@Test public void shouldCareAboutAdminsConfigChange() { SecurityConfigChangeListener securityConfigChangeListener = new SecurityConfigChangeListener() { @Override public void onEntityConfigChange(Object entity) { } }; assertThat(securityConfigChangeListener.shouldCareAbout(new AdminsConfig()), is(true)); }
@Test public void shouldSayThatAnAdmin_HasAdminOrViewPermissions() { CaseInsensitiveString adminUser = new CaseInsensitiveString("admin"); Authorization authorization = new Authorization(new AdminsConfig(new AdminUser(adminUser))); assertThat(authorization.hasAdminOrViewPermissions(adminUser, null), is(true)); }
@Test public void shouldDisplayTheFlagInXmlIfTemplateAuthorizationDoesNotAllowGroupAdmins() throws Exception { CruiseConfig cruiseConfig = new BasicCruiseConfig(); PipelineTemplateConfig template = com.thoughtworks.go.helper.PipelineTemplateConfigMother.createTemplate("template-name", new Authorization(new AdminsConfig()), com.thoughtworks.go.helper.StageConfigMother.manualStage("stage-name")); template.getAuthorization().setAllowGroupAdmins(false); cruiseConfig.addTemplate(template); xmlWriter.write(cruiseConfig, output, false); String writtenConfigXml = this.output.toString(); assertThat(writtenConfigXml, containsString("allGroupAdminsAreViewers")); }
@Test public void shouldReturnTrueIfUserWithinARoleCanViewAndEditTemplates() { CaseInsensitiveString templateAdmin = new CaseInsensitiveString("template-admin"); Role securityConfigRole = getSecurityConfigRole(templateAdmin); List<Role> roles = setupRoles(securityConfigRole); ArrayList<PipelineTemplateConfig> templateList = new ArrayList<>(); templateList.add(PipelineTemplateConfigMother.createTemplate("templateName", new Authorization(new AdminsConfig(new AdminRole(securityConfigRole))), StageConfigMother.manualStage("some-random-stage"))); TemplatesConfig templates = new TemplatesConfig(templateList.toArray(new PipelineTemplateConfig[0])); assertThat(templates.canViewAndEditTemplate(templateAdmin, roles), is(true)); }
@Test public void shouldThrowExceptionIfRoleNameInPipelinesAuthorizationAdminSectionDoesNotExist() { AdminRole role = new AdminRole(new CaseInsensitiveString("shilpaIsNotHere")); PipelineConfigs pipelineConfigs = new BasicPipelineConfigs(new Authorization(new AdminsConfig(role))); CruiseConfig config = new BasicCruiseConfig(pipelineConfigs); role.validate(ConfigSaveValidationContext.forChain(config)); ConfigErrors errors = role.errors(); assertThat(errors.isEmpty(), is(false)); assertThat(errors.on(AdminRole.NAME), is("Role \"shilpaIsNotHere\" does not exist.")); }
@Test public void shouldSayThatAnAdminWithinARole_HasAdminOrViewPermissions() { CaseInsensitiveString adminUser = new CaseInsensitiveString("admin"); RoleConfig role = new RoleConfig(new CaseInsensitiveString("role1"), new RoleUser(adminUser)); List<Role> roles = new ArrayList<>(); roles.add(role); Authorization authorization = new Authorization(new AdminsConfig(new AdminRole(role))); assertThat(authorization.hasAdminOrViewPermissions(adminUser, roles), is(true)); }
@Test public void shouldReturnTrueIfAdminsAreDefined() { Authorization authorization = new Authorization(new AdminsConfig(new AdminUser(new CaseInsensitiveString("foo")))); assertThat(authorization.hasAdminsDefined(), is(true)); }
