[JENKINS-68755] Add support for explicit user and group assignment (#230

) Adding support to explicitly assign a role to a user or a group. This avoids confusion when a name matches both. A warning will be shown on the role assignment page for ambiguous entries with the possibility to make this a user or a group assignment. ❗ This is an incompatible change and after migration, going back to the previous version will require to undo the config changes. While the changes to the config.xml can be read by older versions, you can run into problems with duplicate entries. Changes done on Configuration As Code yaml files need to be reverted to the old format before downgrading. The new version can read existing configurations files (both from the config.xml and Casc). After startup of Jenkins with the new plugin version, the config.xml will be automatically saved with the new format. The plugin APIs have significantly changed. Plugins that depend on role-strategy will probably need to be adjusted as well or might not work as expected (ownership-plugin, dynamic_extended_choice_parameter).
jenkinsci · Jul 6, 2023 · 398b8a2 · 398b8a2
1 parent 8da463f
commit 398b8a2
Show file tree

Hide file tree

Showing 60 changed files with 2,669 additions and 678 deletions.
diff --git a/pom.xml b/pom.xml
@@ -1,128 +1,129 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
-   <modelVersion>4.0.0</modelVersion>
+  <modelVersion>4.0.0</modelVersion>
 
-   <parent>
-        <groupId>org.jenkins-ci.plugins</groupId>
-        <artifactId>plugin</artifactId>
-        <version>4.69</version>
-        <relativePath />
-    </parent>
+  <parent>
+    <groupId>org.jenkins-ci.plugins</groupId>
+    <artifactId>plugin</artifactId>
+    <version>4.69</version>
+    <relativePath/>
+  </parent>
 
-   <artifactId>role-strategy</artifactId>
-   <version>${changelist}</version>
-   <packaging>hpi</packaging>
+  <artifactId>role-strategy</artifactId>
+  <version>${changelist}</version>
+  <packaging>hpi</packaging>
 
-   <name>Role-based Authorization Strategy</name>
-   <url>https://github.com/jenkinsci/role-strategy-plugin</url>
-   <licenses>
-        <license>
-            <name>MIT License</name>
-            <url>https://opensource.org/licenses/MIT</url>
-            <distribution>repo</distribution>
-        </license>
-    </licenses>
+  <name>Role-based Authorization Strategy</name>
+  <url>https://github.com/jenkinsci/role-strategy-plugin</url>
+  <licenses>
+    <license>
+      <name>MIT License</name>
+      <url>https://opensource.org/licenses/MIT</url>
+      <distribution>repo</distribution>
+    </license>
+  </licenses>
 
-   <developers>
-        <developer>
-            <id>tmaurel</id>
-            <name>Thomas Maurel</name>
-            <timezone>+1</timezone>
-        </developer>
-        <developer>
-            <id>rseguy</id>
-            <name>Romain Seguy</name>
-            <timezone>+1</timezone>
-        </developer>
-        <developer>
-            <name>Oleg Nenashev</name>
-            <id>oleg_nenashev</id>
-            <email>o.v.nenashev@gmail.com</email>
-        </developer>
-    </developers>
+  <developers>
+    <developer>
+      <id>tmaurel</id>
+      <name>Thomas Maurel</name>
+      <timezone>+1</timezone>
+    </developer>
+    <developer>
+      <id>rseguy</id>
+      <name>Romain Seguy</name>
+      <timezone>+1</timezone>
+    </developer>
+    <developer>
+      <name>Oleg Nenashev</name>
+      <id>oleg_nenashev</id>
+      <email>o.v.nenashev@gmail.com</email>
+    </developer>
+  </developers>
 
-   <scm>
-        <connection>scm:git:https://github.com/jenkinsci/${project.artifactId}-plugin.git</connection>
-        <developerConnection>scm:git:git@github.com:jenkinsci/${project.artifactId}-plugin.git</developerConnection>
-        <url>https://github.com/jenkinsci/${project.artifactId}-plugin</url>
-        <tag>${scmTag}</tag>
-    </scm>
+  <scm>
+    <connection>scm:git:https://github.com/jenkinsci/${project.artifactId}-plugin.git</connection>
+    <developerConnection>scm:git:git@github.com:jenkinsci/${project.artifactId}-plugin.git</developerConnection>
+    <url>https://github.com/jenkinsci/${project.artifactId}-plugin</url>
+    <tag>${scmTag}</tag>
+  </scm>
 
