Skip to content

Commit

Permalink
Gerrit notifier threads should impersonate SYSTEM
Browse files Browse the repository at this point in the history 
The BuildCompletedCommandJob was not impersonating SYSTEM and was
therefore throwing permission-related exceptions.

For completeness, BuildStartedCommandJob was updated too.

Related to [JENKINS-23152]

Change-Id: I3eb6036d8186478a615c15036b4b7f98035dd54c
  • Loading branch information
Scott Hebert committed Feb 13, 2015
1 parent ec9b566 commit a03c0d5
Show file tree
Hide file tree
Showing 3 changed files with 46 additions and 13 deletions.
14 changes: 12 additions & 2 deletions ...icsson/hudson/plugins/gerrit/trigger/gerritnotifier/job/ssh/BuildCompletedCommandJob.java
View file
Expand Up @@ -25,12 +25,17 @@

package com.sonyericsson.hudson.plugins.gerrit.trigger.gerritnotifier.job.ssh;

import org.acegisecurity.context.SecurityContext;
import org.acegisecurity.context.SecurityContextHolder;

import com.sonymobile.tools.gerrit.gerritevents.workers.cmd.AbstractSendCommandJob;
import com.sonyericsson.hudson.plugins.gerrit.trigger.config.IGerritHudsonTriggerConfig;
import com.sonyericsson.hudson.plugins.gerrit.trigger.gerritnotifier.GerritNotifier;
import com.sonyericsson.hudson.plugins.gerrit.trigger.gerritnotifier.NotificationFactory;
import com.sonyericsson.hudson.plugins.gerrit.trigger.gerritnotifier.model.BuildMemory;

import hudson.model.TaskListener;
import hudson.security.ACL;

/**
* A send-command-job that calculates and sends the builds completed command.
Expand Down Expand Up @@ -59,8 +64,13 @@ public BuildCompletedCommandJob(IGerritHudsonTriggerConfig config,

@Override
public void run() {
GerritNotifier notifier = NotificationFactory.getInstance()
SecurityContext old = ACL.impersonate(ACL.SYSTEM);
try {
GerritNotifier notifier = NotificationFactory.getInstance()
.createGerritNotifier((IGerritHudsonTriggerConfig)getConfig(), this);
notifier.buildCompleted(memoryImprint, listener);
notifier.buildCompleted(memoryImprint, listener);
} finally {
SecurityContextHolder.setContext(old);
}
}
}
14 changes: 12 additions & 2 deletions ...ericsson/hudson/plugins/gerrit/trigger/gerritnotifier/job/ssh/BuildStartedCommandJob.java
View file
Expand Up @@ -25,14 +25,19 @@

package com.sonyericsson.hudson.plugins.gerrit.trigger.gerritnotifier.job.ssh;

import org.acegisecurity.context.SecurityContext;
import org.acegisecurity.context.SecurityContextHolder;

import com.sonymobile.tools.gerrit.gerritevents.dto.events.GerritTriggeredEvent;
import com.sonymobile.tools.gerrit.gerritevents.workers.cmd.AbstractSendCommandJob;
import com.sonyericsson.hudson.plugins.gerrit.trigger.config.IGerritHudsonTriggerConfig;
import com.sonyericsson.hudson.plugins.gerrit.trigger.gerritnotifier.GerritNotifier;
import com.sonyericsson.hudson.plugins.gerrit.trigger.gerritnotifier.NotificationFactory;
import com.sonyericsson.hudson.plugins.gerrit.trigger.gerritnotifier.model.BuildsStartedStats;

import hudson.model.AbstractBuild;
import hudson.model.TaskListener;
import hudson.security.ACL;

/**
* A send-command-job that calculates and sends the build started command.
Expand Down Expand Up @@ -68,8 +73,13 @@ public BuildStartedCommandJob(IGerritHudsonTriggerConfig config, AbstractBuild b

