Merge branch 'release-1.2' of github.com:dtolabs/rundeck into release…

…-1.2
rundeck · Mar 15, 2011 · 2fa29c7 · 2fa29c7
2 parents 2b9417a + 1fbd4a2
commit 2fa29c7
Show file tree

Hide file tree

Showing 9 changed files with 88 additions and 55 deletions.
diff --git a/core/.classpath b/core/.classpath
@@ -2,24 +2,24 @@
 <classpath>
 	<classpathentry kind="src" path="src/java"/>
 	<classpathentry kind="src" path="src/test"/>
-	<classpathentry kind="lib" path="target/tools/lib/ant-1.8.1.jar"/>
-	<classpathentry kind="lib" path="target/tools/lib/ant-jsch-1.8.1.jar"/>
-	<classpathentry kind="lib" path="target/tools/lib/ant-launcher-1.8.1.jar"/>
-	<classpathentry kind="lib" path="target/tools/lib/commons-beanutils-1.8.0.jar"/>
-	<classpathentry kind="lib" path="target/tools/lib/commons-cli-1.0.jar"/>
-	<classpathentry kind="lib" path="target/tools/lib/commons-codec-1.3.jar"/>
-	<classpathentry kind="lib" path="target/tools/lib/commons-collections-3.2.1.jar"/>
-	<classpathentry kind="lib" path="target/tools/lib/commons-httpclient-3.0.1.jar"/>
-	<classpathentry kind="lib" path="target/tools/lib/commons-lang-2.4.jar"/>
-	<classpathentry kind="lib" path="target/tools/lib/commons-logging-1.1.jar"/>
-	<classpathentry kind="lib" path="target/tools/lib/dom4j-1.6.1.jar"/>
-	<classpathentry kind="lib" path="target/tools/lib/jaxen-1.1.jar"/>
-	<classpathentry kind="lib" path="target/tools/lib/jsch-0.1.42.jar"/>
-	<classpathentry kind="lib" path="target/tools/lib/log4j-1.2.15.jar"/>
-	<classpathentry kind="lib" path="target/tools/lib/xerces-2.6.0.jar"/>
-	<classpathentry kind="lib" path="target/tools/lib/xml-apis-2.6.0.jar"/>
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
 	<classpathentry kind="con" path="org.eclipse.jdt.junit.JUNIT_CONTAINER/3"/>
-	<classpathentry kind="lib" path="target/rundeck-core-1.1.0.jar"/>
+	<classpathentry kind="lib" path="build/tools/lib/ant-1.8.1.jar"/>
+	<classpathentry kind="lib" path="build/tools/lib/ant-jsch-1.8.1.jar"/>
+	<classpathentry kind="lib" path="build/tools/lib/ant-launcher-1.8.1.jar"/>
+	<classpathentry kind="lib" path="build/tools/lib/commons-beanutils-1.8.0.jar"/>
+	<classpathentry kind="lib" path="build/tools/lib/commons-cli-1.0.jar"/>
+	<classpathentry kind="lib" path="build/tools/lib/commons-codec-1.3.jar"/>
+	<classpathentry kind="lib" path="build/tools/lib/commons-collections-3.2.1.jar"/>
+	<classpathentry kind="lib" path="build/tools/lib/commons-httpclient-3.0.1.jar"/>
+	<classpathentry kind="lib" path="build/tools/lib/commons-lang-2.4.jar"/>
+	<classpathentry kind="lib" path="build/tools/lib/commons-logging-1.1.jar"/>
+	<classpathentry kind="lib" path="build/tools/lib/dom4j-1.6.1.jar"/>
+	<classpathentry kind="lib" path="build/tools/lib/jaxen-1.1.jar"/>
+	<classpathentry kind="lib" path="build/tools/lib/jsch-0.1.42.jar"/>
+	<classpathentry kind="lib" path="build/tools/lib/log4j-1.2.15.jar"/>
+	<classpathentry kind="lib" path="build/tools/lib/snakeyaml-1.7.jar"/>
+	<classpathentry kind="lib" path="build/tools/lib/xerces-2.6.0.jar"/>
+	<classpathentry kind="lib" path="build/tools/lib/xml-apis-2.6.0.jar"/>
 	<classpathentry kind="output" path="target/classes"/>
 </classpath>
diff --git a/core/src/java/com/dtolabs/rundeck/core/authorization/Explanation.java b/core/src/java/com/dtolabs/rundeck/core/authorization/Explanation.java
@@ -36,6 +36,7 @@ public enum Code {
         REJECTED_NO_RESOURCE_PROPERTY_PROVIDED, 
         REJECTED_RESOURCE_PROPERTY_NOT_MATCHED, 
         REJECTED_NO_RULES_DECLARED, 
+        REJECTED_NO_DESCRIPTION_PROVIDED, 
     };
 
