Search in sources :

Example 1 with AbstractSecurityEnabledResource

use of alien4cloud.security.AbstractSecurityEnabledResource in project alien4cloud by alien4cloud.

the class ResourcePermissionServiceTest method when_permission_added_at_application_level_remove_any_permissions_hidden_at_lower_level.

@Test
public void when_permission_added_at_application_level_remove_any_permissions_hidden_at_lower_level() {
    // Given
    resourceSecured = new AbstractSecurityEnabledResource() {

        @Override
        public String getId() {
            return "id";
        }
    };
    HashSet<Permission> permissions = new HashSet<>();
    permissions.add(Permission.ADMIN);
    resourceSecured.addPermissions(Subject.APPLICATION, "subject1", new HashSet<>(permissions));
    resourceSecured.addPermissions(Subject.ENVIRONMENT, "subject1_1", new HashSet<>(permissions));
    resourceSecured.addPermissions(Subject.ENVIRONMENT, "subject1_2", new HashSet<>(permissions));
    resourceSecured.addPermissions(Subject.ENVIRONMENT_TYPE, "subject1:INTEGRATION_TESTS", new HashSet<>(permissions));
    ApplicationEnvironment ae1 = new ApplicationEnvironment();
    ae1.setId("subject1_1");
    ae1.setEnvironmentType(EnvironmentType.INTEGRATION_TESTS);
    ApplicationEnvironment ae2 = new ApplicationEnvironment();
    ae2.setId("subject1_2");
    ae2.setEnvironmentType(EnvironmentType.INTEGRATION_TESTS);
    Mockito.when(applicationEnvironmentService.getByApplicationId("subject1")).thenReturn(new ApplicationEnvironment[] { ae1, ae2 });
    // When
    service.grantAuthorizedEnvironmentsAndEnvTypesPerApplication((AbstractSecurityEnabledResource) resourceSecured, new String[] { "subject1" }, new String[] { "subject1_1", "subject1_2" }, new String[] { "subject_env_1_1" });
    // Then
    verify(alienDAO).save(resourceSecuredCaptor.capture());
    assertThat(resourceSecuredCaptor.getValue().getPermissions(Subject.APPLICATION, "subject1")).containsExactly(Permission.ADMIN);
    assertThat(resourceSecuredCaptor.getValue().getPermissions(Subject.ENVIRONMENT, "subject1_1")).isEmpty();
    assertThat(resourceSecuredCaptor.getValue().getPermissions(Subject.ENVIRONMENT, "subject1_2")).isEmpty();
    assertThat(resourceSecuredCaptor.getValue().getPermissions(Subject.ENVIRONMENT_TYPE, "subject1:INTEGRATION_TESTS")).isEmpty();
}
Also used : Permission(alien4cloud.security.Permission) AbstractSecurityEnabledResource(alien4cloud.security.AbstractSecurityEnabledResource) ApplicationEnvironment(alien4cloud.model.application.ApplicationEnvironment) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 2 with AbstractSecurityEnabledResource

use of alien4cloud.security.AbstractSecurityEnabledResource in project alien4cloud by alien4cloud.

the class ResourcePermissionServiceTest method when_permission_added_at_application_level_unrelated_environment_and_env_type_are_unmodified.

@Test
public void when_permission_added_at_application_level_unrelated_environment_and_env_type_are_unmodified() {
    // Given
    resourceSecured = new AbstractSecurityEnabledResource() {

        @Override
        public String getId() {
            return "id";
        }
    };
    HashSet<Permission> permissions = new HashSet<>();
    permissions.add(Permission.ADMIN);
    resourceSecured.addPermissions(Subject.APPLICATION, "subject1", new HashSet<>(permissions));
    resourceSecured.addPermissions(Subject.ENVIRONMENT, "subject1_1", new HashSet<>(permissions));
    resourceSecured.addPermissions(Subject.ENVIRONMENT, "subject2_1", new HashSet<>(permissions));
    resourceSecured.addPermissions(Subject.ENVIRONMENT_TYPE, "subject1:INTEGRATION_TESTS", new HashSet<>(permissions));
    ApplicationEnvironment ae1 = new ApplicationEnvironment();
    ae1.setId("subject1_1");
    ae1.setEnvironmentType(EnvironmentType.INTEGRATION_TESTS);
    ApplicationEnvironment ae2 = new ApplicationEnvironment();
    ae2.setId("subject2_1");
    ae2.setEnvironmentType(EnvironmentType.INTEGRATION_TESTS);
    Mockito.when(applicationEnvironmentService.getByApplicationId("subject1")).thenReturn(new ApplicationEnvironment[] { ae1 });
    // When
    service.grantAuthorizedEnvironmentsAndEnvTypesPerApplication((AbstractSecurityEnabledResource) resourceSecured, new String[] { "subject1" }, new String[] { "subject1_1", "subject2_1" }, new String[] { EnvironmentType.INTEGRATION_TESTS.toString() });
    // Then
    verify(alienDAO).save(resourceSecuredCaptor.capture());
    assertThat(resourceSecuredCaptor.getValue().getPermissions(Subject.APPLICATION, "subject1")).containsExactly(Permission.ADMIN);
    assertThat(resourceSecuredCaptor.getValue().getPermissions(Subject.ENVIRONMENT, "subject1_1")).isEmpty();
    assertThat(resourceSecuredCaptor.getValue().getPermissions(Subject.ENVIRONMENT, "subject2_1")).containsExactly(Permission.ADMIN);
    assertThat(resourceSecuredCaptor.getValue().getPermissions(Subject.ENVIRONMENT_TYPE, EnvironmentType.INTEGRATION_TESTS.toString())).containsExactly(Permission.ADMIN);
}
Also used : Permission(alien4cloud.security.Permission) AbstractSecurityEnabledResource(alien4cloud.security.AbstractSecurityEnabledResource) ApplicationEnvironment(alien4cloud.model.application.ApplicationEnvironment) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 3 with AbstractSecurityEnabledResource