-   <properties>
-        <changelist>999999-SNAPSHOT</changelist>
-        <jenkins.version>2.387.3</jenkins.version>
-        <checkstyle.version>10.12.1</checkstyle.version>
-    </properties>
+  <properties>
+    <changelist>999999-SNAPSHOT</changelist>
+    <jenkins.version>2.387.3</jenkins.version>
+    <checkstyle.version>10.12.1</checkstyle.version>
+    <hpi.compatibleSinceVersion>640</hpi.compatibleSinceVersion>
+  </properties>
 
-   <dependencyManagement>
-        <dependencies>
-            <dependency>
-                <groupId>io.jenkins.tools.bom</groupId>
-                <artifactId>bom-2.387.x</artifactId>
-                <version>2198.v39c76fc308ca</version>
-                <type>pom</type>
-                <scope>import</scope>
-            </dependency>
-        </dependencies>
-    </dependencyManagement>
-   <dependencies>
-        <dependency>
-            <groupId>io.jenkins.plugins</groupId>
-            <artifactId>ionicons-api</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>io.jenkins.plugins</groupId>
-            <artifactId>caffeine-api</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>io.jenkins</groupId>
-            <artifactId>configuration-as-code</artifactId>
-            <optional>true</optional>
-        </dependency>
-        <dependency>
-            <groupId>org.jenkins-ci.plugins</groupId>
-            <artifactId>cloudbees-folder</artifactId>
-            <optional>true</optional>
-        </dependency>
-        <dependency>
-            <groupId>io.jenkins.configuration-as-code</groupId>
-            <artifactId>test-harness</artifactId>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>com.synopsys.jenkinsci</groupId>
-            <artifactId>ownership</artifactId>
-            <version>0.13.0</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.commons</groupId>
-            <artifactId>commons-lang3</artifactId>
-            <version>3.12.0</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.jenkins-ci.plugins</groupId>
-            <artifactId>authorize-project</artifactId>
-            <version>1.7.0</version>
-            <scope>test</scope>
-        </dependency>
+  <dependencyManagement>
+    <dependencies>
+      <dependency>
+        <groupId>io.jenkins.tools.bom</groupId>
+        <artifactId>bom-2.387.x</artifactId>
+        <version>2198.v39c76fc308ca</version>
+        <type>pom</type>
+        <scope>import</scope>
+      </dependency>
     </dependencies>
+  </dependencyManagement>
+  <dependencies>
+    <dependency>
+      <groupId>io.jenkins.plugins</groupId>
+      <artifactId>ionicons-api</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>io.jenkins.plugins</groupId>
+      <artifactId>caffeine-api</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>io.jenkins</groupId>
+      <artifactId>configuration-as-code</artifactId>
+      <optional>true</optional>
+    </dependency>
+    <dependency>
+      <groupId>org.jenkins-ci.plugins</groupId>
+      <artifactId>cloudbees-folder</artifactId>
+      <optional>true</optional>
+    </dependency>
+    <dependency>
+      <groupId>io.jenkins.configuration-as-code</groupId>
+      <artifactId>test-harness</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>com.synopsys.jenkinsci</groupId>
+      <artifactId>ownership</artifactId>
+      <version>0.13.0</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.commons</groupId>
+      <artifactId>commons-lang3</artifactId>
+      <version>3.12.0</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.jenkins-ci.plugins</groupId>
+      <artifactId>authorize-project</artifactId>
+      <version>1.7.0</version>
+      <scope>test</scope>
+    </dependency>
+  </dependencies>
 
-   <repositories>
-        <repository>
-            <id>repo.jenkins-ci.org</id>
-            <url>https://repo.jenkins-ci.org/public/</url>
-        </repository>
-    </repositories>
-   <pluginRepositories>
-        <pluginRepository>
-            <id>repo.jenkins-ci.org</id>
-            <url>https://repo.jenkins-ci.org/public/</url>
-        </pluginRepository>
-    </pluginRepositories>
+  <repositories>
+    <repository>
+      <id>repo.jenkins-ci.org</id>
+      <url>https://repo.jenkins-ci.org/public/</url>
+    </repository>
+  </repositories>
+  <pluginRepositories>
+    <pluginRepository>
+      <id>repo.jenkins-ci.org</id>
+      <url>https://repo.jenkins-ci.org/public/</url>
+    </pluginRepository>
+  </pluginRepositories>
 
