Finalize and polish fine-grained permission (#2660)
* Remove _REPOSITORY_ permissions -> replaced with _SOFTWARE_MODULE_, _SOFTWARE_MODULE_TYPE_, _DISTRIBUTION_SET_, _DISTRIBUTION_SET_TYPE_ permissions * Still kept _ROLE_REPOSITORY_ADMIN_ role granting all repository fine-graned permissions * Added dedicated _TARGET_TYPE_ permission set - the _TARGET_ permissions just grant _READ_TARGET_TYPE_ (analogically _SOFTWARE_MODULE_ permissions grant _READ_SOFTWARE_MODULE_TYPE_ and _DISTRIBUTION_SET_ grants _READ_DISTRIBUTON_SET_TYPE_ * Hierarcy is not configurable - could be completely replaced by setting spring application property org.eclipse.hawkbit.hierarchy or could be extended by adding rules using org.eclipse.hawkbit.hierarchy.ext Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
@@ -13,7 +13,6 @@ import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
|
||||
import static org.assertj.core.api.Assertions.assertThatThrownBy;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpPermission.READ_DISTRIBUTION_SET;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpPermission.READ_REPOSITORY;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpPermission.READ_TARGET;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpPermission.UPDATE_DISTRIBUTION_SET;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpPermission.UPDATE_TARGET;
|
||||
@@ -61,7 +60,6 @@ class DistributionSetAccessControllerTest extends AbstractJpaIntegrationTest {
|
||||
final Action permittedAction = testdataFactory.performAssignment(permitted);
|
||||
|
||||
runAs(withUser("user",
|
||||
READ_REPOSITORY,
|
||||
READ_DISTRIBUTION_SET + "/id==" + permitted.getId(),
|
||||
READ_TARGET +"/controllerId==" + permittedAction.getTarget().getControllerId()), () -> {
|
||||
final Long permittedActionId = permitted.getId();
|
||||
@@ -114,7 +112,6 @@ class DistributionSetAccessControllerTest extends AbstractJpaIntegrationTest {
|
||||
final SoftwareModule swModule = testdataFactory.createSoftwareModuleOs();
|
||||
|
||||
runAs(withUser("user",
|
||||
READ_REPOSITORY,
|
||||
READ_DISTRIBUTION_SET + "/id==" + permitted.getId() + " or id==" + readOnly.getId(),
|
||||
UPDATE_DISTRIBUTION_SET + "/id==" + permitted.getId()), () -> {
|
||||
// verify distributionSetManagement#assignSoftwareModules
|
||||
@@ -177,7 +174,6 @@ class DistributionSetAccessControllerTest extends AbstractJpaIntegrationTest {
|
||||
distributionSetManagement.assignTag(Arrays.asList(permitted.getId(), readOnly.getId(), hidden.getId()), dsTagId);
|
||||
|
||||
runAs(withUser("user",
|
||||
READ_REPOSITORY,
|
||||
READ_DISTRIBUTION_SET + "/id==" + permitted.getId() + " or id==" + readOnly.getId(),
|
||||
UPDATE_DISTRIBUTION_SET + "/id==" + permitted.getId()), () -> {
|
||||
assertThat(distributionSetManagement.findByTag(dsTagId, Pageable.unpaged()).get().map(Identifiable::getId)
|
||||
@@ -245,7 +241,6 @@ class DistributionSetAccessControllerTest extends AbstractJpaIntegrationTest {
|
||||
.create(TargetFilterQueryManagement.Create.builder().name("test").query("id==*").build());
|
||||
|
||||
runAs(withUser("user",
|
||||
READ_REPOSITORY,
|
||||
READ_DISTRIBUTION_SET + "/id==" + permitted.getId() + " or id==" + readOnly.getId(),
|
||||
UPDATE_DISTRIBUTION_SET + "/id==" + permitted.getId(),
|
||||
