Search in sources :

Example 6 with MockAuthorizationStrategy

use of org.jvnet.hudson.test.MockAuthorizationStrategy in project workflow-cps-plugin by jenkinsci.

the class CpsFlowDefinitionValidatorTest method configureRequired.

@Issue("SECURITY-1266")
@Test
public void configureRequired() throws Exception {
    CpsFlowDefinition.DescriptorImpl d = r.jenkins.getDescriptorByType(CpsFlowDefinition.DescriptorImpl.class);
    r.jenkins.setSecurityRealm(r.createDummySecurityRealm());
    // Set up an administrator, and three developer users with varying levels of access.
    r.jenkins.setAuthorizationStrategy(new MockAuthorizationStrategy().grant(Jenkins.ADMINISTER).everywhere().to("admin").grant(Jenkins.READ, Item.CONFIGURE).everywhere().to("dev1").grant(Jenkins.READ).everywhere().to("dev2"));
    WorkflowJob job = r.jenkins.createProject(WorkflowJob.class, "w");
    try (ACLContext context = ACL.as(User.getById("admin", true))) {
        assertThat(d.doCheckScriptCompile(job, "echo 'hello").toString(), containsString("fail"));
    }
    try (ACLContext context = ACL.as(User.getById("dev1", true))) {
        assertThat(d.doCheckScriptCompile(job, "echo 'hello").toString(), containsString("fail"));
    }
    try (ACLContext context = ACL.as(User.getById("dev2", true))) {
        assertThat(d.doCheckScriptCompile(job, "echo 'hello").toString(), containsString("success"));
    }
}
Also used : ACLContext(hudson.security.ACLContext) MockAuthorizationStrategy(org.jvnet.hudson.test.MockAuthorizationStrategy) WorkflowJob(org.jenkinsci.plugins.workflow.job.WorkflowJob) Issue(org.jvnet.hudson.test.Issue) Test(org.junit.Test)

Example 7 with MockAuthorizationStrategy

use of org.jvnet.hudson.test.MockAuthorizationStrategy in project workflow-job-plugin by jenkinsci.

the class WorkflowRunTest method scriptApproval.

@Test
public void scriptApproval() throws Exception {
    r.jenkins.setSecurityRealm(r.createDummySecurityRealm());
    r.jenkins.setAuthorizationStrategy(new MockAuthorizationStrategy().grant(Jenkins.READ).everywhere().to("devel").grant(Item.PERMISSIONS.getPermissions().toArray(new Permission[0])).everywhere().to("devel"));
    final WorkflowJob p = r.jenkins.createProject(WorkflowJob.class, "p");
    final String groovy = "println 'hello'";
    ACL.impersonate(User.get("devel").impersonate(), new Runnable() {

        @Override
        public void run() {
            p.setDefinition(new CpsFlowDefinition(groovy));
        }
    });
    r.assertLogContains("UnapprovedUsageException", r.assertBuildStatus(Result.FAILURE, p.scheduleBuild2(0).get()));
    Set<ScriptApproval.PendingScript> pendingScripts = ScriptApproval.get().getPendingScripts();
    assertEquals(1, pendingScripts.size());
    ScriptApproval.PendingScript pendingScript = pendingScripts.iterator().next();
    assertEquals(groovy, pendingScript.script);
    // only works if configured via WebClient: assertEquals(p, pendingScript.getContext().getItem());
    assertEquals("devel", pendingScript.getContext().getUser());
    ScriptApproval.get().approveScript(pendingScript.getHash());
    r.assertLogContains("hello", r.assertBuildStatusSuccess(p.scheduleBuild2(0)));
}
Also used : CpsFlowDefinition(org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition) MockAuthorizationStrategy(org.jvnet.hudson.test.MockAuthorizationStrategy) ScriptApproval(org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval) Test(org.junit.Test)

Example 8 with MockAuthorizationStrategy

use of org.jvnet.hudson.test.MockAuthorizationStrategy in project blueocean-plugin by jenkinsci.

the class GithubOrgFolderPermissionsTest method canCreateWhenHavePermissionsOnCustomOrg.

