Search in sources :

Example 1 with Permission

use of alien4cloud.security.Permission in project alien4cloud by alien4cloud.

the class ResourcePermissionServiceTest method when_permission_added_at_application_level_remove_any_permissions_hidden_at_lower_level.

@Test
public void when_permission_added_at_application_level_remove_any_permissions_hidden_at_lower_level() {
    // Given
    resourceSecured = new AbstractSecurityEnabledResource() {

        @Override
        public String getId() {
            return "id";
        }
    };
    HashSet<Permission> permissions = new HashSet<>();
    permissions.add(Permission.ADMIN);
    resourceSecured.addPermissions(Subject.APPLICATION, "subject1", new HashSet<>(permissions));
    resourceSecured.addPermissions(Subject.ENVIRONMENT, "subject1_1", new HashSet<>(permissions));
    resourceSecured.addPermissions(Subject.ENVIRONMENT, "subject1_2", new HashSet<>(permissions));
    resourceSecured.addPermissions(Subject.ENVIRONMENT_TYPE, "subject1:INTEGRATION_TESTS", new HashSet<>(permissions));
    ApplicationEnvironment ae1 = new ApplicationEnvironment();
    ae1.setId("subject1_1");
    ae1.setEnvironmentType(EnvironmentType.INTEGRATION_TESTS);
    ApplicationEnvironment ae2 = new ApplicationEnvironment();
    ae2.setId("subject1_2");
    ae2.setEnvironmentType(EnvironmentType.INTEGRATION_TESTS);
    Mockito.when(applicationEnvironmentService.getByApplicationId("subject1")).thenReturn(new ApplicationEnvironment[] { ae1, ae2 });
    // When
    service.grantAuthorizedEnvironmentsAndEnvTypesPerApplication((AbstractSecurityEnabledResource) resourceSecured, new String[] { "subject1" }, new String[] { "subject1_1", "subject1_2" }, new String[] { "subject_env_1_1" });
    // Then
    verify(alienDAO).save(resourceSecuredCaptor.capture());
    assertThat(resourceSecuredCaptor.getValue().getPermissions(Subject.APPLICATION, "subject1")).containsExactly(Permission.ADMIN);
    assertThat(resourceSecuredCaptor.getValue().getPermissions(Subject.ENVIRONMENT, "subject1_1")).isEmpty();
    assertThat(resourceSecuredCaptor.getValue().getPermissions(Subject.ENVIRONMENT, "subject1_2")).isEmpty();
    assertThat(resourceSecuredCaptor.getValue().getPermissions(Subject.ENVIRONMENT_TYPE, "subject1:INTEGRATION_TESTS")).isEmpty();
}
Also used : Permission(alien4cloud.security.Permission) AbstractSecurityEnabledResource(alien4cloud.security.AbstractSecurityEnabledResource) ApplicationEnvironment(alien4cloud.model.application.ApplicationEnvironment) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 2 with Permission

use of alien4cloud.security.Permission in project alien4cloud by alien4cloud.

the class ResourcePermissionServiceTest method when_permission_added_at_application_level_unrelated_environment_and_env_type_are_unmodified.

@Test
public void when_permission_added_at_application_level_unrelated_environment_and_env_type_are_unmodified() {
    // Given
    resourceSecured = new AbstractSecurityEnabledResource() {

        @Override
        public String getId() {
            return "id";
        }
    };
    HashSet<Permission> permissions = new HashSet<>();
    permissions.add(Permission.ADMIN);
    resourceSecured.addPermissions(Subject.APPLICATION, "subject1", new HashSet<>(permissions));
    resourceSecured.addPermissions(Subject.ENVIRONMENT, "subject1_1", new HashSet<>(permissions));
    resourceSecured.addPermissions(Subject.ENVIRONMENT, "subject2_1", new HashSet<>(permissions));
    resourceSecured.addPermissions(Subject.ENVIRONMENT_TYPE, "subject1:INTEGRATION_TESTS", new HashSet<>(permissions));
    ApplicationEnvironment ae1 = new ApplicationEnvironment();
    ae1.setId("subject1_1");
    ae1.setEnvironmentType(EnvironmentType.INTEGRATION_TESTS);
    ApplicationEnvironment ae2 = new ApplicationEnvironment();
    ae2.setId("subject2_1");
    ae2.setEnvironmentType(EnvironmentType.INTEGRATION_TESTS);
    Mockito.when(applicationEnvironmentService.getByApplicationId("subject1")).thenReturn(new ApplicationEnvironment[] { ae1 });
    // When
    service.grantAuthorizedEnvironmentsAndEnvTypesPerApplication((AbstractSecurityEnabledResource) resourceSecured, new String[] { "subject1" }, new String[] { "subject1_1", "subject2_1" }, new String[] { EnvironmentType.INTEGRATION_TESTS.toString() });
    // Then
    verify(alienDAO).save(resourceSecuredCaptor.capture());
    assertThat(resourceSecuredCaptor.getValue().getPermissions(Subject.APPLICATION, "subject1")).containsExactly(Permission.ADMIN);
    assertThat(resourceSecuredCaptor.getValue().getPermissions(Subject.ENVIRONMENT, "subject1_1")).isEmpty();
    assertThat(resourceSecuredCaptor.getValue().getPermissions(Subject.ENVIRONMENT, "subject2_1")).containsExactly(Permission.ADMIN);
    assertThat(resourceSecuredCaptor.getValue().getPermissions(Subject.ENVIRONMENT_TYPE, EnvironmentType.INTEGRATION_TESTS.toString())).containsExactly(Permission.ADMIN);
}
Also used : Permission(alien4cloud.security.Permission) AbstractSecurityEnabledResource(alien4cloud.security.AbstractSecurityEnabledResource) ApplicationEnvironment(alien4cloud.model.application.ApplicationEnvironment) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 3 with Permission

