diff --git a/core/src/main/java/hudson/model/Executor.java b/core/src/main/java/hudson/model/Executor.java index 6281c43443806a6efaadb77dc2d0bcd838569925..78df6dc853a03b8ee2af0406d38c307fd4e3e7c3 100644 --- a/core/src/main/java/hudson/model/Executor.java +++ b/core/src/main/java/hudson/model/Executor.java @@ -64,11 +64,14 @@ import java.util.logging.Level; import java.util.logging.Logger; import static hudson.model.queue.Executables.*; +import hudson.security.ACLContext; import java.util.Collection; import static java.util.logging.Level.*; import javax.annotation.CheckForNull; import javax.annotation.Nonnull; import jenkins.model.queue.AsynchronousExecution; +import jenkins.security.QueueItemAuthenticatorConfiguration; +import jenkins.security.QueueItemAuthenticatorDescriptor; import org.kohsuke.accmod.Restricted; import org.kohsuke.accmod.restrictions.NoExternalUse; @@ -398,11 +401,21 @@ public class Executor extends Thread implements ModelObject { } } - ACL.impersonate(workUnit.context.item.authenticate()); setName(getName() + " : executing " + executable.toString()); - if (LOGGER.isLoggable(FINE)) - LOGGER.log(FINE, getName()+" is now executing "+executable); - queue.execute(executable, task); + Authentication auth = workUnit.context.item.authenticate(); + LOGGER.log(FINE, "{0} is now executing {1} as {2}", new Object[] {getName(), executable, auth}); + if (LOGGER.isLoggable(FINE) && auth.equals(ACL.SYSTEM)) { // i.e., unspecified + if (QueueItemAuthenticatorDescriptor.all().isEmpty()) { + LOGGER.fine("no QueueItemAuthenticator implementations installed"); + } else if (QueueItemAuthenticatorConfiguration.get().getAuthenticators().isEmpty()) { + LOGGER.fine("no QueueItemAuthenticator implementations configured"); + } else { + LOGGER.log(FINE, "some QueueItemAuthenticator implementations configured but neglected to authenticate {0}", executable); + } + } + try (ACLContext context = ACL.as(auth)) { + queue.execute(executable, task); + } } catch (AsynchronousExecution x) { lock.writeLock().lock(); try { diff --git a/core/src/main/java/hudson/tasks/BuildTrigger.java b/core/src/main/java/hudson/tasks/BuildTrigger.java index fee5c4711b7426a86a18dabe6cac10cb86ab42d4..119d5794afe752677530c2c401a8c6da748fc554 100644 --- a/core/src/main/java/hudson/tasks/BuildTrigger.java +++ b/core/src/main/java/hudson/tasks/BuildTrigger.java @@ -63,13 +63,9 @@ import javax.annotation.Nonnull; import jenkins.model.DependencyDeclarer; import jenkins.model.Jenkins; import jenkins.model.ParameterizedJobMixIn; -import jenkins.security.QueueItemAuthenticatorConfiguration; -import jenkins.security.QueueItemAuthenticatorDescriptor; import jenkins.triggers.ReverseBuildTrigger; import net.sf.json.JSONObject; import org.acegisecurity.Authentication; -import org.acegisecurity.context.SecurityContext; -import org.acegisecurity.context.SecurityContextHolder; import org.apache.commons.lang.StringUtils; import org.jenkinsci.Symbol; import org.kohsuke.stapler.AncestorInPath; @@ -270,53 +266,24 @@ public class BuildTrigger extends Recorder implements DependencyDeclarer { } }); - Authentication auth = Jenkins.getAuthentication(); // from build - if (auth.equals(ACL.SYSTEM)) { // i.e., unspecified - if (QueueItemAuthenticatorDescriptor.all().isEmpty()) { - if (downstreamProjects.isEmpty()) { - return true; - } - logger.println(Messages.BuildTrigger_warning_you_have_no_plugins_providing_ac()); - } else if (QueueItemAuthenticatorConfiguration.get().getAuthenticators().isEmpty()) { - if (downstreamProjects.isEmpty()) { - return true; - } - logger.println(Messages.BuildTrigger_warning_access_control_for_builds_in_glo()); - } else { - // This warning must be printed even if downstreamProjects is empty. - // Otherwise you could effectively escalate DISCOVER to READ just by trying different project names and checking whether a warning was printed or not. - // If there were an API to determine whether any DependencyDeclarer’s