@Test
public void canCreateWhenHavePermissionsOnCustomOrg() throws Exception {
    MockAuthorizationStrategy authz = new MockAuthorizationStrategy();
    authz.grant(Item.READ, Jenkins.READ).everywhere().to(user);
    authz.grant(Item.CREATE, Item.CONFIGURE).onFolders(getOrgRoot()).to(user);
    j.jenkins.setAuthorizationStrategy(authz);
    // refresh the JWT token otherwise all hell breaks loose.
    jwtToken = getJwtToken(j.jenkins, user.getId(), user.getId());
    createGithubPipeline(true);
}
Also used : MockAuthorizationStrategy(org.jvnet.hudson.test.MockAuthorizationStrategy) Test(org.junit.Test)

Example 9 with MockAuthorizationStrategy

use of org.jvnet.hudson.test.MockAuthorizationStrategy in project blueocean-plugin by jenkinsci.

the class GithubOrgFolderPermissionsTest method canCreateWhenHavePermissionsOnDefaultOrg.

@Test
public void canCreateWhenHavePermissionsOnDefaultOrg() throws Exception {
    MockAuthorizationStrategy authz = new MockAuthorizationStrategy();
    authz.grant(Jenkins.ADMINISTER).everywhere().to(user);
    j.jenkins.setAuthorizationStrategy(authz);
    // refresh the JWT token otherwise all hell breaks loose.
    jwtToken = getJwtToken(j.jenkins, "vivek", "vivek");
    createGithubPipeline(true);
}
Also used : MockAuthorizationStrategy(org.jvnet.hudson.test.MockAuthorizationStrategy) Test(org.junit.Test)

Example 10 with MockAuthorizationStrategy

use of org.jvnet.hudson.test.MockAuthorizationStrategy in project blueocean-plugin by jenkinsci.

the class GithubOrgFolderPermissionsTest method canNotCreateWhenHaveNoPermissionOnCustomOrg.

@Test
public void canNotCreateWhenHaveNoPermissionOnCustomOrg() throws Exception {
    MockAuthorizationStrategy authz = new MockAuthorizationStrategy();
    authz.grant(Item.READ, Jenkins.READ).everywhere().to(user);
    j.jenkins.setAuthorizationStrategy(authz);
    // refresh the JWT token otherwise all hell breaks loose.
    jwtToken = getJwtToken(j.jenkins, "vivek", "vivek");
    createGithubPipeline(false);
}
Also used : MockAuthorizationStrategy(org.jvnet.hudson.test.MockAuthorizationStrategy) Test(org.junit.Test)

Aggregations

MockAuthorizationStrategy (org.jvnet.hudson.test.MockAuthorizationStrategy)17 Test (org.junit.Test)14 JenkinsRule (org.jvnet.hudson.test.JenkinsRule)8 Matchers.containsString (org.hamcrest.Matchers.containsString)5 WebClient (org.jvnet.hudson.test.JenkinsRule.WebClient)5 WorkflowJob (org.jenkinsci.plugins.workflow.job.WorkflowJob)4 Issue (org.jvnet.hudson.test.Issue)4 CpsFlowDefinition (org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition)3 WorkflowRun (org.jenkinsci.plugins.workflow.job.WorkflowRun)3 WebRequest (com.gargoylesoftware.htmlunit.WebRequest)2 RestartableJenkinsRule (org.jvnet.hudson.test.RestartableJenkinsRule)2 ElementNotFoundException (com.gargoylesoftware.htmlunit.ElementNotFoundException)1 FailingHttpStatusCodeException (com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException)1 HtmlForm (com.gargoylesoftware.htmlunit.html.HtmlForm)1 HtmlPage (com.gargoylesoftware.htmlunit.html.HtmlPage)1 ACLContext (hudson.security.ACLContext)1 URL (java.net.URL)1 ScriptApproval (org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval)1 Statement (org.junit.runners.model.Statement)1