Closes #805 - Rename the configuration server's committer role (#829)

inspectIT · Jul 10, 2020 · c3a5f2c · c3a5f2c
1 parent 34bd6dc
commit c3a5f2c
Show file tree

Hide file tree

Showing 15 changed files with 38 additions and 33 deletions.
diff --git a/...s/inspectit-ocelot-configurationserver-ui/src/components/views/promotion/PromotionView.js b/...s/inspectit-ocelot-configurationserver-ui/src/components/views/promotion/PromotionView.js
@@ -28,7 +28,7 @@ const PromotionView = () => {
   const currentApprovals = useSelector((state) => state.promotion.approvals);
   const workspaceCommitId = useSelector((state) => state.promotion.workspaceCommitId);
   const liveCommitId = useSelector((state) => state.promotion.liveCommitId);
-  const canCommit = useSelector((state) => state.authentication.permissions.commit);
+  const canPromote = useSelector((state) => state.authentication.permissions.promote);
 
   // fetching promotion data
   const [{ data, isLoading, lastUpdate }, refreshData] = useFetchData('/configuration/promotions', { 'include-content': 'true' });
@@ -140,7 +140,7 @@ const PromotionView = () => {
             onRefresh={refreshData}
             onPromote={() => setShowPromotionDialog(true)}
             loading={isLoading}
-            enabled={canCommit && hasApprovals}
+            enabled={canPromote && hasApprovals}
           />
         </div>
         <div className="content">
@@ -157,7 +157,7 @@ const PromotionView = () => {
                 {currentSelectionFile ? (
                   <>
                     <PromotionFileViewer oldValue={currentSelectionFile.oldContent} newValue={currentSelectionFile.newContent} />
-                    {canCommit && <PromotionFileApproval approved={isCurrentSelectionApproved} onApproveFile={toggleFileApproval} />}
+                    {canPromote && <PromotionFileApproval approved={isCurrentSelectionApproved} onApproveFile={toggleFileApproval} />}
                   </>
                 ) : (
                   <div className="selection-information">

diff --git a/components/inspectit-ocelot-configurationserver-ui/src/redux/ducks/initial-states.js b/components/inspectit-ocelot-configurationserver-ui/src/redux/ducks/initial-states.js
@@ -4,7 +4,7 @@ const authentication = {
   /** The authorization permissions the user has*/
   permissions: {
     write: false,
-    commit: false,
+    promote: false,
     admin: false,
   },
   /** Specifying whether a login request is currently be executed */

diff --git a/...tionserver/src/main/java/rocks/inspectit/ocelot/config/model/LdapRoleResolveSettings.java b/...tionserver/src/main/java/rocks/inspectit/ocelot/config/model/LdapRoleResolveSettings.java
@@ -30,10 +30,10 @@ public class LdapRoleResolveSettings {
     private List<String> write = new ArrayList<>();
 
     /**
-     * Roles defined in this list are granted read, write and commit access.
+     * Roles defined in this list are granted read, write and promotion access.
      */
     @Builder.Default
-    private List<String> commit = new ArrayList<>();
+    private List<String> promote = new ArrayList<>();
 
     /**
      * Roles defined in this list are granted read, write, commit and admin access.

diff --git a/...configurationserver/src/main/java/rocks/inspectit/ocelot/mappings/model/AgentMapping.java b/...configurationserver/src/main/java/rocks/inspectit/ocelot/mappings/model/AgentMapping.java
@@ -29,6 +29,9 @@ public class AgentMapping implements Auditable {
      */
     private String name;
 
+    /**
+     * The branch which is used by this mapping.
+     */
     private Branch sourceBranch;
 
     /**
@@ -46,7 +49,7 @@ public class AgentMapping implements Auditable {
     @JsonCreator
     public AgentMapping(
             @JsonProperty("name") String name,
-            @JsonProperty("branch") Branch sourceBranch,
+            @JsonProperty("sourceBranch") Branch sourceBranch,
             @JsonProperty("sources") List<@NotBlank String> sources,
             @JsonProperty("attributes") Map<@NotBlank String, @NotBlank String> attributes) {
         this.name = name;

diff --git a/...onserver/src/main/java/rocks/inspectit/ocelot/rest/configuration/PromotionController.java b/...onserver/src/main/java/rocks/inspectit/ocelot/rest/configuration/PromotionController.java
@@ -34,7 +34,7 @@ public WorkspaceDiff getPromotions(@ApiParam("Specifies whether the old and new
         return fileManager.getWorkspaceDiff(includeContent);
     }
 
