-
Notifications
You must be signed in to change notification settings - Fork 410
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Revert RBAC_Example.groovy and rbac-report.groovy
- Loading branch information
Showing
2 changed files
with
110 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
import jenkins.model.Jenkins; | ||
import nectar.plugins.rbac.strategy.*; | ||
import hudson.security.*; | ||
import nectar.plugins.rbac.groups.*; | ||
import nectar.plugins.rbac.roles.*; | ||
|
||
//Obtain security configuration | ||
RoleMatrixAuthorizationStrategyImpl strategy = RoleMatrixAuthorizationStrategyImpl.getInstance() | ||
RoleMatrixAuthorizationConfig config = RoleMatrixAuthorizationPlugin.getConfig() | ||
|
||
println 'Groups' | ||
config.getGroups().each{ g -> | ||
println '\t' + g.name | ||
println '\t\t Group Roles' | ||
g.getAllRoles().each{rg -> println '\t\t\t' + rg} | ||
println '\t\t Group Memberships' | ||
g.getGroupMembership().each{mg -> println '\t\t\t' + mg} | ||
println '\t\t Group Members' | ||
g.getMembers().each{mg -> println '\t\t\t' + mg} | ||
} | ||
|
||
println '*Roles*' | ||
config.getRoles().each{r -> | ||
println '\t' + r | ||
println '\t\t Role Permissions' | ||
Role rc = new Role(r) | ||
rc.getPermissionProxies().each{p -> println '\t\t' + p.id + " - " + p.name} | ||
} | ||
|
||
println '*Permissions*' | ||
Permission.getAll().each{p -> println '\t' + p.id + " - " + p.name} | ||
|
||
println 'create a new Role' | ||
String roleName = "NewRole" | ||
strategy.addRole(roleName) | ||
|
||
println 'add all permission to NewRole' | ||
Role rc = new Role(roleName) | ||
for (Permission p: Permission.getAll()) { | ||
if(p.getEnabled() && p.owner == null){ | ||
rc.doGrantPermissions(p.id) | ||
} | ||
} | ||
|
||
println 'remove permission from role' | ||
rc.doRevokePermissions("hudson.model.Hudson.Read") | ||
|
||
println 'create a new groups at different container levels' | ||
|
||
// Get location for ClientMaster | ||
locationCM = Jenkins.instance.getAllItems().find{it.name.equals("ClientMaster")} | ||
// Get location for a FolderA/FolderB | ||
locationFolder = Jenkins.instance.getAllItems().find{it.fullName.equals("FolderA/FolderB")} | ||
// Get location at Root Level | ||
locationRoot = Jenkins.getInstance() | ||
|
||
// For the following example the group is created at root container (locationRoot) | ||
String groupName = "newGroup" | ||
GroupContainer container = GroupContainerLocator.locate(locationRoot) | ||
Group group = new Group(container, groupName) | ||
group.doAddMember('tesla') | ||
group.doAddMember('userToDelete') | ||
group.doRemoveMember('userToDelete') | ||
group.doGrantRole('roleToRevoke', 0, Boolean.TRUE) | ||
group.doRevokeRole('roleToRevoke') | ||
group.doGrantRole(roleName, 0, Boolean.TRUE) | ||
container.addGroup(group) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
import nectar.plugins.rbac.groups.*; | ||
import java.util.*; | ||
|
||
Map containers = new TreeMap(); | ||
// Add the root container | ||
containers.put(Jenkins.instance.displayName, GroupContainerLocator.locate(Jenkins.instance)); | ||
// Add all the items that are be containers | ||
for (i in Jenkins.instance.allItems) { | ||
if (GroupContainerLocator.isGroupContainer(i.getClass())) { | ||
GroupContainer g = GroupContainerLocator.locate(i); | ||
if (g != null) containers.put(Jenkins.instance.displayName + "/" + i.fullDisplayName, g); | ||
} | ||
} | ||
// Add all the nodes, as they are containers also (but be safe about it) | ||
for (i in Jenkins.instance.nodes) { | ||
if (GroupContainerLocator.isGroupContainer(i.getClass())) { | ||
GroupContainer g = GroupContainerLocator.locate(i); | ||
if (g != null) containers.put(Jenkins.instance.displayName + "/" + i.displayName, g); | ||
} | ||
} | ||
// There may be other group containers if somebody has written additional | ||
// extension points in additional plugins, but at this point in time this | ||
// is the full set of places where group containers can be hiding | ||
|
||
for (c in containers) { | ||
println(c.key); | ||
for (g in c.value.groups) { | ||
println(" " + g.name); | ||
println(" Roles:"); | ||
for (r in g.roles) { | ||
println(" " + r + (g.doesPropagateToChildren(r) ? " (and children)" : " (pinned)")); | ||
|
||
} | ||
println(" Members:"); | ||
// g.members is the String names | ||
// g.membership is the corresponding AbstractAssignee objects (so this may involve an LDAP lookup) | ||
// but g.membership is the only way to determine what the String name corresponds to | ||
// listing here so you can see what can be done, but up to you to judge the runtime cost | ||
for (a in g.membership) { | ||
println(" " + a.id + " <" + a.fullName + "> (" + a.description + " : " +a.getClass().getName() + ")"); | ||
} | ||
} | ||
} |