Add field impersonationAllowedFor to autoCreateTestUsers (#738)

This closes #723

accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/AutoCreateTestUsersConfig.java

@@ -13,6 +13,7 @@
  * #L%
  */
 
+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
 import java.util.Map;
@@ -24,14 +25,15 @@
 /** Allows to automatically create test users. */
 public class AutoCreateTestUsersConfig {
 
-    private static final String KEY_PREFIX = "prefix";
+    static final String KEY_PREFIX = "prefix";
     private static final String KEY_NAME = "name";
     private static final String KEY_EMAIL = "email";
     private static final String KEY_DESCRIPTION = "description";
     private static final String KEY_PASSWORD = "password";
     private static final String KEY_SKIP_FOR_RUNMODES = "skipForRunmodes";
-    private static final String KEY_CREATE_FOR_GROUP_NAMES_REG_EX = "createForGroupNamesRegEx";
-    private static final String KEY_PATH = "path";
+    static final String KEY_CREATE_FOR_GROUP_NAMES_REG_EX = "createForGroupNamesRegEx";
+    static final String KEY_PATH = "path";
+    static final String KEY_IMPERSONATION_ALLOWED_FOR = "impersonationAllowedFor";
 
     private static final List<String> DEFAULT_PRODUCTION_RUNMODES = Arrays.asList("prod", "production");
 
@@ -43,6 +45,7 @@ public class AutoCreateTestUsersConfig {
     private final List<String> skipForRunmodes;
     private final String createForGroupNamesRegEx;
     private final String path;
+    private List<String> impersonationAllowedFor;
 
     public AutoCreateTestUsersConfig(Map map) {
         if (!map.containsKey(KEY_PREFIX)) {
@@ -78,6 +81,16 @@ public AutoCreateTestUsersConfig(Map map) {
         }
 
         this.path = String.valueOf(map.get(KEY_PATH));
+
+        Object impersonationAllowedForObj = map.get(KEY_IMPERSONATION_ALLOWED_FOR);
+        if (impersonationAllowedForObj == null) {
+            this.impersonationAllowedFor = new ArrayList<>();
+        }
+        else if (impersonationAllowedForObj instanceof List) {
+            this.impersonationAllowedFor = (List<String>) impersonationAllowedForObj;
+        } else {
+            throw new IllegalArgumentException("Property \"" + KEY_IMPERSONATION_ALLOWED_FOR + "\" must be a list");
+        }
     }
 
     public String getPrefix() {
@@ -111,4 +124,8 @@ public String getDescription() {
     public String getEmail() {
         return email;
     }
+
+    public List<String> getImpersonationAllowedFor() {
+        return impersonationAllowedFor;
+    }
 }

accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/TestUserConfigsCreator.java

@@ -81,6 +81,7 @@ void createTestUserConfigs(AcConfiguration acConfiguration, InstallationLogger l
                 testUserConfigBean.setAuthorizableId(testUserAuthId);
                 testUserConfigBean.setPath(autoCreateTestUsersConf.getPath());
                 testUserConfigBean.setIsMemberOf(new String[] { groupId });
+                testUserConfigBean.setImpersonationAllowedFor(autoCreateTestUsersConf.getImpersonationAllowedFor());
 
                 String name = StringUtils.defaultIfEmpty(autoCreateTestUsersConf.getName(), "Test User %{group.name}");
                 testUserConfigBean.setName(processValue(name, vars));
@@ -91,7 +92,7 @@ void createTestUserConfigs(AcConfiguration acConfiguration, InstallationLogger l
                 if(StringUtils.isNotBlank(autoCreateTestUsersConf.getDescription())) {
                     testUserConfigBean.setDescription(processValue(autoCreateTestUsersConf.getDescription(), vars));
                 }
-                
+
                 String password = autoCreateTestUsersConf.getPassword();
                 if(StringUtils.isNotBlank(password)) {
                     password = processValue(password, vars); // allow for pws ala "pw%{group.id}"

accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configmodel/AutoCreateTestUsersConfigTest.java

