public List<AdminUser> getOperateUsers() { return getApproval().getAuthConfig().getUsers(); }
public static void toJSON(OutputWriter jsonWriter, AuthConfig authConfig) { if (!authConfig.errors().isEmpty()) { jsonWriter.addChild("errors", errorWriter -> { new ErrorGetter(new HashMap<>()).toJSON(errorWriter, authConfig); }); } jsonWriter.addChildList("roles", authConfig.getRoles().stream().map(eachItem -> eachItem.getName().toString()).collect(Collectors.toList())); jsonWriter.addChildList("users", authConfig.getUsers().stream().map(eachItem -> eachItem.getName().toString()).collect(Collectors.toList())); }
public static void toJSON(OutputWriter jsonWriter, AuthConfig authConfig) { if (!authConfig.errors().isEmpty()) { jsonWriter.addChild("errors", errorWriter -> { new ErrorGetter(new HashMap<>()).toJSON(errorWriter, authConfig); }); } jsonWriter.addChildList("roles", authConfig.getRoles().stream().map(eachItem -> eachItem.getName().toString()).collect(Collectors.toList())); jsonWriter.addChildList("users", authConfig.getUsers().stream().map(eachItem -> eachItem.getName().toString()).collect(Collectors.toList())); }
private CRApproval approvalToCRApproval(Approval approval) { CRApproval crApproval = new CRApproval(); for(AdminUser user: approval.getAuthConfig().getUsers()) { crApproval.addAuthorizedUser(user.getName().toString()); } for(AdminRole role: approval.getAuthConfig().getRoles()) { crApproval.addAuthorizedRole(role.getName().toString()); } if (approval.getType().equals(Approval.SUCCESS)) { crApproval.setApprovalCondition(CRApprovalCondition.success); } else { crApproval.setApprovalCondition(CRApprovalCondition.manual); } return crApproval; }
@Test public void shouldShowBugWhichAllowsAUserWithoutOperatePermissionToOperateAStage() throws Exception { CruiseConfig cruiseConfig = cruiseConfigWithSecurity( new RoleConfig(new CaseInsensitiveString("role"), new RoleUser(new CaseInsensitiveString("first")), new RoleUser(new CaseInsensitiveString("second"))), new AdminUser(new CaseInsensitiveString("admin"))); addRoleAsAdminToDefaultGroup(cruiseConfig, "role"); PipelineConfig pipeline = cruiseConfig.find(DEFAULT_GROUP, 0); StageConfig stage = pipeline.get(0); StageConfigMother.addApprovalWithUsers(stage, "first", "some-other-user-who-is-not-operate-authorized"); Approval approval = stage.getApproval(); approval.validate(PipelineConfigSaveValidationContext.forChain(true, DEFAULT_GROUP, cruiseConfig, pipeline, stage)); assertNoErrors(approval.getAuthConfig().getUsers().get(0)); /* https://github.com/gocd/gocd/pull/1779#issuecomment-170161521 */ assertNoErrors(approval.getAuthConfig().getUsers().get(1)); }
@Test public void shouldFailValidateWhenUsersWithoutOperatePermissionOnGroupAreAuthorizedToApproveStage_WithPipelineConfigSaveValidationContext() { CruiseConfig cruiseConfig = cruiseConfigWithSecurity( new RoleConfig(new CaseInsensitiveString("role"), new RoleUser(new CaseInsensitiveString("first")), new RoleUser(new CaseInsensitiveString("second"))), new AdminUser( new CaseInsensitiveString("admin"))); addUserAndRoleToDefaultGroup(cruiseConfig, "user", "role"); PipelineConfig pipeline = cruiseConfig.find(DEFAULT_GROUP, 0); StageConfig stage = pipeline.get(0); StageConfigMother.addApprovalWithUsers(stage, "not-present"); Approval approval = stage.getApproval(); approval.validate(PipelineConfigSaveValidationContext.forChain(true, DEFAULT_GROUP, cruiseConfig, pipeline, stage)); AdminUser user = approval.getAuthConfig().getUsers().get(0); assertThat(user.errors().isEmpty(), is(false)); assertThat(user.errors().on("name"), is("User \"not-present\" who is not authorized to operate pipeline group `defaultGroup` can not be authorized to approve stage")); }
@Test public void validate_shouldNotAllow_UserInApprovalListButNotInOperationList() { CruiseConfig cruiseConfig = cruiseConfigWithSecurity( new RoleConfig(new CaseInsensitiveString("role"), new RoleUser(new CaseInsensitiveString("first")), new RoleUser(new CaseInsensitiveString("second"))), new AdminUser( new CaseInsensitiveString("admin"))); PipelineConfigs group = addUserAndRoleToDefaultGroup(cruiseConfig, "user", "role"); PipelineConfig pipeline = cruiseConfig.find(DEFAULT_GROUP, 0); StageConfig stage = pipeline.get(0); StageConfigMother.addApprovalWithUsers(stage, "not-present"); Approval approval = stage.getApproval(); approval.validate(ConfigSaveValidationContext.forChain(cruiseConfig, group, pipeline, stage)); AdminUser user = approval.getAuthConfig().getUsers().get(0); assertThat(user.errors().isEmpty(), is(false)); assertThat(user.errors().on("name"), is("User \"not-present\" who is not authorized to operate pipeline group `defaultGroup` can not be authorized to approve stage")); }
