From effd572c7c453a677c4403df83b12c83198f62a4 Mon Sep 17 00:00:00 2001 From: Junaid-Ashraf-56 Date: Sun, 5 Oct 2025 23:18:52 +0500 Subject: [PATCH 01/10] Update matrix-auth-plugin docs for v3.2+ syntax --- demos/global-matrix-auth/README.md | 63 +++++++++++++++++++++++++++++- 1 file changed, 61 insertions(+), 2 deletions(-) diff --git a/demos/global-matrix-auth/README.md b/demos/global-matrix-auth/README.md index 93868c48dc..8ee6f037fb 100644 --- a/demos/global-matrix-auth/README.md +++ b/demos/global-matrix-auth/README.md @@ -1,6 +1,7 @@ # matrix-auth-plugin -Requires `matrix-auth` >= 3.0 +Requires `matrix-auth` >= 3.2 +> Starting from version 3.2 of the `matrix-auth` plugin, the JCasC syntax for configuring permissions has changed. The previous `permissions:` format is deprecated and replaced with a structured `entries:` format. While older configurations may still work with `deprecated: warn`, it is recommended to migrate to the new format. There are a couple of built-in authorizations to consider. @@ -9,6 +10,30 @@ There are a couple of built-in authorizations to consider. ## sample-configuration (global matrix) +Updated Configuration: +```yaml +jenkins: + authorizationStrategy: + globalMatrix: + entries: + - user: + name: "admin" + permissions: + - "Overall/Administer" + - user: + name: "anonymous" + permissions: + - "Overall/Read" + - group: + name: "authenticated" + permissions: + - "Overall/Administer" +``` +Permissions must be defined **per line**, meaning each line must grant permission to only a single role, and only a single user or group of users. + + + +## Deprecated Configuration (Pre-3.2) ```yaml jenkins: authorizationStrategy: @@ -18,10 +43,44 @@ jenkins: - "GROUP:Overall/Administer:authenticated" - "USER:Overall/Administer:admin" ``` -Permissions must be defined **per line**, meaning each line must grant permission to only a single role, and only a single user or group of users. + + ## sample-configuration (project based matrix) +```yaml +jenkins: + authorizationStrategy: + projectMatrix: + entries: + - group: + name: "authenticated" + permissions: + - "View/Delete" + - "View/Read" + - "View/Configure" + - "View/Create" + - "Job/Read" + - "Job/Build" + - "Job/Configure" + - "Job/Create" + - "Job/Delete" + - "Job/Discover" + - "Job/Move" + - "Job/Workspace" + - "Job/Cancel" + - "Run/Delete" + - "Run/Replay" + - "Run/Update" + - "SCM/Tag" + - "Overall/Administer" + - user: + name: "anonymous" + permissions: + - "Overall/Read" +``` + +## Deprecated Configuration for Project Matrix (Pre-3.2) ```yaml jenkins: authorizationStrategy: From a3af5b5fee0cd04e845355c7c64fb38fa0207747 Mon Sep 17 00:00:00 2001 From: Junaid-Ashraf-56 Date: Tue, 14 Oct 2025 02:48:11 +0500 Subject: [PATCH 02/10] Updated according to the given points --- demos/global-matrix-auth/README.md | 48 ++---------------------------- 1 file changed, 3 insertions(+), 45 deletions(-) diff --git a/demos/global-matrix-auth/README.md b/demos/global-matrix-auth/README.md index 8ee6f037fb..32cdbe527e 100644 --- a/demos/global-matrix-auth/README.md +++ b/demos/global-matrix-auth/README.md @@ -1,7 +1,6 @@ # matrix-auth-plugin Requires `matrix-auth` >= 3.2 -> Starting from version 3.2 of the `matrix-auth` plugin, the JCasC syntax for configuring permissions has changed. The previous `permissions:` format is deprecated and replaced with a structured `entries:` format. While older configurations may still work with `deprecated: warn`, it is recommended to migrate to the new format. There are a couple of built-in authorizations to consider. @@ -10,7 +9,6 @@ There are a couple of built-in authorizations to