From 642e3d0cf5afa795e93b938c6586ac61e71457df Mon Sep 17 00:00:00 2001 From: Basil Crow Date: Mon, 20 Mar 2023 21:10:54 -0700 Subject: [PATCH] [JENKINS-56774] Add JCasC support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: René Scheibe --- pom.xml | 10 ++ .../ProjectQueueItemAuthenticator.java | 75 ++++++++-- .../SpecificUsersAuthorizationStrategy.java | 15 ++ .../ConfigurationAsCodeTest.java | 135 ++++++++++++++++++ .../ProjectQueueItemAuthenticatorTest.java | 73 ++++++---- .../testutil/AuthorizeProjectJenkinsRule.java | 39 ++--- ....config.AnonymousAuthorizationStrategy.yml | 5 + ...fig.SpecificUsersAuthorizationStrategy.yml | 8 ++ ...bal.config.SystemAuthorizationStrategy.yml | 5 + ...g.TriggeringUsersAuthorizationStrategy.yml | 5 + ....export.AnonymousAuthorizationStrategy.yml | 3 + ...ort.SpecificUsersAuthorizationStrategy.yml | 6 + ...bal.export.SystemAuthorizationStrategy.yml | 3 + ...t.TriggeringUsersAuthorizationStrategy.yml | 3 + .../project.config.all.yml | 10 ++ .../project.export.all.yml | 8 ++ ...ty.QueueItemAuthenticatorConfiguration.xml | 25 ++++ 17 files changed, 365 insertions(+), 63 deletions(-) create mode 100644 src/test/java/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest.java create mode 100644 src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/global.config.AnonymousAuthorizationStrategy.yml create mode 100644 src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/global.config.SpecificUsersAuthorizationStrategy.yml create mode 100644 src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/global.config.SystemAuthorizationStrategy.yml create mode 100644 src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/global.config.TriggeringUsersAuthorizationStrategy.yml create mode 100644 src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/global.export.AnonymousAuthorizationStrategy.yml create mode 100644 src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/global.export.SpecificUsersAuthorizationStrategy.yml create mode 100644 src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/global.export.SystemAuthorizationStrategy.yml create mode 100644 src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/global.export.TriggeringUsersAuthorizationStrategy.yml create mode 100644 src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/project.config.all.yml create mode 100644 src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/project.export.all.yml create mode 100644 src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/strategyEnabledMapMigration/jenkins.security.QueueItemAuthenticatorConfiguration.xml diff --git a/pom.xml b/pom.xml index 95658fb..647319f 100644 --- a/pom.xml +++ b/pom.xml @@ -74,6 +74,16 @@ workflow-cps test + + io.jenkins + configuration-as-code + test + + + io.jenkins.configuration-as-code + test-harness + test + org.jenkins-ci.plugins diff --git a/src/main/java/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticator.java b/src/main/java/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticator.java index 7452ca5..70360b5 100644 --- a/src/main/java/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticator.java +++ b/src/main/java/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticator.java @@ -26,8 +26,11 @@ import java.util.Collections; import java.util.HashMap; +import java.util.HashSet; import java.util.List; import java.util.Map; +import java.util.Set; +import java.util.stream.Collectors; import hudson.Extension; import hudson.model.DescriptorVisibilityFilter; @@ -41,6 +44,7 @@ import net.sf.json.JSONObject; import org.acegisecurity.Authentication; +import org.kohsuke.stapler.DataBoundConstructor; import org.kohsuke.stapler.StaplerRequest; import jenkins.security.QueueItemAuthenticatorConfiguration; @@ -51,23 +55,42 @@ * Authorize builds of projects configured with {@link AuthorizeProjectProperty}. */ public class ProjectQueueItemAuthenticator extends QueueItemAuthenticator { - private final Map strategyEnabledMap; + private final Set enabledStrategies; + private final Set disabledStrategies; + + @Deprecated + private transient Map strategyEnabledMap; /** * */ @Deprecated public