Examples with Allow com.thoughtworks.go.config.policy.Allow used on opensource projects

Example 1 with Allow

use of com.thoughtworks.go.config.policy.Allow in project gocd by gocd.

the class ClusterProfilesAllowDirectiveTest method forViewOfAllClusterProfiles.

@Test
void forViewOfAllClusterProfiles() {
    Allow directive = new Allow("view", "cluster_profile", "*");
    Result viewAllElasticAgentProfiles = directive.apply("view", ElasticProfile.class, "*", null);
    Result viewAllClusterProfiles = directive.apply("view", ClusterProfile.class, "*", null);
    Result administerAllElasticAgentProfiles = directive.apply("administer", ElasticProfile.class, "*", null);
    Result administerAllClusterProfiles = directive.apply("administer", ClusterProfile.class, "*", null);
    assertThat(viewAllElasticAgentProfiles).isEqualTo(Result.ALLOW);
    assertThat(viewAllClusterProfiles).isEqualTo(Result.ALLOW);
    assertThat(administerAllElasticAgentProfiles).isEqualTo(Result.SKIP);
    assertThat(administerAllClusterProfiles).isEqualTo(Result.SKIP);
}

Example 2 with Allow

use of com.thoughtworks.go.config.policy.Allow in project gocd by gocd.

the class PluginRoleConfigTest method shouldAnswerWhetherItHasPermissionsForGivenEntityOfTypeAndName.

@Test
public void shouldAnswerWhetherItHasPermissionsForGivenEntityOfTypeAndName() {
    final Policy directives = new Policy();
    directives.add(new Allow("view", ENVIRONMENT.getType(), "env_1"));
    RoleConfig role = new RoleConfig(new CaseInsensitiveString(""), new Users(), directives);
    assertTrue(role.hasPermissionsFor(SupportedAction.VIEW, EnvironmentConfig.class, "env_1"));
    assertFalse(role.hasPermissionsFor(SupportedAction.VIEW, EnvironmentConfig.class, "env_2"));
    assertFalse(role.hasPermissionsFor(SupportedAction.VIEW, PipelineConfig.class, "*"));
}

Example 3 with Allow

use of com.thoughtworks.go.config.policy.Allow in project gocd by gocd.

the class RoleConfigTest method validatePolicyIsInvalid.

private void validatePolicyIsInvalid(Validator validator) {
    SecurityConfig securityConfig = new SecurityConfig();
    ValidationContext validationContext = ValidationContextMother.validationContext(securityConfig);
    Policy policy = new Policy();
    policy.add(new Allow("*", ENVIRONMENT.getType(), "env_1"));
    RoleConfig role = new RoleConfig(new CaseInsensitiveString("role"), new Users(), policy);
    securityConfig.getRoles().add(role);
    validator.validate(role, validationContext);
    assertThat(role.getPolicy().hasErrors()).isTrue();
    assertThat(role.getPolicy().get(0).errors().on("action")).isEqualTo("Invalid action, must be one of [view, administer].");
}

Example 4 with Allow

use of com.thoughtworks.go.config.policy.Allow in project gocd by gocd.

the class RoleConfigCommandTest method shouldNotPassValidationIfPolicyHasAnError.

@Test
public void shouldNotPassValidationIfPolicyHasAnError() {
    HttpLocalizedOperationResult result = new HttpLocalizedOperationResult();
    Policy policy = new Policy();
    policy.add(new Allow("*", "*", "*"));
    RoleConfig roleConfig = new RoleConfig(new CaseInsensitiveString("foo"), new Users(), policy);
    cruiseConfig.server().security().addRole(roleConfig);
    RoleConfigCommand command = new StubCommand(goConfigService, roleConfig, extension, currentUser, result);
    boolean isValid = command.isValid(cruiseConfig);
    assertFalse(isValid);
}

Example 5 with Allow

use of com.thoughtworks.go.config.policy.Allow in project gocd by gocd.

the class ClusterProfilesAllowDirectiveTest method forAdministerOfWildcardDefinedClusterProfile.

@Test
void forAdministerOfWildcardDefinedClusterProfile() {
    Allow directive = new Allow("administer", "cluster_profile", "team1_*");
    Result viewAllElasticAgentProfiles = directive.apply("view", ElasticProfile.class, "*", null);
    Result viewAllElasticAgentProfilesUnderTeam1 = directive.apply("view", ElasticProfile.class, "*", "team1_uat");
    Result viewAllElasticAgentProfilesUnderTeam2 = directive.apply("view", ElasticProfile.class, "*", "team2_uat");
    Result viewAllClusterProfiles = directive.apply("view", ClusterProfile.class, "*", null);
    Result viewTeam1ClusterProfile = directive.apply("view", ClusterProfile.class, "team1_uat", null);
    Result viewTeam2ClusterProfile = directive.apply("view", ClusterProfile.class, "team2_uat", null);
    Result administerAllElasticAgentProfiles = directive.apply("administer", ElasticProfile.class, "*", null);
    Result administerAllElasticAgentProfilesUnderTeam1 = directive.apply("administer", ElasticProfile.class, "*", "team1_uat");
    Result administerAllElasticAgentProfilesUnderTeam2 = directive.apply("administer", ElasticProfile.class, "*", "team2_uat");
    Result administerAllClusterProfiles = directive.apply("administer", ClusterProfile.class, "*", null);
    Result administerTeam1ClusterProfile = directive.apply("administer", ClusterProfile.class, "team1_uat", null);
    Result administerTeam2ClusterProfile = directive.apply("administer", ClusterProfile.class, "team2_uat", null);
    assertThat(viewAllElasticAgentProfiles).isEqualTo(Result.SKIP);
    assertThat(viewAllElasticAgentProfilesUnderTeam1).isEqualTo(Result.ALLOW);
    assertThat(viewAllElasticAgentProfilesUnderTeam2).isEqualTo(Result.SKIP);
    assertThat(viewAllClusterProfiles).isEqualTo(Result.SKIP);
    assertThat(viewTeam1ClusterProfile).isEqualTo(Result.ALLOW);
    assertThat(viewTeam2ClusterProfile).isEqualTo(Result.SKIP);
    assertThat(administerAllElasticAgentProfiles).isEqualTo(Result.SKIP);
    assertThat(administerAllElasticAgentProfilesUnderTeam1).isEqualTo(Result.ALLOW);
    assertThat(administerAllElasticAgentProfilesUnderTeam2).isEqualTo(Result.SKIP);
    assertThat(administerAllClusterProfiles).isEqualTo(Result.SKIP);
    assertThat(administerTeam1ClusterProfile).isEqualTo(Result.ALLOW);
    assertThat(administerTeam2ClusterProfile).isEqualTo(Result.SKIP);
}