-    @Secured(UserRoleConfiguration.COMMIT_ACCESS_ROLE)
+    @Secured(UserRoleConfiguration.PROMOTE_ACCESS_ROLE)
     @ApiOperation(value = "Promote configurations", notes = "Promotes the specified configuration files.")
     @PostMapping(value = "configuration/promote")
     public ResponseEntity promoteConfiguration(@ApiParam("The definition that contains the information about which files to promote.") @RequestBody ConfigurationPromotion promotion) throws GitAPIException {

diff --git a/...onfigurationserver/src/main/java/rocks/inspectit/ocelot/rest/users/AccountController.java b/...onfigurationserver/src/main/java/rocks/inspectit/ocelot/rest/users/AccountController.java
@@ -100,7 +100,7 @@ public UserPermissions getPermissions(Authentication auth) {
 
         return UserPermissions.builder()
                 .write(roles.contains(UserRoleConfiguration.WRITE_ACCESS_ROLE))
-                .commit(roles.contains(UserRoleConfiguration.COMMIT_ACCESS_ROLE))
+                .promote(roles.contains(UserRoleConfiguration.PROMOTE_ACCESS_ROLE))
                 .admin(roles.contains(UserRoleConfiguration.ADMIN_ACCESS_ROLE))
                 .build();
     }

diff --git a/...ionserver/src/main/java/rocks/inspectit/ocelot/security/config/UserRoleConfiguration.java b/...ionserver/src/main/java/rocks/inspectit/ocelot/security/config/UserRoleConfiguration.java
@@ -38,7 +38,7 @@ public class UserRoleConfiguration {
     /**
      * Permission required for commit access.
      */
-    public static final String COMMIT_ACCESS_ROLE = ROLE_PREFIX + "OCELOT_COMMIT";
+    public static final String PROMOTE_ACCESS_ROLE = ROLE_PREFIX + "OCELOT_PROMOTE";
 
     /**
      * Permission required for admin access.
@@ -63,10 +63,10 @@ public class UserRoleConfiguration {
     /**
      * Permission set for the committer-role.
      */
-    public static final List<? extends GrantedAuthority> COMMIT_ROLE_PERMISSION_SET = Arrays.asList(
+    public static final List<? extends GrantedAuthority> PROMOTE_ROLE_PERMISSION_SET = Arrays.asList(
             new SimpleGrantedAuthority(READ_ACCESS_ROLE),
             new SimpleGrantedAuthority(WRITE_ACCESS_ROLE),
-            new SimpleGrantedAuthority(COMMIT_ACCESS_ROLE)
+            new SimpleGrantedAuthority(PROMOTE_ACCESS_ROLE)
     );
 
     /**
@@ -75,7 +75,7 @@ public class UserRoleConfiguration {
     public static final List<? extends GrantedAuthority> ADMIN_ROLE_PERMISSION_SET = Arrays.asList(
             new SimpleGrantedAuthority(READ_ACCESS_ROLE),
             new SimpleGrantedAuthority(WRITE_ACCESS_ROLE),
-            new SimpleGrantedAuthority(COMMIT_ACCESS_ROLE),
+            new SimpleGrantedAuthority(PROMOTE_ACCESS_ROLE),
             new SimpleGrantedAuthority(ADMIN_ACCESS_ROLE)
     );
 }
diff --git a/...rc/main/java/rocks/inspectit/ocelot/security/userdetails/CustomUserAuthoritiesMapper.java b/...rc/main/java/rocks/inspectit/ocelot/security/userdetails/CustomUserAuthoritiesMapper.java
@@ -38,8 +38,8 @@ public Collection<? extends GrantedAuthority> mapAuthorities(Collection<? extend
         if (containsAuthority(authorities, role_settings.getAdmin()) || hasAdminGroup(authorities)) {
             return UserRoleConfiguration.ADMIN_ROLE_PERMISSION_SET;
         }
-        if (containsAuthority(authorities, role_settings.getCommit())) {
-            return UserRoleConfiguration.COMMIT_ROLE_PERMISSION_SET;
+        if (containsAuthority(authorities, role_settings.getPromote())) {
+            return UserRoleConfiguration.PROMOTE_ROLE_PERMISSION_SET;
         }
         if (containsAuthority(authorities, role_settings.getWrite())) {
             return UserRoleConfiguration.WRITE_ROLE_PERMISSION_SET;

diff --git a/...ocelot-configurationserver/src/main/java/rocks/inspectit/ocelot/user/UserPermissions.java b/...ocelot-configurationserver/src/main/java/rocks/inspectit/ocelot/user/UserPermissions.java
@@ -20,9 +20,9 @@ public class UserPermissions {
     private boolean write;
 