// read / update target needed to update target filter query
|
||||
|
||||
@@ -13,7 +13,7 @@ import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
|
||||
import static org.assertj.core.api.Assertions.assertThatThrownBy;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpPermission.CREATE_ROLLOUT;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpPermission.READ_REPOSITORY;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpPermission.READ_DISTRIBUTION_SET;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpPermission.READ_ROLLOUT;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpPermission.READ_TARGET;
|
||||
import static org.eclipse.hawkbit.im.authentication.SpPermission.UPDATE_TARGET;
|
||||
@@ -126,8 +126,7 @@ class TargetAccessControllerTest extends AbstractJpaIntegrationTest {
|
||||
|
||||
runAs(withUser("user",
|
||||
READ_TARGET + "/controllerId==" + permittedTarget.getControllerId() + " or controllerId==" + readOnlyTargetControllerId,
|
||||
UPDATE_TARGET + "/controllerId==" + permittedTarget.getControllerId(),
|
||||
READ_REPOSITORY),
|
||||
UPDATE_TARGET + "/controllerId==" + permittedTarget.getControllerId()),
|
||||
() -> {
|
||||
// verify targetManagement#findByTag
|
||||
assertThat(
|
||||
@@ -194,9 +193,9 @@ class TargetAccessControllerTest extends AbstractJpaIntegrationTest {
|
||||
.getControllerId();
|
||||
|
||||
runAs(withUser("user",
|
||||
READ_DISTRIBUTION_SET,
|
||||
READ_TARGET + "/controllerId==" + permittedTarget.getControllerId(),
|
||||
UPDATE_TARGET + "/controllerId==" + permittedTarget.getControllerId(),
|
||||
READ_REPOSITORY), () -> {
|
||||
UPDATE_TARGET + "/controllerId==" + permittedTarget.getControllerId()), () -> {
|
||||
final Long dsId = ds.getId();
|
||||
assertThat(assignDistributionSet(dsId, permittedTarget.getControllerId()).getAssigned()).isEqualTo(1);
|
||||
// assigning of not allowed target behaves as not found
|
||||
@@ -220,9 +219,9 @@ class TargetAccessControllerTest extends AbstractJpaIntegrationTest {
|
||||
.create(Create.builder().controllerId("device02").updateStatus(TargetUpdateStatus.REGISTERED).build());
|
||||
|
||||
runAs(withUser("user",
|
||||
READ_DISTRIBUTION_SET,
|
||||
READ_TARGET + "/controllerId==" + manageableTarget.getControllerId() + " or controllerId==" + readOnlyTarget.getControllerId(),
|
||||
UPDATE_TARGET + "/controllerId==" + manageableTarget.getControllerId(),
|
||||
READ_REPOSITORY), () -> {
|
||||
UPDATE_TARGET + "/controllerId==" + manageableTarget.getControllerId()), () -> {
|
||||
final Long firstDsId = firstDs.getId();
|
||||
// assignment is permitted for manageableTarget
|
||||
assertThat(assignDistributionSet(firstDsId, manageableTarget.getControllerId()).getAssigned()).isEqualTo(1);
|
||||
@@ -253,10 +252,10 @@ class TargetAccessControllerTest extends AbstractJpaIntegrationTest {
|
||||
final List<Target> hiddenTargets = testdataFactory.createTargets("hidden1", "hidden2", "hidden3", "hidden4", "hidden5");
|
||||
|
||||
runAs(withUser("user",
|
||||
READ_DISTRIBUTION_SET,
|
||||
READ_TARGET + "/controllerId=in=(" + String.join(", ", List.of(updateTargetControllerIds)) + ")" +
|
||||
" or controllerId=in=(" + String.join(", ", List.of(readTargetControllerIds)) + ")",
|
||||
UPDATE_TARGET + "/controllerId=in=(" + String.join(", ", List.of(updateTargetControllerIds)) + ")",