@Override
public void run() {
GerritNotifier notifier = NotificationFactory.getInstance()
SecurityContext old = ACL.impersonate(ACL.SYSTEM);
try {
GerritNotifier notifier = NotificationFactory.getInstance()
.createGerritNotifier((IGerritHudsonTriggerConfig)getConfig(), this);
notifier.buildStarted(build, taskListener, event, stats);
notifier.buildStarted(build, taskListener, event, stats);
} finally {
SecurityContextHolder.setContext(old);
}
}
}
31 changes: 22 additions & 9 deletions src/test/java/com/sonyericsson/hudson/plugins/gerrit/trigger/LockedDownGerritEventTest.java
View file
Expand Up @@ -40,7 +40,9 @@
import org.junit.Test;
import org.jvnet.hudson.test.JenkinsRule;

import com.sonyericsson.hudson.plugins.gerrit.trigger.config.Config;
import com.sonyericsson.hudson.plugins.gerrit.trigger.hudsontrigger.GerritCause;
import com.sonyericsson.hudson.plugins.gerrit.trigger.hudsontrigger.GerritTrigger;
import com.sonyericsson.hudson.plugins.gerrit.trigger.mock.DuplicatesUtil;
import com.sonyericsson.hudson.plugins.gerrit.trigger.mock.Setup;
import com.sonyericsson.hudson.plugins.gerrit.trigger.mock.TestUtils;
Expand All @@ -62,12 +64,14 @@ public class LockedDownGerritEventTest {
@Rule
public final JenkinsRule j = new JenkinsRule();

private final String gerritServerName = "testServer";
//private final String gerritServerName = "testServer";
private final String projectName = "testProject";
private final int port = 29418;
private static final int NUMBEROFSENDERTHREADS = 1;

private SshdServerMock server;
private SshServer sshd;
private SshdServerMock.KeyPairFiles sshKey;

/**
* Runs before test method.
Expand All @@ -76,7 +80,8 @@ public class LockedDownGerritEventTest {
*/
@Before
public void setUp() throws Exception {
SshdServerMock.generateKeyPair();
sshKey = SshdServerMock.generateKeyPair();
System.setProperty(PluginImpl.TEST_SSH_KEYFILE_LOCATION_PROPERTY, sshKey.getPrivateKey().getAbsolutePath());
server = new SshdServerMock();
sshd = SshdServerMock.startServer(port, server);
server.returnCommandFor("gerrit ls-projects", SshdServerMock.EofCommandMock.class);
Expand Down Expand Up @@ -124,21 +129,29 @@ private void lockDown() throws Exception {
*/
@Test
public void testTriggerWithLockedDownInstance() throws Exception {
GerritServer gerritServer = new GerritServer(gerritServerName);
PluginImpl.getInstance().addServer(gerritServer);
gerritServer.start();
FreeStyleProject project = DuplicatesUtil.createGerritTriggeredJob(j, projectName, gerritServerName);
FreeStyleProject project = DuplicatesUtil.createGerritTriggeredJob(j, projectName);

lockDown();

GerritServer gerritServer2 = PluginImpl.getInstance().getServer(gerritServerName);
gerritServer2.triggerEvent(Setup.createPatchsetCreated(gerritServerName));
GerritTrigger trigger = project.getTrigger(GerritTrigger.class);
trigger.setSilentStartMode(false);

GerritServer gerritServer = new GerritServer(PluginImpl.DEFAULT_SERVER_NAME);
PluginImpl.getInstance().addServer(gerritServer);
gerritServer.getConfig().setNumberOfSendingWorkerThreads(NUMBEROFSENDERTHREADS);
((Config)gerritServer.getConfig()).setGerritAuthKeyFile(sshKey.getPrivateKey());
gerritServer.start();

gerritServer.triggerEvent(Setup.createPatchsetCreated());

TestUtils.waitForBuilds(project, 1);
assertEquals(server.getNrCommandsHistory("gerrit review.*"), 2);

FreeStyleBuild buildOne = project.getLastCompletedBuild();
assertSame(Result.SUCCESS, buildOne.getResult());
assertEquals(1, project.getLastCompletedBuild().getNumber());
assertSame(gerritServerName, buildOne.getCause(GerritCause.class).getEvent().getProvider().getName());
assertSame(PluginImpl.DEFAULT_SERVER_NAME,
buildOne.getCause(GerritCause.class).getEvent().getProvider().getName());

}
}

0 comments on commit a03c0d5

Please sign in to comment.