Examples with ACLAssignments com.emc.storageos.model.auth.ACLAssignments used on opensource projects
Example 6 with ACLAssignments
use of com.emc.storageos.model.auth.ACLAssignments in project coprhd-controller by CoprHD.
the class FilePolicyService method getAclsOnPolicy.
protected ACLAssignments getAclsOnPolicy(URI id) {
FilePolicy policy = queryResource(id);
ArgValidator.checkEntityNotNull(policy, id, isIdEmbeddedInURL(id));
ACLAssignments response = new ACLAssignments();
response.setAssignments(_permissionsHelper.convertToACLEntries(policy.getAcls()));
return response;
}
Also used :
FilePolicy(com.emc.storageos.db.client.model.FilePolicy)
MapFilePolicy(com.emc.storageos.api.mapper.functions.MapFilePolicy)
ACLAssignments(com.emc.storageos.model.auth.ACLAssignments)
Example 7 with ACLAssignments
use of com.emc.storageos.model.auth.ACLAssignments in project coprhd-controller by CoprHD.
the class VcenterService method getAclAssignmentsResponse.
/**
* Gets the current acl assignments of the requested vCenter.
*
* @param vcenterId
* @return the list of acl assignments of the requested vCenter.
*/
private ACLAssignments getAclAssignmentsResponse(URI vcenterId) {
Vcenter vcenter = queryObject(Vcenter.class, vcenterId, true);
ArgValidator.checkEntity(vcenter, vcenterId, isIdEmbeddedInURL(vcenterId));
ACLAssignments response = new ACLAssignments();
response.setAssignments(_permissionsHelper.convertToACLEntries(vcenter.getAcls()));
return response;
}
Also used :
MapVcenter(com.emc.storageos.api.mapper.functions.MapVcenter)
ACLAssignments(com.emc.storageos.model.auth.ACLAssignments)
Example 8 with ACLAssignments
use of com.emc.storageos.model.auth.ACLAssignments in project coprhd-controller by CoprHD.
the class VirtualArrayService method getAclsResponse.
private ACLAssignments getAclsResponse(URI id) {
VirtualArray varray = getVirtualArrayById(id, false);
ACLAssignments response = new ACLAssignments();
response.setAssignments(_permissionsHelper.convertToACLEntries(varray.getAcls()));
return response;
}
Also used :
MapVirtualArray(com.emc.storageos.api.mapper.functions.MapVirtualArray)
VirtualArray(com.emc.storageos.db.client.model.VirtualArray)
ACLAssignments(com.emc.storageos.model.auth.ACLAssignments)
Example 9 with ACLAssignments
use of com.emc.storageos.model.auth.ACLAssignments in project coprhd-controller by CoprHD.
the class ApiTest method usageAclTests.
/**
* Cos and VirtualArray acls tests
*/
public void usageAclTests() {
TenantResponse tenantResp = rSys.path("/tenant").get(TenantResponse.class);
rootTenantId = tenantResp.getTenant();
String subtenant_url = "/tenants/" + rootTenantId.toString() + "/subtenants";
TenantOrgList list = rSys.path(subtenant_url).get(TenantOrgList.class);
Assert.assertEquals(4, list.getSubtenants().size());
NamedRelatedResourceRep st1 = list.getSubtenants().get(0);
NamedRelatedResourceRep st2 = list.getSubtenants().get(1);
// create neighborhoods for test
VirtualArrayCreateParam neighborhoodParam = new VirtualArrayCreateParam();
neighborhoodParam.setLabel("n1");
VirtualArrayRestRep n1 = rSys.path("/vdc/varrays").post(VirtualArrayRestRep.class, neighborhoodParam);
Assert.assertNotNull(n1.getId());
neighborhoodParam.setLabel("n2");
VirtualArrayRestRep n2 = rSys.path("/vdc/varrays").post(VirtualArrayRestRep.class, neighborhoodParam);
Assert.assertNotNull(n2.getId());
// test open to all by default
ClientResponse resp = rSTAdmin1.path("/vdc/varrays/" + n1.getId().toString()).get(ClientResponse.class);
Assert.assertEquals(200, resp.getStatus());
resp = rSTAdmin2.path("/vdc/varrays/" + n1.getId().toString()).get(ClientResponse.class);
Assert.assertEquals(200, resp.getStatus());
// set usage acl for st1 on n1