@Test public void shouldReturnTrueIfUserCanEditTemplate() { CaseInsensitiveString templateAdmin = new CaseInsensitiveString("template-admin"); String templateName = "template1"; PipelineTemplateConfig template = PipelineTemplateConfigMother.createTemplate(templateName, new Authorization(new AdminsConfig(new AdminUser(templateAdmin))), StageConfigMother.manualStage("stage-name")); TemplatesConfig templates = new TemplatesConfig(template); assertThat(templates.canUserEditTemplate(template, templateAdmin, null), is(true)); }
@Test public void shouldReturnFalseIfAUserBelongsToAnAdminRoleNoRolesGiven() { CaseInsensitiveString username = new CaseInsensitiveString("USER1"); AdminsConfig adminsConfig = new AdminsConfig(new AdminRole(username)); // this is how isAdmin() is used in TemplatesConfig assertThat(adminsConfig.isAdmin(new AdminUser(username), null), is(false)); }
@Test public void shouldReturnFalseIfUserWithinARoleCannotViewAndEditTemplates() { CaseInsensitiveString templateAdmin = new CaseInsensitiveString("template-admin"); Role securityConfigRole = getSecurityConfigRole(templateAdmin); List<Role> roles = setupRoles(securityConfigRole); ArrayList<PipelineTemplateConfig> templateList = new ArrayList<>(); templateList.add(PipelineTemplateConfigMother.createTemplate("templateName", new Authorization(new AdminsConfig(new AdminUser(new CaseInsensitiveString("random-user")))), StageConfigMother.manualStage("stage-name"))); TemplatesConfig templates = new TemplatesConfig(templateList.toArray(new PipelineTemplateConfig[0])); assertThat(templates.canViewAndEditTemplate(templateAdmin, roles), is(false)); }
@Test public void shouldValidateRoleNamesInTemplateAdminAuthorization() { BasicCruiseConfig cruiseConfig = GoConfigMother.defaultCruiseConfig(); ServerConfig serverConfig = new ServerConfig(new SecurityConfig(new AdminsConfig(new AdminUser(new CaseInsensitiveString("admin")))), null); cruiseConfig.setServerConfig(serverConfig); GoConfigMother.enableSecurityWithPasswordFilePlugin(cruiseConfig); RoleConfig roleConfig = new RoleConfig(new CaseInsensitiveString("non-existent-role"), new RoleUser("non-existent-user")); PipelineTemplateConfig template = new PipelineTemplateConfig(new CaseInsensitiveString("template"), new Authorization(new AdminsConfig(new AdminRole(roleConfig))), StageConfigMother.manualStage("stage2"), StageConfigMother.manualStage("stage")); template.validate(ConfigSaveValidationContext.forChain(cruiseConfig)); assertThat(template.getAllErrors().get(0).getAllOn("name"), is(Arrays.asList("Role \"non-existent-role\" does not exist."))); }
@Test public void shouldReturnFalseIfUserCannotEditTemplate() { CaseInsensitiveString templateAdmin = new CaseInsensitiveString("template-admin"); CaseInsensitiveString templateAdminWhoDoesNotHavePermissionToThisTemplate = new CaseInsensitiveString("user"); String templateName = "template1"; PipelineTemplateConfig template = PipelineTemplateConfigMother.createTemplate(templateName, new Authorization(new AdminsConfig(new AdminUser(templateAdmin))), StageConfigMother.manualStage("stage-name")); TemplatesConfig templates = new TemplatesConfig(template); assertThat(templates.canUserEditTemplate(template, templateAdminWhoDoesNotHavePermissionToThisTemplate, null), is(false)); }
@Test public void shouldReturnTrueIfUserWithinARoleCanEditTemplate() { CaseInsensitiveString templateAdmin = new CaseInsensitiveString("template-admin"); Role securityConfigRole = getSecurityConfigRole(templateAdmin); List<Role> roles = setupRoles(securityConfigRole); String templateName = "template1"; PipelineTemplateConfig template = PipelineTemplateConfigMother.createTemplate(templateName, new Authorization(new AdminsConfig(new AdminRole(securityConfigRole))), StageConfigMother.manualStage("random-stage-name")); TemplatesConfig templates = new TemplatesConfig(template); assertThat(templates.canUserEditTemplate(template, templateAdmin, roles), is(true)); }