|
||||
READ_REPOSITORY,
|
||||
CREATE_ROLLOUT, READ_ROLLOUT), () -> {
|
||||
final Rollout rollout = testdataFactory.createRolloutByVariables(
|
||||
"testRollout", "description", updateTargets.size(), "id==*", ds, "50", "5");
|
||||
@@ -299,7 +298,7 @@ class TargetAccessControllerTest extends AbstractJpaIntegrationTest {
|
||||
READ_TARGET + "/controllerId=in=(" + String.join(", ", List.of(updateTargetControllerIds)) + ")" +
|
||||
" or controllerId=in=(" + String.join(", ", List.of(readTargetControllerIds)) + ")",
|
||||
UPDATE_TARGET + "/controllerId=in=(" + String.join(", ", List.of(updateTargetControllerIds)) + ")",
|
||||
READ_REPOSITORY + "/id==" + distributionSet.getId()), () -> {
|
||||
READ_DISTRIBUTION_SET + "/id==" + distributionSet.getId()), () -> {
|
||||
|
||||
targetFilterQueryManagement.updateAutoAssignDS(
|
||||
new AutoAssignDistributionSetUpdate(targetFilterQuery.getId()).ds(distributionSet.getId()));
|
||||
|
||||
@@ -400,7 +400,8 @@ class ArtifactManagementTest extends AbstractJpaIntegrationTest {
|
||||
*/
|
||||
@Test
|
||||
@WithUser(allSpPermissions = true, removeFromAllPermission = {
|
||||
SpPermission.DOWNLOAD_REPOSITORY_ARTIFACT, SpRole.CONTROLLER_ROLE, SpRole.CONTROLLER_ROLE_ANONYMOUS })
|
||||
SpPermission.DOWNLOAD_REPOSITORY_ARTIFACT, SpPermission.SOFTWARE_MODULE_DOWNLOAD_ARTIFACT,
|
||||
SpRole.CONTROLLER_ROLE, SpRole.CONTROLLER_ROLE_ANONYMOUS })
|
||||
void getArtifactBinaryWithoutDownloadArtifactThrowsPermissionDenied() {
|
||||
assertThatExceptionOfType(InsufficientPermissionException.class)
|
||||
.as("Should not have worked with missing permission.")
|
||||
|
||||
@@ -16,7 +16,6 @@ import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
|
||||
import lombok.Data;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.eclipse.hawkbit.repository.TargetFilterQueryManagement;
|
||||
import org.eclipse.hawkbit.repository.exception.IncompleteDistributionSetException;
|
||||
@@ -56,21 +55,20 @@ class DistributionSetInvalidationManagementTest extends AbstractJpaIntegrationTe
|
||||
final InvalidationTestData invalidationTestData = createInvalidationTestData("verifyInvalidateDistributionSetStopAutoAssignment");
|
||||
|
||||
final DistributionSetInvalidation distributionSetInvalidation = new DistributionSetInvalidation(
|
||||
Collections.singletonList(invalidationTestData.getDistributionSet().getId()), ActionCancellationType.NONE);
|
||||
Collections.singletonList(invalidationTestData.distributionSet().getId()), ActionCancellationType.NONE);
|
||||
final DistributionSetInvalidationCount distributionSetInvalidationCount = countEntitiesForInvalidation(distributionSetInvalidation);
|
||||
assertDistributionSetInvalidationCount(distributionSetInvalidationCount, 1, 0, 0);
|
||||
|
||||
distributionSetInvalidationManagement.invalidateDistributionSet(distributionSetInvalidation);
|
||||
rolloutHandler.handleAll();
|
||||
|
||||
assertThat(targetFilterQueryManagement.find(invalidationTestData.getTargetFilterQuery().getId()).get()
|
||||
assertThat(targetFilterQueryManagement.find(invalidationTestData.targetFilterQuery().getId()).orElseThrow()
|
||||
.getAutoAssignDistributionSet()).isNull();
|
||||
assertThat(rolloutRepository.findById(invalidationTestData.getRollout().getId()).get().getStatus())
|
||||
