Examples with Permission com.aws.greengrass.authorization.Permission used on opensource projects

Search in sources :

Example 21 with Permission

use of com.aws.greengrass.authorization.Permission in project aws-greengrass-nucleus by aws-greengrass.

the class LifecycleIPCEventStreamAgentTest method GIVEN_pause_component_request_WHEN_unauthorized_THEN_return_auth_error.

@Test
@EnabledOnOs(OS.LINUX)
void GIVEN_pause_component_request_WHEN_unauthorized_THEN_return_auth_error() throws AuthorizationException, ServiceException {
    when(authorizationHandler.isAuthorized(any(), any())).thenThrow(new AuthorizationException("Unauthorized"));
    PauseComponentRequest request = new PauseComponentRequest();
    request.setComponentName(TEST_TARGET_COMPONENT);
    assertThrows(UnauthorizedError.class, () -> lifecycleIPCEventStreamAgent.getPauseComponentHandler(mockContext).handleRequest(request));
    ArgumentCaptor<Permission> permissionArg = ArgumentCaptor.forClass(Permission.class);
    verify(authorizationHandler).isAuthorized(eq(LIFECYCLE_SERVICE_NAME), permissionArg.capture());
    Permission permission = permissionArg.getValue();
    assertThat(permission.getOperation(), is(GreengrassCoreIPCService.PAUSE_COMPONENT));
    assertThat(permission.getPrincipal(), is(TEST_SERVICE));
    assertThat(permission.getResource(), is(TEST_TARGET_COMPONENT));
    verify(kernel, never()).locate(TEST_TARGET_COMPONENT);
    verify(targetComponent, never()).getState();
    verify(targetComponent, never()).pause();
}
Also used : PauseComponentRequest(software.amazon.awssdk.aws.greengrass.model.PauseComponentRequest) AuthorizationException(com.aws.greengrass.authorization.exceptions.AuthorizationException) Permission(com.aws.greengrass.authorization.Permission) EnabledOnOs(org.junit.jupiter.api.condition.EnabledOnOs) Test(org.junit.jupiter.api.Test)

Example 22 with Permission

use of com.aws.greengrass.authorization.Permission in project aws-greengrass-nucleus by aws-greengrass.

the class IPCPubSubRemovalTest method GIVEN_pubsubclient_WHEN_authorized_THEN_ACL_parameter_removed_via_deployment_THEN_updates.

