Merge pull request #11 from AbhyudayaSharma/agent-roles

Add Support for Agent Roles
jenkinsci · Jul 25, 2019 · add17e5 · add17e5
2 parents 92bf1ee + a60242e
commit add17e5
Show file tree

Hide file tree

Showing 17 changed files with 519 additions and 32 deletions.
diff --git a/src/main/java/io/jenkins/plugins/folderauth/FolderAuthorizationStrategyManagementLink.java b/src/main/java/io/jenkins/plugins/folderauth/FolderAuthorizationStrategyManagementLink.java
@@ -5,15 +5,21 @@
 import hudson.model.AbstractItem;
 import hudson.model.Computer;
 import hudson.model.Hudson;
+import hudson.model.Item;
 import hudson.model.ManagementLink;
+import hudson.model.Run;
+import hudson.model.View;
+import hudson.scm.SCM;
 import hudson.security.ACL;
 import hudson.security.ACLContext;
 import hudson.security.AuthorizationStrategy;
 import hudson.security.Permission;
 import hudson.security.PermissionGroup;
+import io.jenkins.plugins.folderauth.misc.AgentRoleCreationRequest;
 import io.jenkins.plugins.folderauth.misc.FolderRoleCreationRequest;
 import io.jenkins.plugins.folderauth.misc.GlobalRoleCreationRequest;
 import io.jenkins.plugins.folderauth.misc.PermissionWrapper;
+import io.jenkins.plugins.folderauth.roles.AgentRole;
 import io.jenkins.plugins.folderauth.roles.FolderRole;
 import io.jenkins.plugins.folderauth.roles.GlobalRole;
 import jenkins.model.Jenkins;
@@ -28,8 +34,10 @@
 
 import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
+import javax.annotation.ParametersAreNonnullByDefault;
 import javax.servlet.ServletException;
 import java.io.IOException;
+import java.util.Arrays;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
@@ -38,6 +46,7 @@
 import java.util.stream.Collectors;
 
 @Extension
+@ParametersAreNonnullByDefault
 public class FolderAuthorizationStrategyManagementLink extends ManagementLink {
     private static final Logger LOGGER = Logger.getLogger(FolderAuthorizationStrategyManagementLink.class.getName());
 
@@ -80,6 +89,20 @@ public Set<Permission> getFolderPermissions() {
         return getSafePermissions(groups);
     }
 
+    @Nonnull
+    @Restricted(NoExternalUse.class)
+    @SuppressWarnings("unused") // used by index.jelly
+    public Set<Permission> getAgentPermissions() {
+        HashSet<PermissionGroup> groups = new HashSet<>(PermissionGroup.getAll());
+        groups.remove(PermissionGroup.get(Run.class));
+        groups.remove(PermissionGroup.get(SCM.class));
+        groups.remove(PermissionGroup.get(View.class));
+        groups.remove(PermissionGroup.get(Item.class));
+        groups.remove(PermissionGroup.get(Hudson.class));
+        groups.remove(PermissionGroup.get(Permission.class));
+        return getSafePermissions(groups);
+    }
+
     /**
      * Adds a {@link GlobalRole} to {@link FolderBasedAuthorizationStrategy}.
      *
@@ -147,10 +170,28 @@ public void doAddFolderRole(@JsonBody FolderRoleCreationRequest request) throws
         }
     }
 
+    /**
+     * Adds an {@link AgentRole} to {@link FolderBasedAuthorizationStrategy}.
+     *
+     * @param request the request to create the role
+     * @throws IOException           when unable to add the role
+     * @throws IllegalStateException when {@link Jenkins#getAuthorizationStrategy()} is
+     *                               not {@link FolderBasedAuthorizationStrategy}
+     */
+    @RequirePOST
+    @Restricted(NoExternalUse.class)
+    public void doAddAgentRole(@JsonBody AgentRoleCreationRequest request) throws IOException {
+        Jenkins jenkins = Jenkins.get();
+        jenkins.checkPermission(Jenkins.ADMINISTER);
+        AuthorizationStrategy strategy = jenkins.getAuthorizationStrategy();
+        if (strategy instanceof FolderBasedAuthorizationStrategy) {
+            ((FolderBasedAuthorizationStrategy) strategy).addFolderRole(request.getAgentRole());
+        }
+    }
+
     /**
      * Assigns {@code sid} to the folder role identified by {@code roleName}.
      * <p>
-     * Does not do anything if a role corresponding to the {@code roleName} does not exist.
      *
      * @param roleName the name of the global to which {@code sid} will be assigned to.
      * @param sid      the sid of the user/group to be assigned.
@@ -174,6 +215,32 @@ public void doAssignSidToFolderRole(@QueryParameter(required = true) String role
         }
     }
 