in this project requested downstream project names, - // then we could suppress the warnings in case none did; but if any do, yet Items.fromNameList etc. ignore unknown projects, - // that has to be treated the same as if there really are downstream projects but the anonymous user cannot see them. - // For the above two cases, it is OK to suppress the warning when there are no downstream projects, since running as SYSTEM we would be able to see them anyway. - logger.println(Messages.BuildTrigger_warning_this_build_has_no_associated_aut()); - auth = Jenkins.ANONYMOUS; - } - } - for (Dependency dep : downstreamProjects) { List buildActions = new ArrayList(); - SecurityContext orig = ACL.impersonate(auth); - try { - if (dep.shouldTriggerBuild(build, listener, buildActions)) { - AbstractProject p = dep.getDownstreamProject(); - // Allow shouldTriggerBuild to return false first, in case it is skipping because of a lack of Item.READ/DISCOVER permission: - if (p.isDisabled()) { - logger.println(Messages.BuildTrigger_Disabled(ModelHyperlinkNote.encodeTo(p))); - continue; - } - boolean scheduled = p.scheduleBuild(p.getQuietPeriod(), new UpstreamCause((Run)build), buildActions.toArray(new Action[buildActions.size()])); - if (Jenkins.getInstance().getItemByFullName(p.getFullName()) == p) { - String name = ModelHyperlinkNote.encodeTo(p); - if (scheduled) { - logger.println(Messages.BuildTrigger_Triggering(name)); - } else { - logger.println(Messages.BuildTrigger_InQueue(name)); - } - } // otherwise upstream users should not know that it happened + if (dep.shouldTriggerBuild(build, listener, buildActions)) { + AbstractProject p = dep.getDownstreamProject(); + // Allow shouldTriggerBuild to return false first, in case it is skipping because of a lack of Item.READ/DISCOVER permission: + if (p.isDisabled()) { + logger.println(Messages.BuildTrigger_Disabled(ModelHyperlinkNote.encodeTo(p))); + continue; } - } finally { - SecurityContextHolder.setContext(orig); + boolean scheduled = p.scheduleBuild(p.getQuietPeriod(), new UpstreamCause((Run)build), buildActions.toArray(new Action[buildActions.size()])); + if (Jenkins.getInstance().getItemByFullName(p.getFullName()) == p) { + String name = ModelHyperlinkNote.encodeTo(p); + if (scheduled) { + logger.println(Messages.BuildTrigger_Triggering(name)); + } else { + logger.println(Messages.BuildTrigger_InQueue(name)); + } + } // otherwise upstream users should not know that it happened } } @@ -443,9 +410,6 @@ public class BuildTrigger extends Recorder implements DependencyDeclarer { return FormValidation.error(Messages.BuildTrigger_NotBuildable(projectName)); // check whether the supposed user is expected to be able to build Authentication auth = Tasks.getAuthenticationOf(project); - if (auth.equals(ACL.SYSTEM) && !QueueItemAuthenticatorConfiguration.get().getAuthenticators().isEmpty()) { - auth = Jenkins.ANONYMOUS; // compare behavior in execute, above - } if (!item.getACL().hasPermission(auth, Item.BUILD)) { return FormValidation.error(Messages.BuildTrigger_you_have_no_permission_to_build_(projectName)); } diff --git a/core/src/main/java/jenkins/triggers/ReverseBuildTrigger.java b/core/src/main/java/jenkins/triggers/ReverseBuildTrigger.java index f898617f73cfa8a9991b9ca49b00d221bd94264a..fe4f8542609a240ed7646f7d602e3998ccb6a44a 100644 --- a/core/src/main/java/jenkins/triggers/ReverseBuildTrigger.java +++ b/core/src/main/java/jenkins/triggers/ReverseBuildTrigger.java @@ -65,7 +65,6 @@ import java.util.logging.Logger; import jenkins.model.DependencyDeclarer; import jenkins.model.Jenkins; import jenkins.model.ParameterizedJobMixIn; -import jenkins.security.QueueItemAuthenticatorConfiguration; import org.acegisecurity.AccessDeniedException; import org.acegisecurity.Authentication; import org.acegisecurity.context.SecurityContext; @@ -128,9 +127,6 @@ public final class ReverseBuildTrigger extends Trigger implements Dependenc Authentication originalAuth = Jenkins.getAuthentication(); Job upstream = upstreamBuild.getParent(); Authentication auth = Tasks.getAuthenticationOf((Queue.Task) job); - if (auth.equals(ACL.SYSTEM) && !QueueItemAuthenticatorConfiguration.get().getAuthenticators().isEmpty()) { - auth = Jenkins.ANONYMOUS; // cf. BuildTrigger - } SecurityContext orig = ACL.impersonate(auth); Item authUpstream = null; diff --git a/core/src/main/resources/hudson/tasks/Messages.properties b/core/src/main/resources/hudson/tasks/Messages.properties index 67417b1e72bef9796a38504657503246b2803d98..fa673df13c5ce42cfda48a76f6f1b83e3446543d 100644 --- a/core/src/main/resources/hudson/tasks/Messages.properties +++ b/core/src/main/resources/hudson/tasks/Messages.properties @@ -50,9 +50,6 @@ BuildTrigger.NoProjectSpecified=No project specified BuildTrigger.NotBuildable={0} is not buildable BuildTrigger.Triggering=Triggering a new build of {0} BuildTrigger.ok_ancestor_is_null=Ancestor/Context Unknown: the project specified cannot be validated -BuildTrigger.warning_access_control_for_builds_in_glo=Warning: \u2018Access Control for Builds\u2019 in global security configuration is empty, so falling back to legacy behavior of permitting any downstream builds to be triggered -BuildTrigger.warning_this_build_has_no_associated_aut=Warning: this build has no associated authentication, so build permissions may be lacking, and downstream projects which cannot even be seen by an anonymous user will be silently skipped -BuildTrigger.warning_you_have_no_plugins_providing_ac=Warning: you have no plugins providing access control for builds, so falling back to legacy behavior of permitting any downstream builds to be triggered BuildTrigger.you_have_no_permission_to_build_=You have no permission to build {0} CommandInterpreter.CommandFailed=command execution failed @@ -84,4 +81,4 @@ Maven.NoExecutable=Couldn\u2019t find any executable in {0} Shell.DisplayName=Execute shell Shell.invalid_exit_code_range=Invalid exit code value: {0}. Check help section -Shell.invalid_exit_code_zero=Exit code zero is ignored and does not make the build unstable \ No newline at end of file +Shell.invalid_exit_code_zero=Exit code zero is ignored and does not make the build unstable diff --git a/core/src/main/resources/hudson/tasks/Messages_bg.properties b/core/src/main/resources/hudson/tasks/Messages_bg.properties index efeb1a84fb84138ee6291c8a9d904dfac9dfddf2..910a69bd582f159aa40b59fa3ac07f5d5d5b897e 100644 --- a/core/src/main/resources/hudson/tasks/Messages_bg.properties +++ b/core/src/main/resources/hudson/tasks/Messages_bg.properties @@ -67,18 +67,6 @@ BuildTrigger.NotBuildable=\ \u201e{0}\u201c \u043d\u0435 \u043c\u043e\u0436\u0435 \u0434\u0430 \u0441\u0435 \u0438\u0437\u0433\u0440\u0430\u0434\u0438 BuildTrigger.Triggering=\ \u0421\u0442\u0430\u0440\u0442\u0438\u0440\u0430\u043d\u0435 \u043d\u0430 \u043d\u043e\u0432\u043e \u0438\u0437\u0433\u0440\u0430\u0436\u0434\u0430\u043d\u0435 \u043d\u0430 \u201e{0}\u201c -BuildTrigger.warning_access_control_for_builds_in_glo=\ - \u041f\u0420\u0415\u0414\u0423\u041f\u0420\u0415\u0416\u0414\u0415\u041d\u0418\u0415: \u041f\u043e\u043b\u0435\u0442\u043e \u201e\u041f\u0440\u0430\u0432\u0430 \u0437\u0430 \u0434\u043e\u0441\u0442\u044a\u043f \u0434\u043e \u0438\u0437\u0433\u0440\u0430\u0436\u0434\u0430\u043d\u0438\u044f\u0442\u0430\u201c \u0432 \u043e\u0431\u0449\u0438\u0442\u0435 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438\ - \u0437\u0430 \u0441\u0438\u0433\u0443\u0440\u043d\u043e\u0441\u0442\u0442\u0430 \u043d\u0435 \u0435 \u043f\u043e\u043f\u044a\u043b\u043d\u0435\u043d\u043e. \u0429\u0435 \u0441\u0435 \u0438\u0437\u043f\u043e\u043b\u0437\u0432\u0430 \u043e\u0441\u0442\u0430\u0440\u044f\u043b\u043e\u0442\u043e \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u0435 \u043d\u0430\ - \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0432\u0430\u043d\u0435 \u043d\u0430 \u0438\u0437\u0433\u0440\u0430\u0436\u0434\u0430\u043d\u0435\u0442\u043e \u043d\u0430 \u0432\u0441\u0438\u0447\u043a\u0438 \u0437\u0430\u0434\u0430\u0447\u0438, \u0437\u0430\u0432\u0438\u0441\u0435\u0449\u0438 \u043e\u0442 \u0442\u0430\u0437\u0438 -BuildTrigger.warning_this_build_has_no_associated_aut=\ - \u041f\u0420\u0415\u0414\u0423\u041f\u0420\u0415\u0416\u0414\u0415\u041d\u0418\u0415: \u043b\u0438\u043f\u0441\u0432\u0430 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u0437\u0430 \u0442\u043e\u0432\u0430 \u0438\u0437\u0433\u0440\u0430\u0436\u0434\u0430\u043d\u0435, \u0437\u0430\u0442\u043e\u0432\u0430 \u0438 \u043f\u0440\u0430\u0432\u0430\u0442\u0430 \u043a\u044a\u043c\ - \u0438\u0437\u0433\u0440\u0430\u0436\u0434\u0430\u043d\u0435\u0442\u043e \u043d\u044f\u043c\u0430 \u0434\u0430 \u0441\u0430 \u043f\u044a\u043b\u043d\u0438. \u0417\u0430\u0432\u0438\u0441\u0435\u0449\u0438\u0442\u0435 \u043e\u0442 \u0442\u043e\u0432\u0430 \u0438\u0437\u0433\u0440\u0430\u0436\u0434\u0430\u043d\u0435 \u043f\u0440\u043e\u0435\u043a\u0442\u0438, \u043a\u043e\u0438\u0442\u043e\ - \u043d\u0435 \u0441\u0435 \u0432\u0438\u0436\u0434\u0430\u0442 \u043e\u0442 \u0430\u043d\u043e\u043d\u0438\u043c\u043d\u0438 \u043f\u043e\u0442\u0440\u0435\u0431\u0438\u0442\u0435\u043b\u0438, \u0449\u0435 \u0431\u044a\u0434\u0430\u0442 \u043f\u0440\u043e\u043f\u0443\u0441\u043d\u0430\u0442\u0438. -BuildTrigger.warning_you_have_no_plugins_providing_ac=\ - \u041f\u0420\u0415\u0414\u0423\u041f\u0420\u0415\u0416\u0414\u0415\u041d\u0418\u0415: \u043b\u0438\u043f\u0441\u0432\u0430\u0442 \u043f\u0440\u0438\u0441\u0442\u0430\u0432\u043a\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u044f\u043d\u0435 \u043d\u0430 \u043f\u0440\u0430\u0432\u0430 \u0437\u0430 \u0438\u0437\u0433\u0440\u0430\u0436\u0434\u0430\u043d\u0438\u044f. \u0429\u0435\ - \u0441\u0435 \u0438\u0437\u043f\u043e\u043b\u0437\u0432\u0430 \u043e\u0441\u0442\u0430\u0440\u044f\u043b\u043e\u0442\u043e \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u0435 \u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0432\u0430\u043d\u0435 \u043d\u0430 \u0438\u0437\u0433\u0440\u0430\u0436\u0434\u0430\u043d\u0435\u0442\u043e \u043d\u0430 \u0432\u0441\u0438\u0447\u043a\u0438\ - \u0437\u0430\u0434\u0430\u0447\u0438, \u0437\u0430\u0432\u0438\u0441\u0435\u0449\u0438 \u043e\u0442 \u0442\u0430\u0437\u0438 BuildTrigger.you_have_no_permission_to_build_=\ \u041d\u044f\u043c\u0430\u0442\u0435 \u043f\u0440\u0430\u0432\u0430 \u0434\u0430 \u0438\u0437\u0433\u0440\u0430\u0434\u0438\u0442\u0435 \u201e{0}\u201c diff --git a/core/src/main/resources/hudson/tasks/Messages_de.properties b/core/src/main/resources/hudson/tasks/Messages_de.properties index bb289d3b0fe66571901806c14457381429801c12..9c2c5d095b2ce97366ec04cbd893614c604a5ce2 100644 --- a/core/src/main/resources/hudson/tasks/Messages_de.properties +++ b/core/src/main/resources/hudson/tasks/Messages_de.properties @@ -48,9 +48,6 @@ BuildTrigger.NotBuildable={0} kann nicht gebaut werden. BuildTrigger.Triggering=L\u00F6se einen neuen Build von {0} aus BuildTrigger.you_have_no_permission_to_build_=Sie haben nicht die Berechtigung, Builds von {0} zu starten. BuildTrigger.ok_ancestor_is_null=Der angegebene Projektname kann im aktuellen Kontext nicht gepr\u00FCft werden. -BuildTrigger.warning_access_control_for_builds_in_glo=Achtung: Die Zugriffskontrolle von Builds ist in der globalen Sicherheitskonfiguration nicht konfiguriert, daher wird erlaubt, beliebige Downstream-Builds zu starten. -BuildTrigger.warning_you_have_no_plugins_providing_ac=Achtung: Keine Plugins f\u00FCr die Zugriffskontrolle von Builds sind installiert, daher wird erlaubt, beliebige Downstream-Builds zu starten. -BuildTrigger.warning_this_build_has_no_associated_aut=Achtung: Dieser Build hat keine zugeordnete Authentifizierung, daher k\u00F6nnen Berechtigungen fehlen und Downstream-Builds ggf. nicht gestartet werden, wenn anonyme Nutzer auf diese keinen Zugriff haben. CommandInterpreter.CommandFailed=Befehlsausf\u00FChrung