use of alien4cloud.security.Permission in project alien4cloud by alien4cloud.

the class ResourcePermissionServiceTest method when_many_app_env_permission_are_revoked_the_resource_is_saved_only_one_time.

@Test
public void when_many_app_env_permission_are_revoked_the_resource_is_saved_only_one_time() throws Exception {
    // Given
    resourceSecured = new AbstractSecurityEnabledResource() {

        @Override
        public String getId() {
            return "id";
        }
    };
    HashSet<Permission> permissions = new HashSet<>();
    permissions.add(Permission.ADMIN);
    resourceSecured.addPermissions(Subject.APPLICATION, "subject1", new HashSet<>(permissions));
    resourceSecured.addPermissions(Subject.ENVIRONMENT, "subject1_1", new HashSet<>(permissions));
    resourceSecured.addPermissions(Subject.ENVIRONMENT, "subject1_2", new HashSet<>(permissions));
    resourceSecured.addPermissions(Subject.ENVIRONMENT_TYPE, "subject_env_1_1", new HashSet<>(permissions));
    ApplicationEnvironment ae1 = new ApplicationEnvironment();
    ae1.setId("subject1_1");
    ApplicationEnvironment ae2 = new ApplicationEnvironment();
    ae2.setId("subject1_2");
    Mockito.when(applicationEnvironmentService.getByApplicationId("subject1")).thenReturn(new ApplicationEnvironment[] { ae1, ae2 });
    // When
    service.revokeAuthorizedEnvironmentsAndEnvironmentTypesPerApplication((AbstractSecurityEnabledResource) resourceSecured, new String[] { "subject1" }, new String[] { "subject1_1", "subject1_2" }, new String[] { "subject_env_1_1" });
    // Then
    verify(alienDAO).save(resourceSecuredCaptor.capture());
}
Also used : Permission(alien4cloud.security.Permission) AbstractSecurityEnabledResource(alien4cloud.security.AbstractSecurityEnabledResource) ApplicationEnvironment(alien4cloud.model.application.ApplicationEnvironment) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 4 with Permission

use of alien4cloud.security.Permission in project alien4cloud by alien4cloud.

the class ResourcePermissionServiceTest method check_revoked_permissions_have_been_removed_from_resource.

@Test
public void check_revoked_permissions_have_been_removed_from_resource() {
    // Given
    resourceSecured = new AbstractSecurityEnabledResource() {

        @Override
        public String getId() {
            return "id";
        }
    };
    HashSet<Permission> permissions = new HashSet<>();
    permissions.add(Permission.READ);
    permissions.add(Permission.ADMIN);
    resourceSecured.addPermissions(Subject.APPLICATION, "subject1", new HashSet<>(permissions));
    resourceSecured.addPermissions(Subject.APPLICATION, "subject3", new HashSet<>(permissions));
    // When
    service.revokePermission(resourceSecured, resourceSaver, Subject.APPLICATION, "subject1", "subject2");
    // Then
    verify(resourceSaver).save(resourceSecuredCaptor.capture());
    ISecurityEnabledResource resourceSecuredSaved = resourceSecuredCaptor.getValue();
    assertThat(resourceSecuredSaved.getPermissions(Subject.APPLICATION, "subject1")).containsExactly(Permission.READ);
    assertThat(resourceSecuredSaved.getPermissions(Subject.APPLICATION, "subject2")).isEmpty();
    assertThat(resourceSecuredSaved.getPermissions(Subject.APPLICATION, "subject3")).containsExactlyInAnyOrder(Permission.ADMIN, Permission.READ);
}
Also used : ISecurityEnabledResource(alien4cloud.security.ISecurityEnabledResource) Permission(alien4cloud.security.Permission) AbstractSecurityEnabledResource(alien4cloud.security.AbstractSecurityEnabledResource) HashSet(java.util.HashSet) Test(org.junit.Test)

Aggregations

AbstractSecurityEnabledResource (alien4cloud.security.AbstractSecurityEnabledResource)4 Permission (alien4cloud.security.Permission)4 HashSet (java.util.HashSet)4 Test (org.junit.Test)4 ApplicationEnvironment (alien4cloud.model.application.ApplicationEnvironment)3 ISecurityEnabledResource (alien4cloud.security.ISecurityEnabledResource)1