@@ -0,0 +1,55 @@
+package biz.netcentric.cq.tools.actool.configmodel;
+
+/*-
+ * #%L
+ * Access Control Tool Bundle
+ * %%
+ * Copyright (C) 2015 - 2024 Cognizant Netcentric
+ * %%
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ * #L%
+ */
+
+import org.jetbrains.annotations.NotNull;
+import org.junit.jupiter.api.Test;
+
+import java.util.*;
+
+import static biz.netcentric.cq.tools.actool.configmodel.AutoCreateTestUsersConfig.*;
+import static org.junit.jupiter.api.Assertions.*;
+
+class AutoCreateTestUsersConfigTest {
+
+    @Test
+    void shouldNotContainImpersonalizationAllowedFor() {
+        Map<String, Object> configMap = initializeConfigMap(null);
+        assertEquals(new ArrayList<>(), (new AutoCreateTestUsersConfig(configMap)).getImpersonationAllowedFor());
+    }
+
+    @Test()
+    void shouldNotContainImpersonalizationAllowedFor2() {
+        Map<String, Object> configMap = initializeConfigMap("invalidValue");
+        Exception exception = assertThrows(IllegalArgumentException.class, () -> {
+            new AutoCreateTestUsersConfig(configMap);
+        });
+        assertEquals("Property \"" + KEY_IMPERSONATION_ALLOWED_FOR + "\" must be a list", exception.getMessage());
+    }
+    @Test
+    void shouldNotImpersonalizationAllowedFor() {
+        Map<String, Object> map = initializeConfigMap(Arrays.asList("user1"));
+        assertEquals(Arrays.asList("user1"), (new AutoCreateTestUsersConfig(map)).getImpersonationAllowedFor());
+    }
+
+    @NotNull
+    private static Map<String, Object> initializeConfigMap(Object allowedFor) {
+        Map<String, Object> map = new HashMap<>();
+        map.put(KEY_PATH, "/");
+        map.put(KEY_PREFIX, "prefix");
+        map.put(KEY_CREATE_FOR_GROUP_NAMES_REG_EX, "");
+        map.put(KEY_IMPERSONATION_ALLOWED_FOR, allowedFor);
+        return map;
+    }
+}

accesscontroltool-exampleconfig-package/src/main/jcr_root/apps/netcentric/actool-exampleconfig/simple/testgroup/config.yaml

@@ -1,3 +1,11 @@
+- global_config:
+    autoCreateTestUsers:
+      createForGroupNamesRegEx: "(testgroup)-.*"
+      prefix: "testuser-"
+      name: "TU %{group.name}"
+      path: /home/users/myproj-test-users
+      impersonationAllowedFor: [dummy]
+
 - group_config:
 
     - testgroup-tags:
@@ -7,11 +15,30 @@
          members: 
          path: t
 
+    - dummygroup-dam:
+
+        - name: Dummy group for DAM management
+          isMemberOf:
+          members:
+          path: d
+
 - ace_config:
 
     - testgroup-tags:
 
        - path: /content/cq:tags
          permission: allow
          actions: read
-         privileges: 
+         privileges:
+
+    - dummygroup-dam:
+
+        - path: /content/dam
+          permission: allow
+          actions: read
+          privileges:
+
+- user_config:
+    - dummy:
+        - isMemberOf: dummygroup-dam
+          password: "password"

docs/AdvancedFeatures.md

@@ -292,6 +292,7 @@ property | comment | required
 `path` | The location where the test users shall be created | required
 `password` | The password for all test users to be created. Can be encrypted using CryptoSupport. Defaults simply to the authorizable id of the test user. Allows for interpolation with EL *) | optional
 `skipForRunmodes` | The configuration is placed in a regular config file, hence it is possible to add one to an author configuration (located in e.g. in a folder "config.author" and one to a publish configuration (e.g. folder "config.publish"). To avoid creating special runmodes folders just for this configuration that list all runmodes except production, skipForRunmodes can be a comma-separated list of runmodes, where the users are not created.  Defaults to prod,production | optional
+`impersonationAllowedFor` | List of users that can impersonate auto-created test users | optional
 
 *) Interpolation of group properties can be used with EL, however as `$` is evaluated at an earlier stage, `%{}` is used here. Available is `%{group.id}`, `%{group.name}`, `%{group.path}` or expressions like `%{split(group.path,'/')[2]}`.
 

pom.xml

@@ -591,6 +591,11 @@
                                     <goals>
                                         <goal>install</goal>
                                     </goals>
+                                    <configuration>
+                                        <targetURL>http://${crx.host}:${crx.port}/crx/packmgr/service.jsp</targetURL>
+                                        <username>${crx.username}</username>
+                                        <password>${crx.password}</password>
+                                    </configuration>
                                 </execution>
                             </executions>
                         </plugin>