Register Scriptler permissions on startup

Ensure that the Scriptler permissions are registered on Jenkins startup
so that we can use them during CasC configuration.

Author: mtughan

pom.xml

@@ -77,12 +77,24 @@
       <artifactId>token-macro</artifactId>
     </dependency>
 
+    <dependency>
+      <groupId>io.jenkins.configuration-as-code</groupId>
+      <artifactId>test-harness</artifactId>
+      <scope>test</scope>
+    </dependency>
+
     <dependency>
       <groupId>nl.jqno.equalsverifier</groupId>
       <artifactId>equalsverifier</artifactId>
       <version>3.17.4</version>
       <scope>test</scope>
     </dependency>
+
+    <dependency>
+      <groupId>org.jenkins-ci.plugins</groupId>
+      <artifactId>matrix-auth</artifactId>
+      <scope>test</scope>
+    </dependency>
   </dependencies>
 
   <repositories>

src/main/java/org/jenkinsci/plugins/scriptler/ScriptlerPermissions.java

@@ -1,5 +1,8 @@
 package org.jenkinsci.plugins.scriptler;
 
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
+import hudson.init.InitMilestone;
+import hudson.init.Initializer;
 import hudson.security.Permission;
 import hudson.security.PermissionGroup;
 import hudson.security.PermissionScope;
@@ -26,4 +29,13 @@ public final class ScriptlerPermissions {
     public static final Permission BYPASS_APPROVAL = Jenkins.ADMINISTER;
 
     private ScriptlerPermissions() {}
+
+    @SuppressFBWarnings(
+            value = "RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT",
+            justification = "getEnabled return value discarded")
+    @Initializer(after = InitMilestone.PLUGINS_STARTED, before = InitMilestone.EXTENSIONS_AUGMENTED)
+    public static void ensurePermissionsRegistered() {
+        CONFIGURE.getEnabled();
+        RUN_SCRIPTS.getEnabled();
+    }
 }

src/test/java/org/jenkinsci/plugins/scriptler/ScriptlerPermissionsTests.java

@@ -0,0 +1,25 @@
+package org.jenkinsci.plugins.scriptler;
+
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import hudson.security.SecurityRealm;
+import io.jenkins.plugins.casc.misc.ConfiguredWithCode;
+import io.jenkins.plugins.casc.misc.JenkinsConfiguredWithCodeRule;
+import io.jenkins.plugins.casc.misc.junit.jupiter.WithJenkinsConfiguredWithCode;
+import org.junit.jupiter.api.Test;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+
+@WithJenkinsConfiguredWithCode
+class ScriptlerPermissionsTests {
+    @ConfiguredWithCode("/casc.yaml")
+    @Test
+    void permissionsAreAvailableOnStartup(JenkinsConfiguredWithCodeRule rule) throws Exception {
+        SecurityRealm realm = rule.createDummySecurityRealm();
+        rule.jenkins.setSecurityRealm(realm);
+
+        UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken("user", "user");
+        Authentication a = realm.getSecurityComponents().manager2.authenticate(authRequest);
+        assertTrue(rule.jenkins.hasPermission2(a, ScriptlerPermissions.CONFIGURE));
+    }
+}

src/test/resources/casc.yaml

@@ -0,0 +1,9 @@
+jenkins:
+  authorizationStrategy:
+    projectMatrix:
+      entries:
+        - group:
+            name: authenticated
+            permissions:
+              - "Scriptler/Configure"
+              - "Scriptler/RunScripts"