-   <build>
+  <build>
     <plugins>
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
@@ -146,42 +147,42 @@
         </executions>
       </plugin>
       <plugin>
-          <groupId>org.apache.maven.plugins</groupId>
-          <artifactId>maven-checkstyle-plugin</artifactId>
-          <version>3.3.0</version>
-          <dependencies>
-            <dependency>
-              <groupId>com.puppycrawl.tools</groupId>
-              <artifactId>checkstyle</artifactId>
-              <version>${checkstyle.version}</version>
-            </dependency>
-          </dependencies>
-          <configuration>
-              <configLocation>${project.basedir}/.build-config/checkstyle.xml</configLocation>
-              <suppressionsLocation>${project.basedir}/.build-config/checkstyle-suppressions.xml</suppressionsLocation>
-              <suppressionsFileExpression>checkstyle.suppressions.file</suppressionsFileExpression>
-              <includeTestSourceDirectory>true</includeTestSourceDirectory>
-              <consoleOutput>true</consoleOutput>
-          </configuration>
-          <executions>
-              <execution>
-                  <id>compile-checkstyle</id>
-                  <goals>
-                      <goal>checkstyle</goal>
-                  </goals>
-                  <phase>compile</phase>
-              </execution>
-              <execution>
-                  <id>test-check</id>
-                  <goals>
-                      <goal>check</goal>
-                  </goals>
-                  <phase>test</phase>
-                  <configuration>
-                      <violationSeverity>warning</violationSeverity>
-                  </configuration>
-              </execution>
-          </executions>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-checkstyle-plugin</artifactId>
+        <version>3.3.0</version>
+        <dependencies>
+          <dependency>
+            <groupId>com.puppycrawl.tools</groupId>
+            <artifactId>checkstyle</artifactId>
+            <version>${checkstyle.version}</version>
+          </dependency>
+        </dependencies>
+        <configuration>
+          <configLocation>${project.basedir}/.build-config/checkstyle.xml</configLocation>
+          <suppressionsLocation>${project.basedir}/.build-config/checkstyle-suppressions.xml</suppressionsLocation>
+          <suppressionsFileExpression>checkstyle.suppressions.file</suppressionsFileExpression>
+          <includeTestSourceDirectory>true</includeTestSourceDirectory>
+          <consoleOutput>true</consoleOutput>
+        </configuration>
+        <executions>
+          <execution>
+            <id>compile-checkstyle</id>
+            <goals>
+              <goal>checkstyle</goal>
+            </goals>
+            <phase>compile</phase>
+          </execution>
+          <execution>
+            <id>test-check</id>
+            <goals>
+              <goal>check</goal>
+            </goals>
+            <phase>test</phase>
+            <configuration>
+              <violationSeverity>warning</violationSeverity>
+            </configuration>
+          </execution>
+        </executions>
       </plugin>
     </plugins>
   </build>

diff --git a/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/AuthorizationType.java b/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/AuthorizationType.java
@@ -0,0 +1,61 @@
+/*
+ * The MIT License
+ *
+ * Copyright (c) 2021 CloudBees, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package com.michelin.cio.hudson.plugins.rolestrategy;
+
+/**
+ * The type of object being granted authorization.
+ */
+public enum AuthorizationType {
+
+  USER("User"),
+  GROUP("Group"),
+  /**
+   * Either type is being granted permissions.
+   * This is the legacy default.
+   */
+  EITHER("User/Group");
+
+  private final String description;
+
+  private AuthorizationType(String description) {
+    this.description = description;
+  }
+
+  public String getDescription() {
+    return description;
+  }
+
+  /**
+   * The prefix used in the persistence of an permission entry.
+   *
+   * @return prefix
+   */
+  public String toPrefix() {
+    if (this == AuthorizationType.EITHER) {
+      return ""; // Same as legacy format
+    }
+    return this + ":";
+  }
+}