consider. ## sample-configuration (global matrix) -Updated Configuration: ```yaml jenkins: authorizationStrategy: @@ -27,25 +25,12 @@ jenkins: - group: name: "authenticated" permissions: - - "Overall/Administer" -``` -Permissions must be defined **per line**, meaning each line must grant permission to only a single role, and only a single user or group of users. - - - -## Deprecated Configuration (Pre-3.2) -```yaml -jenkins: - authorizationStrategy: - globalMatrix: - permissions: - - "USER:Overall/Read:anonymous" - - "GROUP:Overall/Administer:authenticated" - - "USER:Overall/Administer:admin" + - "Overall/Read" + - "Job/Build" + - "Job/Create" ``` - ## sample-configuration (project based matrix) ```yaml @@ -80,33 +65,6 @@ jenkins: - "Overall/Read" ``` -## Deprecated Configuration for Project Matrix (Pre-3.2) -```yaml -jenkins: - authorizationStrategy: - projectMatrix: - permissions: - - "View/Delete:authenticated" - - "View/Read:authenticated" - - "View/Configure:authenticated" - - "View/Create:authenticated" - - "Job/Read:authenticated" - - "Job/Build:authenticated" - - "Job/Configure:authenticated" - - "Job/Create:authenticated" - - "Job/Delete:authenticated" - - "Job/Discover:authenticated" - - "Job/Move:authenticated" - - "Job/Workspace:authenticated" - - "Job/Cancel:authenticated" - - "Run/Delete:authenticated" - - "Run/Replay:authenticated" - - "Run/Update:authenticated" - - "SCM/Tag:authenticated" - - "Overall/Read:anonymous" - - "Overall/Administer:authenticated" -``` - Some permissions depends on actual plugin-usage. For Example: `Release/*:authenticated` is only available if you _use_ the Release plugin in one of your jobs. From f2d49fdd21da47aaced566c568fbc6ca57aa6b6f Mon Sep 17 00:00:00 2001 From: Junaid-Ashraf-56 Date: Tue, 14 Oct 2025 15:06:56 +0500 Subject: [PATCH 03/10] Test --- = | 0 .../plugins/casc/ProjectMatrixAuthorizationTest.java | 8 ++++---- 2 files changed, 4 insertions(+), 4 deletions(-) create mode 100644 = diff --git a/= b/= new file mode 100644 index 0000000000..e69de29bb2 diff --git a/integrations/src/test/java/io/jenkins/plugins/casc/ProjectMatrixAuthorizationTest.java b/integrations/src/test/java/io/jenkins/plugins/casc/ProjectMatrixAuthorizationTest.java index 6c652ec392..8de2db977a 100644 --- a/integrations/src/test/java/io/jenkins/plugins/casc/ProjectMatrixAuthorizationTest.java +++ b/integrations/src/test/java/io/jenkins/plugins/casc/ProjectMatrixAuthorizationTest.java @@ -3,8 +3,8 @@ import static org.junit.jupiter.api.Assertions.assertEquals; import hudson.security.ProjectMatrixAuthorizationStrategy; -import io.jenkins.plugins.casc.misc.ConfiguredWithCode; -import io.jenkins.plugins.casc.misc.JenkinsConfiguredWithCodeRule; +import io.jenkins.plugins.casc.misc.ConfiguredWithReadme; +import io.jenkins.plugins.casc.misc.JenkinsConfiguredWithReadmeRule; import io.jenkins.plugins.casc.misc.junit.jupiter.WithJenkinsConfiguredWithCode; import java.util.ArrayList; import java.util.List; @@ -18,8 +18,8 @@ class ProjectMatrixAuthorizationTest { @Test - @ConfiguredWithCode("ProjectMatrixStrategy.yml") - void checkCorrectlyConfiguredPermissions(JenkinsConfiguredWithCodeRule j) { + @ConfiguredWithReadme("global-matrix-auth/README.md#2") + void checkCorrectlyConfiguredPermissions(JenkinsConfiguredWithReadmeRule j) { assertEquals( ProjectMatrixAuthorizationStrategy.class, Jenkins.get().getAuthorizationStrategy().getClass(), From ef300acd881d0525a0fb95ec3fa0bc45df3c0333 Mon Sep 17 00:00:00 2001 From: Junaid-Ashraf-56 Date: Tue, 14 Oct 2025 15:14:37 +0500 Subject: [PATCH 04/10] Update --- .../plugins/casc/ProjectMatrixAuthorizationTest.java | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/integrations/src/test/java/io/jenkins/plugins/casc/ProjectMatrixAuthorizationTest.java b/integrations/src/test/java/io/jenkins/plugins/casc/ProjectMatrixAuthorizationTest.java index 8de2db977a..74afca313c 100644 --- a/integrations/src/test/java/io/jenkins/plugins/casc/ProjectMatrixAuthorizationTest.java +++ b/integrations/src/test/java/io/jenkins/plugins/casc/ProjectMatrixAuthorizationTest.java @@ -4,8 +4,6 @@ import hudson.security.ProjectMatrixAuthorizationStrategy; import io.jenkins.plugins.casc.misc.ConfiguredWithReadme; -import io.jenkins.plugins.casc.misc.JenkinsConfiguredWithReadmeRule; -import io.jenkins.plugins.casc.misc.junit.jupiter.WithJenkinsConfiguredWithCode; import java.util.ArrayList; import java.util.List; import jenkins.model.Jenkins; @@ -14,12 +12,12 @@ /** * Created by mads on 2/22/18. */ -@WithJenkinsConfiguredWithCode +@WithJenkinsConfiguredWithReadmeRule class ProjectMatrixAuthorizationTest { @Test @ConfiguredWithReadme("global-matrix-auth/README.md#2") - void checkCorrectlyConfiguredPermissions(JenkinsConfiguredWithReadmeRule j) { + void checkCorrectlyConfiguredPermissions() { assertEquals( ProjectMatrixAuthorizationStrategy.class, Jenkins.get().getAuthorizationStrategy().getClass(), From 1833658a67ae6c28d5acc45708172a5184abff88 Mon Sep 17 00:00:00 2001 From: Junaid-Ashraf-56 Date: Tue, 14 Oct 2025 15:24:55 +0500 Subject: [PATCH 05/10] Update --- .../plugins/casc/ProjectMatrixAuthorizationTest.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/integrations/src/test/java/io/jenkins/plugins/casc/ProjectMatrixAuthorizationTest.java b/integrations/src/test/java/io/jenkins/plugins/casc/ProjectMatrixAuthorizationTest.java index 74afca313c..8de2db977a 100644 --- a/integrations/src/test/java/io/jenkins/plugins/casc/ProjectMatrixAuthorizationTest.java +++ b/integrations/src/test/java/io/jenkins/plugins/casc/ProjectMatrixAuthorizationTest.java @@ -4,6 +4,8 @@ import hudson.security.ProjectMatrixAuthorizationStrategy; import io.jenkins.plugins.casc.misc.ConfiguredWithReadme; +import io.jenkins.plugins.casc.misc.JenkinsConfiguredWithReadmeRule; +import io.jenkins.plugins.casc.misc.junit.jupiter.WithJenkinsConfiguredWithCode; import java.util.ArrayList; import java.util.List; import jenkins.model.Jenkins; @@ -12,12 +14,12 @@ /** * Created by mads on 2/22/18. */ -@WithJenkinsConfiguredWithReadmeRule +@WithJenkinsConfiguredWithCode class ProjectMatrixAuthorizationTest { @Test @ConfiguredWithReadme("global-matrix-auth/README.md#2") - void checkCorrectlyConfiguredPermissions() { + void checkCorrectlyConfiguredPermissions(JenkinsConfiguredWithReadmeRule j) { assertEquals( ProjectMatrixAuthorizationStrategy.class, Jenkins.get().getAuthorizationStrategy().getClass(), From 9a94154fd64ac23f18903aaf7b4ed79840c79f21 Mon Sep 17 00:00:00 2001 From: Junaid Ashraf <140254709+Junaid-Ashraf-56@users.noreply.github.com> Date: Tue, 14 Oct 2025 15:47:51 +0500 Subject: [PATCH 06/10] Delete integrations/src/test/java/io/jenkins/plugins/casc/ProjectMatrixAuthorizationTest.java --- .../casc/ProjectMatrixAuthorizationTest.java | 38 ------------------- 1 file changed, 38 deletions(-) delete mode 100644 integrations/src/test/java/io/jenkins/plugins/casc/ProjectMatrixAuthorizationTest.java diff --git a/integrations/src/test/java/io/jenkins/plugins/casc/ProjectMatrixAuthorizationTest.java b/integrations/src/test/java/io/jenkins/plugins/casc/ProjectMatrixAuthorizationTest.java deleted file mode 100644 index 8de2db977a..0000000000 --- a/integrations/src/test/java/io/jenkins/plugins/casc/ProjectMatrixAuthorizationTest.java +++ /dev/null @@ -1,38 +0,0 @@ -package io.jenkins.plugins.casc; - -import