diff --git a/Jenkinsfile b/Jenkinsfile index 6ada015aa..e68dfffc5 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -109,6 +109,8 @@ for (int i = 0; i < splits.size(); i++) { if (jdk != 21 && jenkinsVersion == 'latest') { return } + // TODO enable on LTS line when it is based on 2.480 or later + def cspRule = jenkinsVersion == 'latest' def name = "${jenkinsVersion}-${platform}-jdk${jdk}-${browser}-split${index}" branches[name] = { stage(name) { @@ -144,7 +146,7 @@ for (int i = 0; i < splits.size(); i++) { set-java.sh ${jdk} eval \$(vnc.sh) java -version - run.sh ${browser} ${jenkinsVersion} -Dmaven.repo.local=${WORKSPACE_TMP}/m2repo -Dmaven.test.failure.ignore=true -DforkCount=1 -B + run.sh ${browser} ${jenkinsVersion} -Dmaven.repo.local=${WORKSPACE_TMP}/m2repo -Dmaven.test.failure.ignore=true -Dcsp.rule=${cspRule} -DforkCount=1 -B cp --verbose target/surefire-reports/TEST-*.xml /reports """ } diff --git a/src/main/java/org/jenkinsci/test/acceptance/junit/CspRule.java b/src/main/java/org/jenkinsci/test/acceptance/junit/CspRule.java new file mode 100644 index 000000000..faefff117 --- /dev/null +++ b/src/main/java/org/jenkinsci/test/acceptance/junit/CspRule.java @@ -0,0 +1,50 @@ +package org.jenkinsci.test.acceptance.junit; + +import com.google.inject.Inject; +import com.google.inject.Injector; +import org.jenkinsci.test.acceptance.po.GlobalSecurityConfig; +import org.jenkinsci.test.acceptance.po.Jenkins; +import org.jenkinsci.test.acceptance.update_center.PluginSpec; +import org.junit.rules.TestRule; +import org.junit.runner.Description; +import org.junit.runners.model.Statement; + +@GlobalRule +public final class CspRule implements TestRule { + + @Inject + private Injector injector; + + @Override + public Statement apply(final Statement base, final Description d) { + return new Statement() { + @Override + public void evaluate() throws Throwable { + if (isEnabled() + && d.getAnnotation(WithInstallWizard.class) == null + && d.getTestClass().getAnnotation(WithInstallWizard.class) == null) { + Jenkins jenkins = injector.getInstance(Jenkins.class); + + PluginSpec plugin = new PluginSpec("csp"); + jenkins.getPluginManager().installPlugins(plugin); + + GlobalSecurityConfig security = new GlobalSecurityConfig(jenkins); + security.open(); + security.disableCspReportOnly(); + security.save(); + } + base.evaluate(); + } + + private static boolean isEnabled() { + if (System.getProperty("csp.rule") == null) { + return false; + } + if (System.getProperty("csp.rule").isEmpty()) { + return true; + } + return Boolean.getBoolean("csp.rule"); + } + }; + } +} diff --git a/src/main/java/org/jenkinsci/test/acceptance/po/GlobalSecurityConfig.java b/src/main/java/org/jenkinsci/test/acceptance/po/GlobalSecurityConfig.java index ca80929d0..3f670b8b6 100644 --- a/src/main/java/org/jenkinsci/test/acceptance/po/GlobalSecurityConfig.java +++ b/src/main/java/org/jenkinsci/test/acceptance/po/GlobalSecurityConfig.java @@ -27,6 +27,7 @@ import java.net.URL; import org.jenkinsci.test.acceptance.plugins.authorize_project.BuildAccessControl; import org.jenkinsci.test.acceptance.plugins.git_client.ssh_host_key_verification.SshHostKeyVerificationStrategy; +import org.openqa.selenium.By; import org.openqa.selenium.NoSuchElementException; import org.openqa.selenium.WebElement; @@ -83,6 +84,10 @@ private void maybeCheckUseSecurity() { } } + public void disableCspReportOnly() { + control(By.name("_.reportOnly")).uncheck(); + } + public T addBuildAccessControl(final Class type) { final String path = createPageArea("/jenkins-security-QueueItemAuthenticatorConfiguration/authenticators", () -> control(