public PipelineConfigs removePipeline(String pipelineName, CruiseConfig cruiseConfig) {
String groupName =
cruiseConfig.getGroups().findGroupNameByPipeline(new CaseInsensitiveString(pipelineName));
PipelineConfigs groups = cruiseConfig.getGroups().findGroup(groupName);
groups.remove(cruiseConfig.pipelineConfigByName(new CaseInsensitiveString(pipelineName)));
return groups;
}
@Before
public void setUp() throws Exception {
dbHelper.onSetUp();
configHelper = new GoConfigFileHelper(goConfigDao);
configHelper.onSetUp();
configHelper.addPipeline(
"bar", "stage", MaterialConfigsMother.defaultMaterialConfigs(), "build");
pipelineConfig =
configHelper.addPipeline(
"foo", "stage", MaterialConfigsMother.defaultMaterialConfigs(), "build");
configHelper.addMingleConfigToPipeline(
"foo",
new MingleConfig("https://some-tracking-tool:8443", "project-super-secret", "hello=world"));
CruiseConfig cruiseConfig = configHelper.load();
PipelineConfigs group = cruiseConfig.findGroup("defaultGroup");
group.setAuthorization(
new Authorization(
new ViewConfig(new AdminUser(new CaseInsensitiveString("authorized_user")))));
configHelper.writeConfigFile(cruiseConfig);
SecurityConfig securityConfig =
new SecurityConfig(
new LdapConfig(new GoCipher()), new PasswordFileConfig("/tmp/foo.passwd"), true);
securityConfig.adminsConfig().add(new AdminUser(new CaseInsensitiveString("admin")));
configHelper.addSecurity(securityConfig);
}
@Test
public void
shouldSetViewPermissionByDefaultIfNameIsPresentAndPermissionsAreOff_whileSettingAttributes() {
PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1"));
group.setConfigAttributes(
m(
BasicPipelineConfigs.AUTHORIZATION,
a(
m(
Authorization.NAME,
"user1",
Authorization.TYPE,
USER.toString(),
Authorization.PRIVILEGES,
privileges(OFF, OFF, OFF)),
m(
Authorization.NAME,
"role1",
Authorization.TYPE,
ROLE.toString(),
Authorization.PRIVILEGES,
privileges(OFF, OFF, OFF)))));
Authorization authorization = group.getAuthorization();
assertThat(authorization.getViewConfig().size(), is(2));
assertThat(
authorization.getViewConfig(),
hasItems(
(Admin) new AdminRole(new CaseInsensitiveString("role1")),
(Admin) new AdminUser(new CaseInsensitiveString("user1"))));
assertThat(authorization.getOperationConfig().size(), is(0));
assertThat(authorization.getAdminsConfig().size(), is(0));
}
@Test
public void shouldSetToDefaultGroupWithGroupNameIsEmptyString() {
PipelineConfigs pipelineConfigs = createEmpty();
pipelineConfigs.setGroup("");
assertThat(pipelineConfigs.getGroup(), is(BasicPipelineConfigs.DEFAULT_GROUP));
}
@Test
public void shouldGetAllPipelinesList() {
PipelineConfig pipeline1 = PipelineConfigMother.pipelineConfig("pipeline1");
PipelineConfig pipeline2 = PipelineConfigMother.pipelineConfig("pipeline2");
PipelineConfigs group = createWithPipelines(pipeline1, pipeline2);
assertThat(group.getPipelines(), hasItem(pipeline1));
assertThat(group.getPipelines(), hasItem(pipeline2));
}
@Test
public void shouldReturnFalseIfPipelineNotExist() {
PipelineConfigs configs = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1"));
assertThat(
"shouldReturnFalseIfPipelineNotExist",
configs.hasPipeline(new CaseInsensitiveString("not-exist")),
is(false));
}
public void removePipeline(String pipelineName) {
CruiseConfig cruiseConfig = loadForEdit();
PipelineConfigs groups = removePipeline(pipelineName, cruiseConfig);
if (groups.isEmpty()) {
cruiseConfig.getGroups().remove(groups);
}
writeConfigFile(cruiseConfig);
}
@Test
public void shouldReturnIndexOfPipeline() {
PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1"));
PipelineConfig pipelineConfig = (PipelineConfig) group.get(0).clone();
pipelineConfig.setLabelTemplate("blah");
group.update(group.getGroup(), pipelineConfig, "pipeline1");
assertThat(group.get(0).getLabelTemplate(), is("blah"));
}
@Test
public void hasViewPermissionDefinedShouldReturnFalseIfAuthorizationIsNotDefined() {
PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1"));
assertThat(
"hasViewPermissionDefinedShouldReturnFalseIfAuthorizationIsNotDefined",
group.hasViewPermissionDefined(),
is(false));
}
@Test
public void shouldReturnTrueIfPipelineExist() {
PipelineConfig pipelineConfig = PipelineConfigMother.pipelineConfig("pipeline1");
PipelineConfigs configs = createWithPipeline(pipelineConfig);
assertThat(
"shouldReturnTrueIfPipelineExist",
configs.hasPipeline(new CaseInsensitiveString("pipeline1")),
is(true));
}
@Test
public void shouldReturnIndexOfPipeline_When2Pipelines() {
PipelineConfigs group =
createWithPipelines(
PipelineConfigMother.pipelineConfig("pipeline1"),
PipelineConfigMother.pipelineConfig("pipeline2"));
PipelineConfig pipelineConfig = group.findBy(new CaseInsensitiveString("pipeline2"));
assertThat(group.indexOf(pipelineConfig), is(1));
}
@Test
public void shouldAddPipelineAtIndex() {
PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline0"));
PipelineConfig p1 = PipelineConfigMother.pipelineConfig("pipeline1");
group.add(1, p1);
assertThat(group.get(1), is(p1));
}
@Test
public void hasViewPermissionDefinedShouldReturnTrueIfAuthorizationIsDefined() {
PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1"));
group.getAuthorization().getViewConfig().add(new AdminUser(new CaseInsensitiveString("jez")));
assertThat(
"hasViewPermissionDefinedShouldReturnTrueIfAuthorizationIsDefined",
group.hasViewPermissionDefined(),
is(true));
}
@Test
public void validate_shouldMakeSureTheNameIsAppropriate() {
PipelineConfigs group = createEmpty();
group.validate(null);
assertThat(
group.errors().on(BasicPipelineConfigs.GROUP),
is(
"Invalid group name 'null'. This must be alphanumeric and can contain underscores and periods (however, it cannot start with a period). The maximum allowed length is 255 characters."));
}
public void setViewPermissionForGroup(String groupName, String username) {
CruiseConfig cruiseConfig = loadForEdit();
PipelineConfigs group = cruiseConfig.getGroups().findGroup(groupName);
group
.getAuthorization()
.getViewConfig()
.add(new AdminUser(new CaseInsensitiveString(username)));
writeConfigFile(cruiseConfig);
}
@Test
public void shouldReturnFalseIfViewPermissionIsNotDefined() {
PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1"));
group
.getAuthorization()
.getOperationConfig()
.add(new AdminUser(new CaseInsensitiveString("jez")));
assertThat(group.hasViewPermission(new CaseInsensitiveString("jez"), null), is(false));
}
@Test
public void shouldReInitializeAuthorizationIfWeClearAllPermissions() {
PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1"));
group.setConfigAttributes(
m(
BasicPipelineConfigs.AUTHORIZATION,
a(
m(
Authorization.NAME,
"loser",
Authorization.TYPE,
USER.toString(),
Authorization.PRIVILEGES,
privileges(ON, DISABLED, DISABLED)),
m(
Authorization.NAME,
"boozer",
Authorization.TYPE,
USER.toString(),
Authorization.PRIVILEGES,
privileges(OFF, ON, ON)),
m(
Authorization.NAME,
"geezer",
Authorization.TYPE,
USER.toString(),
Authorization.PRIVILEGES,
privileges(DISABLED, OFF, ON)),
m(
Authorization.NAME,
"gang_of_losers",
Authorization.TYPE,
ROLE.toString(),
Authorization.PRIVILEGES,
privileges(DISABLED, OFF, ON)),
m(
Authorization.NAME,
"blinds",
Authorization.TYPE,
ROLE.toString(),
Authorization.PRIVILEGES,
privileges(ON, ON, OFF)))));
Authorization authorization = group.getAuthorization();
assertThat(authorization.getAdminsConfig().size(), is(2));
assertThat(authorization.getOperationConfig().size(), is(2));
assertThat(authorization.getViewConfig().size(), is(3));
group.setConfigAttributes(m());
authorization = group.getAuthorization();
assertThat(authorization.getAdminsConfig().size(), is(0));
assertThat(authorization.getOperationConfig().size(), is(0));
assertThat(authorization.getViewConfig().size(), is(0));