@Test public void validate_shouldAllowUserWhenSecurityIsNotDefinedInGroup() throws Exception { CruiseConfig cruiseConfig = cruiseConfigWithSecurity( new RoleConfig(new CaseInsensitiveString("role"), new RoleUser(new CaseInsensitiveString("first")), new RoleUser(new CaseInsensitiveString("second"))), new AdminUser( new CaseInsensitiveString("admin"))); PipelineConfigs group = cruiseConfig.findGroup(DEFAULT_GROUP); PipelineConfig pipeline = cruiseConfig.find(DEFAULT_GROUP, 0); StageConfig stage = pipeline.get(0); StageConfigMother.addApprovalWithUsers(stage, "user"); Approval approval = stage.getApproval(); approval.validate(ConfigSaveValidationContext.forChain(cruiseConfig, group, pipeline, stage)); assertNoErrors(approval.getAuthConfig().getUsers().get(0)); }
@Test public void validate_shouldAllowAdminToOperateOnAStage() throws Exception { CruiseConfig cruiseConfig = cruiseConfigWithSecurity( new RoleConfig(new CaseInsensitiveString("role"), new RoleUser(new CaseInsensitiveString("first")), new RoleUser(new CaseInsensitiveString("second"))), new AdminUser( new CaseInsensitiveString("admin"))); PipelineConfigs group = addUserAndRoleToDefaultGroup(cruiseConfig, "user", "role"); PipelineConfig pipeline = cruiseConfig.find(DEFAULT_GROUP, 0); StageConfig stage = pipeline.get(0); StageConfigMother.addApprovalWithUsers(stage, "admin"); Approval approval = stage.getApproval(); approval.validate(ConfigSaveValidationContext.forChain(cruiseConfig, group, pipeline, stage)); assertNoErrors(approval.getAuthConfig().getUsers().get(0)); }
@Test public void validate_shouldAllowUserWhoIsDefinedInGroup() throws Exception { CruiseConfig cruiseConfig = cruiseConfigWithSecurity( new RoleConfig(new CaseInsensitiveString("role"), new RoleUser(new CaseInsensitiveString("first")), new RoleUser(new CaseInsensitiveString("second"))), new AdminUser( new CaseInsensitiveString("admin"))); PipelineConfigs group = addUserAndRoleToDefaultGroup(cruiseConfig, "user", "role"); PipelineConfig pipeline = cruiseConfig.find(DEFAULT_GROUP, 0); StageConfig stage = pipeline.get(0); StageConfigMother.addApprovalWithUsers(stage, "user"); Approval approval = stage.getApproval(); approval.validate(ConfigSaveValidationContext.forChain(cruiseConfig, group, pipeline, stage)); assertNoErrors(approval.getAuthConfig().getUsers().get(0)); }
@Test public void validate_shouldAllowUserWhoseRoleHasOperatePermission() throws Exception { CruiseConfig cruiseConfig = cruiseConfigWithSecurity( new RoleConfig(new CaseInsensitiveString("role"), new RoleUser(new CaseInsensitiveString("first")), new RoleUser(new CaseInsensitiveString("second"))), new AdminUser( new CaseInsensitiveString("admin"))); PipelineConfigs group = addUserAndRoleToDefaultGroup(cruiseConfig, "user", "role"); PipelineConfig pipeline = cruiseConfig.find(DEFAULT_GROUP, 0); StageConfig stage = pipeline.get(0); StageConfigMother.addApprovalWithUsers(stage, "first"); Approval approval = stage.getApproval(); approval.validate(ConfigSaveValidationContext.forChain(cruiseConfig, group, pipeline, stage)); assertNoErrors(approval.getAuthConfig().getUsers().get(0)); }
@Test public void validate_shouldNotTryAndValidateWhenWithinTemplate() throws Exception { CruiseConfig cruiseConfig = cruiseConfigWithSecurity( new RoleConfig(new CaseInsensitiveString("role"), new RoleUser(new CaseInsensitiveString("first")), new RoleUser(new CaseInsensitiveString("second"))), new AdminUser( new CaseInsensitiveString("admin"))); PipelineConfigs group = addUserAndRoleToDefaultGroup(cruiseConfig, "user", "role"); PipelineConfig pipeline = cruiseConfig.find(DEFAULT_GROUP, 0); StageConfig stage = pipeline.get(0); StageConfigMother.addApprovalWithUsers(stage, "not-present"); Approval approval = stage.getApproval(); approval.validate(ConfigSaveValidationContext.forChain(cruiseConfig, new TemplatesConfig(), stage)); assertNoErrors(approval.getAuthConfig().getUsers().get(0)); }
@Test public void shouldPassValidateWhenNoPermissionAreSetupOnGroupAndUserIsAuthorizedToApproveStage_WithPipelineConfigSaveValidationContext() { CruiseConfig cruiseConfig = cruiseConfigWithSecurity( new RoleConfig(new CaseInsensitiveString("role"), new RoleUser(new CaseInsensitiveString("first")), new RoleUser(new CaseInsensitiveString("second"))), new AdminUser( new CaseInsensitiveString("admin"))); PipelineConfig pipeline = cruiseConfig.find(DEFAULT_GROUP, 0); StageConfig stage = pipeline.get(0); StageConfigMother.addApprovalWithUsers(stage, "not-present"); Approval approval = stage.getApproval(); approval.validate(PipelineConfigSaveValidationContext.forChain(true, DEFAULT_GROUP, cruiseConfig, pipeline, stage)); assertNoErrors(approval.getAuthConfig().getUsers().get(0)); }