fehlgeschlagen CommandInterpreter.UnableToDelete=Kann Skriptdatei {0} nicht l\u00F6schen diff --git a/core/src/main/resources/hudson/tasks/Messages_pt_BR.properties b/core/src/main/resources/hudson/tasks/Messages_pt_BR.properties index 20d435e91ade7a97fc9f8853de345e3c19ccd15d..654a51657407fbd748920d5c0829acacab6daede 100644 --- a/core/src/main/resources/hudson/tasks/Messages_pt_BR.properties +++ b/core/src/main/resources/hudson/tasks/Messages_pt_BR.properties @@ -78,11 +78,5 @@ JavadocArchiver.NoMatchFound=Nenhum javadoc encontrado {0}: {1} ArtifactArchiver.SkipBecauseOnlyIfSuccessful=Arquivamento ignorado devido ao t\u00e9rmino do build sem sucesso # No project specified BuildTrigger.NoProjectSpecified=Nenhum projeto especificado -# Warning: \u2018Access Control for Builds\u2019 in global security configuration is empty, so falling back to legacy behavior of permitting any downstream builds to be triggered -BuildTrigger.warning_access_control_for_builds_in_glo=Aten\u00e7\u00e3o: o \u2018Controle de acesso para Builds\u2019 nas configura\u00e7\u00f5es de seguran\u00e7a globais est\u00e1 vazio, portanto retornando para o comportamento legado de permitir que quaisquer builds decendentes sejam disparados -# Warning: this build has no associated authentication, so build permissions may be lacking, and downstream projects which cannot even be seen by an anonymous user will be silently skipped -BuildTrigger.warning_this_build_has_no_associated_aut=Aten\u00e7\u00e3o: este build n\u00e3o possui authentica\u00e7\u00e3o associada, portanto permiss\u1ebds de build podem estar faltando, e projetos descendentes que n\u00e3o podem sequer ser vistos por um usu\u00e1rio an\u00f4nimo ser\u00e3o ignorados silenciosamente -# Warning: you have no plugins providing access control for builds, so falling back to legacy behavior of permitting any downstream builds to be triggered -BuildTrigger.warning_you_have_no_plugins_providing_ac=Aten\u00e7\u00e3o: voc\u00ea n\u00e3o possui plugins fornecendo controle de accesso para builds, portanto retornando para o comportamento legado de permitir que quaisquer builds descendentes sejam disparados # You have no permission to build {0} BuildTrigger.you_have_no_permission_to_build_=Voc\u00ea n\u00e3o tem permiss\u00e3o para construir {0} diff --git a/core/src/main/resources/hudson/tasks/Messages_sr.properties b/core/src/main/resources/hudson/tasks/Messages_sr.properties index a5eee350c3bbf8259165e4e464d3a62ed3a2a2c8..e2ff5d5fca93fb5bd042f00beb0f98ec5d79fcab 100644 --- a/core/src/main/resources/hudson/tasks/Messages_sr.properties +++ b/core/src/main/resources/hudson/tasks/Messages_sr.properties @@ -24,8 +24,6 @@ BuildTrigger.NoProjectSpecified=\u041D\u0438\u0458\u0435 \u043D\u0430\u0432\u043 BuildTrigger.NotBuildable={0} \u043D\u0435\u043C\u043E\u0436\u0435 \u0441\u0435 \u0438\u0437\u0433\u0440\u0430\u0434\u0438\u0442\u0438 BuildTrigger.Triggering=\u041F\u043E\u0447\u0438\u045A\u0435 \u043D\u043E\u0432\u0430 \u0438\u0437\u0433\u0440\u0430\u0434\u045A\u0430 \u0437\u0430 {0} BuildTrigger.ok_ancestor_is_null=\u041D\u0435\u043F\u043E\u0437\u043D\u0430\u0442 \u0440\u043E\u0434\u0438\u0442\u0435\u043B/\u043A\u043E\u043D\u0442\u0435\u043A\u0441\u0442: \u043D\u0430\u0432\u0435\u0434\u0435\u043D \u043F\u0440\u043E\u0458\u0435\u043A\u0430\u0442 \u043D\u0435\u043C\u043E\u0436\u0435 \u0431\u0438\u0442\u0438 \u043F\u0440\u043E\u0432\u0435\u0440\u0435\u043D -BuildTrigger.warning_access_control_for_builds_in_glo=\u0423\u043F\u043E\u0437\u043E\u0440\u0435\u045A\u0435: \u043F\u043E\u0459\u0435 '\u041A\u043E\u043D\u0442\u0440\u043E\u043B\u0430 \u043F\u0440\u0438\u0441\u0442\u0443\u043F\u0430' \u0443 \u043E\u043F\u0448\u0442\u0438\u043C \u043F\u043E\u0434\u0435\u0448\u0430\u0432\u0430\u045A\u0438\u043C\u0430 \u0431\u0435\u0437\u0431\u0435\u0434\u043D\u043E\u0441\u0442\u0438 \u043D\u0438\u0458\u0435 \u0438\u0441\u043F\u0443\u045A\u0435\u043Do. \u041A\u043E\u0440\u0438\u0441\u0442\u0438\u045B\u0435 \u0441\u0435 \u0441\u0442\u0430\u0440\u043E \u043F\u043E\u043D\u0430\u0448\u0430\u045A\u0435 \u043A\u043E\u0458\u0435 \u0434\u043E\u0437\u0432\u043E\u0459\u0430\u0432\u0430 \u0438\u0437\u0433\u0440\u0430\u0434\u045A\u0443 \u0441\u0432\u0438\u0445 \u0437\u0430\u0434\u0430\u0442\u0430\u043A\u0430 \u043A\u043E\u0458\u0435 \u0437\u0430\u0432\u0438\u0441\u0435 \u043E\u0434 \u043E\u0432\u0435. -BuildTrigger.warning_this_build_has_no_associated_aut=\u0423\u043F\u043E\u0437\u043E\u0440\u0435\u045A\u0435: \u043E\u0432\u0430 \u0438\u0437\u0433\u0440\u0430\u0434\u045A\u0430 \u043D\u0435\u043C\u0430 \u043A\u0430\u043D\u0430\u043B \u0430\u0443\u0442\u0435\u043D\u0442\u0438\u043A\u0430\u0446\u0438\u0435, \u043F\u0430 \u045B\u0435 \u0434\u043E\u0437\u0432\u043E\u043B\u0435 \u043D\u0435\u0434\u043E\u0441\u0442\u0430\u0458\u0430\u0442\u0438 \u0438 \u043E\u043D\u0438 \u043F\u0440\u043E\u0458\u0435\u043A\u0442\u0438 \u043A\u043E\u0458\u0438 \u0437\u0430\u0432\u0438\u0441\u0435 \u043E\u0434 \u043E\u0432\u0435 \u0430 \u043D\u0438\u0441\u0443 \u0432\u0438\u0434\u0459\u0438\u0432\u0438 \u0430\u043D\u043E\u043D\u0438\u043C\u043D\u0438\u043C \u043A\u043E\u0440\u0438\u0441\u043D\u0438\u0446\u0438\u043C\u0430, \u045B\u0435 \u0431\u0438\u0442\u0438 \u043F\u0440\u0435\u0441\u043A\u043E\u045B\u0435\u043D\u0438. BuildTrigger.you_have_no_permission_to_build_=\u041D\u0435\u043C\u0430\u0442\u0435 \u043F\u0440\u0430\u0432\u043E \u0434\u0430 \u0438\u0437\u0433\u0440\u0430\u0434\u0438\u0442\u0435 {0} CommandInterpreter.CommandFailed=\u0418\u0437\u0432\u0440\u0448\u0430\u0432\u0430\u045A\u0435 \u043A\u043E\u043C\u0430\u043D\u0434\u0435 \u043D\u0438\u0458\u0435 \u0443\u0441\u043F\u0435\u043B\u043E CommandInterpreter.UnableToDelete=\u041D\u0438\u0458\u0435 \u043C\u043E\u0433\u0443\u045B\u0435 \u0438\u0437\u0431\u0440\u0438\u0441\u0430\u0442\u0438 \u0441\u043A\u0440\u0438\u043F\u0442 {0} @@ -34,7 +32,6 @@ Fingerprinter.Aborted=\u041F\u0440\u0435\u043A\u0438\u043D\u0443\u0442\u043E Fingerprinter.Action.DisplayName=\u041F\u0440\u0435\u0433\u043B\u0435\u0434 \u0434\u0438\u0433\u0438\u0442\u0430\u043B\u043D\u0438\u0445 \u043E\u0442\u0438\u0441\u0430\u043A\u0430 Fingerprinter.DigestFailed=\u041D\u0438\u0458\u0435 \u0443\u0441\u043F\u0435\u043B\u043E \u043E\u0431\u0440\u0430\u0447\u0443\u043D \u043D\u0430 \u0434\u0438\u0433\u0438\u0442\u0430\u043B\u043D\u043E\u043C \u043E\u0442\u0438\u0441\u043A\u0443 {0} Fingerprinter.DisplayName=\u0421\u043D\u0438\u043C\u0438 \u0434\u0438\u0433\u0438\u0442\u0430\u043B\u043D\u0435 \u043E\u0442\u0438\u0441\u043A\u0435 \u0434\u0430\u0442\u043E\u0442\u0435\u043A\u0430 \u0434\u0430 \u043F\u0440\u0430\u0442\u0438\u0442\u0435 \u045A\u0438\u0445\u043E\u0432\u0443 \u0443\u043F\u043E\u0442\u0435\u0431\u0440\u0443 -BuildTrigger.warning_you_have_no_plugins_providing_ac=\u0423\u043F\u043E\u0437\u043E\u0440\u0435\u045A\u0435: \u043D\u0435\u043C\u0430\u0442\u0435 \u043C\u043E\u0434\u0443\u043B\u0435 \u043A\u043E\u0458\u0435 \u0434\u0435\u043B\u0435 \u043F\u0440\u0438\u0441\u0442\u0443\u043F, \u043F\u0430 \u0441\u0435 \u0432\u0440\u0430\u045B\u0430 \u043D\u0430\u0437\u0430\u0434 \u043D\u0430 \u0440\u0435\u0436\u0438\u043C \u043A\u043E\u0458\u0438 \u0438\u0437\u0430\u0437\u0438\u0432\u0430 \u0438\u0437\u0433\u0440\u0430\u0434\u045A\u0443 \u0438\u0437\u0432\u0438\u0441\u043D\u0438\u0445 \u0437\u0430\u0434\u0430\u0442\u0430\u043A\u0430. Fingerprinter.Failed=\u041D\u0435\u0443\u0441\u043F\u0435\u0448\u043D\u043E \u0441\u043D\u0438\u043C\u0430\u045A\u0435 \u0434\u0438\u0433\u0438\u0442\u0430\u043B\u043D\u0438\u0445 \u043E\u0442\u0438\u0441\u043A\u0430 Fingerprinter.FailedFor=\u041D\u0435\u0443\u0441\u043F\u0435\u0448\u043D\u043E \u0441\u043D\u0438\u043C\u0430\u045A\u0435 \u0434\u0438\u0433\u0438\u0442\u0430\u043B\u043D\u0438\u0443 \u043E\u0442\u0438\u0441\u043A\u0443 \u0437\u0430 {0} Fingerprinter.Recording=\u0421\u043D\u0438\u043C\u0430\u045A\u0435 \u0434\u0438\u0433\u0438\u0442\u0430\u043B\u043D\u0438\u0445 \u043E\u0442\u0438\u0441\u043A\u0430 @@ -52,4 +49,4 @@ Maven.NotMavenDirectory={0} \u043D\u0435 \u043B\u0438\u0447\u0438 \u043D\u0430 M Maven.NoExecutable=\u041D\u0438\u0458\u0435 \u043F\u0440\u043E\u043D\u0430\u0452\u0435\u043D\u043E \u0438\u0437\u0432\u0440\u0448\u043D\u0430 \u0434\u0430\u0442\u043E\u0442\u0435\u043A\u0430 \u0443 {0} Shell.DisplayName=\u0418\u0437\u0432\u0440\u0448\u0438 shell \u043A\u043E\u043C\u0430\u043D\u0434\u0443 Maven.NotADirectory={0} \u043D\u0438\u0458\u0435 \u0434\u0438\u0440\u0435\u043A\u0442\u043E\u0440\u0438\u0458\u0443\u043C -Indien= \ No newline at end of file +Indien= diff --git a/test/src/test/java/hudson/tasks/BuildTriggerTest.java b/test/src/test/java/hudson/tasks/BuildTriggerTest.java index fda4972badaabaa6b30707849a9ff4e847ea9e9e..206bbd061427bb9a2ed767f6a4b1198ba20f52df 100644 --- a/test/src/test/java/hudson/tasks/BuildTriggerTest.java +++ b/test/src/test/java/hudson/tasks/BuildTriggerTest.java @@ -69,6 +69,7 @@ import org.acegisecurity.context.SecurityContextHolder; import org.dom4j.DocumentException; import org.dom4j.io.SAXReader; import org.junit.Assume; +import org.junit.Before; import org.junit.ClassRule; import org.junit.Rule; import org.junit.Test; @@ -91,6 +92,11 @@ public class BuildTriggerTest { @ClassRule public static BuildWatcher buildWatcher = new BuildWatcher(); + @Before + public void runMoreQuickly() throws Exception { + j.jenkins.setQuietPeriod(0); + } + private FreeStyleProject createDownstreamProject() throws Exception { FreeStyleProject dp = j.createFreeStyleProject("downstream"); dp.setQuietPeriod(0); @@ -253,13 +259,12 @@ public class BuildTriggerTest { Cause.UpstreamCause cause = b2.getCause(Cause.UpstreamCause.class); assertNotNull(cause); assertEquals(b, cause.getUpstreamRun()); - // Now if we have configured some QIA’s but they are not active on this job, we should run as anonymous. Which would normally have no permissions: - QueueItemAuthenticatorConfiguration.get().getAuthenticators().replace(new MockQueueItemAuthenticator(Collections.emptyMap())); + // Now if we have configured some QIA’s but they are not active on this job, we should normally fall back to running as anonymous. Which would normally have no permissions: + QueueItemAuthenticatorConfiguration.get().getAuthenticators().replace(new MockQueueItemAuthenticator(Collections.singletonMap("upstream", Jenkins.ANONYMOUS))); assertDoCheck(alice, Messages.BuildTrigger_you_have_no_permission_to_build_(downstreamName), upstream, downstreamName); assertDoCheck(alice, null, null, downstreamName); b = j.buildAndAssertSuccess(upstream); j.assertLogNotContains(downstreamName, b); - j.assertLogContains(Messages.BuildTrigger_warning_this_build_has_no_associated_aut(), b); j.waitUntilNoActivity(); assertEquals(1, downstream.getLastBuild().number); // Unless we explicitly granted them: @@ -276,8 +281,6 @@ public class BuildTriggerTest { assertEquals(2, downstream.getLastBuild().number); FreeStyleProject simple = j.createFreeStyleProject("simple"); FreeStyleBuild b3 = j.buildAndAssertSuccess(simple); - // See discussion in BuildTrigger for why this is necessary: - j.assertLogContains(Messages.BuildTrigger_warning_this_build_has_no_associated_aut(), b3); // Finally, in legacy mode we run as SYSTEM: grantedPermissions.clear(); // similar behavior but different message if DescriptorImpl removed downstream.removeProperty(amp); @@ -288,11 +291,9 @@ public class BuildTriggerTest { assertDoCheck(alice, null, null, downstreamName); b = j.buildAndAssertSuccess(upstream); j.assertLogContains(downstreamName, b); - j.assertLogContains(Messages.BuildTrigger_warning_access_control_for_builds_in_glo(), b); j.waitUntilNoActivity(); assertEquals(3, downstream.getLastBuild().number); b3 = j.buildAndAssertSuccess(simple); - j.assertLogNotContains(Messages.BuildTrigger_warning_access_control_for_builds_in_glo(), b3); } private void