use of com.thoughtworks.go.config.PluginRoleConfig in project gocd by gocd.
the class AuthorizationMessageConverterV1 method getRoleConfigs.
private List<Map<String, Object>> getRoleConfigs(List<PluginRoleConfig> roleConfigs) {
List<Map<String, Object>> configs = new ArrayList<>();
if (roleConfigs == null) {
return configs;
}
for (PluginRoleConfig roleConfig : roleConfigs) {
Map<String, Object> config = new HashedMap();
config.put("name", roleConfig.getName().toString());
config.put("auth_config_id", roleConfig.getAuthConfigId());
config.put("configuration", roleConfig.getConfigurationAsMap(true));
configs.add(config);
}
return configs;
}
use of com.thoughtworks.go.config.PluginRoleConfig in project gocd by gocd.
the class AuthorizationExtensionTest method shouldTalkToPlugin_To_AuthenticateUser.
@Test
public void shouldTalkToPlugin_To_AuthenticateUser() throws Exception {
String requestBody = "{\n" + " \"credentials\": {\n" + " \"username\": \"bob\",\n" + " \"password\": \"secret\"\n" + " },\n" + " \"auth_configs\": [\n" + " {\n" + " \"id\": \"ldap\",\n" + " \"configuration\": {\n" + " \"url\": \"some-url\"\n" + " }\n" + " }\n" + " ],\n" + " \"role_configs\": [\n" + " {\n" + " \"name\": \"foo\",\n" + " \"auth_config_id\": \"ldap\",\n" + " \"configuration\": {\n" + " \"memberOf\": \"ou=some-value\"\n" + " }\n" + " }\n" + " ]\n" + "}";
String responseBody = "{\"user\":{\"username\":\"bob\",\"display_name\":\"Bob\",\"email\":\"bob@example.com\"},\"roles\":[\"blackbird\"]}";
when(pluginManager.submitTo(eq(PLUGIN_ID), requestArgumentCaptor.capture())).thenReturn(new DefaultGoPluginApiResponse(SUCCESS_RESPONSE_CODE, responseBody));
final PluginRoleConfig roleConfig = new PluginRoleConfig("foo", "ldap", ConfigurationPropertyMother.create("memberOf", false, "ou=some-value"));
final List<PluginRoleConfig> pluginRoleConfigs = Collections.singletonList(roleConfig);
final SecurityAuthConfigs authConfigs = new SecurityAuthConfigs();
authConfigs.add(new SecurityAuthConfig("ldap", "cd.go.ldap", ConfigurationPropertyMother.create("url", false, "some-url")));
AuthenticationResponse authenticationResponse = authorizationExtension.authenticateUser(PLUGIN_ID, "bob", "secret", authConfigs, pluginRoleConfigs);
assertRequest(requestArgumentCaptor.getValue(), AuthorizationPluginConstants.EXTENSION_NAME, "1.0", REQUEST_AUTHENTICATE_USER, requestBody);
assertThat(authenticationResponse.getUser(), is(new User("bob", "Bob", "bob@example.com")));
assertThat(authenticationResponse.getRoles().get(0), is("blackbird"));
}
use of com.thoughtworks.go.config.PluginRoleConfig in project gocd by gocd.
the class PluginAuthenticationProvider method getUserDetailsFromAuthorizationPlugins.
private User getUserDetailsFromAuthorizationPlugins(String username, UsernamePasswordAuthenticationToken authentication) {
Set<String> plugins = store.getPluginsThatSupportsPasswordBasedAuthentication();
for (String pluginId : plugins) {
String password = (String) authentication.getCredentials();
List<SecurityAuthConfig> authConfigs = configService.security().securityAuthConfigs().findByPluginId(pluginId);
final List<PluginRoleConfig> roleConfigs = configService.security().getPluginRoles(pluginId);
if (authConfigs == null || authConfigs.isEmpty())
continue;
AuthenticationResponse response = authorizationExtension.authenticateUser(pluginId, username, password, authConfigs, roleConfigs);
User user = ensureDisplayNamePresent(response.getUser());
if (user != null) {
pluginRoleService.updatePluginRoles(pluginId, username, CaseInsensitiveString.caseInsensitiveStrings(response.getRoles()));
return user;
}
}
return null;
}
use of com.thoughtworks.go.config.PluginRoleConfig in project gocd by gocd.
the class RemoveAdminPermissionFilterIntegrationTest method testShouldReAuthenticateOnlyOnceAfterConfigChange.
@Test
public void testShouldReAuthenticateOnlyOnceAfterConfigChange() throws IOException, ServletException {
goConfigService.security().securityAuthConfigs().add(new SecurityAuthConfig("github", "cd.go.authorization.github"));
goConfigService.security().addRole(new PluginRoleConfig("spacetiger", "github"));
Authentication authentication = setupAuthentication();
when(session.getAttribute(RemoveAdminPermissionFilter.SECURITY_CONFIG_LAST_CHANGE)).thenReturn(0L).thenReturn(0L).thenReturn(100L);
RemoveAdminPermissionFilter filter = new RemoveAdminPermissionFilter(goConfigService, timeProvider, pluginRoleService);
filter.initialize();
//good initial state
assertThat(authentication.isAuthenticated(), is(true));
filter.doFilterHttp(request, response, chain);
pluginRoleService.invalidateRolesFor("cd.go.authorization.github");
assertThat(authentication.isAuthenticated(), is(true));
filter.doFilterHttp(request, response, chain);
assertThat(authentication.isAuthenticated(), is(false));
authentication.setAuthenticated(true);
filter.doFilterHttp(request, response, chain);
assertThat(authentication.isAuthenticated(), is(true));
}
use of com.thoughtworks.go.config.PluginRoleConfig in project gocd by gocd.
the class RoleConfigCreateCommandTest method shouldInvokePluginValidationsBeforeSave.
@Test
public void shouldInvokePluginValidationsBeforeSave() throws Exception {
ValidationResult validationResult = new ValidationResult();
validationResult.addError(new ValidationError("key", "error"));
when(extension.validateRoleConfiguration(eq("aws"), Matchers.any())).thenReturn(validationResult);
PluginRoleConfig role = new PluginRoleConfig("blackbird", "ldap");
RoleConfigCreateCommand command = new RoleConfigCreateCommand(mock(GoConfigService.class), role, extension, null, new HttpLocalizedOperationResult());
BasicCruiseConfig cruiseConfig = new BasicCruiseConfig();
thrown.expect(RoleNotFoundException.class);
thrown.expectMessage("Plugin role config `blackbird` does not exist.");
command.isValid(cruiseConfig);
command.update(cruiseConfig);
assertThat(role.first().errors().size(), is(1));
assertThat(role.first().errors().asString(), is("error"));
}
Aggregations