assertThat(rolloutRepository.findById(invalidationTestData.rollout().getId()).orElseThrow().getStatus())
|
||||
.isNotIn(RolloutStatus.STOPPING, RolloutStatus.FINISHED);
|
||||
for (final Target target : invalidationTestData.getTargets()) {
|
||||
for (final Target target : invalidationTestData.targets()) {
|
||||
// if status is pending, the assignment has not been canceled
|
||||
assertThat(targetRepository.findById(target.getId()).get().getUpdateStatus())
|
||||
.isEqualTo(TargetUpdateStatus.PENDING);
|
||||
assertThat(targetRepository.findById(target.getId()).orElseThrow().getUpdateStatus()).isEqualTo(TargetUpdateStatus.PENDING);
|
||||
assertThat(findActionsByTarget(target)).hasSize(1);
|
||||
assertThat(findActionsByTarget(target).get(0).getStatus()).isEqualTo(Status.RUNNING);
|
||||
}
|
||||
@@ -81,27 +79,25 @@ class DistributionSetInvalidationManagementTest extends AbstractJpaIntegrationTe
|
||||
*/
|
||||
@Test
|
||||
void verifyInvalidateDistributionSetDoesNotStopRollouts() {
|
||||
final InvalidationTestData invalidationTestData = createInvalidationTestData(
|
||||
"verifyInvalidateDistributionSetStopRollouts");
|
||||
final InvalidationTestData invalidationTestData = createInvalidationTestData("verifyInvalidateDistributionSetStopRollouts");
|
||||
|
||||
final DistributionSetInvalidation distributionSetInvalidation = new DistributionSetInvalidation(
|
||||
Collections.singletonList(invalidationTestData.getDistributionSet().getId()), ActionCancellationType.NONE);
|
||||
Collections.singletonList(invalidationTestData.distributionSet().getId()), ActionCancellationType.NONE);
|
||||
final DistributionSetInvalidationCount distributionSetInvalidationCount = countEntitiesForInvalidation(distributionSetInvalidation);
|
||||
assertDistributionSetInvalidationCount(distributionSetInvalidationCount, 1, 0, 0);
|
||||
|
||||
distributionSetInvalidationManagement.invalidateDistributionSet(distributionSetInvalidation);
|
||||
rolloutHandler.handleAll();
|
||||
|
||||
assertThat(targetFilterQueryManagement.find(invalidationTestData.getTargetFilterQuery().getId()).get()
|
||||
assertThat(targetFilterQueryManagement.find(invalidationTestData.targetFilterQuery().getId()).orElseThrow()
|
||||
.getAutoAssignDistributionSet()).isNull();
|
||||
assertThat(rolloutRepository.findById(invalidationTestData.getRollout().getId()).get().getStatus())
|
||||
assertThat(rolloutRepository.findById(invalidationTestData.rollout().getId()).orElseThrow().getStatus())
|
||||
.isEqualTo(RolloutStatus.READY);
|
||||
|
||||
assertNoScheduledActionsExist(invalidationTestData.getRollout());
|
||||
for (final Target target : invalidationTestData.getTargets()) {
|
||||
assertNoScheduledActionsExist(invalidationTestData.rollout());
|
||||
for (final Target target : invalidationTestData.targets()) {
|
||||
// if status is pending, the assignment has not been canceled
|
||||
assertThat(
|
||||
targetRepository.findById(invalidationTestData.getTargets().get(0).getId()).get().getUpdateStatus())
|
||||
assertThat(targetRepository.findById(invalidationTestData.targets().get(0).getId()).orElseThrow().getUpdateStatus())
|
||||
.isEqualTo(TargetUpdateStatus.PENDING);
|
||||
assertThat(findActionsByTarget(target)).hasSize(1);
|
||||
assertThat(findActionsByTarget(target).get(0).getStatus()).isEqualTo(Status.RUNNING);
|
||||
