diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/AutoCreateTestUsersConfig.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/AutoCreateTestUsersConfig.java index c88ee17d..dbf339ec 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/AutoCreateTestUsersConfig.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/AutoCreateTestUsersConfig.java @@ -13,6 +13,7 @@ * #L% */ +import java.util.ArrayList; import java.util.Arrays; import java.util.List; import java.util.Map; @@ -24,14 +25,15 @@ /** Allows to automatically create test users. */ public class AutoCreateTestUsersConfig { - private static final String KEY_PREFIX = "prefix"; + static final String KEY_PREFIX = "prefix"; private static final String KEY_NAME = "name"; private static final String KEY_EMAIL = "email"; private static final String KEY_DESCRIPTION = "description"; private static final String KEY_PASSWORD = "password"; private static final String KEY_SKIP_FOR_RUNMODES = "skipForRunmodes"; - private static final String KEY_CREATE_FOR_GROUP_NAMES_REG_EX = "createForGroupNamesRegEx"; - private static final String KEY_PATH = "path"; + static final String KEY_CREATE_FOR_GROUP_NAMES_REG_EX = "createForGroupNamesRegEx"; + static final String KEY_PATH = "path"; + static final String KEY_IMPERSONATION_ALLOWED_FOR = "impersonationAllowedFor"; private static final List DEFAULT_PRODUCTION_RUNMODES = Arrays.asList("prod", "production"); @@ -43,6 +45,7 @@ public class AutoCreateTestUsersConfig { private final List skipForRunmodes; private final String createForGroupNamesRegEx; private final String path; + private List impersonationAllowedFor; public AutoCreateTestUsersConfig(Map map) { if (!map.containsKey(KEY_PREFIX)) { @@ -78,6 +81,16 @@ public AutoCreateTestUsersConfig(Map map) { } this.path = String.valueOf(map.get(KEY_PATH)); + + Object impersonationAllowedForObj = map.get(KEY_IMPERSONATION_ALLOWED_FOR); + if (impersonationAllowedForObj == null) { + this.impersonationAllowedFor = new ArrayList<>(); + } + else if (impersonationAllowedForObj instanceof List) { + this.impersonationAllowedFor = (List) impersonationAllowedForObj; + } else { + throw new IllegalArgumentException("Property \"" + KEY_IMPERSONATION_ALLOWED_FOR + "\" must be a list"); + } } public String getPrefix() { @@ -111,4 +124,8 @@ public String getDescription() { public String getEmail() { return email; } + + public List getImpersonationAllowedFor() { + return impersonationAllowedFor; + } } diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/TestUserConfigsCreator.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/TestUserConfigsCreator.java index 56db10a7..12d6ed38 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/TestUserConfigsCreator.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/TestUserConfigsCreator.java @@ -81,6 +81,7 @@ void createTestUserConfigs(AcConfiguration acConfiguration, InstallationLogger l testUserConfigBean.setAuthorizableId(testUserAuthId); testUserConfigBean.setPath(autoCreateTestUsersConf.getPath()); testUserConfigBean.setIsMemberOf(new String[] { groupId }); + testUserConfigBean.setImpersonationAllowedFor(autoCreateTestUsersConf.getImpersonationAllowedFor()); String name = StringUtils.defaultIfEmpty(autoCreateTestUsersConf.getName(), "Test User %{group.name}"); testUserConfigBean.setName(processValue(name, vars)); @@ -91,7 +92,7 @@ void createTestUserConfigs(AcConfiguration acConfiguration, InstallationLogger l if(StringUtils.isNotBlank(autoCreateTestUsersConf.getDescription())) { testUserConfigBean.setDescription(processValue(autoCreateTestUsersConf.getDescription(), vars)); } - + String password = autoCreateTestUsersConf.getPassword(); if(StringUtils.isNotBlank(password)) { password = processValue(password, vars); // allow for pws ala "pw%{group.id}" diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configmodel/AutoCreateTestUsersConfigTest.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configmodel/AutoCreateTestUsersConfigTest.java new file mode 100644 index 00000000..7f7d071b --- /dev/null +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configmodel/AutoCreateTestUsersConfigTest.java @@ -0,0 +1,55 @@ +package biz.netcentric.cq.tools.actool.configmodel; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +import org.jetbrains.annotations.NotNull; +import org.junit.jupiter.api.Test; + +import java.util.