     Code getCode();

diff --git a/core/src/java/com/dtolabs/rundeck/core/authorization/providers/ContextDecision.java b/core/src/java/com/dtolabs/rundeck/core/authorization/providers/ContextDecision.java
@@ -7,12 +7,24 @@
 import com.dtolabs.rundeck.core.authorization.Explanation;
 import com.dtolabs.rundeck.core.authorization.Explanation.Code;
 
+/**
+ * ContextDecision provides the decision id and the evaluation up to the decision point.
+ * @author noahcampbell
+ *
+ */
 public class ContextDecision implements Explanation {
 
     private final Code id;
     private final boolean granted;
     private final List<ContextEvaluation> evaluations;
 
+    /**
+     * Construct a decision.
+     * 
+     * @param id The decision code id.
+     * @param granted Is the decision granted or not.
+     * @param evaluations A list of evaluations that includes the final decision.
+     */
     public ContextDecision(Code id, boolean granted, List<ContextEvaluation> evaluations) {
         this.id = id;
         this.granted = granted;

diff --git a/core/src/java/com/dtolabs/rundeck/core/authorization/providers/PoliciesYaml.java b/core/src/java/com/dtolabs/rundeck/core/authorization/providers/PoliciesYaml.java
@@ -71,13 +71,7 @@ public static final class YamlPolicyRule {
     }
 
     public static final class YamlPolicy implements Policy {
-
-        private final static Set<String> excludes = new HashSet<String>();
-        static {
-            excludes.add("id");
-            excludes.add("description");
-            excludes.add("by");
-        }
+
         public Map rawInput;
 
         private Set<String> usernames = new HashSet<String>();
@@ -108,9 +102,18 @@ public AclContext getContext() {
                 public ContextDecision includes(Map<String, String> resourceMap, String action) {
                     String resource = defineResource(resourceMap);
                     List<ContextEvaluation> evaluations = new ArrayList<ContextEvaluation>();
+                    Object descriptionValue = rawInput.get("description");
+                    if( descriptionValue == null || !(descriptionValue instanceof String)) {
+                        evaluations.add(new ContextEvaluation(Code.REJECTED_NO_DESCRIPTION_PROVIDED, "Policy is missing a description."));
+                        return new ContextDecision(Code.REJECTED_NO_DESCRIPTION_PROVIDED, false, evaluations);
+                    }
+
+                    String description = (String)descriptionValue;
+
                     Object rulesValue = rawInput.get("rules");
                     if( !(rulesValue instanceof Map) ) {
-                        return new ContextDecision(Code.REJECTED_NO_RULES_DECLARED, false);
+                        evaluations.add(new ContextEvaluation(Code.REJECTED_NO_RULES_DECLARED, "No rules declared on policy"));
+                        return new ContextDecision(Code.REJECTED_NO_RULES_DECLARED, false, evaluations);
                     }
                     Map rules = (Map)rulesValue;
 
@@ -143,12 +146,14 @@ public ContextDecision includes(Map<String, String> resourceMap, String action)
 
                             if(actionsKey instanceof String) {
                                 String actions = (String) actionsKey;
-                                if(actions.contains(action)) {
+                                if("*".equals(actions) || actions.contains(action)) {
+                                    evaluations.add(new ContextEvaluation(Code.GRANTED_ACTIONS_AND_COMMANDS_MATCHED, description + ": rule: " + rule + " action: " + actions));
                                     return new ContextDecision(Code.GRANTED_ACTIONS_AND_COMMANDS_MATCHED, true, evaluations);
                                 }
                             } else if(actionsKey instanceof List) {
                                 List actions = (List) actionsKey;
                                 if(actions.contains(action)) {
+                                    evaluations.add(new ContextEvaluation(Code.GRANTED_ACTIONS_AND_COMMANDS_MATCHED, description + ": rule: " + rule + " action: " + actions));
                                     return new ContextDecision(Code.GRANTED_ACTIONS_AND_COMMANDS_MATCHED, true, evaluations);
                                 }
                             } else {
@@ -157,7 +162,6 @@ public ContextDecision includes(Map<String, String> resourceMap, String action)
                             }
 
                             evaluations.add(new ContextEvaluation(Code.REJECTED_NO_ACTIONS_MATCHED, "No actions matched"));
-
                         }
                     }
                     return new ContextDecision(Code.REJECTED, false, evaluations);

diff --git a/core/src/resources/com/dtolabs/launcher/setup/templates/run-defaults.properties b/core/src/resources/com/dtolabs/launcher/setup/templates/run-defaults.properties
@@ -72,4 +72,4 @@ jndi.userNameRDN=cn
 framework.ssh.user = ${user.name}
 