@@ -113,23 +109,22 @@ class DistributionSetInvalidationManagementTest extends AbstractJpaIntegrationTe
|
||||
*/
|
||||
@Test
|
||||
void verifyInvalidateDistributionSetStopAllAndForceCancel() {
|
||||
final InvalidationTestData invalidationTestData = createInvalidationTestData(
|
||||
"verifyInvalidateDistributionSetStopAllAndForceCancel");
|
||||
final InvalidationTestData invalidationTestData = createInvalidationTestData("verifyInvalidateDistributionSetStopAllAndForceCancel");
|
||||
|
||||
final DistributionSetInvalidation distributionSetInvalidation = new DistributionSetInvalidation(
|
||||
Collections.singletonList(invalidationTestData.getDistributionSet().getId()), ActionCancellationType.FORCE);
|
||||
Collections.singletonList(invalidationTestData.distributionSet().getId()), ActionCancellationType.FORCE);
|
||||
final DistributionSetInvalidationCount distributionSetInvalidationCount = countEntitiesForInvalidation(distributionSetInvalidation);
|
||||
assertDistributionSetInvalidationCount(distributionSetInvalidationCount, 1, 5, 1);
|
||||
|
||||
distributionSetInvalidationManagement.invalidateDistributionSet(distributionSetInvalidation);
|
||||
rolloutHandler.handleAll();
|
||||
|
||||
assertThat(targetFilterQueryManagement.find(invalidationTestData.getTargetFilterQuery().getId()).get()
|
||||
assertThat(targetFilterQueryManagement.find(invalidationTestData.targetFilterQuery().getId()).orElseThrow()
|
||||
.getAutoAssignDistributionSet()).isNull();
|
||||
// rollout should be deleted when force invalidation
|
||||
assertThat(rolloutRepository.findById(invalidationTestData.getRollout().getId())).isEmpty();
|
||||
assertNoScheduledActionsExist(invalidationTestData.getRollout());
|
||||
assertAllRolloutActionsAreCancelled(invalidationTestData.getRollout());
|
||||
assertThat(rolloutRepository.findById(invalidationTestData.rollout().getId())).isEmpty();
|
||||
assertNoScheduledActionsExist(invalidationTestData.rollout());
|
||||
assertAllRolloutActionsAreCancelled(invalidationTestData.rollout());
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -140,19 +135,18 @@ class DistributionSetInvalidationManagementTest extends AbstractJpaIntegrationTe
|
||||
final InvalidationTestData invalidationTestData = createInvalidationTestData("verifyInvalidateDistributionSetStopAll");
|
||||
|
||||
final DistributionSetInvalidation distributionSetInvalidation = new DistributionSetInvalidation(
|
||||
Collections.singletonList(invalidationTestData.getDistributionSet().getId()), ActionCancellationType.SOFT);
|
||||
Collections.singletonList(invalidationTestData.distributionSet().getId()), ActionCancellationType.SOFT);
|
||||
final DistributionSetInvalidationCount distributionSetInvalidationCount = countEntitiesForInvalidation(distributionSetInvalidation);
|
||||
assertDistributionSetInvalidationCount(distributionSetInvalidationCount, 1, 5, 1);
|
||||
|
||||
distributionSetInvalidationManagement.invalidateDistributionSet(distributionSetInvalidation);
|
||||
|
||||
assertThat(targetFilterQueryManagement.find(invalidationTestData.getTargetFilterQuery().getId()).get()
|
||||
assertThat(targetFilterQueryManagement.find(invalidationTestData.targetFilterQuery().getId()).orElseThrow()
|
||||
.getAutoAssignDistributionSet()).isNull();
|
||||