     /**
-     * True, if the user has commit access.
+     * True, if the user has promote access.
      */
-    private boolean commit;
+    private boolean promote;
 
     /**
      * True, if the user has admin access.

diff --git a/components/inspectit-ocelot-configurationserver/src/main/resources/application.yml b/components/inspectit-ocelot-configurationserver/src/main/resources/application.yml
@@ -42,6 +42,7 @@ inspectit-config-server:
   # security settings
   security:
     # Whether LDAP authentication should be used
+    # See the documentation on how to configure LDAP correctly: https://inspectit.github.io/inspectit-ocelot/docs/config-server/user-authentication
     ldap-authentication: false
 
 # ACTUATOR PROPERTIES

diff --git a/...ationserver/src/test/java/rocks/inspectit/ocelot/mappings/AgentMappingSerializerTest.java b/...ationserver/src/test/java/rocks/inspectit/ocelot/mappings/AgentMappingSerializerTest.java
@@ -51,7 +51,7 @@ public void successfullyWriteYaml() throws IOException {
             verify(fileAccessor).writeAgentMappings(writtenFile.capture());
 
             assertThat(writtenFile.getValue()).isEqualTo("- name: \"mapping\"\n" +
-                    "  branch: \"LIVE\"\n" +
+                    "  sourceBranch: \"LIVE\"\n"+
                     "  sources:\n" +
                     "  - \"/any-source\"\n" +
                     "  attributes:\n" +
@@ -64,9 +64,9 @@ public void successfullyWriteYaml() throws IOException {
     public class ReadAgentMappings {
 
         @Test
-        public void successfullyReadYaml() throws IOException {
+        public void successfullyReadYaml() {
             String dummyYaml = "- name: \"mapping\"\n" +
-                    "  branch: \"WORKSPACE\"\n" +
+                    "  sourceBranch: \"LIVE\"\n" +
                     "  sources:\n" +
                     "  - \"/any-source\"\n" +
                     "  attributes:\n" +
@@ -81,6 +81,7 @@ public void successfullyReadYaml() throws IOException {
             assertThat(mapping.getName()).isEqualTo("mapping");
             assertThat(mapping.getSources()).containsExactly("/any-source");
             assertThat(mapping.getAttributes()).containsEntry("key", "val");
+            assertThat(mapping.getSourceBranch()).isEqualTo(Branch.LIVE);
         }
     }
 }
diff --git a/...ationserver/src/test/java/rocks/inspectit/ocelot/rest/users/AccountControllerIntTest.java b/...ationserver/src/test/java/rocks/inspectit/ocelot/rest/users/AccountControllerIntTest.java
@@ -114,7 +114,7 @@ void testAdminPermissions() {
             assertThat(result.getBody())
                     .isEqualTo(UserPermissions.builder()
                             .write(true)
-                            .commit(true)
+                            .promote(true)
                             .admin(true)
                             .build());
         }

diff --git a/...est/java/rocks/inspectit/ocelot/security/userdetails/CustomUserAuthoritiesMapperTest.java b/...est/java/rocks/inspectit/ocelot/security/userdetails/CustomUserAuthoritiesMapperTest.java
@@ -41,7 +41,7 @@ public InspectitServerSettings setupRoleSettings(
 
         lenient().when(mockLdapRoleResolveSettings.getRead()).thenReturn(read);
         lenient().when(mockLdapRoleResolveSettings.getWrite()).thenReturn(write);
-        lenient().when(mockLdapRoleResolveSettings.getCommit()).thenReturn(commit);
+        lenient().when(mockLdapRoleResolveSettings.getPromote()).thenReturn(commit);
         lenient().when(mockLdapRoleResolveSettings.getAdmin()).thenReturn(admin);
 