assertDoCheck(Authentication auth, @CheckForNull String expectedError, AbstractProject project, String value) { FormValidation result; diff --git a/test/src/test/java/jenkins/triggers/ReverseBuildTriggerTest.java b/test/src/test/java/jenkins/triggers/ReverseBuildTriggerTest.java index e25a2613cb34f23afa0f1e07424d64928dda458c..7d18b353932d4c7300b16b05bd157874c66ba9dd 100644 --- a/test/src/test/java/jenkins/triggers/ReverseBuildTriggerTest.java +++ b/test/src/test/java/jenkins/triggers/ReverseBuildTriggerTest.java @@ -24,6 +24,7 @@ package jenkins.triggers; +import com.google.common.collect.ImmutableMap; import hudson.model.Cause; import hudson.model.Computer; import hudson.model.FreeStyleBuild; @@ -47,9 +48,12 @@ import org.acegisecurity.Authentication; import static org.hamcrest.Matchers.hasSize; import static org.hamcrest.core.IsNot.not; import static org.junit.Assert.*; +import org.junit.Before; +import org.junit.ClassRule; import org.junit.Rule; import org.junit.Test; +import org.jvnet.hudson.test.BuildWatcher; import org.jvnet.hudson.test.Issue; import org.jvnet.hudson.test.JenkinsRule; import org.jvnet.hudson.test.MockAuthorizationStrategy; @@ -57,8 +61,16 @@ import org.jvnet.hudson.test.MockQueueItemAuthenticator; public class ReverseBuildTriggerTest { + @ClassRule + public static BuildWatcher buildWatcher = new BuildWatcher(); + @Rule public JenkinsRule r = new JenkinsRule(); + @Before + public void runMoreQuickly() throws Exception { + r.jenkins.setQuietPeriod(0); + } + @Test public void configRoundtrip() throws Exception { r.createFreeStyleProject("upstream"); FreeStyleProject downstream = r.createFreeStyleProject("downstream"); @@ -100,19 +112,18 @@ public class ReverseBuildTriggerTest { // Legacy mode: alice has no read permission on upstream but it works anyway FreeStyleBuild b = r.buildAndAssertSuccess(upstream); r.assertLogContains(downstreamName, b); - r.assertLogContains(hudson.tasks.Messages.BuildTrigger_warning_access_control_for_builds_in_glo(), b); r.waitUntilNoActivity(); assertNotNull(JenkinsRule.getLog(b), downstream.getLastBuild()); assertEquals(1, downstream.getLastBuild().number); // A QIA is configured but does not specify any authentication for downstream, so upstream should not trigger it: - QueueItemAuthenticatorConfiguration.get().getAuthenticators().add(new MockQueueItemAuthenticator(Collections.singletonMap(upstreamName, User.get("admin").impersonate()))); + QueueItemAuthenticatorConfiguration.get().getAuthenticators().add(new MockQueueItemAuthenticator(ImmutableMap.of(upstreamName, User.get("admin").impersonate(), downstreamName, Jenkins.ANONYMOUS))); b = r.buildAndAssertSuccess(upstream); r.assertLogContains(downstreamName, b); r.assertLogContains(Messages.ReverseBuildTrigger_running_as_cannot_even_see_for_trigger_f("anonymous", upstreamName, downstreamName), b); r.waitUntilNoActivity(); assertEquals(1, downstream.getLastBuild().number); // Auth for upstream is defined but cannot see downstream, so no message is printed about it: - QueueItemAuthenticatorConfiguration.get().getAuthenticators().replace(new MockQueueItemAuthenticator(Collections.singletonMap(upstreamName, User.get("bob").impersonate()))); + QueueItemAuthenticatorConfiguration.get().getAuthenticators().replace(new MockQueueItemAuthenticator(ImmutableMap.of(upstreamName, User.get("bob").impersonate(), downstreamName, Jenkins.ANONYMOUS))); b = r.buildAndAssertSuccess(upstream); r.assertLogNotContains(downstreamName, b); r.waitUntilNoActivity(); @@ -163,6 +174,7 @@ public class ReverseBuildTriggerTest { auth.grant(Item.DISCOVER).onItems(upstream).to("anonymous"); qiaConfig = new HashMap(); qiaConfig.put(upstreamName, User.get("bob").impersonate()); + qiaConfig.put(downstreamName, Jenkins.ANONYMOUS); QueueItemAuthenticatorConfiguration.get().getAuthenticators().replace(new MockQueueItemAuthenticator(qiaConfig)); b = r.buildAndAssertSuccess(upstream); r.assertLogNotContains(downstreamName, b);