Test (org.junit.Test)1
Issue (org.jvnet.hudson.test.Issue)1