}
public void blockPipelineGroupExceptFor(String pipelineGroupName, String roleName) {
CruiseConfig config = loadForEdit();
PipelineConfigs configs = config.getGroups().findGroup(pipelineGroupName);
Authorization authorization =
new Authorization(
new OperationConfig(new AdminRole(new CaseInsensitiveString(roleName))),
new ViewConfig(new AdminRole(new CaseInsensitiveString(roleName))));
configs.setAuthorization(authorization);
writeConfigFile(config);
}
public List<PipelineConfigs> viewableGroupsFor(Username username) {
ArrayList<PipelineConfigs> list = new ArrayList<PipelineConfigs>();
for (PipelineConfigs pipelineConfigs : goConfigService.getCurrentConfig().getGroups()) {
if (hasViewPermissionForGroup(
CaseInsensitiveString.str(username.getUsername()), pipelineConfigs.getGroup())) {
list.add(pipelineConfigs);
}
}
return list;
}
@Test
public void shouldRemovePipeline() {
PipelineConfig p0 = PipelineConfigMother.pipelineConfig("pipeline0");
PipelineConfigs group = createWithPipeline(p0);
PipelineConfig p1 = PipelineConfigMother.pipelineConfig("pipeline1");
group.add(1, p1);
group.remove(p0);
assertThat(group.get(0), is(p1));
assertThat(group.size(), is(1));
}
public Set<String> rolesThatCanOperateOnStage(
CruiseConfig cruiseConfig, PipelineConfig pipelineConfig) {
PipelineConfigs group = cruiseConfig.findGroupOfPipeline(pipelineConfig);
SortedSet<String> roles = new TreeSet<String>();
if (group.hasAuthorizationDefined()) {
if (group.hasOperationPermissionDefined()) {
roles.addAll(group.getOperateRoleNames());
}
} else {
roles.addAll(allRoleNames(cruiseConfig));
}
return roles;
}
public boolean hasOperatePermissionForGroup(
final CaseInsensitiveString username, String groupName) {
CruiseConfig cruiseConfig = goConfigService.getCurrentConfig();
if (!cruiseConfig.isSecurityEnabled()) {
return true;
}
if (isUserAdmin(new Username(username))) {
return true;
}
PipelineConfigs group = cruiseConfig.getGroups().findGroup(groupName);
return isUserAdminOfGroup(username, group)
|| group.hasOperatePermission(
username, new UserRoleMatcherImpl(cruiseConfig.server().security()));
}
@Test
public void shouldValidateThatPipelineNameIsUnique() {
PipelineConfig first = PipelineConfigMother.pipelineConfig("first");
PipelineConfig second = PipelineConfigMother.pipelineConfig("second");
PipelineConfigs group = createWithPipelines(first, second);
PipelineConfig duplicate = PipelineConfigMother.pipelineConfig("first");
group.addWithoutValidation(duplicate);
group.validate(null);
assertThat(
duplicate.errors().on(PipelineConfig.NAME),
is(
"You have defined multiple pipelines called 'first'. Pipeline names are case-insensitive and must be unique."));
assertThat(
first.errors().on(PipelineConfig.NAME),
is(
"You have defined multiple pipelines called 'first'. Pipeline names are case-insensitive and must be unique."));
}
public Set<String> usersThatCanOperateOnStage(
CruiseConfig cruiseConfig, PipelineConfig pipelineConfig) {
SortedSet<String> users = new TreeSet<String>();
PipelineConfigs group = cruiseConfig.findGroupOfPipeline(pipelineConfig);
if (group.hasAuthorizationDefined()) {
if (group.hasOperationPermissionDefined()) {
users.addAll(group.getOperateUserNames());
List<String> roles = group.getOperateRoleNames();
for (Role role : cruiseConfig.server().security().getRoles()) {
if (roles.contains(CaseInsensitiveString.str(role.getName()))) {
users.addAll(role.usersOfRole());
}
}
}
} else {
users.addAll(allUsernames());
}
return users;
}
@Test
public void shouldValidateGroupNameUniqueness() {
Map<String, PipelineConfigs> nameToConfig = new HashMap<String, PipelineConfigs>();
PipelineConfigs group1 = createEmpty();
group1.setGroup("joe");
PipelineConfigs group2 = createEmpty();
group2.setGroup("joe");
group1.validateNameUniqueness(nameToConfig);
group2.validateNameUniqueness(nameToConfig);
assertThat(
