public List<AdminRole> getOperateRoles() { return getApproval().getAuthConfig().getRoles(); }
public static void toJSON(OutputWriter jsonWriter, AuthConfig authConfig) { if (!authConfig.errors().isEmpty()) { jsonWriter.addChild("errors", errorWriter -> { new ErrorGetter(new HashMap<>()).toJSON(errorWriter, authConfig); }); } jsonWriter.addChildList("roles", authConfig.getRoles().stream().map(eachItem -> eachItem.getName().toString()).collect(Collectors.toList())); jsonWriter.addChildList("users", authConfig.getUsers().stream().map(eachItem -> eachItem.getName().toString()).collect(Collectors.toList())); }
public static void toJSON(OutputWriter jsonWriter, AuthConfig authConfig) { if (!authConfig.errors().isEmpty()) { jsonWriter.addChild("errors", errorWriter -> { new ErrorGetter(new HashMap<>()).toJSON(errorWriter, authConfig); }); } jsonWriter.addChildList("roles", authConfig.getRoles().stream().map(eachItem -> eachItem.getName().toString()).collect(Collectors.toList())); jsonWriter.addChildList("users", authConfig.getUsers().stream().map(eachItem -> eachItem.getName().toString()).collect(Collectors.toList())); }
private AllowedUsers pipelineOperators(PipelineConfig pipeline, Set<String> admins, AllowedUsers groupLevelOperators, Map<String, Collection<String>> rolesToUsers) { if (!pipeline.first().hasOperatePermissionDefined()) { return groupLevelOperators; } Set<String> stageLevelApproversOfFirstStage = namesOf(pipeline.first().getApproval().getAuthConfig(), rolesToUsers); Set<PluginRoleConfig> stageLevelPluginRoleApproversOfFirstStage = pluginRolesFor(goConfigService.security(), pipeline.first().getApproval().getAuthConfig().getRoles()); Set<String> pipelineOperators = new HashSet<>(); pipelineOperators.addAll(admins); pipelineOperators.addAll(stageLevelApproversOfFirstStage); return new AllowedUsers(pipelineOperators, stageLevelPluginRoleApproversOfFirstStage); } }
private CRApproval approvalToCRApproval(Approval approval) { CRApproval crApproval = new CRApproval(); for(AdminUser user: approval.getAuthConfig().getUsers()) { crApproval.addAuthorizedUser(user.getName().toString()); } for(AdminRole role: approval.getAuthConfig().getRoles()) { crApproval.addAuthorizedRole(role.getName().toString()); } if (approval.getType().equals(Approval.SUCCESS)) { crApproval.setApprovalCondition(CRApprovalCondition.success); } else { crApproval.setApprovalCondition(CRApprovalCondition.manual); } return crApproval; }
@Test public void validate_shouldNotAllowRoleInApprovalListButNotInOperationList() throws Exception { CruiseConfig cruiseConfig = cruiseConfigWithSecurity( new RoleConfig(new CaseInsensitiveString("role"), new RoleUser(new CaseInsensitiveString("first")), new RoleUser(new CaseInsensitiveString("second"))), new AdminUser( new CaseInsensitiveString("admin"))); PipelineConfigs group = addUserAndRoleToDefaultGroup(cruiseConfig, "user", "role"); PipelineConfig pipeline = cruiseConfig.find(DEFAULT_GROUP, 0); StageConfig stage = pipeline.get(0); StageConfigMother.addApprovalWithRoles(stage, "not-present"); Approval approval = stage.getApproval(); approval.validate(ConfigSaveValidationContext.forChain(cruiseConfig, group, pipeline, stage)); AdminRole user = approval.getAuthConfig().getRoles().get(0); assertThat(user.errors().isEmpty(), is(false)); assertThat(user.errors().on("name"), is("Role \"not-present\" who is not authorized to operate pipeline group `defaultGroup` can not be authorized to approve stage")); }
@Test public void shouldPassValidateWhenARoleIsAdminOnGroupAndThatRoleIsAuthorizedToApproveStage_WithPipelineConfigSaveValidationContext() { CruiseConfig cruiseConfig = cruiseConfigWithSecurity( new RoleConfig(new CaseInsensitiveString("role"), new RoleUser(new CaseInsensitiveString("first")), new RoleUser(new CaseInsensitiveString("second"))), new AdminUser(new CaseInsensitiveString("admin"))); addUserAsOperatorToDefaultGroup(cruiseConfig, "user"); addRoleAsAdminToDefaultGroup(cruiseConfig, "role"); PipelineConfig pipeline = cruiseConfig.find(DEFAULT_GROUP, 0); StageConfig stage = pipeline.get(0); StageConfigMother.addApprovalWithRoles(stage, "role"); Approval approval = stage.getApproval(); approval.validate(PipelineConfigSaveValidationContext.forChain(true, DEFAULT_GROUP, cruiseConfig, pipeline, stage)); assertNoErrors(approval.getAuthConfig().getRoles().get(0)); }