+    /**
+     * Assigns {@code sid} to the {@link AgentRole} identified by {@code roleName}.
+     * <p>
+     *
+     * @param roleName the name of the global to which {@code sid} will be assigned to.
+     * @param sid      the sid of the user/group to be assigned.
+     * @throws IOException                      when unable to assign the Sid to the role
+     * @throws IllegalStateException            when {@link Jenkins#getAuthorizationStrategy()} is
+     *                                          not {@link FolderBasedAuthorizationStrategy}
+     * @throws java.util.NoSuchElementException when no role with name equal to {@code roleName} exists.
+     */
+    @RequirePOST
+    @Restricted(NoExternalUse.class)
+    public void doAssignSidToAgentRole(@QueryParameter(required = true) String roleName,
+                                        @QueryParameter(required = true) String sid) throws IOException {
+        Jenkins jenkins = Jenkins.get();
+        jenkins.checkPermission(Jenkins.ADMINISTER);
+        AuthorizationStrategy strategy = jenkins.getAuthorizationStrategy();
+        if (strategy instanceof FolderBasedAuthorizationStrategy) {
+            ((FolderBasedAuthorizationStrategy) strategy).assignSidToAgentRole(roleName, sid);
+            redirect();
+        } else {
+            throw new IllegalStateException(Messages.FolderBasedAuthorizationStrategy_NotCurrentStrategy());
+        }
+    }
+
     /**
      * Redirects to the same page that initiated the request.
      */
@@ -187,6 +254,7 @@ private void redirect() {
 
     @Nonnull
     @Restricted(NoExternalUse.class)
+    @SuppressWarnings("unused") // used by index.jelly
     public Set<GlobalRole> getGlobalRoles() {
         AuthorizationStrategy strategy = Jenkins.get().getAuthorizationStrategy();
         if (strategy instanceof FolderBasedAuthorizationStrategy) {
@@ -216,6 +284,26 @@ public JSONArray doGetAllFolders() {
         return JSONArray.fromObject(folders.stream().map(AbstractItem::getFullName).collect(Collectors.toList()));
     }
 
+    /**
+     * Get all {@link Computer}s in the system
+     *
+     * @return all Computers in the system
+     */
+    @Nonnull
+    @Restricted(NoExternalUse.class)
+    @SuppressWarnings("unused") // used by index.jelly
+    public List<Computer> getAllComputers() {
+        Jenkins jenkins = Jenkins.get();
+        jenkins.checkPermission(Jenkins.ADMINISTER);
+        Computer[] computers;
+
+        try (ACLContext ignored = ACL.as(ACL.SYSTEM)) {
+            computers = jenkins.getComputers();
+        }
+
+        return Arrays.asList(computers);
+    }
+
     /**
      * Returns the {@link FolderRole}s used by the {@link FolderBasedAuthorizationStrategy}.
      *
@@ -225,6 +313,7 @@ public JSONArray doGetAllFolders() {
      */
     @Nonnull
     @Restricted(NoExternalUse.class)
+    @SuppressWarnings("unused") // used by index.jelly
     public Set<FolderRole> getFolderRoles() {
         AuthorizationStrategy strategy = Jenkins.get().getAuthorizationStrategy();
         if (strategy instanceof FolderBasedAuthorizationStrategy) {
@@ -234,6 +323,18 @@ public Set<FolderRole> getFolderRoles() {
         }
     }
 
+    @Nonnull
+    @Restricted(NoExternalUse.class)
+    @SuppressWarnings("unused") // used by index.jelly
+    public Set<AgentRole> getAgentRoles() {
+        AuthorizationStrategy strategy = Jenkins.get().getAuthorizationStrategy();
+        if (strategy instanceof FolderBasedAuthorizationStrategy) {
+            return ((FolderBasedAuthorizationStrategy) strategy).getAgentRoles();
+        } else {
+            throw new IllegalStateException(Messages.FolderBasedAuthorizationStrategy_NotCurrentStrategy());
+        }
+    }
+
     /**
      * Deletes a global role.
      *
@@ -283,6 +384,31 @@ public void doDeleteFolderRole(@QueryParameter(required = true) String roleName)
         }
     }
 
+    /**
+     * Deletes an {@link AgentRole} from the {@link FolderBasedAuthorizationStrategy}.
+     *
+     * @param roleName the name of the role to be deleted
+     * @throws IOException                      when unable to delete the role
+     * @throws IllegalStateException            when {@link Jenkins#getAuthorizationStrategy()} is
+     *                                          not {@link FolderBasedAuthorizationStrategy}
+     * @throws java.util.NoSuchElementException when no role with name equal to {@code roleName} exists.
+     */
+    @RequirePOST
+    @Restricted(NoExternalUse.class)
+    public void doDeleteAgentRole(@QueryParameter(required = true) String roleName)
+            throws IOException {
+        Jenkins jenkins = Jenkins.get();
+        jenkins.checkPermission(Jenkins.ADMINISTER);
+        AuthorizationStrategy strategy = jenkins.getAuthorizationStrategy();
+        if (strategy instanceof FolderBasedAuthorizationStrategy) {
+            ((FolderBasedAuthorizationStrategy) strategy).deleteAgentRole(roleName);
+            redirect();
+        } else {
+            throw new IllegalStateException(Messages.FolderBasedAuthorizationStrategy_NotCurrentStrategy());
+        }
+    }
+
+    @Nonnull
     static Set<Permission> getSafePermissions(Set<PermissionGroup> groups) {
         HashSet<Permission> safePermissions = new HashSet<>();
         groups.stream().map(PermissionGroup::getPermissions).forEach(safePermissions::addAll);