String neighborAclUrl = "/vdc/varrays/%s/acl";
ACLAssignmentChanges changes = new ACLAssignmentChanges();
ACLEntry entry1 = new ACLEntry();
entry1.setTenant(st1.getId().toString());
entry1.setAces(new ArrayList<String>());
entry1.getAces().add("USE");
changes.setAdd(new ArrayList<ACLEntry>());
changes.getAdd().add(entry1);
resp = rSys.path(String.format(neighborAclUrl, n1.getId().toString())).put(ClientResponse.class, changes);
Assert.assertEquals(200, resp.getStatus());
VirtualArrayRestRep nRead = rSTAdmin1.path("/vdc/varrays/" + n1.getId().toString()).get(VirtualArrayRestRep.class);
Assert.assertEquals(nRead.getId(), n1.getId());
Assert.assertEquals(nRead.getName(), n1.getName());
resp = rSTAdmin2.path("/vdc/varrays/" + n1.getId().toString()).get(ClientResponse.class);
Assert.assertEquals(403, resp.getStatus());
// set usage acl for st2 on n2
changes = new ACLAssignmentChanges();
ACLEntry entry2 = new ACLEntry();
entry2.setTenant(st2.getId().toString());
entry2.setAces(new ArrayList<String>());
entry2.getAces().add("USE");
changes.setAdd(new ArrayList<ACLEntry>());
changes.getAdd().add(entry2);
resp = rSys.path(String.format(neighborAclUrl, n2.getId().toString())).put(ClientResponse.class, changes);
Assert.assertEquals(200, resp.getStatus());
nRead = rSTAdmin2.path("/vdc/varrays/" + n2.getId().toString()).get(VirtualArrayRestRep.class);
Assert.assertEquals(nRead.getId(), n2.getId());
Assert.assertEquals(nRead.getName(), n2.getName());
resp = rSTAdmin1.path("/vdc/varrays/" + n2.getId().toString()).get(ClientResponse.class);
Assert.assertEquals(403, resp.getStatus());
// negative test - invalid tenant id
changes = new ACLAssignmentChanges();
entry2 = new ACLEntry();
entry2.setTenant("invalid");
entry2.setAces(new ArrayList<String>());
entry2.getAces().add("USE");
changes.setAdd(new ArrayList<ACLEntry>());
changes.getAdd().add(entry2);
resp = rSys.path(String.format(neighborAclUrl, n2.getId().toString())).put(ClientResponse.class, changes);
Assert.assertEquals(400, resp.getStatus());
// negative test - missing ace
changes = new ACLAssignmentChanges();
entry2 = new ACLEntry();
entry2.setTenant(st2.getId().toString());
entry2.setAces(new ArrayList<String>());
changes.setAdd(new ArrayList<ACLEntry>());
changes.getAdd().add(entry2);
resp = rSys.path(String.format(neighborAclUrl, n2.getId().toString())).put(ClientResponse.class, changes);
Assert.assertEquals(400, resp.getStatus());
// negative test - choice of tenant/group/subject_id (multiple present)
changes = new ACLAssignmentChanges();
entry2 = new ACLEntry();
entry2.setTenant(st2.getId().toString());
entry2.setGroup("TEST");
entry2.setAces(new ArrayList<String>());
entry2.getAces().add("USE");
changes.setAdd(new ArrayList<ACLEntry>());
changes.getAdd().add(entry2);
resp = rSys.path(String.format(neighborAclUrl, n2.getId().toString())).put(ClientResponse.class, changes);
Assert.assertEquals(400, resp.getStatus());
changes = new ACLAssignmentChanges();
entry2 = new ACLEntry();
entry2.setTenant(st2.getId().toString());
entry2.setSubjectId("TEST");
entry2.setAces(new ArrayList<String>());
entry2.getAces().add("USE");
changes.setAdd(new ArrayList<ACLEntry>());
changes.getAdd().add(entry2);
resp = rSys.path(String.format(neighborAclUrl, n2.getId().toString())).put(ClientResponse.class, changes);
Assert.assertEquals(400, resp.getStatus());
changes = new ACLAssignmentChanges();
entry2 = new ACLEntry();
entry2.setTenant(st2.getId().toString());
entry2.setGroup("TEST");
entry2.setSubjectId("TEST");
entry2.setAces(new ArrayList<String>());
entry2.getAces().add("USE");
changes.setAdd(new ArrayList<ACLEntry>());
changes.getAdd().add(entry2);
resp = rSys.path(String.format(neighborAclUrl, n2.getId().toString())).put(ClientResponse.class, changes);