@Test
void GIVEN_pubsubclient_WHEN_authorized_THEN_ACL_parameter_removed_via_deployment_THEN_updates(ExtensionContext context) throws Exception {
    try (EventStreamRPCConnection connection = IPCTestUtils.getEventStreamRpcConnection(kernel, "SubscribeAndPublish")) {
        GreengrassCoreIPCClient ipcClient = new GreengrassCoreIPCClient(connection);
        Permission policyId1 = Permission.builder().principal("SubscribeAndPublish").operation("*").resource("*").build();
        Permission policyId2 = Permission.builder().principal("PublishNotSubscribe").operation("aws.greengrass#PublishToTopic").resource("*").build();
        assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(PUB_SUB_SERVICE_NAME, policyId1));
        assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(PUB_SUB_SERVICE_NAME, policyId2));
        assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(TOKEN_EXCHANGE_SERVICE_TOPICS, TES_DEFAULT_POLICY));
        Pair<CompletableFuture<Void>, Consumer<byte[]>> cb = asyncAssertOnConsumer((m) -> {
            assertEquals("some message", new String(m, StandardCharsets.UTF_8));
        });
        // this should succeed
        subscribeToTopicOveripcForBinaryMessages(ipcClient, "a", cb.getRight());
        publishToTopicOverIpcAsBinaryMessage(ipcClient, "a", "some message");
        cb.getLeft().get(TIMEOUT_FOR_PUBSUB_SECONDS, TimeUnit.SECONDS);
        ignoreExceptionOfType(context, PackageDownloadException.class);
        // Remove ACL parameter from component SubscribeAndPublish
        Topics aclNode = kernel.getConfig().lookupTopics(SERVICES_NAMESPACE_TOPIC, "SubscribeAndPublish", CONFIGURATION_CONFIG_KEY);
        aclNode.remove(aclNode.lookupTopics("accessControl"));
        kernel.getContext().waitForPublishQueueToClear();
        assertFalse(kernel.getContext().get(AuthorizationModule.class).isPresent(PUB_SUB_SERVICE_NAME, policyId1));
        // GG_NEEDS_REVIEW: TODO: convert all these integ tests to use only recipe merging instead of loading a kernel config file
        // Otherwise the removal of "SubscribeAndPublish" also inadvertently results in the "PublishNotSubscribe"
        // component (and all other components) and its policies being removed, since it is not part of the deployment.
        // Hence the next line is commented out
        // assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(PUB_SUB_SERVICE_NAME,policyId2));
        assertTrue(kernel.getContext().get(AuthorizationModule.class).isPresent(TOKEN_EXCHANGE_SERVICE_TOPICS, TES_DEFAULT_POLICY));
        // Now the authorization policies should have been removed and these should fail
        ExecutionException ee = assertThrows(ExecutionException.class, () -> subscribeToTopicOveripcForBinaryMessages(ipcClient, "a", cb.getRight()));
        assertTrue(ee.getCause() instanceof UnauthorizedError);
        ExecutionException ee1 = assertThrows(ExecutionException.class, () -> publishToTopicOverIpcAsBinaryMessage(ipcClient, "a", "some message"));
        assertTrue(ee1.getCause() instanceof UnauthorizedError);
    }
}
Also used : CompletableFuture(java.util.concurrent.CompletableFuture) Topics(com.aws.greengrass.config.Topics) TestUtils.asyncAssertOnConsumer(com.aws.greengrass.testcommons.testutilities.TestUtils.asyncAssertOnConsumer) Consumer(java.util.function.Consumer) GreengrassCoreIPCClient(software.amazon.awssdk.aws.greengrass.GreengrassCoreIPCClient) EventStreamRPCConnection(software.amazon.awssdk.eventstreamrpc.EventStreamRPCConnection) Permission(com.aws.greengrass.authorization.Permission) ExecutionException(java.util.concurrent.ExecutionException) UnauthorizedError(software.amazon.awssdk.aws.greengrass.model.UnauthorizedError) Test(org.junit.jupiter.api.Test)

Aggregations

Permission (com.aws.greengrass.authorization.Permission)22 Test (org.junit.jupiter.api.Test)22 EnabledOnOs (org.junit.jupiter.api.condition.EnabledOnOs)12 CompletableFuture (java.util.concurrent.CompletableFuture)9 HashSet (java.util.HashSet)6 Matchers.containsString (org.hamcrest.Matchers.containsString)6 PauseComponentRequest (software.amazon.awssdk.aws.greengrass.model.PauseComponentRequest)6 PublishMessage (software.amazon.awssdk.aws.greengrass.model.PublishMessage)6 PublishToTopicRequest (software.amazon.awssdk.aws.greengrass.model.PublishToTopicRequest)6 PublishToTopicResponse (software.amazon.awssdk.aws.greengrass.model.PublishToTopicResponse)6 ResumeComponentRequest (software.amazon.awssdk.aws.greengrass.model.ResumeComponentRequest)6 SubscriptionResponseMessage (software.amazon.awssdk.aws.greengrass.model.SubscriptionResponseMessage)6 StreamEventPublisher (software.amazon.awssdk.eventstreamrpc.StreamEventPublisher)6 BinaryMessage (software.amazon.awssdk.aws.greengrass.model.BinaryMessage)4 GreengrassService (com.aws.greengrass.lifecyclemanager.GreengrassService)3 TestUtils.asyncAssertOnConsumer (com.aws.greengrass.testcommons.testutilities.TestUtils.asyncAssertOnConsumer)3 ArrayList (java.util.ArrayList)3 ExecutionException (java.util.concurrent.ExecutionException)3 Consumer (java.util.function.Consumer)3 GreengrassCoreIPCClient (software.amazon.awssdk.aws.greengrass.GreengrassCoreIPCClient)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial