Example 6 with GlobalMatrixAuthorizationStrategy
use of hudson.security.GlobalMatrixAuthorizationStrategy in project blueocean-plugin by jenkinsci.
the class ProfileApiTest method shouldFailForAnonymousRead.
@Test
public void shouldFailForAnonymousRead() throws IOException {
HudsonPrivateSecurityRealm realm = new HudsonPrivateSecurityRealm(false);
realm.createAccount("alice", "alice");
j.jenkins.setSecurityRealm(realm);
GlobalMatrixAuthorizationStrategy as = new GlobalMatrixAuthorizationStrategy();
j.jenkins.setAuthorizationStrategy(as);
as.add(Hudson.READ, "alice");
Map resp = new RequestBuilder(baseUrl).status(403).get("/users/").build(Map.class);
assertEquals(403, resp.get("code"));
}
Also used :
GlobalMatrixAuthorizationStrategy(hudson.security.GlobalMatrixAuthorizationStrategy)
HudsonPrivateSecurityRealm(hudson.security.HudsonPrivateSecurityRealm)
Map(java.util.Map)
Test(org.junit.Test)
Example 7 with GlobalMatrixAuthorizationStrategy
use of hudson.security.GlobalMatrixAuthorizationStrategy in project workflow-cps-plugin by jenkinsci.
the class ReplayActionTest method rebuild.
@Issue("JENKINS-47339")
@Test
public void rebuild() throws Exception {
story.addStep(new Statement() {
@Override
public void evaluate() throws Throwable {
story.j.jenkins.setSecurityRealm(story.j.createDummySecurityRealm());
GlobalMatrixAuthorizationStrategy gmas = new GlobalMatrixAuthorizationStrategy();
gmas.add(Jenkins.READ, "dev3");
gmas.add(Item.BUILD, "dev3");
gmas.add(Item.READ, "dev3");
story.j.jenkins.setAuthorizationStrategy(gmas);
WorkflowJob p = story.j.jenkins.createProject(WorkflowJob.class, "p");
p.setDefinition(new CpsFlowDefinition("echo 'script to rebuild'", true));
WorkflowRun b1 = story.j.assertBuildStatusSuccess(p.scheduleBuild2(0));
story.j.assertLogContains("script to rebuild", b1);
WorkflowRun b2;
{
// First time around, verify that UI elements are present and functional.
ReplayAction a = b1.getAction(ReplayAction.class);
assertNotNull(a);
assertFalse(canReplay(b1, "dev3"));
assertTrue(canRebuild(b1, "dev3"));
JenkinsRule.WebClient wc = story.j.createWebClient();
wc.login("dev3");
HtmlPage page = wc.getPage(b1, a.getUrlName());
WebAssert.assertFormNotPresent(page, "config");
HtmlForm form = page.getFormByName("rebuild");
HtmlPage redirect = story.j.submit(form);
assertEquals(p.getAbsoluteUrl(), redirect.getUrl().toString());
story.j.waitUntilNoActivity();
b2 = p.getBuildByNumber(2);
assertNotNull(b2);
}
story.j.assertLogContains("script to rebuild", story.j.assertBuildStatusSuccess(b2));
ReplayCause cause = b2.getCause(ReplayCause.class);
assertNotNull(cause);
assertEquals(1, cause.getOriginalNumber());
assertEquals(b1, cause.getOriginal());
assertEquals(b2, cause.getRun());
}
});
}
Also used :
HtmlPage(com.gargoylesoftware.htmlunit.html.HtmlPage)
Statement(org.junit.runners.model.Statement)
RestartableJenkinsRule(org.jvnet.hudson.test.RestartableJenkinsRule)
JenkinsRule(org.jvnet.hudson.test.JenkinsRule)
WorkflowRun(org.jenkinsci.plugins.workflow.job.WorkflowRun)
CpsFlowDefinition(org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition)
HtmlForm(com.gargoylesoftware.htmlunit.html.HtmlForm)
GlobalMatrixAuthorizationStrategy(hudson.security.GlobalMatrixAuthorizationStrategy)
WorkflowJob(org.jenkinsci.plugins.workflow.job.WorkflowJob)
Issue(org.jvnet.hudson.test.Issue)
Test(org.junit.Test)
Example 8 with GlobalMatrixAuthorizationStrategy
use of hudson.security.GlobalMatrixAuthorizationStrategy in project configuration-as-code-plugin by jenkinsci.
the class GlobalMatrixAuthorizationTest method checkCorrectlyConfiguredPermissions.
@Test
@ConfiguredWithCode("GlobalMatrixStrategy.yml")
public void checkCorrectlyConfiguredPermissions() throws Exception {
assertEquals("The configured instance must use the Global Matrix Authentication Strategy", GlobalMatrixAuthorizationStrategy.class, Jenkins.getInstance().getAuthorizationStrategy().getClass());
GlobalMatrixAuthorizationStrategy gms = (GlobalMatrixAuthorizationStrategy) Jenkins.getInstance().getAuthorizationStrategy();
List<String> adminPermission = new ArrayList<>(gms.getGrantedPermissions().get(Jenkins.ADMINISTER));
assertEquals("authenticated", adminPermission.get(0));
List<String> readPermission = new ArrayList<>(gms.getGrantedPermissions().get(Jenkins.READ));
assertEquals("anonymous", readPermission.get(0));
}
Also used :
ArrayList(java.util.ArrayList)
GlobalMatrixAuthorizationStrategy(hudson.security.GlobalMatrixAuthorizationStrategy)
Test(org.junit.Test)
ConfiguredWithCode(org.jenkinsci.plugins.casc.misc.ConfiguredWithCode)
Example 9 with GlobalMatrixAuthorizationStrategy
use of hudson.security.GlobalMatrixAuthorizationStrategy in project blueocean-plugin by jenkinsci.
the class ArtifactsSecurity564 method testArtifactsWithPermissions.
/**
* Uses matrix-auth to provide artifacts permission.
*
* If hudson.security.ArtifactsPermission is set then the user must have Run.ARTIFACTS set.
*
* @throws Exception
*/
@Issue("SECURITY-564")
@Test
public void testArtifactsWithPermissions() throws Exception {
String JOB_NAME = "artifactPermissions";
String artifactPath = "a/b/c";
HudsonPrivateSecurityRealm realm = new HudsonPrivateSecurityRealm(false);
realm.createAccount("alice", "alice");
realm.createAccount("bob", "bob");
j.jenkins.setSecurityRealm(realm);
GlobalMatrixAuthorizationStrategy as = new GlobalMatrixAuthorizationStrategy();
j.jenkins.setAuthorizationStrategy(as);
as.add(Hudson.READ, "alice");
as.add(Item.READ, "alice");
as.add(Run.ARTIFACTS, "alice");
as.add(Hudson.READ, "bob");
as.add(Item.READ, "bob");
FreeStyleProject p = j.createFreeStyleProject(JOB_NAME);
p.getBuildersList().add(new ArtifactBuilder(artifactPath, 100));
p.getPublishersList().add(new ArtifactArchiver("**/*"));
Run r = p.scheduleBuild2(0).waitForStart();
r = j.waitForCompletion(r);
List artifacts = request().authAlice().get("/organizations/jenkins/pipelines/" + JOB_NAME + "/runs/" + r.getId() + "/artifacts").build(List.class);
Assert.assertEquals(100, artifacts.size());
Assert.assertEquals(0, ((Map) artifacts.get(0)).get("size"));
Assert.assertEquals(artifactPath + "/0.txt", ((Map) artifacts.get(0)).get("path"));
Assert.assertEquals("/job/artifactPermissions/1/artifact/" + artifactPath + "/0.txt", ((Map) artifacts.get(0)).get("url"));
List artifactsBob = request().auth("bob", "bob").get("/organizations/jenkins/pipelines/" + JOB_NAME + "/runs/" + r.getId() + "/artifacts").build(List.class);
Assert.assertEquals(0, artifactsBob.size());
}
Also used :
ArtifactArchiver(hudson.tasks.ArtifactArchiver)
GlobalMatrixAuthorizationStrategy(hudson.security.GlobalMatrixAuthorizationStrategy)
Run(hudson.model.Run)
List(java.util.List)
FreeStyleProject(hudson.model.FreeStyleProject)
HudsonPrivateSecurityRealm(hudson.security.HudsonPrivateSecurityRealm)
Issue(org.jvnet.hudson.test.Issue)
Test(org.junit.Test)
Example 10 with GlobalMatrixAuthorizationStrategy
use of hudson.security.GlobalMatrixAuthorizationStrategy in project blueocean-plugin by jenkinsci.
the class ProfileApiTest method shouldSucceedForAnonymousRead.
@Test
public void shouldSucceedForAnonymousRead() throws IOException {
HudsonPrivateSecurityRealm realm = new HudsonPrivateSecurityRealm(false);
realm.createAccount("alice", "alice");
j.jenkins.setSecurityRealm(realm);
GlobalMatrixAuthorizationStrategy as = new GlobalMatrixAuthorizationStrategy();
j.jenkins.setAuthorizationStrategy(as);
as.add(Hudson.READ, "anonymous");
List resp = new RequestBuilder(baseUrl).status(200).get("/users/").build(List.class);
assertEquals(1, resp.size());
}
Also used :
GlobalMatrixAuthorizationStrategy(hudson.security.GlobalMatrixAuthorizationStrategy)
List(java.util.List)
HudsonPrivateSecurityRealm(hudson.security.HudsonPrivateSecurityRealm)
Test(org.junit.Test)
Aggregations
GlobalMatrixAuthorizationStrategy (hudson.security.GlobalMatrixAuthorizationStrategy)11
HudsonPrivateSecurityRealm (hudson.security.HudsonPrivateSecurityRealm)7
Test (org.junit.Test)7
Before (org.junit.Before)3
HtmlPage (com.gargoylesoftware.htmlunit.html.HtmlPage)2
List (java.util.List)2
Map (java.util.Map)2
WorkflowJob (org.jenkinsci.plugins.workflow.job.WorkflowJob)2
WorkflowRun (org.jenkinsci.plugins.workflow.job.WorkflowRun)2
Issue (org.jvnet.hudson.test.Issue)2
JenkinsRule (org.jvnet.hudson.test.JenkinsRule)2
TextPage (com.gargoylesoftware.htmlunit.TextPage)1
HtmlForm (com.gargoylesoftware.htmlunit.html.HtmlForm)1
FreeStyleProject (hudson.model.FreeStyleProject)1
Run (hudson.model.Run)1
User (hudson.model.User)1
Permission (hudson.security.Permission)1
ArtifactArchiver (hudson.tasks.ArtifactArchiver)1
Field (java.lang.reflect.Field)1
ArrayList (java.util.ArrayList)1