Assert.assertEquals(400, resp.getStatus());
// list neighborhoods
VirtualArrayList nList = rSTAdminGr1.path("/vdc/varrays/").get(VirtualArrayList.class);
Assert.assertEquals(1, nList.getVirtualArrays().size());
Assert.assertEquals(n1.getId(), nList.getVirtualArrays().get(0).getId());
// newly created varray, accessible for all
neighborhoodParam = new VirtualArrayCreateParam();
neighborhoodParam.setLabel("n3");
VirtualArrayRestRep n3 = rSys.path("/vdc/varrays").post(VirtualArrayRestRep.class, neighborhoodParam);
Assert.assertNotNull(n3.getId());
nList = rSTAdminGr1.path("/vdc/varrays/").get(VirtualArrayList.class);
Assert.assertEquals(2, nList.getVirtualArrays().size());
Assert.assertTrue(nList.getVirtualArrays().get(0).getId().equals(n1.getId()) || nList.getVirtualArrays().get(1).getId().equals(n1.getId()));
Assert.assertTrue(nList.getVirtualArrays().get(0).getId().equals(n3.getId()) || nList.getVirtualArrays().get(1).getId().equals(n3.getId()));
// delete nh3
rSys.path("/vdc/varrays/" + n3.getId().toString() + "/deactivate").post();
// create vpool
BlockVirtualPoolParam paramCosBlock = new BlockVirtualPoolParam();
paramCosBlock.setName("foobar-block");
paramCosBlock.setDescription("foobar-block description");
paramCosBlock.setProtocols(new HashSet<String>());
paramCosBlock.getProtocols().add(StorageProtocol.Block.FC.name());
paramCosBlock.setMaxPaths(2);
paramCosBlock.setProvisionType("Thick");
BlockVirtualPoolRestRep cos1 = rZAdmin.path("/block/vpools").post(BlockVirtualPoolRestRep.class, paramCosBlock);
Assert.assertNotNull(cos1.getId());
resp = rZAdmin.path("/block/vpools").post(ClientResponse.class, paramCosBlock);
Assert.assertEquals(400, resp.getStatus());
resp = rSTAdmin1.path("/block/vpools/" + cos1.getId().toString()).get(ClientResponse.class);
Assert.assertEquals(200, resp.getStatus());
resp = rSTAdmin2.path("/block/vpools/" + cos1.getId().toString()).get(ClientResponse.class);
Assert.assertEquals(200, resp.getStatus());
// negative test: assign an empty storage pool
VirtualPoolPoolUpdateParam paramPoolUpdate = new VirtualPoolPoolUpdateParam();
paramPoolUpdate.setStoragePoolAssignmentChanges(new StoragePoolAssignmentChanges());
paramPoolUpdate.getStoragePoolAssignmentChanges().setAdd(new StoragePoolAssignments());
paramPoolUpdate.getStoragePoolAssignmentChanges().getAdd().setStoragePools(new HashSet<String>());
paramPoolUpdate.getStoragePoolAssignmentChanges().getAdd().getStoragePools().add("");
resp = rZAdmin.path("/block/vpools/" + cos1.getId().toString() + "/assign-matched-pools/").put(ClientResponse.class, paramPoolUpdate);
Assert.assertEquals(400, resp.getStatus());
// Set Cos acl
changes = new ACLAssignmentChanges();
changes.setAdd(new ArrayList<ACLEntry>());
changes.getAdd().add(entry1);
resp = rSys.path(String.format(_blockCosAclUrl, cos1.getId().toString())).put(ClientResponse.class, changes);
Assert.assertEquals(200, resp.getStatus());
resp = rSys.path(String.format(_fileCosAclUrl, cos1.getId().toString())).get(ClientResponse.class);
Assert.assertEquals(400, resp.getStatus());
BlockVirtualPoolRestRep cRead = rSTAdmin1.path("/block/vpools/" + cos1.getId().toString()).get(BlockVirtualPoolRestRep.class);
Assert.assertEquals(cRead.getId(), cos1.getId());
Assert.assertEquals(cRead.getName(), cos1.getName());
resp = rSTAdmin2.path("/block/vpools/" + cos1.getId().toString()).get(ClientResponse.class);
Assert.assertEquals(403, resp.getStatus());
// create second CoS
paramCosBlock = new BlockVirtualPoolParam();
paramCosBlock.setName("foobar-block2");
paramCosBlock.setDescription("foobar-block2 description");
paramCosBlock.setProtocols(new HashSet<String>());
paramCosBlock.getProtocols().add(StorageProtocol.Block.FC.name());