*; + +import static biz.netcentric.cq.tools.actool.configmodel.AutoCreateTestUsersConfig.*; +import static org.junit.jupiter.api.Assertions.*; + +class AutoCreateTestUsersConfigTest { + + @Test + void shouldNotContainImpersonalizationAllowedFor() { + Map configMap = initializeConfigMap(null); + assertEquals(new ArrayList<>(), (new AutoCreateTestUsersConfig(configMap)).getImpersonationAllowedFor()); + } + + @Test() + void shouldNotContainImpersonalizationAllowedFor2() { + Map configMap = initializeConfigMap("invalidValue"); + Exception exception = assertThrows(IllegalArgumentException.class, () -> { + new AutoCreateTestUsersConfig(configMap); + }); + assertEquals("Property \"" + KEY_IMPERSONATION_ALLOWED_FOR + "\" must be a list", exception.getMessage()); + } + @Test + void shouldNotImpersonalizationAllowedFor() { + Map map = initializeConfigMap(Arrays.asList("user1")); + assertEquals(Arrays.asList("user1"), (new AutoCreateTestUsersConfig(map)).getImpersonationAllowedFor()); + } + + @NotNull + private static Map initializeConfigMap(Object allowedFor) { + Map map = new HashMap<>(); + map.put(KEY_PATH, "/"); + map.put(KEY_PREFIX, "prefix"); + map.put(KEY_CREATE_FOR_GROUP_NAMES_REG_EX, ""); + map.put(KEY_IMPERSONATION_ALLOWED_FOR, allowedFor); + return map; + } +} diff --git a/accesscontroltool-exampleconfig-package/src/main/jcr_root/apps/netcentric/actool-exampleconfig/simple/testgroup/config.yaml b/accesscontroltool-exampleconfig-package/src/main/jcr_root/apps/netcentric/actool-exampleconfig/simple/testgroup/config.yaml index 4bb7fb4d..9e4e84b2 100644 --- a/accesscontroltool-exampleconfig-package/src/main/jcr_root/apps/netcentric/actool-exampleconfig/simple/testgroup/config.yaml +++ b/accesscontroltool-exampleconfig-package/src/main/jcr_root/apps/netcentric/actool-exampleconfig/simple/testgroup/config.yaml @@ -1,3 +1,11 @@ +- global_config: + autoCreateTestUsers: + createForGroupNamesRegEx: "(testgroup)-.*" + prefix: "testuser-" + name: "TU %{group.name}" + path: /home/users/myproj-test-users + impersonationAllowedFor: [dummy] + - group_config: - testgroup-tags: @@ -7,6 +15,13 @@ members: path: t + - dummygroup-dam: + + - name: Dummy group for DAM management + isMemberOf: + members: + path: d + - ace_config: - testgroup-tags: @@ -14,4 +29,16 @@ - path: /content/cq:tags permission: allow actions: read - privileges: + privileges: + + - dummygroup-dam: + + - path: /content/dam + permission: allow + actions: read + privileges: + +- user_config: + - dummy: + - isMemberOf: dummygroup-dam + password: "password" diff --git a/docs/AdvancedFeatures.md b/docs/AdvancedFeatures.md index 644326cd..1a740476 100644 --- a/docs/AdvancedFeatures.md +++ b/docs/AdvancedFeatures.md @@ -292,6 +292,7 @@ property | comment | required `path` | The location where the test users shall be created | required `password` | The password for all test users to be created. Can be encrypted using CryptoSupport. Defaults simply to the authorizable id of the test user. Allows for interpolation with EL *) | optional `skipForRunmodes` | The configuration is placed in a regular config file, hence it is possible to add one to an author configuration (located in e.g. in a folder "config.author" and one to a publish configuration (e.g. folder "config.publish"). To avoid creating special runmodes folders just for this configuration that list all runmodes except production, skipForRunmodes can be a comma-separated list of runmodes, where the users are not created. Defaults to prod,production | optional +`impersonationAllowedFor` | List of users that can impersonate auto-created test users | optional *) Interpolation of group properties can be used with EL, however as `$` is evaluated at an earlier stage, `%{}` is used here. Available is `%{group.id}`, `%{group.name}`, `%{group.path}` or expressions like `%{split(group.path,'/')[2]}`. diff --git a/pom.xml b/pom.xml index dc6dd7b1..35a137f8 100644 --- a/pom.xml +++ b/pom.xml @@ -591,6 +591,11 @@ install + + http://${crx.host}:${crx.port}/crx/packmgr/service.jsp + ${crx.username} + ${crx.password} +