ProjectQueueItemAuthenticator() { - this(Collections.emptyMap()); + this(Collections.emptySet(), Collections.emptySet()); } + @Deprecated public ProjectQueueItemAuthenticator(Map strategyEnabledMap) { - this.strategyEnabledMap = strategyEnabledMap; + this( + strategyEnabledMap.entrySet().stream() + .filter(e -> e.getValue().equals(true)) + .map(Map.Entry::getKey) + .collect(Collectors.toSet()), + strategyEnabledMap.entrySet().stream() + .filter(e -> e.getValue().equals(false)) + .map(Map.Entry::getKey) + .collect(Collectors.toSet())); } + @DataBoundConstructor + public ProjectQueueItemAuthenticator(Set enabledStrategies, Set disabledStrategies) { + this.enabledStrategies = enabledStrategies; + this.disabledStrategies = disabledStrategies; + } + protected Object readResolve() { - if(strategyEnabledMap == null) { - return new ProjectQueueItemAuthenticator(Collections.emptyMap()); + if (strategyEnabledMap != null) { + return new ProjectQueueItemAuthenticator(strategyEnabledMap); } return this; } @@ -94,20 +117,41 @@ public Authentication authenticate(Queue.Item item) { return prop.authenticate(item); } + @Deprecated public Map getStrategyEnabledMap() { + Map strategyEnabledMap = new HashMap<>(); + for (String strategy : enabledStrategies) { + strategyEnabledMap.put(strategy, true); + } + for (String strategy : disabledStrategies) { + strategyEnabledMap.put(strategy, false); + } return strategyEnabledMap; } + public Set getEnabledStrategies() { + return enabledStrategies; + } + + public Set getDisabledStrategies() { + return disabledStrategies; + } + public boolean isStrategyEnabled(Descriptor d) { - Boolean b = getStrategyEnabledMap().get(d.getId()); - if(b != null) { - return b.booleanValue(); - } - if(!(d instanceof AuthorizeProjectStrategyDescriptor)) { + if (enabledStrategies.contains(d.getId())) { return true; } - return ((AuthorizeProjectStrategyDescriptor)d).isEnabledByDefault(); + + if (disabledStrategies.contains(d.getId())) { + return false; + } + + if (d instanceof AuthorizeProjectStrategyDescriptor) { + return ((AuthorizeProjectStrategyDescriptor) d).isEnabledByDefault(); + } + + return true; } /** @@ -150,12 +194,13 @@ public List> getAvailableDescriptorList() { public ProjectQueueItemAuthenticator newInstance(StaplerRequest req, JSONObject formData) throws FormException { - Map strategyEnabledMap = new HashMap(); + Set enabledStrategies = new HashSet<>(); + Set disabledStrategies = new HashSet<>(); for (Descriptor d : getAvailableDescriptorList()) { String name = d.getJsonSafeClassName(); if (formData.has(name)) { - strategyEnabledMap.put(d.getId(), true); + enabledStrategies.add(d.getId()); if ( d instanceof AuthorizeProjectStrategyDescriptor && ((AuthorizeProjectStrategyDescriptor)d).getGlobalSecurityConfigPage() != null @@ -163,11 +208,11 @@ public ProjectQueueItemAuthenticator newInstance(StaplerRequest req, JSONObject ((AuthorizeProjectStrategyDescriptor)d).configureFromGlobalSecurity(req, formData.getJSONObject(name)); } } else { - strategyEnabledMap.put(d.getId(), false); + disabledStrategies.add(d.getId()); } } - return new ProjectQueueItemAuthenticator(strategyEnabledMap); + return new ProjectQueueItemAuthenticator(enabledStrategies, disabledStrategies); } } diff --git a/src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy.java b/src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy.java index d2a3898..c2d13e0 100644 --- a/src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy.java +++ b/src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy.java @@ -50,6 +50,7 @@ import org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategyDescriptor; import org.jenkinsci.plugins.authorizeproject.AuthorizeProjectUtil; import org.kohsuke.accmod.Restricted; +import org.kohsuke.accmod.restrictions.DoNotUse; import org.kohsuke.accmod.restrictions.NoExternalUse; import org.kohsuke.stapler.DataBoundConstructor; import org.kohsuke.stapler.DataBoundSetter; @@ -63,6 +64,20 @@ public class SpecificUsersAuthorizationStrategy extends AuthorizeProjectStrategy private static Logger LOGGER = Logger.getLogger(SpecificUsersAuthorizationStrategy.class.getName()); private final String