paramCosBlock.setProvisionType("Thick");
BlockVirtualPoolRestRep cos2 = rZAdminGr.path("/block/vpools").post(BlockVirtualPoolRestRep.class, paramCosBlock);
Assert.assertNotNull(cos2.getId());
// list vpool
VirtualPoolList cList = rSTAdminGr1.path("/block/vpools/").get(VirtualPoolList.class);
Assert.assertEquals(2, cList.getVirtualPool().size());
Assert.assertTrue(cList.getVirtualPool().get(0).getId().equals(cos1.getId()) || cList.getVirtualPool().get(1).getId().equals(cos1.getId()));
Assert.assertTrue(cList.getVirtualPool().get(0).getId().equals(cos2.getId()) || cList.getVirtualPool().get(1).getId().equals(cos2.getId()));
cList = rSTAdmin2.path("/block/vpools/").get(VirtualPoolList.class);
Assert.assertEquals(1, cList.getVirtualPool().size());
Assert.assertEquals(cos2.getId(), cList.getVirtualPool().get(0).getId());
// test limits
for (int i = 0; i < 100; i++) {
changes = new ACLAssignmentChanges();
entry1.setTenant(st2.getId().toString());
changes.setAdd(new ArrayList<ACLEntry>());
changes.getAdd().add(entry1);
resp = rSys.path(String.format(_blockCosAclUrl, cos2.getId().toString())).put(ClientResponse.class, changes);
Assert.assertEquals(200, resp.getStatus());
}
changes = new ACLAssignmentChanges();
entry1.setTenant("tenant_invalid");
changes.setAdd(new ArrayList<ACLEntry>());
changes.getAdd().add(entry1);
resp = rSys.path(String.format(_blockCosAclUrl, cos2.getId().toString())).put(ClientResponse.class, changes);
Assert.assertEquals(400, resp.getStatus());
// testing tags
String cosTagUrl = "/block/vpools/%s/tags";
TagAssignment tags = new TagAssignment();
tags.setAdd(new StringSet());
tags.getAdd().add("testtag1");
resp = rSTAdmin2.path(String.format(cosTagUrl, cos1.getId())).put(ClientResponse.class, tags);
Assert.assertEquals(403, resp.getStatus());
Tags tagsResp = rSys.path(String.format(cosTagUrl, cos1.getId())).put(Tags.class, tags);
Assert.assertTrue(tagsResp.getTag().equals(tags.getAdd()));
tags.setRemove(new StringSet());
tags.getRemove().addAll(new HashSet(tags.getAdd()));
// invalid tag, too short
tags.getAdd().add("t");
resp = rSys.path(String.format(cosTagUrl, cos1.getId())).put(ClientResponse.class, tags);
Assert.assertEquals(400, resp.getStatus());
tags.getAdd().clear();
// invalid tag, too long
tags.getAdd().add("tag" + STR144);
resp = rSys.path(String.format(cosTagUrl, cos1.getId())).put(ClientResponse.class, tags);
Assert.assertEquals(400, resp.getStatus());
tags.getAdd().clear();
// tags should be trimmed
tags.getAdd().add(" testtag ");
tagsResp = rSys.path(String.format(cosTagUrl, cos1.getId())).put(Tags.class, tags);
Assert.assertTrue(tagsResp.getTag().equals(new StringSet() {
{
add("testtag");
}
}));
resp = rSTAdmin2.path(String.format(cosTagUrl, cos1.getId())).get(ClientResponse.class);
Assert.assertEquals(403, resp.getStatus());
resp = rSTAdmin1.path(String.format(cosTagUrl, cos1.getId())).get(ClientResponse.class);
Assert.assertEquals(200, resp.getStatus());
// Test bad parameter is returned if we add an invalid varray while creating the VirtualPool
FileVirtualPoolParam paramFileCos = new FileVirtualPoolParam();
paramFileCos.setName("Generic File VirtualPool");
paramFileCos.setProtocols(new HashSet<String>());
paramFileCos.getProtocols().add(StorageProtocol.File.NFS.name());
paramFileCos.getProtocols().add(StorageProtocol.File.CIFS.name());
paramFileCos.setVarrays(new HashSet<String>());
paramFileCos.getVarrays().add("IDontExist");
resp = rZAdmin.path("/file/vpools").post(ClientResponse.class, paramFileCos);
Assert.assertEquals(400, resp.getStatus());
// below is vpool restricted to tenant test
/*
* test setup:
* create a varray and vpool and associate the vpool with the varray
* restrict the vpool to the tenant
*/
