From 34fa2adb0cf3cbc1e3327e2cde4c21c8f17966f2 Mon Sep 17 00:00:00 2001 From: Mads Mohr Christensen Date: Mon, 29 Mar 2021 08:48:41 +0200 Subject: [PATCH] [JENKINS-64858] - Enabled support for Job DSL plugin (#99) --- ...reAdAuthorizationMatrixFolderProperty.java | 45 +++++++++++++++++- .../AzureAdAuthorizationMatrixProperty.java | 47 ++++++++++++++++++- 2 files changed, 88 insertions(+), 4 deletions(-) diff --git a/src/main/java/com/microsoft/jenkins/azuread/AzureAdAuthorizationMatrixFolderProperty.java b/src/main/java/com/microsoft/jenkins/azuread/AzureAdAuthorizationMatrixFolderProperty.java index 3e1d31dd..4ead48c2 100644 --- a/src/main/java/com/microsoft/jenkins/azuread/AzureAdAuthorizationMatrixFolderProperty.java +++ b/src/main/java/com/microsoft/jenkins/azuread/AzureAdAuthorizationMatrixFolderProperty.java @@ -1,16 +1,31 @@ package com.microsoft.jenkins.azuread; +import com.cloudbees.hudson.plugins.folder.AbstractFolder; +import com.cloudbees.hudson.plugins.folder.AbstractFolderPropertyDescriptor; import com.cloudbees.hudson.plugins.folder.properties.AuthorizationMatrixProperty; import hudson.Extension; import hudson.model.AutoCompletionCandidates; +import hudson.model.Item; import hudson.security.Permission; +import hudson.security.PermissionScope; +import hudson.util.FormValidation; import jenkins.model.Jenkins; +import net.sf.json.JSONObject; +import org.jenkinsci.Symbol; import org.jenkinsci.plugins.matrixauth.AbstractAuthorizationPropertyConverter; +import org.jenkinsci.plugins.matrixauth.AuthorizationPropertyDescriptor; +import org.kohsuke.accmod.Restricted; +import org.kohsuke.accmod.restrictions.NoExternalUse; import org.kohsuke.accmod.restrictions.suppressions.SuppressRestrictedWarnings; +import org.kohsuke.stapler.AncestorInPath; +import org.kohsuke.stapler.DataBoundConstructor; import org.kohsuke.stapler.QueryParameter; +import org.kohsuke.stapler.StaplerRequest; +import org.kohsuke.stapler.verb.GET; import javax.annotation.Nonnull; import java.io.IOException; +import java.util.List; public class AzureAdAuthorizationMatrixFolderProperty extends AuthorizationMatrixProperty { @@ -19,6 +34,14 @@ public class AzureAdAuthorizationMatrixFolderProperty extends AuthorizationMatri protected AzureAdAuthorizationMatrixFolderProperty() { } + @DataBoundConstructor + @Restricted(NoExternalUse.class) + public AzureAdAuthorizationMatrixFolderProperty(List permissions) { + for (String permission : permissions) { + add(permission); + } + } + @Override public void add(Permission p, String sid) { super.add(p, sid); @@ -43,18 +66,36 @@ public boolean hasPermission(String sid, Permission p) { } @Extension(optional = true) - public static class DescriptorImpl extends AuthorizationMatrixProperty.DescriptorImpl { + @Symbol("azureAdAuthorizationMatrix") + @SuppressRestrictedWarnings(AuthorizationPropertyDescriptor.class) + public static class DescriptorImpl extends AbstractFolderPropertyDescriptor implements + AuthorizationPropertyDescriptor { @Override - public AuthorizationMatrixProperty create() { + public AzureAdAuthorizationMatrixFolderProperty create() { return new AzureAdAuthorizationMatrixFolderProperty(); } + @Override + public PermissionScope getPermissionScope() { + return PermissionScope.ITEM_GROUP; + } + + @Override + public AuthorizationMatrixProperty newInstance(StaplerRequest req, JSONObject formData) throws FormException { + return createNewInstance(req, formData, true); + } + @Override public boolean isApplicable() { return Jenkins.get().getAuthorizationStrategy() instanceof