userid; + /* + * The fields "useApitoken", "apitoken", and "password" are part of the @DataBoundConstructor annotated constructor, + * but they are only required for validation during form submission. They are put here and marked restricted and + * transient to make Configuration as Code ignore them when exporting the configuration. + */ + @Restricted(DoNotUse.class) + private transient Boolean useApitoken; + + @Restricted(DoNotUse.class) + private transient String apitoken; + + @Restricted(DoNotUse.class) + private transient String password; + private final static Authentication[] BUILTIN_USERS = { ACL.SYSTEM, Jenkins.ANONYMOUS, diff --git a/src/test/java/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest.java b/src/test/java/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest.java new file mode 100644 index 0000000..a137b42 --- /dev/null +++ b/src/test/java/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest.java @@ -0,0 +1,135 @@ +package org.jenkinsci.plugins.authorizeproject; + +import static org.hamcrest.Matchers.equalTo; +import static org.hamcrest.Matchers.hasSize; +import static org.hamcrest.Matchers.instanceOf; +import static org.junit.Assert.assertThat; + +import hudson.util.DescribableList; +import io.jenkins.plugins.casc.ConfigurationContext; +import io.jenkins.plugins.casc.ConfiguratorRegistry; +import io.jenkins.plugins.casc.misc.ConfiguredWithCode; +import io.jenkins.plugins.casc.misc.JenkinsConfiguredWithCodeRule; +import io.jenkins.plugins.casc.misc.Util; +import io.jenkins.plugins.casc.model.CNode; +import java.util.Arrays; +import java.util.HashSet; +import jenkins.security.QueueItemAuthenticator; +import jenkins.security.QueueItemAuthenticatorConfiguration; +import jenkins.security.QueueItemAuthenticatorDescriptor; +import org.jenkinsci.plugins.authorizeproject.strategy.AnonymousAuthorizationStrategy; +import org.jenkinsci.plugins.authorizeproject.strategy.SpecificUsersAuthorizationStrategy; +import org.jenkinsci.plugins.authorizeproject.strategy.SystemAuthorizationStrategy; +import org.jenkinsci.plugins.authorizeproject.strategy.TriggeringUsersAuthorizationStrategy; +import org.junit.Rule; +import org.junit.Test; +import org.jvnet.hudson.test.recipes.LocalData; + +public class ConfigurationAsCodeTest { + + @Rule public JenkinsConfiguredWithCodeRule r = new JenkinsConfiguredWithCodeRule(); + + @Test + @ConfiguredWithCode("ConfigurationAsCodeTest/global.config.AnonymousAuthorizationStrategy.yml") + public void importGlobalAnonymousAuthorizationStrategy() { + DescribableList authenticators = QueueItemAuthenticatorConfiguration.get().getAuthenticators(); + GlobalQueueItemAuthenticator queueItemAuthenticator = authenticators.get(GlobalQueueItemAuthenticator.class); + + assertThat(authenticators, hasSize(1)); + assertThat(queueItemAuthenticator.getStrategy(), instanceOf(AnonymousAuthorizationStrategy.class)); + } + + @Test + @ConfiguredWithCode("ConfigurationAsCodeTest/global.config.AnonymousAuthorizationStrategy.yml") + public void exportGlobalAnonymousAuthorizationStrategy() throws Exception { + assertExport("ConfigurationAsCodeTest/global.export.AnonymousAuthorizationStrategy.yml"); + } + + @Test + @ConfiguredWithCode("ConfigurationAsCodeTest/global.config.SpecificUsersAuthorizationStrategy.yml") + public void importGlobalSpecificUsersAuthorizationStrategy() { + DescribableList authenticators = QueueItemAuthenticatorConfiguration.get().getAuthenticators(); + GlobalQueueItemAuthenticator queueItemAuthenticator = authenticators.get(GlobalQueueItemAuthenticator.class); + + assertThat(authenticators, hasSize(1)); + assertThat(queueItemAuthenticator.getStrategy(), instanceOf(SpecificUsersAuthorizationStrategy.class)); + assertThat(((SpecificUsersAuthorizationStrategy) queueItemAuthenticator.getStrategy()).getUserid(), equalTo("some-user")); + } + + @Test + @ConfiguredWithCode("ConfigurationAsCodeTest/global.config.SpecificUsersAuthorizationStrategy.yml") + public void exportGlobalSpecificUsersAuthorizationStrategy() throws Exception { + assertExport("ConfigurationAsCodeTest/global.export.SpecificUsersAuthorizationStrategy.yml"); + } + + @Test + @ConfiguredWithCode("ConfigurationAsCodeTest/global.config.SystemAuthorizationStrategy.yml") + public void importGlobalSystemAuthorizationStrategy() { + DescribableList authenticators = QueueItemAuthenticatorConfiguration.get().getAuthenticators(); + GlobalQueueItemAuthenticator queueItemAuthenticator = authenticators.get(GlobalQueueItemAuthenticator.class); + + assertThat(authenticators, hasSize(1)); + assertThat(queueItemAuthenticator.getStrategy(), instanceOf(SystemAuthorizationStrategy.class)); + } + + @Test + @ConfiguredWithCode("ConfigurationAsCodeTest/global.config.SystemAuthorizationStrategy.yml") + public void exportGlobalSystemAuthorizationStrategy() throws Exception { + assertExport("ConfigurationAsCodeTest/global.export.SystemAuthorizationStrategy.yml"); + } + + @Test + @ConfiguredWithCode("ConfigurationAsCodeTest/global.config.TriggeringUsersAuthorizationStrategy.yml") + public void importGlobalTriggeringUsersAuthorizationStrategy() { + DescribableList authenticators = QueueItemAuthenticatorConfiguration.get().getAuthenticators(); + GlobalQueueItemAuthenticator queueItemAuthenticator = authenticators.get(GlobalQueueItemAuthenticator.class); + + assertThat(authenticators, hasSize(1)); + assertThat(queueItemAuthenticator.getStrategy(), instanceOf(TriggeringUsersAuthorizationStrategy.class)); + } + + @Test + @ConfiguredWithCode("ConfigurationAsCodeTest/global.config.TriggeringUsersAuthorizationStrategy.yml") + public void exportGlobalTriggeringUsersAuthorizationStrategy() throws Exception { + assertExport("ConfigurationAsCodeTest/global.export.TriggeringUsersAuthorizationStrategy.yml"); + } + + @Test + @ConfiguredWithCode("ConfigurationAsCodeTest/project.config.all.yml") + public void importProjectTriggeringUsersAuthorizationStrategy() { + DescribableList authenticators = QueueItemAuthenticatorConfiguration.get().getAuthenticators(); + ProjectQueueItemAuthenticator queueItemAuthenticator = authenticators.get(ProjectQueueItemAuthenticator.class); + + assertThat(authenticators, hasSize(1)); + assertThat(queueItemAuthenticator.getDisabledStrategies(), equalTo(new HashSet<>(Arrays.asList("org.jenkinsci.plugins.authorizeproject.strategy.SystemAuthorizationStrategy", "org.jenkinsci.plugins.authorizeproject.strategy.SpecificUsersAuthorizationStrategy", "org.jenkinsci.plugins.authorizeproject.strategy.TriggeringUsersAuthorizationStrategy")))); + assertThat(queueItemAuthenticator.getEnabledStrategies(), equalTo(new HashSet<>(Arrays.asList("org.jenkinsci.plugins.authorizeproject.strategy.AnonymousAuthorizationStrategy")))); + } + + @Test + @ConfiguredWithCode("ConfigurationAsCodeTest/project.config.all.yml") + public void exportProjectTriggeringUsersAuthorizationStrategy() throws Exception { + assertExport("ConfigurationAsCodeTest/project.export.all.yml"); + } + + private void assertExport(String resourcePath) throws Exception { + ConfiguratorRegistry registry = ConfiguratorRegistry.get(); + ConfigurationContext context = new ConfigurationContext(registry); + CNode queueItemAuthenticator = Util.getSecurityRoot(context).get("queueItemAuthenticator"); + + String exported = Util.toYamlString(queueItemAuthenticator); + String expected = Util.toStringFromYamlFile(this, resourcePath); + + assertThat(exported, equalTo(expected)); + } + + @LocalData + @Test + public void strategyEnabledMapMigration() { + DescribableList authenticators = QueueItemAuthenticatorConfiguration.get().getAuthenticators(); + ProjectQueueItemAuthenticator queueItemAuthenticator = authenticators.get(ProjectQueueItemAuthenticator.class); + + assertThat(authenticators, hasSize(1)); + assertThat(queueItemAuthenticator.getDisabledStrategies(), equalTo(new HashSet<>(Arrays.asList(SpecificUsersAuthorizationStrategy.class.getName(), SystemAuthorizationStrategy.class.getName())))); + assertThat(queueItemAuthenticator.getEnabledStrategies(), equalTo(new HashSet<>(Arrays.asList(AnonymousAuthorizationStrategy.class.getName(), TriggeringUsersAuthorizationStrategy.class.getName())))); + } +} diff --git a/src/test/java/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticatorTest.java b/src/test/java/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticatorTest.java index 940dcf7..80a088a 100644 --- a/src/test/java/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticatorTest.java +++ b/src/test/java/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticatorTest.java @@ -26,9 +26,9 @@ import static org.junit.Assert.