static org.junit.jupiter.api.Assertions.assertEquals; - -import hudson.security.ProjectMatrixAuthorizationStrategy; -import io.jenkins.plugins.casc.misc.ConfiguredWithReadme; -import io.jenkins.plugins.casc.misc.JenkinsConfiguredWithReadmeRule; -import io.jenkins.plugins.casc.misc.junit.jupiter.WithJenkinsConfiguredWithCode; -import java.util.ArrayList; -import java.util.List; -import jenkins.model.Jenkins; -import org.junit.jupiter.api.Test; - -/** - * Created by mads on 2/22/18. - */ -@WithJenkinsConfiguredWithCode -class ProjectMatrixAuthorizationTest { - - @Test - @ConfiguredWithReadme("global-matrix-auth/README.md#2") - void checkCorrectlyConfiguredPermissions(JenkinsConfiguredWithReadmeRule j) { - assertEquals( - ProjectMatrixAuthorizationStrategy.class, - Jenkins.get().getAuthorizationStrategy().getClass(), - "The configured instance must use the Global Matrix Authentication Strategy"); - ProjectMatrixAuthorizationStrategy gms = - (ProjectMatrixAuthorizationStrategy) Jenkins.get().getAuthorizationStrategy(); - - List adminPermission = - new ArrayList<>(gms.getGrantedPermissions().get(Jenkins.ADMINISTER)); - assertEquals("authenticated", adminPermission.get(0)); - - List readPermission = - new ArrayList<>(gms.getGrantedPermissions().get(Jenkins.READ)); - assertEquals("anonymous", readPermission.get(0)); - } -} From ecdce5d66a08c3bb4f916b8b7fe5c03ea1e0b09e Mon Sep 17 00:00:00 2001 From: Tim Jacomb Date: Sun, 19 Oct 2025 08:22:43 +0100 Subject: [PATCH 07/10] Revert "Delete integrations/src/test/java/io/jenkins/plugins/casc/ProjectMatrixAuthorizationTest.java" This reverts commit 9a94154fd64ac23f18903aaf7b4ed79840c79f21. --- .../casc/ProjectMatrixAuthorizationTest.java | 38 +++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 integrations/src/test/java/io/jenkins/plugins/casc/ProjectMatrixAuthorizationTest.java diff --git a/integrations/src/test/java/io/jenkins/plugins/casc/ProjectMatrixAuthorizationTest.java b/integrations/src/test/java/io/jenkins/plugins/casc/ProjectMatrixAuthorizationTest.java new file mode 100644 index 0000000000..8de2db977a --- /dev/null +++ b/integrations/src/test/java/io/jenkins/plugins/casc/ProjectMatrixAuthorizationTest.java @@ -0,0 +1,38 @@ +package io.jenkins.plugins.casc; + +import static org.junit.jupiter.api.Assertions.assertEquals; + +import hudson.security.ProjectMatrixAuthorizationStrategy; +import io.jenkins.plugins.casc.misc.ConfiguredWithReadme; +import io.jenkins.plugins.casc.misc.JenkinsConfiguredWithReadmeRule; +import io.jenkins.plugins.casc.misc.junit.jupiter.WithJenkinsConfiguredWithCode; +import java.util.ArrayList; +import java.util.List; +import jenkins.model.Jenkins; +import org.junit.jupiter.api.Test; + +/** + * Created by mads on 2/22/18. + */ +@WithJenkinsConfiguredWithCode +class ProjectMatrixAuthorizationTest { + + @Test + @ConfiguredWithReadme("global-matrix-auth/README.md#2") + void checkCorrectlyConfiguredPermissions(JenkinsConfiguredWithReadmeRule j) { + assertEquals( + ProjectMatrixAuthorizationStrategy.class, + Jenkins.get().getAuthorizationStrategy().getClass(), + "The configured instance must use the Global Matrix Authentication Strategy"); + ProjectMatrixAuthorizationStrategy gms = + (ProjectMatrixAuthorizationStrategy) Jenkins.get().getAuthorizationStrategy(); + + List adminPermission = + new ArrayList<>(gms.getGrantedPermissions().get(Jenkins.ADMINISTER)); + assertEquals("authenticated", adminPermission.get(0)); + + List readPermission = + new ArrayList<>(gms.getGrantedPermissions().get(Jenkins.READ)); + assertEquals("anonymous", readPermission.get(0)); + } +} From 6447cd880332f72cac80903e648e8a7c955d5b6e