use of alien4cloud.security.AbstractSecurityEnabledResource in project alien4cloud by alien4cloud.
the class ResourcePermissionServiceTest method when_permission_added_at_application_level_remove_any_permissions_hidden_at_lower_level.
@Test
public void when_permission_added_at_application_level_remove_any_permissions_hidden_at_lower_level() {
// Given
resourceSecured = new AbstractSecurityEnabledResource() {
@Override
public String getId() {
return "id";
}
};
HashSet<Permission> permissions = new HashSet<>();
permissions.add(Permission.ADMIN);
resourceSecured.addPermissions(Subject.APPLICATION, "subject1", new HashSet<>(permissions));
resourceSecured.addPermissions(Subject.ENVIRONMENT, "subject1_1", new HashSet<>(permissions));
resourceSecured.addPermissions(Subject.ENVIRONMENT, "subject1_2", new HashSet<>(permissions));
resourceSecured.addPermissions(Subject.ENVIRONMENT_TYPE, "subject1:INTEGRATION_TESTS", new HashSet<>(permissions));
ApplicationEnvironment ae1 = new ApplicationEnvironment();
ae1.setId("subject1_1");
ae1.setEnvironmentType(EnvironmentType.INTEGRATION_TESTS);
ApplicationEnvironment ae2 = new ApplicationEnvironment();
ae2.setId("subject1_2");
ae2.setEnvironmentType(EnvironmentType.INTEGRATION_TESTS);
Mockito.when(applicationEnvironmentService.getByApplicationId("subject1")).thenReturn(new ApplicationEnvironment[] { ae1, ae2 });
// When
service.grantAuthorizedEnvironmentsAndEnvTypesPerApplication((AbstractSecurityEnabledResource) resourceSecured, new String[] { "subject1" }, new String[] { "subject1_1", "subject1_2" }, new String[] { "subject_env_1_1" });
// Then
verify(alienDAO).save(resourceSecuredCaptor.capture());
assertThat(resourceSecuredCaptor.getValue().getPermissions(Subject.APPLICATION, "subject1")).containsExactly(Permission.ADMIN);
assertThat(resourceSecuredCaptor.getValue().getPermissions(Subject.ENVIRONMENT, "subject1_1")).isEmpty();
assertThat(resourceSecuredCaptor.getValue().getPermissions(Subject.ENVIRONMENT, "subject1_2")).isEmpty();
assertThat(resourceSecuredCaptor.getValue().getPermissions(Subject.ENVIRONMENT_TYPE, "subject1:INTEGRATION_TESTS")).isEmpty();
}
use of alien4cloud.security.AbstractSecurityEnabledResource in project alien4cloud by alien4cloud.
the class ResourcePermissionServiceTest method when_permission_added_at_application_level_unrelated_environment_and_env_type_are_unmodified.
@Test
public void when_permission_added_at_application_level_unrelated_environment_and_env_type_are_unmodified() {
// Given
resourceSecured = new AbstractSecurityEnabledResource() {
@Override
public String getId() {
return "id";
}
};
HashSet<Permission> permissions = new HashSet<>();
permissions.add(Permission.ADMIN);
resourceSecured.addPermissions(Subject.APPLICATION, "subject1", new HashSet<>(permissions));
resourceSecured.addPermissions(Subject.ENVIRONMENT, "subject1_1", new HashSet<>(permissions));
resourceSecured.addPermissions(Subject.ENVIRONMENT, "subject2_1", new HashSet<>(permissions));
resourceSecured.addPermissions(Subject.ENVIRONMENT_TYPE, "subject1:INTEGRATION_TESTS", new HashSet<>(permissions));
ApplicationEnvironment ae1 = new ApplicationEnvironment();
ae1.setId("subject1_1");
ae1.setEnvironmentType(EnvironmentType.INTEGRATION_TESTS);
ApplicationEnvironment ae2 = new ApplicationEnvironment();
ae2.setId("subject2_1");
ae2.setEnvironmentType(EnvironmentType.INTEGRATION_TESTS);
Mockito.when(applicationEnvironmentService.getByApplicationId("subject1")).thenReturn(new ApplicationEnvironment[] { ae1 });
// When
service.grantAuthorizedEnvironmentsAndEnvTypesPerApplication((AbstractSecurityEnabledResource) resourceSecured, new String[] { "subject1" }, new String[] { "subject1_1", "subject2_1" }, new String[] { EnvironmentType.INTEGRATION_TESTS.toString() });
// Then
verify(alienDAO).save(resourceSecuredCaptor.capture());
assertThat(resourceSecuredCaptor.getValue().getPermissions(Subject.APPLICATION, "subject1")).containsExactly(Permission.ADMIN);
assertThat(resourceSecuredCaptor.getValue().getPermissions(Subject.ENVIRONMENT, "subject1_1")).isEmpty();
assertThat(resourceSecuredCaptor.getValue().getPermissions(Subject.ENVIRONMENT, "subject2_1")).containsExactly(Permission.ADMIN);
assertThat(resourceSecuredCaptor.getValue().getPermissions(Subject.ENVIRONMENT_TYPE, EnvironmentType.INTEGRATION_TESTS.toString())).containsExactly(Permission.ADMIN);
}
use of alien4cloud.security.AbstractSecurityEnabledResource in project alien4cloud by alien4cloud.
the class ResourcePermissionServiceTest method when_many_app_env_permission_are_revoked_the_resource_is_saved_only_one_time.