*; -import java.util.HashMap; -import java.util.Map; -import java.util.Map.Entry; +import java.util.Collections; +import java.util.HashSet; +import java.util.Set; import jenkins.model.Jenkins; import jenkins.security.QueueItemAuthenticatorConfiguration; @@ -214,11 +214,11 @@ public void testDisabledInProjectAuthorization() throws Exception { // can be reconfigured if it is enabled. assertEquals(AnonymousAuthorizationStrategy.class, p.getProperty(AuthorizeProjectProperty.class).getStrategy().getClass()); - Map strategyEnabledMap = new HashMap(); - strategyEnabledMap.put(j.jenkins.getDescriptor(AnonymousAuthorizationStrategy.class).getId(), false); + Set enabledStrategies = Collections.emptySet(); + Set disabledStrategies = Collections.singleton(j.jenkins.getDescriptor(AnonymousAuthorizationStrategy.class).getId()); QueueItemAuthenticatorConfiguration.get().getAuthenticators().clear(); - QueueItemAuthenticatorConfiguration.get().getAuthenticators().add(new ProjectQueueItemAuthenticator(strategyEnabledMap)); + QueueItemAuthenticatorConfiguration.get().getAuthenticators().add(new ProjectQueueItemAuthenticator(enabledStrategies, disabledStrategies)); assertFalse(ProjectQueueItemAuthenticator.getConfigured().isStrategyEnabled(j.jenkins.getDescriptor(AnonymousAuthorizationStrategy.class))); @@ -241,11 +241,11 @@ public void testDisabledAtRuntime() throws Exception { j.assertBuildStatusSuccess(p.scheduleBuild2(0)); assertEquals(Jenkins.ANONYMOUS, checker.authentication); - Map strategyEnabledMap = new HashMap(); - strategyEnabledMap.put(j.jenkins.getDescriptor(AnonymousAuthorizationStrategy.class).getId(), false); + Set enabledStrategies = Collections.emptySet(); + Set disabledStrategies = Collections.singleton(j.jenkins.getDescriptor(AnonymousAuthorizationStrategy.class).getId()); QueueItemAuthenticatorConfiguration.get().getAuthenticators().clear(); - QueueItemAuthenticatorConfiguration.get().getAuthenticators().add(new ProjectQueueItemAuthenticator(strategyEnabledMap)); + QueueItemAuthenticatorConfiguration.get().getAuthenticators().add(new ProjectQueueItemAuthenticator(enabledStrategies, disabledStrategies)); assertFalse(ProjectQueueItemAuthenticator.getConfigured().isStrategyEnabled(j.jenkins.getDescriptor(AnonymousAuthorizationStrategy.class))); @@ -424,36 +424,51 @@ public void testGlobalSecurityConfiguration() throws Exception { } // enabled / disabled preservation + Set enabledStrategies; + Set disabledStrategies; + // all are enabled - Map strategyEnabledMap = new HashMap(); - strategyEnabledMap.put(j.jenkins.getDescriptor(AuthorizeProjectStrategyWithoutGlobalSecurityConfiguration.class).getId(), true); - strategyEnabledMap.put(j.jenkins.getDescriptor(AuthorizeProjectStrategyWithGlobalSecurityConfiguration.class).getId(), true); - strategyEnabledMap.put(j.jenkins.getDescriptor(AuthorizeProjectStrategyWithAlternateGlobalSecurityConfiguration.class).getId(), true); - assertStrategyEnablingConfigurationPreserved(strategyEnabledMap); + enabledStrategies = new HashSet<>(); + disabledStrategies = new HashSet<>(); + enabledStrategies.add(j.jenkins.getDescriptor(AuthorizeProjectStrategyWithoutGlobalSecurityConfiguration.class).getId()); + enabledStrategies.add(j.jenkins.getDescriptor(AuthorizeProjectStrategyWithGlobalSecurityConfiguration.class).getId()); + enabledStrategies.add(j.jenkins.getDescriptor(AuthorizeProjectStrategyWithAlternateGlobalSecurityConfiguration.class).getId()); + assertStrategyEnablingConfigurationPreserved(enabledStrategies, disabledStrategies); // all are disabled - strategyEnabledMap.put(j.jenkins.getDescriptor(AuthorizeProjectStrategyWithoutGlobalSecurityConfiguration.class).getId(), false); - strategyEnabledMap.put(j.jenkins.getDescriptor(AuthorizeProjectStrategyWithGlobalSecurityConfiguration.class).getId(), false); - strategyEnabledMap.put(j.jenkins.getDescriptor(AuthorizeProjectStrategyWithAlternateGlobalSecurityConfiguration.class).getId(), false); - assertStrategyEnablingConfigurationPreserved(strategyEnabledMap); + enabledStrategies = new HashSet<>(); + disabledStrategies = new HashSet<>(); + disabledStrategies.add(j.jenkins.getDescriptor(AuthorizeProjectStrategyWithoutGlobalSecurityConfiguration.class).getId()); + disabledStrategies.add(j.jenkins.getDescriptor(AuthorizeProjectStrategyWithGlobalSecurityConfiguration.class).getId()); + disabledStrategies.add(j.jenkins.getDescriptor(AuthorizeProjectStrategyWithAlternateGlobalSecurityConfiguration.class).getId()); + assertStrategyEnablingConfigurationPreserved(enabledStrategies, disabledStrategies); // mixed - strategyEnabledMap.put(j.jenkins.getDescriptor(AuthorizeProjectStrategyWithoutGlobalSecurityConfiguration.class).getId(), false); - strategyEnabledMap.put(j.jenkins.getDescriptor(AuthorizeProjectStrategyWithGlobalSecurityConfiguration.class).getId(), true); - strategyEnabledMap.put(j.jenkins.getDescriptor(AuthorizeProjectStrategyWithAlternateGlobalSecurityConfiguration.class).getId(), false); - assertStrategyEnablingConfigurationPreserved(strategyEnabledMap); + enabledStrategies = new HashSet<>(); + disabledStrategies = new HashSet<>(); + disabledStrategies.add(j.jenkins.getDescriptor(AuthorizeProjectStrategyWithoutGlobalSecurityConfiguration.class).getId()); + enabledStrategies.add(j.jenkins.getDescriptor(AuthorizeProjectStrategyWithGlobalSecurityConfiguration.class).getId()); + disabledStrategies.add(j.jenkins.getDescriptor(AuthorizeProjectStrategyWithAlternateGlobalSecurityConfiguration.class).getId()); + assertStrategyEnablingConfigurationPreserved(enabledStrategies, disabledStrategies); } - public void assertStrategyEnablingConfigurationPreserved(Map strategyEnabledMap) throws Exception { + public void assertStrategyEnablingConfigurationPreserved(Set enabledStrategies, Set disabledStrategies) throws Exception { QueueItemAuthenticatorConfiguration.get().getAuthenticators().clear(); - QueueItemAuthenticatorConfiguration.get().getAuthenticators().add(new ProjectQueueItemAuthenticator(strategyEnabledMap)); + QueueItemAuthenticatorConfiguration.get().getAuthenticators().add(new ProjectQueueItemAuthenticator(enabledStrategies, disabledStrategies)); j.submit(j.createWebClient().goTo("configureSecurity").getFormByName("config")); - for (Entry entry: strategyEnabledMap.entrySet()) { - assertEquals( - entry.getKey(), - entry.getValue(), + for (String enabledStrategy : enabledStrategies) { + assertTrue( + enabledStrategy, + ProjectQueueItemAuthenticator.getConfigured().isStrategyEnabled( + j.jenkins.getDescriptor(enabledStrategy) + ) + ); + } + for (String disabledStrategy : disabledStrategies) { + assertFalse( + disabledStrategy, ProjectQueueItemAuthenticator.getConfigured().isStrategyEnabled( - j.jenkins.getDescriptor(entry.getKey()) + j.jenkins.getDescriptor(disabledStrategy) ) ); } diff --git a/src/test/java/org/jenkinsci/plugins/authorizeproject/testutil/AuthorizeProjectJenkinsRule.java b/src/test/java/org/jenkinsci/plugins/authorizeproject/testutil/AuthorizeProjectJenkinsRule.java index 583d9c4..39fd623 100644 --- a/src/test/java/org/jenkinsci/plugins/authorizeproject/testutil/AuthorizeProjectJenkinsRule.java +++ b/src/test/java/org/jenkinsci/plugins/authorizeproject/testutil/AuthorizeProjectJenkinsRule.java @@ -27,9 +27,10 @@ import hudson.model.Describable; import java.util.Collections; -import java.util.HashMap; -import java.util.Map; -import java.util.Map.Entry; +import java.util.HashSet; +import java.util.Set; +import java.util.stream.Collectors; +import java.util.stream.Stream; import jenkins.security.QueueItemAuthenticatorConfiguration; @@ -42,21 +43,20 @@ * */ public class AuthorizeProjectJenkinsRule extends JenkinsRule { - private Map>, Boolean> strategyEnabledMapByClass; + private Set>> enabledStrategiesByClass; + private Set>> disabledStrategiesByClass; public AuthorizeProjectJenkinsRule() { - this(Collections.