Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Merge pull request #8 from jtnord/jenkins-30326
[JENKINS-30326] added a test case and up the dependency to pull in the fix.
  • Loading branch information
jtnord committed Sep 11, 2015
2 parents 781a914 + 5494ec2 commit ce0ade5
Show file tree
Hide file tree
Showing 4 changed files with 86 additions and 3 deletions.
8 changes: 7 additions & 1 deletion pom.xml
Expand Up @@ -51,7 +51,7 @@
<dependency>
<groupId>org.jenkins-ci.plugins</groupId>
<artifactId>credentials</artifactId>
<version>1.20</version>
<version>1.23</version>
</dependency>
<dependency>
<groupId>org.jenkins-ci.plugins</groupId>
Expand Down Expand Up @@ -83,6 +83,12 @@
<classifier>tests</classifier>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.jenkins-ci.plugins</groupId>
<artifactId>authorize-project</artifactId>
<version>1.1.0</version>
<scope>test</scope>
</dependency>
<!-- For some reason this is otherwise missing and causes many verbose errors: -->
<dependency>
<groupId>org.jenkins-ci.modules</groupId>
Expand Down
Expand Up @@ -29,37 +29,55 @@
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import com.cloudbees.plugins.credentials.domains.Domain;
import com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl;

import jenkins.security.QueueItemAuthenticatorConfiguration;

import hudson.FilePath;
import hudson.model.FileParameterValue;
import hudson.model.Node;
import hudson.model.Result;
import hudson.security.FullControlOnceLoggedInAuthorizationStrategy;
import hudson.slaves.DumbSlave;
import hudson.slaves.NodeProperty;
import hudson.slaves.RetentionStrategy;
import hudson.util.Secret;

import java.io.File;
import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;

import javax.inject.Inject;

import org.apache.commons.io.FileUtils;
import org.jenkinsci.plugins.authorizeproject.AuthorizeProjectProperty;
import org.jenkinsci.plugins.authorizeproject.ProjectQueueItemAuthenticator;
import org.jenkinsci.plugins.authorizeproject.strategy.SpecificUsersAuthorizationStrategy;
import org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy;
import org.jenkinsci.plugins.credentialsbinding.MultiBinding;
import org.jenkinsci.plugins.plaincredentials.impl.FileCredentialsImpl;
import org.jenkinsci.plugins.plaincredentials.impl.StringCredentialsImpl;
import org.jenkinsci.plugins.scriptsecurity.sandbox.Whitelist;
import org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.BlanketWhitelist;
import org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition;
import org.jenkinsci.plugins.workflow.job.WorkflowJob;
import org.jenkinsci.plugins.workflow.job.WorkflowRun;
import org.jenkinsci.plugins.workflow.steps.StepConfigTester;
import org.jenkinsci.plugins.workflow.test.steps.SemaphoreStep;

import static org.junit.Assert.*;

import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;
import org.junit.runners.model.Statement;
import org.jvnet.hudson.test.Issue;
import org.jvnet.hudson.test.JenkinsRule;
import org.jvnet.hudson.test.RestartableJenkinsRule;
import org.jvnet.hudson.test.recipes.WithPlugin;

public class BindingStepTest {

Expand Down Expand Up @@ -240,6 +258,53 @@ public class BindingStepTest {
});
}

@Issue("JENKINS-30326")
@Test
public void testGlobalBindingWithAuthorization() {
story.addStep(new Statement() {
@Override public void evaluate() throws Throwable {
// configure security
story.j.jenkins.setSecurityRealm(story.j.createDummySecurityRealm());
story.j.jenkins.setAuthorizationStrategy(new FullControlOnceLoggedInAuthorizationStrategy());
// create the user.
story.j.jenkins.getUser("dummy");

// enable the run as user strategy for the AuthorizeProject plugin
Map<String, Boolean> strategies = new HashMap<String, Boolean>();
strategies.put(story.j.jenkins.getDescriptor(SpecificUsersAuthorizationStrategy.class).getId(), true);
QueueItemAuthenticatorConfiguration.get().getAuthenticators().add(new ProjectQueueItemAuthenticator(strategies));