group1.errors().on(PipelineConfigs.GROUP), is("Group with name 'joe' already exists"));
}
public void addAuthorizedUserForPipelineGroup(String user) {
CruiseConfig cruiseConfig = loadForEdit();
PipelineConfigs group = cruiseConfig.getGroups().first();
group.getAuthorization().getViewConfig().add(new AdminUser(new CaseInsensitiveString(user)));
writeConfigFile(cruiseConfig);
}
@Test
public void shouldUpdateAuthorization() {
PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1"));
group.setConfigAttributes(
m(
BasicPipelineConfigs.AUTHORIZATION,
a(
m(
Authorization.NAME,
"loser",
Authorization.TYPE,
USER.toString(),
Authorization.PRIVILEGES,
privileges(ON, DISABLED, DISABLED)),
m(
Authorization.NAME,
"boozer",
Authorization.TYPE,
USER.toString(),
Authorization.PRIVILEGES,
privileges(OFF, ON, ON)),
m(
Authorization.NAME,
"geezer",
Authorization.TYPE,
USER.toString(),
Authorization.PRIVILEGES,
privileges(DISABLED, OFF, ON)),
m(
Authorization.NAME,
"gang_of_losers",
Authorization.TYPE,
ROLE.toString(),
Authorization.PRIVILEGES,
privileges(DISABLED, OFF, ON)),
m(
Authorization.NAME,
"blinds",
Authorization.TYPE,
ROLE.toString(),
Authorization.PRIVILEGES,
privileges(ON, ON, OFF)))));
Authorization authorization = group.getAuthorization();
assertThat(authorization.getAdminsConfig().size(), is(2));
assertThat(
authorization.getAdminsConfig(),
hasItems(
new AdminUser(new CaseInsensitiveString("loser")),
new AdminRole(new CaseInsensitiveString("blinds"))));
assertThat(authorization.getOperationConfig().size(), is(2));
assertThat(
authorization.getOperationConfig(),
hasItems(
new AdminUser(new CaseInsensitiveString("boozer")),
new AdminRole(new CaseInsensitiveString("blinds"))));
assertThat(authorization.getViewConfig().size(), is(3));
assertThat(
authorization.getViewConfig(),
hasItems(
new AdminUser(new CaseInsensitiveString("boozer")),
new AdminUser(new CaseInsensitiveString("geezer")),
new AdminRole(new CaseInsensitiveString("gang_of_losers"))));
}
protected Object valid() {
CruiseConfig config = configForEditing();
PipelineConfigs group = config.findGroup(groupName);
return group.getCopyForEditing();
}
public boolean isUserAdminOfGroup(final CaseInsensitiveString userName, PipelineConfigs group) {
return group.isUserAnAdmin(userName, rolesForUser(userName));
}
@Test
public void shouldIgnoreBlankUserOrRoleNames_whileSettingAttributes() {
PipelineConfigs group = createWithPipeline(PipelineConfigMother.pipelineConfig("pipeline1"));
group.setConfigAttributes(
m(
BasicPipelineConfigs.AUTHORIZATION,
a(
m(
Authorization.NAME,
"",
Authorization.TYPE,
USER.toString(),
Authorization.PRIVILEGES,
privileges(ON, DISABLED, DISABLED)),
m(
Authorization.NAME,
null,
Authorization.TYPE,
USER.toString(),
Authorization.PRIVILEGES,
privileges(OFF, ON, ON)),
m(
Authorization.NAME,
"geezer",
Authorization.TYPE,
USER.toString(),
Authorization.PRIVILEGES,
privileges(DISABLED, OFF, ON)),
m(
Authorization.NAME,
"",
Authorization.TYPE,
ROLE.toString(),
Authorization.PRIVILEGES,
privileges(DISABLED, ON, ON)),
m(
Authorization.NAME,
null,
Authorization.TYPE,
ROLE.toString(),
Authorization.PRIVILEGES,
privileges(ON, OFF, ON)),
m(
Authorization.NAME,
"blinds",
Authorization.TYPE,
ROLE.toString(),
Authorization.PRIVILEGES,
privileges(ON, ON, OFF)))));
Authorization authorization = group.getAuthorization();
assertThat(authorization.getAdminsConfig().size(), is(1));
assertThat(
authorization.getAdminsConfig(),
hasItem((Admin) new AdminRole(new CaseInsensitiveString("blinds"))));
assertThat(authorization.getOperationConfig().size(), is(1));
assertThat(
authorization.getOperationConfig(),
hasItem((Admin) new AdminRole(new CaseInsensitiveString("blinds"))));
assertThat(authorization.getViewConfig().size(), is(1));
assertThat(
authorization.getViewConfig(),
hasItem((Admin) new AdminUser(new CaseInsensitiveString("geezer"))));
}