>, Boolean>emptyMap()); + this(Collections.emptySet(), Collections.emptySet()); } - public AuthorizeProjectJenkinsRule(Class>... strategiesToEnabled) { - this(new HashMap>, Boolean>()); - for(Class> strategy: strategiesToEnabled) { - this.strategyEnabledMapByClass.put(strategy, true); - } + public AuthorizeProjectJenkinsRule(Class>... enabledStrategiesByClass) { + this(Stream.of(enabledStrategiesByClass).collect(Collectors.toSet()), Collections.emptySet()); } - public AuthorizeProjectJenkinsRule(Map>, Boolean> strategyEnabledMapByClass) { - this.strategyEnabledMapByClass = strategyEnabledMapByClass; + public AuthorizeProjectJenkinsRule(Set>> enabledStrategiesByClass, Set>> disabledStrategiesByClass) { + this.enabledStrategiesByClass = enabledStrategiesByClass; + this.disabledStrategiesByClass = disabledStrategiesByClass; } @Override @@ -77,13 +77,14 @@ public void throwFailingHttpStatusCodeExceptionIfNecessary(WebResponse webRespon public void before() throws Throwable { super.before(); - Map strategyEnabledMap = new HashMap(); - for(Entry>, Boolean> e: strategyEnabledMapByClass.entrySet()) { - strategyEnabledMap.put( - jenkins.getDescriptor(e.getKey()).getId(), - e.getValue() - ); + Set enabledStrategies = new HashSet<>(); + Set disabledStrategies = new HashSet<>(); + for (Class> clazz : enabledStrategiesByClass) { + enabledStrategies.add(jenkins.getDescriptor(clazz).getId()); + } + for (Class> clazz : disabledStrategiesByClass) { + disabledStrategies.add(jenkins.getDescriptor(clazz).getId()); } - QueueItemAuthenticatorConfiguration.get().getAuthenticators().add(new ProjectQueueItemAuthenticator(strategyEnabledMap)); + QueueItemAuthenticatorConfiguration.get().getAuthenticators().add(new ProjectQueueItemAuthenticator(enabledStrategies, disabledStrategies)); } } diff --git a/src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/global.config.AnonymousAuthorizationStrategy.yml b/src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/global.config.AnonymousAuthorizationStrategy.yml new file mode 100644 index 0000000..046f131 --- /dev/null +++ b/src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/global.config.AnonymousAuthorizationStrategy.yml @@ -0,0 +1,5 @@ +security: + queueItemAuthenticator: + authenticators: + - global: + strategy: "anonymousAuthorizationStrategy" diff --git a/src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/global.config.SpecificUsersAuthorizationStrategy.yml b/src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/global.config.SpecificUsersAuthorizationStrategy.yml new file mode 100644 index 0000000..ec7e47e --- /dev/null +++ b/src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/global.config.SpecificUsersAuthorizationStrategy.yml @@ -0,0 +1,8 @@ +security: + queueItemAuthenticator: + authenticators: + - global: + strategy: + specificUsersAuthorizationStrategy: + dontRestrictJobConfiguration: true + userid: "some-user" diff --git a/src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/global.config.SystemAuthorizationStrategy.yml b/src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/global.config.SystemAuthorizationStrategy.yml new file mode 100644 index 0000000..7c2266c --- /dev/null +++ b/src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/global.config.SystemAuthorizationStrategy.yml @@ -0,0 +1,5 @@ +security: + queueItemAuthenticator: + authenticators: + - global: + strategy: "systemAuthorizationStrategy" diff --git a/src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/global.config.TriggeringUsersAuthorizationStrategy.yml b/src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/global.config.TriggeringUsersAuthorizationStrategy.yml new file mode 100644 index 0000000..eda2611 --- /dev/null +++ b/src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/global.config.TriggeringUsersAuthorizationStrategy.yml @@ -0,0 +1,5 @@ +security: + queueItemAuthenticator: + authenticators: + - global: + strategy: "triggeringUsersAuthorizationStrategy" diff --git a/src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/global.export.AnonymousAuthorizationStrategy.yml b/src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/global.export.AnonymousAuthorizationStrategy.yml new file mode 100644 index 0000000..9659f78 --- /dev/null +++ b/src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/global.export.AnonymousAuthorizationStrategy.yml @@ -0,0 +1,3 @@ +authenticators: +- global: + strategy: "anonymousAuthorizationStrategy" diff --git a/src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/global.export.SpecificUsersAuthorizationStrategy.yml b/src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/global.export.SpecificUsersAuthorizationStrategy.yml new file mode 100644 index 0000000..705a783 --- /dev/null +++ b/src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/global.export.SpecificUsersAuthorizationStrategy.yml @@ -0,0 +1,6 @@ +authenticators: +- global: + strategy: + specificUsersAuthorizationStrategy: + dontRestrictJobConfiguration: true + userid: "some-user" diff --git a/src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/global.export.SystemAuthorizationStrategy.yml b/src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/global.export.SystemAuthorizationStrategy.yml new file mode 100644 index 0000000..6d24719 --- /dev/null +++ b/src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/global.export.SystemAuthorizationStrategy.yml @@ -0,0 +1,3 @@ +authenticators: +- global: + strategy: "systemAuthorizationStrategy" diff --git a/src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/global.export.TriggeringUsersAuthorizationStrategy.yml b/src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/global.export.TriggeringUsersAuthorizationStrategy.yml new file mode 100644 index 0000000..afbd3c7 --- /dev/null +++ b/src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/global.export.TriggeringUsersAuthorizationStrategy.yml @@ -0,0 +1,3 @@ +authenticators: +- global: + strategy: "triggeringUsersAuthorizationStrategy" diff --git a/src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/project.config.all.yml b/src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/project.config.all.yml new file mode 100644 index 0000000..6ec4a4b --- /dev/null +++ b/src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/project.config.all.yml @@ -0,0 +1,10 @@ +security: + queueItemAuthenticator: + authenticators: + - project: + disabledStrategies: + - "org.jenkinsci.plugins.authorizeproject.strategy.SystemAuthorizationStrategy" + - "org.jenkinsci.plugins.authorizeproject.strategy.SpecificUsersAuthorizationStrategy" + - "org.jenkinsci.plugins.authorizeproject.strategy.TriggeringUsersAuthorizationStrategy" + enabledStrategies: + - "org.jenkinsci.plugins.authorizeproject.strategy.AnonymousAuthorizationStrategy" diff --git a/src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/project.export.all.yml b/src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/project.export.all.yml new file mode 100644 index 0000000..ff5b236 --- /dev/null +++ b/src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/project.export.all.yml @@ -0,0 +1,8 @@ +authenticators: +- project: + disabledStrategies: + - "org.jenkinsci.plugins.authorizeproject.strategy.SpecificUsersAuthorizationStrategy" + - "org.jenkinsci.plugins.authorizeproject.strategy.TriggeringUsersAuthorizationStrategy" + - "org.jenkinsci.plugins.authorizeproject.strategy.SystemAuthorizationStrategy" + enabledStrategies: + - "org.jenkinsci.plugins.authorizeproject.strategy.AnonymousAuthorizationStrategy" diff --git a/src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/strategyEnabledMapMigration/jenkins.security.QueueItemAuthenticatorConfiguration.xml b/src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/strategyEnabledMapMigration/jenkins.security.QueueItemAuthenticatorConfiguration.xml new file mode 100644 index 0000000..ac9eacc --- /dev/null +++ b/src/test/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationAsCodeTest/strategyEnabledMapMigration/jenkins.security.QueueItemAuthenticatorConfiguration.xml @@ -0,0 +1,25 @@ + + + + + + + org.jenkinsci.plugins.authorizeproject.strategy.SpecificUsersAuthorizationStrategy + false + + + org.jenkinsci.plugins.authorizeproject.strategy.TriggeringUsersAuthorizationStrategy + true + + + org.jenkinsci.plugins.authorizeproject.strategy.SystemAuthorizationStrategy + false + + + org.jenkinsci.plugins.authorizeproject.strategy.AnonymousAuthorizationStrategy + true + + + + +