Run ATH with CSP

jenkinsci · Oct 1, 2024 · 3269ddc · 3269ddc
1 parent 5fd5c02
commit 3269ddc
Show file tree

Hide file tree

Showing 4 changed files with 60 additions and 2 deletions.
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -39,7 +39,7 @@ if (needSplittingFromWorkspace) {
 }
 
 def axes = [
-  jenkinsVersions: ['lts', 'latest'],
+  jenkinsVersions: ['latest'],
   platforms: ['linux'],
   jdks: [17, 21],
   browsers: ['firefox'],

diff --git a/pom.xml b/pom.xml
@@ -29,7 +29,8 @@
   <properties>
     <changelist>999999-SNAPSHOT</changelist>
     <spotbugs.skip>true</spotbugs.skip>
-    <jenkins.version>2.478</jenkins.version>
+    <!-- TODO https://github.com/jenkinsci/jenkins/pull/6867 -->
+    <jenkins.version>2.479-rc35397.f9a_d8fa_b_dc44</jenkins.version>
     <selenium.version>4.25.0</selenium.version>
     <!-- aligned with selenium -->
     <guava.version>33.3.1-jre</guava.version>
@@ -491,6 +492,10 @@ and
           </systemPropertyVariables>
           <!-- SUREFIRE-1588 workaround; too late for systemProperties: -->
           <argLine>-Djdk.net.URLClassPath.disableClassPathURLCheck=true</argLine>
+          <environmentVariables>
+            <!-- Use local version of the plugin over the released one ATH would otherwise use -->
+            <LOCAL_JARS>target/matrix-project.hpi</LOCAL_JARS>
+          </environmentVariables>
         </configuration>
       </plugin>
       <plugin>
@@ -805,6 +810,13 @@ and
                       <version>${jenkins.version}</version>
                       <type>war</type>
                     </artifactItem>
+                    <!-- TODO https://github.com/jenkinsci/matrix-project-plugin/pull/130 -->
+                    <artifactItem>
+                      <groupId>org.jenkins-ci.plugins</groupId>
+                      <artifactId>matrix-project</artifactId>
+                      <version>846.v4f1c596a_210a_</version>
+                      <type>hpi</type>
+                    </artifactItem>
                   </artifactItems>
                   <outputDirectory>${project.build.directory}</outputDirectory>
                   <stripVersion>true</stripVersion>

diff --git a/src/main/java/org/jenkinsci/test/acceptance/junit/CspRule.java b/src/main/java/org/jenkinsci/test/acceptance/junit/CspRule.java
@@ -0,0 +1,41 @@
+package org.jenkinsci.test.acceptance.junit;
+
+import com.google.inject.Inject;
+import com.google.inject.Injector;
+import java.util.logging.Logger;
+import org.jenkinsci.test.acceptance.po.GlobalSecurityConfig;
+import org.jenkinsci.test.acceptance.po.Jenkins;
+import org.jenkinsci.test.acceptance.update_center.PluginSpec;
+import org.junit.rules.TestRule;
+import org.junit.runner.Description;
+import org.junit.runners.model.Statement;
+
+@GlobalRule
+public final class CspRule implements TestRule {
+
+    private static final Logger LOGGER = Logger.getLogger(CspRule.class.getName());
+
+    @Inject
+    Injector injector;
+
+    @Override
+    public Statement apply(final Statement base, final Description d) {
+        return new Statement() {
+            private Jenkins jenkins;
+
+            @Override
+            public void evaluate() throws Throwable {
+                jenkins = injector.getInstance(Jenkins.class);
+                final PluginSpec plugin = new PluginSpec("csp");
+                LOGGER.info("Installing plugin for test: " + plugin);
+                jenkins.getPluginManager().installPlugins(plugin);
+                LOGGER.info("Configuring CSP plugin for test");
+                final GlobalSecurityConfig security = new GlobalSecurityConfig(jenkins);
+                security.open();
+                security.disableCspReportOnly();
+                security.save();
+                base.evaluate();
+            }
+        };
+    }
+}
diff --git a/src/main/java/org/jenkinsci/test/acceptance/po/GlobalSecurityConfig.java b/src/main/java/org/jenkinsci/test/acceptance/po/GlobalSecurityConfig.java
@@ -27,6 +27,7 @@
 import java.net.URL;
 import org.jenkinsci.test.acceptance.plugins.authorize_project.BuildAccessControl;
 import org.jenkinsci.test.acceptance.plugins.git_client.ssh_host_key_verification.SshHostKeyVerificationStrategy;
+import org.openqa.selenium.By;
 import org.openqa.selenium.NoSuchElementException;
 import org.openqa.selenium.WebElement;
 
@@ -83,6 +84,10 @@ private void maybeCheckUseSecurity() {
         }
     }
 
+    public void disableCspReportOnly() {
+        control(By.name("_.reportOnly")).uncheck();
+    }
+
     public <T extends BuildAccessControl> T addBuildAccessControl(final Class<T> type) {
         final String path =
                 createPageArea("/jenkins-security-QueueItemAuthenticatorConfiguration/authenticators", () -> control(