Mon Sep 17 00:00:00 2001 From: Tim Jacomb Date: Sun, 19 Oct 2025 08:43:59 +0100 Subject: [PATCH 08/10] Fixup --- = | 0 demos/global-matrix-auth/README.md | 79 ------------------ demos/matrix-auth/README.md | 83 ++++++++++++++++--- integrations/pom.xml | 2 +- .../casc/GlobalMatrixAuthorizationTest.java | 41 --------- .../plugins/casc/MatrixAuthorizationTest.java | 64 ++++++++++++++ .../casc/ProjectMatrixAuthorizationTest.java | 38 --------- 7 files changed, 135 insertions(+), 172 deletions(-) delete mode 100644 = delete mode 100644 demos/global-matrix-auth/README.md delete mode 100644 integrations/src/test/java/io/jenkins/plugins/casc/GlobalMatrixAuthorizationTest.java create mode 100644 integrations/src/test/java/io/jenkins/plugins/casc/MatrixAuthorizationTest.java delete mode 100644 integrations/src/test/java/io/jenkins/plugins/casc/ProjectMatrixAuthorizationTest.java diff --git a/= b/= deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/demos/global-matrix-auth/README.md b/demos/global-matrix-auth/README.md deleted file mode 100644 index 32cdbe527e..0000000000 --- a/demos/global-matrix-auth/README.md +++ /dev/null @@ -1,79 +0,0 @@ -# matrix-auth-plugin - -Requires `matrix-auth` >= 3.2 - -There are a couple of built-in authorizations to consider. - -- **anonymous** - anyone who has not logged in. -- **authenticated** - anyone who has logged in. - -## sample-configuration (global matrix) - -```yaml -jenkins: - authorizationStrategy: - globalMatrix: - entries: - - user: - name: "admin" - permissions: - - "Overall/Administer" - - user: - name: "anonymous" - permissions: - - "Overall/Read" - - group: - name: "authenticated" - permissions: - - "Overall/Read" - - "Job/Build" - - "Job/Create" -``` - - -## sample-configuration (project based matrix) - -```yaml -jenkins: - authorizationStrategy: - projectMatrix: - entries: - - group: - name: "authenticated" - permissions: - - "View/Delete" - - "View/Read" - - "View/Configure" - - "View/Create" - - "Job/Read" - - "Job/Build" - - "Job/Configure" - - "Job/Create" - - "Job/Delete" - - "Job/Discover" - - "Job/Move" - - "Job/Workspace" - - "Job/Cancel" - - "Run/Delete" - - "Run/Replay" - - "Run/Update" - - "SCM/Tag" - - "Overall/Administer" - - user: - name: "anonymous" - permissions: - - "Overall/Read" -``` - -Some permissions depends on actual plugin-usage. -For Example: `Release/*:authenticated` is only available if you _use_ the Release plugin in one of your jobs. - -## GitHub Authorization - -https://plugins.jenkins.io/github-oauth/ - -You can configure authorization based on GitHub users, organizations, or teams. - -- **username** - specific GitHub username. -- **organization** - every user that belongs to a specific GitHub organization. -- **organization*team** - specific GitHub team of a GitHub organization. diff --git a/demos/matrix-auth/README.md b/demos/matrix-auth/README.md index e8ead276d4..100b1635e4 100644 --- a/demos/matrix-auth/README.md +++ b/demos/matrix-auth/README.md @@ -1,21 +1,78 @@ -# Configure Matrix Authorization Strategy +# matrix-auth-plugin -Basic configuration of the [Matrix Authorization Strategy plugin](https://plugins.jenkins.io/matrix-auth) +There are a couple of built-in authorizations to consider. -## sample configuration +- **anonymous** - anyone who has not logged in. +- **authenticated** - anyone who has logged in. + +## sample-configuration (global matrix) ```yaml jenkins: - securityRealm: - local: - allowsSignup: false - users: - - id: test - password: test - authorizationStrategy: globalMatrix: - permissions: - - "Overall/Read:anonymous" - - "Overall/Administer:authenticated" + entries: + - user: + name: "admin" + permissions: + - "Overall/Administer" + - user: + name: "anonymous" + permissions: + - "Overall/Read" + - "Job/Read" + - group: + name: "authenticated" + permissions: + - "Overall/Read" + - "Job/Build" + - "Job/Create" +``` + + +## sample-configuration (project based matrix) + +```yaml +jenkins: + authorizationStrategy: + projectMatrix: + entries: + - group: + name: "authenticated" + permissions: + - "View/Delete" + - "View/Read" + - "View/Configure" + - "View/Create" + - "Job/Read" + - "Job/Build" + - "Job/Configure" + - "Job/Create" + - "Job/Delete" + - "Job/Discover" + - "Job/Move" + - "Job/Workspace" + - "Job/Cancel" + - "Run/Delete" + - "Run/Replay" + - "Run/Update" + - "SCM/Tag" + - "Overall/Administer" + - user: + name: "anonymous" + permissions: + - "Overall/Read" ``` + +Some permissions depends on actual plugin-usage. +For Example: `Release/*:authenticated` is only available if you _use_ the Release plugin in one of your jobs. + +## GitHub Authorization + +https://plugins.jenkins.io/github-oauth/ + +You can configure authorization based on GitHub users, organizations, or teams. + +- **username** - specific GitHub username. +- **organization** - every user that belongs to a specific GitHub organization. +- **organization*team** - specific GitHub team of a GitHub organization. diff --git a/integrations/pom.xml b/integrations/pom.xml index 718cc178f4..a4c03af10d 100644 --- a/integrations/pom.xml +++ b/integrations/pom.xml @@ -14,7 +14,7 @@ true 2.516 - ${jenkins.baseline}.1 + ${jenkins.baseline}.3 diff --git a/integrations/src/test/java/io/jenkins/plugins/casc/GlobalMatrixAuthorizationTest.java b/integrations/src/test/java/io/jenkins/plugins/casc/GlobalMatrixAuthorizationTest.java deleted file mode 100644 index a55f2a5466..0000000000 --- a/integrations/src/test/java/io/jenkins/plugins/casc/GlobalMatrixAuthorizationTest.java +++ /dev/null @@ -1,41 +0,0 @@ -package io.jenkins.plugins.casc; - -import static org.junit.Assert.assertEquals; - -import hudson.security.GlobalMatrixAuthorizationStrategy; -import io.jenkins.plugins.casc.misc.ConfiguredWithReadme; -import io.jenkins.plugins.casc.misc.JenkinsConfiguredWithReadmeRule; -import java.util.ArrayList; -import java.util.List; -import jenkins.model.Jenkins; -import org.junit.Rule; -import org.junit.Test; - -/** - * @author Mads Nielsen - * @since 1.0 - */ -public class GlobalMatrixAuthorizationTest { - - @Rule - public JenkinsConfiguredWithReadmeRule j = new JenkinsConfiguredWithReadmeRule(); - - @Test - @ConfiguredWithReadme("matrix-auth/README.md") - public void checkCorrectlyConfiguredPermissions() { - assertEquals( - "The configured instance must use the Global Matrix Authentication Strategy", - GlobalMatrixAuthorizationStrategy.class, - Jenkins.get().getAuthorizationStrategy().getClass()); - GlobalMatrixAuthorizationStrategy gms = - (GlobalMatrixAuthorizationStrategy) Jenkins.get().getAuthorizationStrategy(); - - List adminPermission = - new ArrayList<>(gms.getGrantedPermissions().get(Jenkins.ADMINISTER)); - assertEquals("authenticated", adminPermission.get(0)); - - List readPermission = - new ArrayList<>(gms.getGrantedPermissions().get(Jenkins.READ)); - assertEquals("anonymous", readPermission.get(0)); - } -} diff --git a/integrations/src/test/java/io/jenkins/plugins/casc/MatrixAuthorizationTest.java b/integrations/src/test/java/io/jenkins/plugins/casc/MatrixAuthorizationTest.java new file mode 100644 index 0000000000..5e34c71acc --- /dev/null +++ b/integrations/src/test/java/io/jenkins/plugins/casc/MatrixAuthorizationTest.java @@ -0,0 +1,64 @@ +package io.jenkins.plugins.casc; + +import static