 # Path to the SSH private key
-framework.ssh.keypath = ${user.home}/.ssh/id_dsa
+framework.ssh.keypath = ${user.home}/.ssh/id_rsa
diff --git a/core/src/test/com/dtolabs/rundeck/core/authorization/TestSAREAuthorization.java b/core/src/test/com/dtolabs/rundeck/core/authorization/TestSAREAuthorization.java
@@ -172,6 +172,11 @@ public void testActionAuthorizationYml() throws Exception {
                 Code.GRANTED_ACTIONS_AND_COMMANDS_MATCHED, decision.explain().getCode());
         assertTrue("Action not granted authorization.", decision.isAuthorized());
 
+        resource = declareScript("Script3", "/wldcrd");
+        decision = authorization.evaluate(resource, subject, "action_list_not_in_list_and_shouldn't_be", null);
+        assertEquals("Decision for successful authoraztion for action: action_list_not_in_list_and_shouldn't_be does not match, but should.",
+                Code.GRANTED_ACTIONS_AND_COMMANDS_MATCHED, decision.explain().getCode());
+        assertTrue("Action not granted authorization.", decision.isAuthorized());
 
 
     }

diff --git a/core/src/test/com/dtolabs/rundeck/core/authorization/admintest.yml.aclpolicy b/core/src/test/com/dtolabs/rundeck/core/authorization/admintest.yml.aclpolicy
@@ -30,6 +30,9 @@ rules:
     actions: pattern_match
   /listAction/.*:
     actions: [action_list_1,action_list_2]
+
+  /wldcrd/.*:
+    actions: '*'
 
 by:
     username: 'yml_usr_1'

diff --git a/packaging/root/etc/rundeck/admin.aclpolicy b/packaging/root/etc/rundeck/admin.aclpolicy
@@ -1,11 +1,9 @@
-<policies>
-  <policy description="Default ACL for Admin Access">
-    <context project="*">
-      <command group="*" job="*" actions="*"/>
-      <command name="*" module="*" actions="*"/>
-    </context>
-    <by>
-      <group name="admin"/>
-    </by>
-  </policy>
-</policies>
+description: Admin Access ACL
+
+rules: 
+  .*:
+      actions: '*'
+
+by:
+  group: admin
+
diff --git a/packaging/rundeck.spec b/packaging/rundeck.spec
@@ -8,6 +8,7 @@ requires(post): chkconfig
 requires(postun): chkconfig
 requires: java-1.6.0-openjdk
 requires: openssh
+requires: rundeck-config
 
 %description
 RunDeck, is no ordinary wooden deck. You can build a bon fire on this deck.
@@ -42,22 +43,6 @@ fi
 
 %dir /etc/rundeck
 
-# Client Configuration
-%config(noreplace) /etc/rundeck/framework.properties
-%config(noreplace) /etc/rundeck/admin.aclpolicy
-%config(noreplace) /etc/rundeck/log4j.properties
-%config(noreplace) /etc/rundeck/profile
-%config(noreplace) /etc/rundeck/project.properties
-
-# Server Configuration
-%config(noreplace) /etc/rundeck/jaas-loginmodule.conf
-%config(noreplace) /etc/rundeck/realm.properties
-%config(noreplace) /etc/rundeck/rundeck-config.properties
-
-# SSL Configuration
-%dir /etc/rundeck/ssl
-%config /etc/rundeck/ssl/ssl.properties
-
 %attr(6775, rundeck, rundeck) %dir /var/log/rundeck
 %dir /var/lib/rundeck
 %dir /var/lib/rundeck/logs
@@ -112,3 +97,28 @@ fi
 %attr(755, root, root) /usr/bin/rd-jobs
 %attr(755, root, root) /usr/bin/rd-project
 %attr(755, root, root) /usr/bin/rd-queue
+
+%package config
+summary: RunDeck configuration package
+group: System
+requires: rundeck
+
+%description config
+All configuration related artifacts are stored in this package.
+
+%files config
+# Client Configuration
+%config(noreplace) /etc/rundeck/framework.properties
+%config(noreplace) /etc/rundeck/admin.aclpolicy
+%config(noreplace) /etc/rundeck/log4j.properties
+%config(noreplace) /etc/rundeck/profile
+%config(noreplace) /etc/rundeck/project.properties
+
+# Server Configuration
+%config(noreplace) /etc/rundeck/jaas-loginmodule.conf
+%config(noreplace) /etc/rundeck/realm.properties
+%config(noreplace) /etc/rundeck/rundeck-config.properties
+
+# SSL Configuration
+%dir /etc/rundeck/ssl
+%config /etc/rundeck/ssl/ssl.properties