use of alien4cloud.security.AbstractSecurityEnabledResource in project alien4cloud by alien4cloud.

the class ResourcePermissionServiceTest method when_many_app_env_permission_are_revoked_the_resource_is_saved_only_one_time.

@Test
public void when_many_app_env_permission_are_revoked_the_resource_is_saved_only_one_time() throws Exception {
    // Given
    resourceSecured = new AbstractSecurityEnabledResource() {

        @Override
        public String getId() {
            return "id";
        }
    };
    HashSet<Permission> permissions = new HashSet<>();
    permissions.add(Permission.ADMIN);
    resourceSecured.addPermissions(Subject.APPLICATION, "subject1", new HashSet<>(permissions));
    resourceSecured.addPermissions(Subject.ENVIRONMENT, "subject1_1", new HashSet<>(permissions));
    resourceSecured.addPermissions(Subject.ENVIRONMENT, "subject1_2", new HashSet<>(permissions));
    resourceSecured.addPermissions(Subject.ENVIRONMENT_TYPE, "subject_env_1_1", new HashSet<>(permissions));
    ApplicationEnvironment ae1 = new ApplicationEnvironment();
    ae1.setId("subject1_1");
    ApplicationEnvironment ae2 = new ApplicationEnvironment();
    ae2.setId("subject1_2");
    Mockito.when(applicationEnvironmentService.getByApplicationId("subject1")).thenReturn(new ApplicationEnvironment[] { ae1, ae2 });
    // When
    service.revokeAuthorizedEnvironmentsAndEnvironmentTypesPerApplication((AbstractSecurityEnabledResource) resourceSecured, new String[] { "subject1" }, new String[] { "subject1_1", "subject1_2" }, new String[] { "subject_env_1_1" });
    // Then
    verify(alienDAO).save(resourceSecuredCaptor.capture());
}
Also used : Permission(alien4cloud.security.Permission) AbstractSecurityEnabledResource(alien4cloud.security.AbstractSecurityEnabledResource) ApplicationEnvironment(alien4cloud.model.application.ApplicationEnvironment) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 4 with AbstractSecurityEnabledResource

use of alien4cloud.security.AbstractSecurityEnabledResource in project alien4cloud by alien4cloud.

the class ResourcePermissionServiceTest method check_revoked_permissions_have_been_removed_from_resource.

@Test
public void check_revoked_permissions_have_been_removed_from_resource() {
    // Given
    resourceSecured = new AbstractSecurityEnabledResource() {

        @Override
        public String getId() {
            return "id";
        }
    };
    HashSet<Permission> permissions = new HashSet<>();
    permissions.add(Permission.READ);
    permissions.add(Permission.ADMIN);
    resourceSecured.addPermissions(Subject.APPLICATION, "subject1", new HashSet<>(permissions));
    resourceSecured.addPermissions(Subject.APPLICATION, "subject3", new HashSet<>(permissions));
    // When
    service.revokePermission(resourceSecured, resourceSaver, Subject.APPLICATION, "subject1", "subject2");
    // Then
    verify(resourceSaver).save(resourceSecuredCaptor.capture());
    ISecurityEnabledResource resourceSecuredSaved = resourceSecuredCaptor.getValue();
    assertThat(resourceSecuredSaved.getPermissions(Subject.APPLICATION, "subject1")).containsExactly(Permission.READ);
    assertThat(resourceSecuredSaved.getPermissions(Subject.APPLICATION, "subject2")).isEmpty();
    assertThat(resourceSecuredSaved.getPermissions(Subject.APPLICATION, "subject3")).containsExactlyInAnyOrder(Permission.ADMIN, Permission.READ);
}
Also used : ISecurityEnabledResource(alien4cloud.security.ISecurityEnabledResource) Permission(alien4cloud.security.Permission) AbstractSecurityEnabledResource(alien4cloud.security.AbstractSecurityEnabledResource) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 5 with AbstractSecurityEnabledResource

use of alien4cloud.security.AbstractSecurityEnabledResource in project alien4cloud by alien4cloud.

the class ResourcePermissionService method grantAuthorizedEnvironmentsAndEnvTypesPerApplication.