@Test public void shouldNotThrowExceptionIfRoleNameInPipelinesAuthorizationAdminSectionExists() { AdminRole role = new AdminRole(new CaseInsensitiveString("shilpaIsHere")); PipelineConfigs pipelineConfigs = new BasicPipelineConfigs(new Authorization(new AdminsConfig(role))); CruiseConfig config = new BasicCruiseConfig(pipelineConfigs); config.server().security().addRole(new RoleConfig(new CaseInsensitiveString("shilpaIsHere"))); role.validate(ConfigSaveValidationContext.forChain(config)); assertThat(role.errors().isEmpty(), is(true)); } }
@Test public void shouldReturnTrueIfHasUser() { AdminsConfig adminsConfig = new AdminsConfig(new AdminUser(new CaseInsensitiveString("user1"))); assertThat("shouldReturnTrueIfHasUser", adminsConfig.hasUser(new CaseInsensitiveString("user1"), UserRoleMatcherMother.ALWAYS_FALSE_MATCHER), is(true)); }
@Test public void shouldSetAuthorizationInFile() { BasicPipelineConfigs filePart = new BasicPipelineConfigs(); filePart.setOrigin(new FileConfigOrigin()); MergePipelineConfigs merge = new MergePipelineConfigs(filePart,new BasicPipelineConfigs()); Authorization auth = new Authorization(new AdminsConfig(new AdminUser(new CaseInsensitiveString("buddy")))); merge.setAuthorization(auth); assertThat(filePart.getAuthorization(),is(auth)); }
@Test public void shouldReturnTrueIfAnUserBelongsToAnAdminRole() { Authorization authorization = new Authorization(new AdminsConfig(new AdminRole(new CaseInsensitiveString("bar1")), new AdminRole(new CaseInsensitiveString("bar2")))); assertThat(authorization.isUserAnAdmin(new CaseInsensitiveString("foo1"), Arrays.asList(new RoleConfig(new CaseInsensitiveString("bar1")), new RoleConfig(new CaseInsensitiveString("bar1") ))), is(true)); assertThat(authorization.isUserAnAdmin(new CaseInsensitiveString("foo2"), Arrays.asList(new RoleConfig(new CaseInsensitiveString("bar2")))), is(true)); assertThat(authorization.isUserAnAdmin(new CaseInsensitiveString("foo3"), Arrays.asList(new RoleConfig(new CaseInsensitiveString("bar1")))), is(true)); assertThat(authorization.isUserAnAdmin(new CaseInsensitiveString("foo4"), new ArrayList<>()), is(false)); }
@Test public void shouldReturnTrueIfAUserIsAnAdmin() { AdminsConfig adminsConfig = new AdminsConfig(new AdminUser(new CaseInsensitiveString("USER1"))); assertThat(adminsConfig.isAdmin(new AdminUser(new CaseInsensitiveString("user1")), Arrays.asList(new RoleConfig(new CaseInsensitiveString("first") ), new RoleConfig(new CaseInsensitiveString("role1")))), is(true)); }
@Test public void shouldReturnTrueIfAUserBelongsToAnAdminRole() { AdminsConfig adminsConfig = new AdminsConfig(new AdminRole(new CaseInsensitiveString("Role1"))); assertThat(adminsConfig.isAdmin(new AdminUser(new CaseInsensitiveString("user1")), Arrays.asList(new RoleConfig(new CaseInsensitiveString("first") ), new RoleConfig(new CaseInsensitiveString("role1")))), is(true)); }
@Test public void shouldReturnTrueIfUserMatchRole() { AdminsConfig adminsConfig = new AdminsConfig(new AdminUser(new CaseInsensitiveString("user1")), new AdminRole(new CaseInsensitiveString("role"))); assertThat("shouldReturnTrueIfUserMatchRole", adminsConfig.hasUser(new CaseInsensitiveString("roleuser"), UserRoleMatcherMother.ALWAYS_TRUE_MATCHER), is(true)); }