assertThat(rolloutRepository.findById(invalidationTestData.getRollout().getId()).get().getStatus())
|
||||
assertThat(rolloutRepository.findById(invalidationTestData.rollout().getId()).orElseThrow().getStatus())
|
||||
.isIn(RolloutStatus.STOPPING, RolloutStatus.FINISHED);
|
||||
for (final Target target : invalidationTestData.getTargets()) {
|
||||
assertThat(targetRepository.findById(target.getId()).get().getUpdateStatus())
|
||||
.isEqualTo(TargetUpdateStatus.PENDING);
|
||||
for (final Target target : invalidationTestData.targets()) {
|
||||
assertThat(targetRepository.findById(target.getId()).orElseThrow().getUpdateStatus()).isEqualTo(TargetUpdateStatus.PENDING);
|
||||
assertThat(findActionsByTarget(target)).hasSize(1);
|
||||
assertThat(findActionsByTarget(target).get(0).getStatus()).isEqualTo(Status.CANCELING);
|
||||
}
|
||||
@@ -182,74 +176,63 @@ class DistributionSetInvalidationManagementTest extends AbstractJpaIntegrationTe
|
||||
void verifyInvalidateInvalidatedDistributionSetDontThrowsException() {
|
||||
final DistributionSet distributionSet = testdataFactory.createAndInvalidateDistributionSet();
|
||||
distributionSetInvalidationManagement.invalidateDistributionSet(
|
||||
new DistributionSetInvalidation(Collections.singletonList(distributionSet.getId()),
|
||||
ActionCancellationType.SOFT));
|
||||
new DistributionSetInvalidation(Collections.singletonList(distributionSet.getId()), ActionCancellationType.SOFT));
|
||||
}
|
||||
|
||||
/**
|
||||
* Verify that a user that has authority READ_REPOSITORY and UPDATE_REPOSITORY is allowed to invalidate a distribution set
|
||||
* Verify that a user that has authority READ_DISTRIBUTION_SET and UPDATE_DISTRIBUTION_SET is allowed to invalidate a distribution set
|
||||
*/
|
||||
@Test
|
||||
@WithUser(authorities = { "READ_REPOSITORY", "UPDATE_REPOSITORY" })
|
||||
@WithUser(authorities = { "READ_DISTRIBUTION_SET", "UPDATE_DISTRIBUTION_SET" })
|
||||
void verifyInvalidateWithReadAndUpdateRepoAuthority() {
|
||||
final InvalidationTestData invalidationTestData = systemSecurityContext
|
||||
.runAsSystem(() -> createInvalidationTestData("verifyInvalidateWithUpdateRepoAuthority"));
|
||||
|
||||
distributionSetInvalidationManagement.invalidateDistributionSet(new DistributionSetInvalidation(
|
||||
Collections.singletonList(invalidationTestData.getDistributionSet().getId()), ActionCancellationType.NONE));
|
||||
assertThat(
|
||||
distributionSetRepository.findById(invalidationTestData.getDistributionSet().getId()).get().isValid())
|
||||
.isFalse();
|
||||
Collections.singletonList(invalidationTestData.distributionSet().getId()), ActionCancellationType.NONE));
|
||||
assertThat(distributionSetRepository.findById(invalidationTestData.distributionSet().getId()).orElseThrow().isValid()).isFalse();
|
||||
}
|
||||
|
||||
/**
|
||||
* Verify that a user that has authority READ_REPOSITORY, UPDATE_REPOSITORY and UPDATE_TARGET is allowed to invalidate a distribution set only without canceling rollouts
|
||||
* Verify that a user that has authority READ_DISTRIBUTION_SET, UPDATE_DISTRIBUTION_SET and UPDATE_TARGET is allowed to invalidate a distribution set only without canceling rollouts
|
||||
*/
|
||||
@Test
|
||||
@WithUser(authorities = { "READ_REPOSITORY", "UPDATE_REPOSITORY", "UPDATE_TARGET" })
|
||||