// blanket whitelist all methods (easier than whitelisting Jenkins.getAuthentication)
story.j.jenkins.getExtensionList(Whitelist.class).add(new BlanketWhitelist());

String credentialsId = "creds";
String secret = "s3cr3t";
CredentialsProvider.lookupStores(story.j.jenkins).iterator().next().addCredentials(Domain.global(), new StringCredentialsImpl(CredentialsScope.GLOBAL, credentialsId, "sample", Secret.fromString(secret)));
WorkflowJob p = story.j.jenkins.createProject(WorkflowJob.class, "p");

p.setDefinition(new CpsFlowDefinition(""
+ "node {\n"
+ " def authentication = Jenkins.getAuthentication()\n"
+ " echo \"running as user: $authentication.principal\"\n"
+ " withCredentials([[$class: 'StringBinding', credentialsId: '" + credentialsId + "', variable: 'SECRET']]) {\n"
+ " writeFile file:'test', text: \"$env.SECRET\"\n"
+ " def content = readFile 'test'\n"
+ " if (\"$content\" != \"" + secret + "\") {\n"
+ " error 'The credential was not bound into the workflow correctly'\n"
+ " }\n"
+ " }\n"
+ "}", true));
// run the job as a specific user
p.addProperty(new AuthorizeProjectProperty(new SpecificUsersAuthorizationStrategy("dummy", true)));

// the build will fail if we can not locate the credentials
WorkflowRun b = story.j.assertBuildStatusSuccess(p.scheduleBuild2(0).get());
// make sure this was actually run as a user and not system
story.j.assertLogContains("running as user: dummy", b);
}
});
}

private static Set<String> grep(File dir, String text) throws IOException {
Set<String> matches = new TreeSet<String>();
grep(dir, text, "", matches);
Expand Down
Expand Up @@ -28,15 +28,21 @@
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.domains.Domain;
import com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl;

import hudson.model.FreeStyleBuild;
import hudson.model.Item;
import hudson.model.FreeStyleProject;
import hudson.tasks.Shell;

import java.util.Collections;
import java.util.List;

import org.jenkinsci.plugins.credentialsbinding.Binding;
import org.jenkinsci.plugins.credentialsbinding.MultiBinding;
import org.junit.Test;

import static org.junit.Assert.*;

import org.junit.Rule;
import org.jvnet.hudson.test.JenkinsRule;

Expand All @@ -52,7 +58,7 @@ public class UsernamePasswordBindingTest {
FreeStyleProject p = r.createFreeStyleProject();
p.getBuildWrappersList().add(new SecretBuildWrapper(Collections.<Binding<?>>singletonList(new UsernamePasswordBinding("AUTH", c.getId()))));
p.getBuildersList().add(new Shell("set +x\necho $AUTH > auth.txt"));
r.configRoundtrip(p);
r.configRoundtrip((Item)p);
SecretBuildWrapper wrapper = p.getBuildWrappersList().get(SecretBuildWrapper.class);
assertNotNull(wrapper);
List<? extends MultiBinding<?>> bindings = wrapper.getBindings();
Expand Down
Expand Up @@ -28,17 +28,23 @@
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.domains.Domain;
import com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl;

import hudson.Functions;
import hudson.model.FreeStyleBuild;
import hudson.model.Item;
import hudson.model.FreeStyleProject;
import hudson.tasks.BatchFile;
import hudson.tasks.Shell;

import java.util.Collections;
import java.util.List;
import java.util.TreeSet;

import org.jenkinsci.plugins.credentialsbinding.MultiBinding;
import org.junit.Test;

import static org.junit.Assert.*;

import org.junit.Rule;
import org.jvnet.hudson.test.JenkinsRule;

Expand All @@ -58,7 +64,7 @@ public class UsernamePasswordMultiBindingTest {
} else {
p.getBuildersList().add(new Shell("set +x\necho $userid/$pass > auth.txt"));
}
r.configRoundtrip(p);
r.configRoundtrip((Item)p);
SecretBuildWrapper wrapper = p.getBuildWrappersList().get(SecretBuildWrapper.class);
assertNotNull(wrapper);
List<? extends MultiBinding<?>> bindings = wrapper.getBindings();
Expand Down

0 comments on commit ce0ade5

Please sign in to comment.