Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
#1762 - Check approvers properly against allowed roles #1779
@jyotisingh: I'm worried that this breaks existing configs. Earlier a user who was not in the "operate" auth group at pipeline group level could be given approval permission for a stage in a pipeline in that group. Now, it is not allowed.
That is why this build is failing. It's an easy fix in the tests (patch below), but we need to consider the effect on existing users.
I'm considering whether to change that clause back to
It should, at least, say:
What do you think?
Patch for fixing functional tests, in case I'm not around and you decide that the test needs to be fixed:
diff --git a/src/test/java/config/stage-security-cruise-config.xml b/src/test/java/config/stage-security-cruise-config.xml index 8380fbe..92d2e2e 100644 --- a/src/test/java/config/stage-security-cruise-config.xml +++ b/src/test/java/config/stage-security-cruise-config.xml @@ -100,6 +100,9 @@ <user>view</user> <role>misc</role> </admins> + <operate> + <user>operate</user> + </operate> </authorization> <pipeline name="p3"> <materials>
I believe that should work. I've been having some trouble getting twist tests working on my Mac. Firefox doesn't come up and the README we have on it, is not complete.
@arvindsv the regression testcase failed after merging this fix. https://build.go.cd/go/tab/build/detail/regression-gauge/92/regression-linux/2/functional-tests-runInstance-4
The failure is due to the below section of the config file which is setup by this test,
The error in config validation is
I'm thinking of getting the old behavior back, so that this check is done only if operate user is defined in the
Thoughts? /cc @jyotisingh.