@WithUser(authorities = { "READ_DISTRIBUTION_SET", "UPDATE_DISTRIBUTION_SET", "UPDATE_TARGET" })
|
||||
void verifyInvalidateWithReadAndUpdateRepoAndUpdateTargetAuthority() {
|
||||
final InvalidationTestData invalidationTestData = systemSecurityContext.runAsSystem(
|
||||
() -> createInvalidationTestData("verifyInvalidateWithUpdateRepoAndUpdateTargetAuthority"));
|
||||
|
||||
final DistributionSetInvalidation distributionSetInvalidation = new DistributionSetInvalidation(
|
||||
List.of(invalidationTestData.getDistributionSet().getId()), ActionCancellationType.SOFT);
|
||||
List.of(invalidationTestData.distributionSet().getId()), ActionCancellationType.SOFT);
|
||||
assertThatExceptionOfType(InsufficientPermissionException.class)
|
||||
.as("Insufficient permission exception expected")
|
||||
.isThrownBy(() -> distributionSetInvalidationManagement.invalidateDistributionSet(distributionSetInvalidation));
|
||||
|
||||
distributionSetInvalidationManagement.invalidateDistributionSet(new DistributionSetInvalidation(
|
||||
Collections.singletonList(invalidationTestData.getDistributionSet().getId()), ActionCancellationType.NONE));
|
||||
assertThat(
|
||||
distributionSetRepository.findById(invalidationTestData.getDistributionSet().getId()).get().isValid())
|
||||
.isFalse();
|
||||
Collections.singletonList(invalidationTestData.distributionSet().getId()), ActionCancellationType.NONE));
|
||||
assertThat(distributionSetRepository.findById(invalidationTestData.distributionSet().getId()).orElseThrow().isValid()).isFalse();
|
||||
}
|
||||
|
||||
/**
|
||||
* Verify that a user that has authority READ_REPOSITORY, UPDATE_REPOSITORY, UPDATE_ROLLOUT and UPDATE_TARGET is allowed to invalidate a distribution
|
||||
* Verify that a user that has authority READ_DISTRIBUTION_SET, UPDATE_DISTRIBUTION_SET, UPDATE_ROLLOUT and UPDATE_TARGET is allowed to invalidate a distribution
|
||||
*/
|
||||
@Test
|
||||
@WithUser(authorities = { "READ_REPOSITORY", "UPDATE_REPOSITORY", "UPDATE_TARGET", "UPDATE_ROLLOUT" })
|
||||
@WithUser(authorities = { "READ_DISTRIBUTION_SET", "UPDATE_DISTRIBUTION_SET", "UPDATE_TARGET", "UPDATE_ROLLOUT" })
|
||||
void verifyInvalidateWithReadAndUpdateRepoAndUpdateTargetAndUpdateRolloutAuthority() {
|
||||
final InvalidationTestData invalidationTestData = systemSecurityContext.runAsSystem(
|
||||
() -> createInvalidationTestData("verifyInvalidateWithUpdateRepoAndUpdateTargetAuthority"));
|
||||
|
||||
distributionSetInvalidationManagement.invalidateDistributionSet(new DistributionSetInvalidation(
|
||||
Collections.singletonList(invalidationTestData.getDistributionSet().getId()), ActionCancellationType.SOFT));
|
||||
assertThat(
|
||||
distributionSetRepository.findById(invalidationTestData.getDistributionSet().getId()).get().isValid())
|
||||
.isFalse();
|
||||
List.of(invalidationTestData.distributionSet().getId()), ActionCancellationType.SOFT));
|
||||
assertThat(distributionSetRepository.findById(invalidationTestData.distributionSet().getId()).orElseThrow().isValid()).isFalse();
|
||||
}
|
||||
|
||||
private void assertNoScheduledActionsExist(final Rollout rollout) {
|
||||
assertThat(
|
||||
actionRepository.findByRolloutIdAndStatus(PAGE, rollout.getId(), Status.SCHEDULED).getTotalElements())
|
||||
.isZero();
|
||||