AzureAdMatrixAuthorizationStrategy; } + @GET + public FormValidation doCheckName(@AncestorInPath AbstractFolder folder, @QueryParameter String value) { + return doCheckName_(value, folder, Item.CONFIGURE); + } + @Override @Nonnull public String getDisplayName() { diff --git a/src/main/java/com/microsoft/jenkins/azuread/AzureAdAuthorizationMatrixProperty.java b/src/main/java/com/microsoft/jenkins/azuread/AzureAdAuthorizationMatrixProperty.java index 2b640dd1..3507d5f0 100644 --- a/src/main/java/com/microsoft/jenkins/azuread/AzureAdAuthorizationMatrixProperty.java +++ b/src/main/java/com/microsoft/jenkins/azuread/AzureAdAuthorizationMatrixProperty.java @@ -2,17 +2,33 @@ import hudson.Extension; import hudson.model.AutoCompletionCandidates; +import hudson.model.Item; +import hudson.model.Job; +import hudson.model.JobProperty; +import hudson.model.JobPropertyDescriptor; import hudson.security.AuthorizationMatrixProperty; import hudson.security.Permission; +import hudson.security.PermissionScope; +import hudson.util.FormValidation; import jenkins.model.Jenkins; +import net.sf.json.JSONObject; +import org.jenkinsci.Symbol; import org.jenkinsci.plugins.matrixauth.AbstractAuthorizationPropertyConverter; import org.jenkinsci.plugins.matrixauth.AuthorizationProperty; +import org.jenkinsci.plugins.matrixauth.AuthorizationPropertyDescriptor; +import org.kohsuke.accmod.Restricted; +import org.kohsuke.accmod.restrictions.NoExternalUse; import org.kohsuke.accmod.restrictions.suppressions.SuppressRestrictedWarnings; +import org.kohsuke.stapler.AncestorInPath; +import org.kohsuke.stapler.DataBoundConstructor; import org.kohsuke.stapler.QueryParameter; +import org.kohsuke.stapler.StaplerRequest; +import org.kohsuke.stapler.verb.GET; import javax.annotation.Nonnull; import java.io.IOException; import java.util.Collections; +import java.util.List; import java.util.Map; import java.util.Set; @@ -29,6 +45,15 @@ public AzureAdAuthorizationMatrixProperty(Map> grantedPe refreshMap(); } + @DataBoundConstructor + @Restricted(NoExternalUse.class) + public AzureAdAuthorizationMatrixProperty(List permissions) { + this(); + for (String permission : permissions) { + add(permission); + } + } + void refreshMap() { for (String fullSid : this.getAllSIDs()) { objId2FullSidMap.putFullSid(fullSid); @@ -67,18 +92,36 @@ public boolean hasPermission(String sid, Permission p, boolean principal) { } @Extension - public static class DescriptorImpl extends AuthorizationMatrixProperty.DescriptorImpl { + @Symbol("azureAdAuthorizationMatrix") + @SuppressRestrictedWarnings(AuthorizationPropertyDescriptor.class) + public static class DescriptorImpl extends JobPropertyDescriptor implements + AuthorizationPropertyDescriptor { @Override - public AuthorizationMatrixProperty create() { + public AzureAdAuthorizationMatrixProperty create() { return new AzureAdAuthorizationMatrixProperty(); } + @Override + public PermissionScope getPermissionScope() { + return PermissionScope.ITEM; + } + + @Override + public JobProperty newInstance(StaplerRequest req, JSONObject formData) throws FormException { + return createNewInstance(req, formData, true); + } + @Override public boolean isApplicable() { return Jenkins.get().getAuthorizationStrategy() instanceof AzureAdMatrixAuthorizationStrategy; } + @GET + public FormValidation doCheckName(@AncestorInPath Job project, @QueryParameter String value) { + return doCheckName_(value, project, Item.CONFIGURE); + } + @Nonnull @Override public String getDisplayName() {