public void grantAuthorizedEnvironmentsAndEnvTypesPerApplication(AbstractSecurityEnabledResource resource, String[] applicationsToAdd, String[] environmentsToAdd, String[] environmentTypesToAdd) {
    List<String> envIds = Lists.newArrayList();
    IResourceSaver noSave = null;
    if (ArrayUtils.isNotEmpty(applicationsToAdd)) {
        grantPermission(resource, noSave, Subject.APPLICATION, applicationsToAdd);
        // when an app is added, all eventual existing env authorizations are removed
        for (String applicationToAddId : applicationsToAdd) {
            ApplicationEnvironment[] aes = applicationEnvironmentService.getByApplicationId(applicationToAddId);
            for (ApplicationEnvironment ae : aes) {
                envIds.add(ae.getId());
            }
        }
        if (!envIds.isEmpty()) {
            revokePermission(resource, noSave, Subject.ENVIRONMENT, envIds.toArray(new String[envIds.size()]));
        }
        // remove all all eventual existing env type authorizations
        Set<String> envTypes = Sets.newHashSet();
        for (String applicationToAddId : applicationsToAdd) {
            for (EnvironmentType envType : EnvironmentType.values()) {
                envTypes.add(applicationToAddId + ":" + envType.toString());
            }
        }
        if (!envTypes.isEmpty()) {
            revokePermission(resource, noSave, Subject.ENVIRONMENT_TYPE, envTypes.toArray(new String[envTypes.size()]));
        }
    }
    if (ArrayUtils.isNotEmpty(environmentsToAdd)) {
        List<String> envToAddSet = Arrays.stream(environmentsToAdd).filter(env -> !envIds.contains(env)).collect(Collectors.toList());
        grantPermission(resource, noSave, Subject.ENVIRONMENT, envToAddSet.toArray(new String[envToAddSet.size()]));
    }
    if (ArrayUtils.isNotEmpty(environmentTypesToAdd)) {
        grantPermission(resource, noSave, Subject.ENVIRONMENT_TYPE, environmentTypesToAdd);
    }
    alienDAO.save(resource);
}
Also used : BeforePermissionRevokedEvent(org.alien4cloud.alm.events.BeforePermissionRevokedEvent) Lists(org.elasticsearch.common.collect.Lists) Arrays(java.util.Arrays) ApplicationEnvironmentService(alien4cloud.application.ApplicationEnvironmentService) Subject(alien4cloud.security.Subject) AbstractSecurityEnabledResource(alien4cloud.security.AbstractSecurityEnabledResource) ArrayUtils(org.apache.commons.lang3.ArrayUtils) User(alien4cloud.security.model.User) Inject(javax.inject.Inject) Service(org.springframework.stereotype.Service) Map(java.util.Map) ApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher) MapUtils(org.apache.commons.collections4.MapUtils) Permission(alien4cloud.security.Permission) ApplicationEnvironment(alien4cloud.model.application.ApplicationEnvironment) Resource(javax.annotation.Resource) Set(java.util.Set) IGenericSearchDAO(alien4cloud.dao.IGenericSearchDAO) Collectors(java.util.stream.Collectors) Sets(com.google.common.collect.Sets) IAlienGroupDao(alien4cloud.security.groups.IAlienGroupDao) IAlienUserDao(alien4cloud.security.users.IAlienUserDao) List(java.util.List) ISecurityEnabledResource(alien4cloud.security.ISecurityEnabledResource) Group(alien4cloud.security.model.Group) EnvironmentType(alien4cloud.model.application.EnvironmentType) AllArgsConstructor(lombok.AllArgsConstructor) Comparator(java.util.Comparator) AfterPermissionRevokedEvent(org.alien4cloud.alm.events.AfterPermissionRevokedEvent) NoArgsConstructor(lombok.NoArgsConstructor) EnvironmentType(alien4cloud.model.application.EnvironmentType) ApplicationEnvironment(alien4cloud.model.application.ApplicationEnvironment)

Aggregations

AbstractSecurityEnabledResource (alien4cloud.security.AbstractSecurityEnabledResource)5 Permission (alien4cloud.security.Permission)5 ApplicationEnvironment (alien4cloud.model.application.ApplicationEnvironment)4 HashSet (java.util.HashSet)4 Test (org.junit.Test)4 ISecurityEnabledResource (alien4cloud.security.ISecurityEnabledResource)2 ApplicationEnvironmentService (alien4cloud.application.ApplicationEnvironmentService)1 IGenericSearchDAO (alien4cloud.dao.IGenericSearchDAO)1 EnvironmentType (alien4cloud.model.application.EnvironmentType)1 Subject (alien4cloud.security.Subject)1 IAlienGroupDao (alien4cloud.security.groups.IAlienGroupDao)1 Group (alien4cloud.security.model.Group)1 User (alien4cloud.security.model.User)1 IAlienUserDao (alien4cloud.security.users.IAlienUserDao)1 Sets (com.google.common.collect.Sets)1 Arrays (java.util.Arrays)1 Comparator (java.util.Comparator)1 List (java.util.List)1 Map (java.util.Map)1 Set (java.util.Set)1