@Test
public void when_many_app_env_permission_are_revoked_the_resource_is_saved_only_one_time() throws Exception {
// Given
resourceSecured = new AbstractSecurityEnabledResource() {
@Override
public String getId() {
return "id";
}
};
HashSet<Permission> permissions = new HashSet<>();
permissions.add(Permission.ADMIN);
resourceSecured.addPermissions(Subject.APPLICATION, "subject1", new HashSet<>(permissions));
resourceSecured.addPermissions(Subject.ENVIRONMENT, "subject1_1", new HashSet<>(permissions));
resourceSecured.addPermissions(Subject.ENVIRONMENT, "subject1_2", new HashSet<>(permissions));
resourceSecured.addPermissions(Subject.ENVIRONMENT_TYPE, "subject_env_1_1", new HashSet<>(permissions));
ApplicationEnvironment ae1 = new ApplicationEnvironment();
ae1.setId("subject1_1");
ApplicationEnvironment ae2 = new ApplicationEnvironment();
ae2.setId("subject1_2");
Mockito.when(applicationEnvironmentService.getByApplicationId("subject1")).thenReturn(new ApplicationEnvironment[] { ae1, ae2 });
// When
service.revokeAuthorizedEnvironmentsAndEnvironmentTypesPerApplication((AbstractSecurityEnabledResource) resourceSecured, new String[] { "subject1" }, new String[] { "subject1_1", "subject1_2" }, new String[] { "subject_env_1_1" });
// Then
verify(alienDAO).save(resourceSecuredCaptor.capture());
}
use of alien4cloud.security.AbstractSecurityEnabledResource in project alien4cloud by alien4cloud.
the class ResourcePermissionServiceTest method check_revoked_permissions_have_been_removed_from_resource.
@Test
public void check_revoked_permissions_have_been_removed_from_resource() {
// Given
resourceSecured = new AbstractSecurityEnabledResource() {
@Override
public String getId() {
return "id";
}
};
HashSet<Permission> permissions = new HashSet<>();
permissions.add(Permission.READ);
permissions.add(Permission.ADMIN);
resourceSecured.addPermissions(Subject.APPLICATION, "subject1", new HashSet<>(permissions));
resourceSecured.addPermissions(Subject.APPLICATION, "subject3", new HashSet<>(permissions));
// When
service.revokePermission(resourceSecured, resourceSaver, Subject.APPLICATION, "subject1", "subject2");
// Then
verify(resourceSaver).save(resourceSecuredCaptor.capture());
ISecurityEnabledResource resourceSecuredSaved = resourceSecuredCaptor.getValue();
assertThat(resourceSecuredSaved.getPermissions(Subject.APPLICATION, "subject1")).containsExactly(Permission.READ);
assertThat(resourceSecuredSaved.getPermissions(Subject.APPLICATION, "subject2")).isEmpty();
assertThat(resourceSecuredSaved.getPermissions(Subject.APPLICATION, "subject3")).containsExactlyInAnyOrder(Permission.ADMIN, Permission.READ);
}
use of alien4cloud.security.AbstractSecurityEnabledResource in project alien4cloud by alien4cloud.
the class ResourcePermissionService method grantAuthorizedEnvironmentsAndEnvTypesPerApplication.
public void grantAuthorizedEnvironmentsAndEnvTypesPerApplication(AbstractSecurityEnabledResource resource, String[] applicationsToAdd, String[] environmentsToAdd, String[] environmentTypesToAdd) {
List<String> envIds = Lists.newArrayList();
IResourceSaver noSave = null;
if (ArrayUtils.isNotEmpty(applicationsToAdd)) {
grantPermission(resource, noSave, Subject.APPLICATION, applicationsToAdd);
// when an app is added, all eventual existing env authorizations are removed
for (String applicationToAddId : applicationsToAdd) {
ApplicationEnvironment[] aes = applicationEnvironmentService.getByApplicationId(applicationToAddId);
for (ApplicationEnvironment ae : aes) {
envIds.add(ae.getId());
}
}
if (!envIds.isEmpty()) {
revokePermission(resource, noSave, Subject.ENVIRONMENT, envIds.toArray(new String[envIds.size()]));
}
// remove all all eventual existing env type authorizations
Set<String> envTypes = Sets.newHashSet();
for (String applicationToAddId : applicationsToAdd) {
for (EnvironmentType envType : EnvironmentType.values()) {
envTypes.add(applicationToAddId + ":" + envType.toString());
}
}
if (!envTypes.isEmpty()) {
revokePermission(resource, noSave, Subject.ENVIRONMENT_TYPE, envTypes.toArray(new String[envTypes.size()]));
}
}
if (ArrayUtils.isNotEmpty(environmentsToAdd)) {
List<String> envToAddSet = Arrays.stream(environmentsToAdd).filter(env -> !envIds.contains(env)).collect(Collectors.toList());
grantPermission(resource, noSave, Subject.ENVIRONMENT, envToAddSet.toArray(new String[envToAddSet.size()]));
}
if (ArrayUtils.isNotEmpty(environmentTypesToAdd)) {
grantPermission(resource, noSave, Subject.ENVIRONMENT_TYPE, environmentTypesToAdd);
}
alienDAO.save(resource);
}
Aggregations