assertThat(actionRepository.findByRolloutIdAndStatus(PAGE, rollout.getId(), Status.SCHEDULED).getTotalElements()).isZero();
|
||||
}
|
||||
|
||||
private void assertAllRolloutActionsAreCancelled(final Rollout rollout) {
|
||||
assertThat(
|
||||
actionRepository.findByRolloutIdAndStatus(PAGE, rollout.getId(), Status.CANCELED).getTotalElements())
|
||||
.isZero();
|
||||
assertThat(actionRepository.findByRolloutIdAndStatus(PAGE, rollout.getId(), Status.CANCELED).getTotalElements()).isZero();
|
||||
}
|
||||
|
||||
private InvalidationTestData createInvalidationTestData(final String testName) {
|
||||
@@ -276,8 +259,7 @@ class DistributionSetInvalidationManagementTest extends AbstractJpaIntegrationTe
|
||||
return actionRepository.findAll(ActionSpecifications.byTargetControllerId(target.getControllerId()));
|
||||
}
|
||||
|
||||
private DistributionSetInvalidationCount countEntitiesForInvalidation(
|
||||
final DistributionSetInvalidation distributionSetInvalidation) {
|
||||
private DistributionSetInvalidationCount countEntitiesForInvalidation(final DistributionSetInvalidation distributionSetInvalidation) {
|
||||
return systemSecurityContext.runAsSystem(() -> {
|
||||
final Collection<Long> setIds = distributionSetInvalidation.getDistributionSetIds();
|
||||
final long rolloutsCount = distributionSetInvalidation.getActionCancellationType() != ActionCancellationType.NONE ? countRolloutsForInvalidation(setIds) : 0;
|
||||
@@ -317,22 +299,6 @@ class DistributionSetInvalidationManagementTest extends AbstractJpaIntegrationTe
|
||||
.sum();
|
||||
}
|
||||
|
||||
@Data
|
||||
private static class InvalidationTestData {
|
||||
|
||||
private final DistributionSet distributionSet;
|
||||
private final List<Target> targets;
|
||||
private final TargetFilterQuery targetFilterQuery;
|
||||
private final Rollout rollout;
|
||||
|
||||
public InvalidationTestData(
|
||||
final DistributionSet distributionSet, final List<Target> targets,
|
||||
final TargetFilterQuery targetFilterQuery, final Rollout rollout) {
|
||||
super();
|
||||
this.distributionSet = distributionSet;
|
||||
this.targets = targets;
|
||||
this.targetFilterQuery = targetFilterQuery;
|
||||
this.rollout = rollout;
|
||||
}
|
||||
}
|
||||
}
|
||||
private record InvalidationTestData(
|
||||
DistributionSet distributionSet, List<Target> targets, TargetFilterQuery targetFilterQuery, Rollout rollout) {}
|
||||
}
|
||||
@@ -1393,10 +1393,10 @@ class RolloutManagementTest extends AbstractJpaIntegrationTest {
|
||||
|
||||
final WithUser userWithoutHandleRollout = SecurityContextSwitch.withUser(
|
||||
"user_without_handle_rollout",
|
||||
SpPermission.READ_REPOSITORY, SpPermission.READ_TARGET, SpPermission.CREATE_ROLLOUT);
|
||||
SpPermission.READ_DISTRIBUTION_SET, SpPermission.READ_TARGET, SpPermission.CREATE_ROLLOUT);
|
||||
final WithUser userWithHandleRollout = SecurityContextSwitch.withUser(
|
||||
"user_with_handle_rollout",
|
||||
SpPermission.READ_REPOSITORY, SpPermission.READ_TARGET, SpPermission.CREATE_ROLLOUT, SpPermission.HANDLE_ROLLOUT);
|
||||
SpPermission.READ_DISTRIBUTION_SET, SpPermission.READ_TARGET, SpPermission.CREATE_ROLLOUT, SpPermission.HANDLE_ROLLOUT);
|
||||
final WithUser userWithSystemRole = SecurityContextSwitch.withUser(
|
||||
"user_with_system_role",
|
||||
SpRole.SYSTEM_ROLE);
|
||||
|
||||
Reference in New Issue
Block a user