org.junit.Assert.assertEquals; + +import hudson.model.Job; +import hudson.security.GlobalMatrixAuthorizationStrategy; +import hudson.security.ProjectMatrixAuthorizationStrategy; +import io.jenkins.plugins.casc.misc.ConfiguredWithReadme; +import io.jenkins.plugins.casc.misc.JenkinsConfiguredWithReadmeRule; +import java.util.Set; +import jenkins.model.Jenkins; +import org.jenkinsci.plugins.matrixauth.PermissionEntry; +import org.junit.Rule; +import org.junit.Test; +import org.junit.jupiter.api.Assertions; + +/** + * @author Mads Nielsen + * @since 1.0 + */ +public class MatrixAuthorizationTest { + + @Rule + public JenkinsConfiguredWithReadmeRule j = new JenkinsConfiguredWithReadmeRule(); + + @Test + @ConfiguredWithReadme("matrix-auth/README.md#0") + public void checkGlobalCorrectlyConfiguredPermissions() { + assertEquals( + "The configured instance must use the Global Matrix Authentication Strategy", + GlobalMatrixAuthorizationStrategy.class, + Jenkins.get().getAuthorizationStrategy().getClass()); + GlobalMatrixAuthorizationStrategy gms = + (GlobalMatrixAuthorizationStrategy) Jenkins.get().getAuthorizationStrategy(); + + Set adminPermission = gms.getGrantedPermissionEntries() + .get(Job.BUILD); + assertEquals("authenticated", adminPermission.iterator().next().getSid()); + + Set readPermission = gms.getGrantedPermissionEntries() + .get(Job.READ); + assertEquals("anonymous", readPermission.iterator().next().getSid()); + } + + @Test + @ConfiguredWithReadme("matrix-auth/README.md#1") + public void checkProjectCorrectlyConfiguredPermissions() { + Assertions.assertEquals( + ProjectMatrixAuthorizationStrategy.class, + Jenkins.get().getAuthorizationStrategy().getClass(), + "The configured instance must use the Global Matrix Authentication Strategy"); + ProjectMatrixAuthorizationStrategy gms = + (ProjectMatrixAuthorizationStrategy) Jenkins.get().getAuthorizationStrategy(); + + Set adminPermission = gms.getGrantedPermissionEntries() + .get(Jenkins.ADMINISTER); + Assertions.assertEquals("authenticated", adminPermission.iterator().next().getSid()); + + Set readPermission = gms.getGrantedPermissionEntries() + .get(Jenkins.READ); + Assertions.assertEquals("anonymous", readPermission.iterator().next().getSid()); + } + +} diff --git a/integrations/src/test/java/io/jenkins/plugins/casc/ProjectMatrixAuthorizationTest.java b/integrations/src/test/java/io/jenkins/plugins/casc/ProjectMatrixAuthorizationTest.java deleted file mode 100644 index 8de2db977a..0000000000 --- a/integrations/src/test/java/io/jenkins/plugins/casc/ProjectMatrixAuthorizationTest.java +++ /dev/null @@ -1,38 +0,0 @@ -package io.jenkins.plugins.casc; - -import static org.junit.jupiter.api.Assertions.assertEquals; - -import hudson.security.ProjectMatrixAuthorizationStrategy; -import io.jenkins.plugins.casc.misc.ConfiguredWithReadme; -import io.jenkins.plugins.casc.misc.JenkinsConfiguredWithReadmeRule; -import io.jenkins.plugins.casc.misc.junit.jupiter.WithJenkinsConfiguredWithCode; -import java.util.ArrayList; -import java.util.List; -import jenkins.model.Jenkins; -import org.junit.jupiter.api.Test; - -/** - * Created by mads on 2/22/18. - */ -@WithJenkinsConfiguredWithCode -class ProjectMatrixAuthorizationTest { - - @Test - @ConfiguredWithReadme("global-matrix-auth/README.md#2") - void checkCorrectlyConfiguredPermissions(JenkinsConfiguredWithReadmeRule j) { - assertEquals( - ProjectMatrixAuthorizationStrategy.class, - Jenkins.get().getAuthorizationStrategy().getClass(), - "The configured instance must use the Global Matrix Authentication Strategy"); - ProjectMatrixAuthorizationStrategy gms = - (ProjectMatrixAuthorizationStrategy) Jenkins.get().getAuthorizationStrategy(); - - List