 
@@ -100,18 +100,18 @@ public void hasWrite() {
 
         @Test
         public void hasCommit() {
-            List<SimpleGrantedAuthority> test_permission_set = Collections.singletonList(new SimpleGrantedAuthority("ROLE_commit"));
+            List<SimpleGrantedAuthority> test_permission_set = Collections.singletonList(new SimpleGrantedAuthority("ROLE_promote"));
             customUserAuthoritiesMapper = new CustomUserAuthoritiesMapper(setupRoleSettings(
                     Collections.emptyList(),
                     Collections.emptyList(),
-                    Collections.singletonList("commit"),
+                    Collections.singletonList("promote"),
                     Collections.emptyList()
             ));
 
             Collection<? extends GrantedAuthority> output = customUserAuthoritiesMapper.mapAuthorities(test_permission_set);
 
             assertThat(output).hasSize(3);
-            assertThat(output).isEqualTo(UserRoleConfiguration.COMMIT_ROLE_PERMISSION_SET);
+            assertThat(output).isEqualTo(UserRoleConfiguration.PROMOTE_ROLE_PERMISSION_SET);
         }
 
         @Test
@@ -136,7 +136,7 @@ public void hasMultiple() {
             customUserAuthoritiesMapper = new CustomUserAuthoritiesMapper(setupRoleSettings(
                     Collections.singletonList("read"),
                     Collections.singletonList("write"),
-                    Collections.singletonList("commit"),
+                    Collections.singletonList("promote"),
                     Collections.singletonList("admin")
             ));
             Collection<? extends GrantedAuthority> output = customUserAuthoritiesMapper.mapAuthorities(test_permission_set);

diff --git a/...rc/test/java/rocks/inspectit/ocelot/security/userdetails/LocalUserDetailsServiceTest.java b/...rc/test/java/rocks/inspectit/ocelot/security/userdetails/LocalUserDetailsServiceTest.java
@@ -39,7 +39,7 @@ public void successfullyFindUser() {
             assertThat(result.getPassword()).isEqualTo("hash");
             assertThat(result.getAuthorities())
                     .extracting(object -> object.toString().substring("ROLE_".length()))
-                    .containsExactlyInAnyOrder("OCELOT_WRITE", "OCELOT_READ", "OCELOT_COMMIT", "OCELOT_ADMIN");
+                    .containsExactlyInAnyOrder("OCELOT_WRITE", "OCELOT_READ", "OCELOT_PROMOTE", "OCELOT_ADMIN");
             verify(userService).getUserByName(anyString());
             verifyNoMoreInteractions(userService);
         }

diff --git a/inspectit-ocelot-documentation/docs/config-server/user-authentication.md b/inspectit-ocelot-documentation/docs/config-server/user-authentication.md
@@ -33,14 +33,14 @@ The LDAP related configuration properties have to be specified using the propert
 
 ### Authorization
 
-There are four different access roles available: read, write, commit and admin. These access roles are hierarchical.
-A user with write access also has read access, a user with commit access also has both read and write access and so on.
+There are four different access roles available: read, write, promote and admin. These access roles are hierarchical.
+A user with write access also has read access, a user with promote access also has both read and write access and so on.
 The exact permissions of the roles are the following:
 
 * *Read*: may only read files on the server.
 * *Write*: may read and edit files on the server.
-* *Commit*: may read, write and commit files (This feature is not implemented yet).
-* *Admin*: may read, write and commit files. Can also edit user accounts.
+* *Promote*: may read, write and promote files.
+* *Admin*: may read, write and promote files. Can also edit user accounts.
 
 #### Configuration
 
@@ -59,7 +59,7 @@ Each property is located below the property `inspectit-config-server.security.ld
 | `group-search-filter` | The LDAP filter to search for groups. |
 | `roles.read` | A list of LDAP-Groups which will gain read-access. |
 | `roles.write` | A list of LDAP-Groups which will gain write-access. |
-| `roles.commit` | A list of LDAP-Groups which will gain commit-access. |
+| `roles.promote` | A list of LDAP-Groups which will gain promote-access. |
 | `roles.admin` | A list of LDAP-Groups which will gain admin-access. |
 
 The following configuration snippet shows an example LDAP configuration (this configuration was created for [this](https://github.com/rroemhild/docker-test-openldap) LDAP server).
@@ -80,7 +80,7 @@ inspectit-config-server:
             roles:
               read: []
               write: []
-              commit: []
+              promote: []
               admin:
                 - SHIP_CREW
 ```