adminPermission = - new ArrayList<>(gms.getGrantedPermissions().get(Jenkins.ADMINISTER)); - assertEquals("authenticated", adminPermission.get(0)); - - List readPermission = - new ArrayList<>(gms.getGrantedPermissions().get(Jenkins.READ)); - assertEquals("anonymous", readPermission.get(0)); - } -} From 627244ff1f96df9bcd136bfbdb07e3c9c8582003 Mon Sep 17 00:00:00 2001 From: Tim Jacomb Date: Sun, 19 Oct 2025 08:44:45 +0100 Subject: [PATCH 09/10] Re-add most of a sentence --- demos/matrix-auth/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/demos/matrix-auth/README.md b/demos/matrix-auth/README.md index 100b1635e4..9d846e0c49 100644 --- a/demos/matrix-auth/README.md +++ b/demos/matrix-auth/README.md @@ -1,5 +1,7 @@ # matrix-auth-plugin +Configuration of the [Matrix Authorization Strategy plugin](https://plugins.jenkins.io/matrix-auth) + There are a couple of built-in authorizations to consider. - **anonymous** - anyone who has not logged in. From 39fddd79897b0e79e4820c8a931a72460e0974f6 Mon Sep 17 00:00:00 2001 From: Tim Jacomb Date: Sun, 19 Oct 2025 10:26:47 +0100 Subject: [PATCH 10/10] Fmt --- .../plugins/casc/MatrixAuthorizationTest.java | 24 ++++++++----------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/integrations/src/test/java/io/jenkins/plugins/casc/MatrixAuthorizationTest.java b/integrations/src/test/java/io/jenkins/plugins/casc/MatrixAuthorizationTest.java index 5e34c71acc..151d499a54 100644 --- a/integrations/src/test/java/io/jenkins/plugins/casc/MatrixAuthorizationTest.java +++ b/integrations/src/test/java/io/jenkins/plugins/casc/MatrixAuthorizationTest.java @@ -33,12 +33,10 @@ public void checkGlobalCorrectlyConfiguredPermissions() { GlobalMatrixAuthorizationStrategy gms = (GlobalMatrixAuthorizationStrategy) Jenkins.get().getAuthorizationStrategy(); - Set adminPermission = gms.getGrantedPermissionEntries() - .get(Job.BUILD); + Set adminPermission = gms.getGrantedPermissionEntries().get(Job.BUILD); assertEquals("authenticated", adminPermission.iterator().next().getSid()); - Set readPermission = gms.getGrantedPermissionEntries() - .get(Job.READ); + Set readPermission = gms.getGrantedPermissionEntries().get(Job.READ); assertEquals("anonymous", readPermission.iterator().next().getSid()); } @@ -46,19 +44,17 @@ public void checkGlobalCorrectlyConfiguredPermissions() { @ConfiguredWithReadme("matrix-auth/README.md#1") public void checkProjectCorrectlyConfiguredPermissions() { Assertions.assertEquals( - ProjectMatrixAuthorizationStrategy.class, - Jenkins.get().getAuthorizationStrategy().getClass(), - "The configured instance must use the Global Matrix Authentication Strategy"); + ProjectMatrixAuthorizationStrategy.class, + Jenkins.get().getAuthorizationStrategy().getClass(), + "The configured instance must use the Global Matrix Authentication Strategy"); ProjectMatrixAuthorizationStrategy gms = - (ProjectMatrixAuthorizationStrategy) Jenkins.get().getAuthorizationStrategy(); + (ProjectMatrixAuthorizationStrategy) Jenkins.get().getAuthorizationStrategy(); - Set adminPermission = gms.getGrantedPermissionEntries() - .get(Jenkins.ADMINISTER); - Assertions.assertEquals("authenticated", adminPermission.iterator().next().getSid()); + Set adminPermission = gms.getGrantedPermissionEntries().get(Jenkins.ADMINISTER); + Assertions.assertEquals( + "authenticated", adminPermission.iterator().next().getSid()); - Set readPermission = gms.getGrantedPermissionEntries() - .get(Jenkins.READ); + Set readPermission = gms.getGrantedPermissionEntries().get(Jenkins.READ); Assertions.assertEquals("anonymous", readPermission.iterator().next().getSid()); } - }