String vaLabel = "va-testTenantRestrictAccess-" + Calendar.getInstance().getTime().getTime();
String vpLabel = "vp-testTenantRestrictAccess-" + Calendar.getInstance().getTime().getTime();
// create a varray
VirtualArrayCreateParam vaParam = new VirtualArrayCreateParam();
vaParam.setLabel(vaLabel);
BlockSettings bs = new BlockSettings();
bs.setAutoSanZoning(true);
vaParam.setBlockSettings(bs);
VirtualArrayRestRep va1 = rSys.path("/vdc/varrays").post(VirtualArrayRestRep.class, vaParam);
// create a vpool associated with the varray
BlockVirtualPoolParam vpParam = new BlockVirtualPoolParam();
vpParam.setName(vpLabel);
vpParam.setDescription(vpLabel);
Set<String> vas = new HashSet<String>();
vas.add(va1.getId().toString());
vpParam.setVarrays(vas);
vpParam.setProvisionType("Thin");
Set<String> protos = new HashSet();
protos.add("FC");
vpParam.setProtocols(protos);
BlockVirtualPoolRestRep vp1 = rSys.path("/block/vpools").post(BlockVirtualPoolRestRep.class, vpParam);
// restrict the vpool to a tenant
ACLAssignmentChanges aclChange = new ACLAssignmentChanges();
List<ACLEntry> acls = new ArrayList<>();
ACLEntry acl = new ACLEntry();
acl.setTenant(subtenant2Id.toString());
acl.setAces(new ArrayList<String>(Arrays.asList("USE")));
acls.add(acl);
aclChange.setAdd(acls);
String uri = String.format("/block/vpools/%s/acl", vp1.getId());
ACLAssignments aclAssignments = rSys.path(uri).put(ACLAssignments.class, aclChange);
// test1: sysadmin can see vpool
// test2: sysmonitor can see vpool
String vpUri = String.format("/vdc/varrays/%s/vpools", va1.getId().toString());
VirtualPoolList vpoolList = rSys.path(vpUri).get(VirtualPoolList.class);
List<NamedRelatedVirtualPoolRep> vpools = vpoolList.getVirtualPool();
boolean foundVpool = false;
for (NamedRelatedVirtualPoolRep vpool : vpools) {
if (vpool.getId().equals(vp1.getId())) {
foundVpool = true;
_log.info("user root can see the vpool {}", vp1.getName());
}
}
Assert.assertTrue(foundVpool);
// test3: tenant user can see vpool
VirtualPoolList vpoolList2 = rST2User.path(vpUri).get(VirtualPoolList.class);
List<NamedRelatedVirtualPoolRep> vpools2 = vpoolList2.getVirtualPool();
foundVpool = false;
for (NamedRelatedVirtualPoolRep vpool : vpools2) {
if (vpool.getId().equals(vp1.getId())) {
foundVpool = true;
_log.info("user st2user can see the vpool {}", vp1.getName());
}
}
Assert.assertTrue(foundVpool);
}
Also used :
ClientResponse(com.sun.jersey.api.client.ClientResponse)
VirtualPoolPoolUpdateParam(com.emc.storageos.model.vpool.VirtualPoolPoolUpdateParam)
VirtualArrayList(com.emc.storageos.model.varray.VirtualArrayList)
ArrayList(java.util.ArrayList)
VirtualPoolList(com.emc.storageos.model.vpool.VirtualPoolList)
NamedRelatedVirtualPoolRep(com.emc.storageos.model.vpool.NamedRelatedVirtualPoolRep)
VirtualArrayRestRep(com.emc.storageos.model.varray.VirtualArrayRestRep)
StringSet(com.emc.storageos.db.client.model.StringSet)
VirtualArrayList(com.emc.storageos.model.varray.VirtualArrayList)
BlockVirtualPoolRestRep(com.emc.storageos.model.vpool.BlockVirtualPoolRestRep)
Tags(com.emc.storageos.model.search.Tags)
HashSet(java.util.HashSet)
StoragePoolAssignments(com.emc.storageos.model.vpool.StoragePoolAssignments)
StoragePoolAssignmentChanges(com.emc.storageos.model.vpool.StoragePoolAssignmentChanges)
FileVirtualPoolParam(com.emc.storageos.model.vpool.FileVirtualPoolParam)
ACLAssignmentChanges(com.emc.storageos.model.auth.ACLAssignmentChanges)
VirtualArrayCreateParam(com.emc.storageos.model.varray.VirtualArrayCreateParam)
TagAssignment(com.emc.storageos.model.TagAssignment)
NamedRelatedResourceRep(com.emc.storageos.model.NamedRelatedResourceRep)
BlockSettings(com.emc.storageos.model.varray.BlockSettings)
ACLEntry(com.emc.storageos.model.auth.ACLEntry)
TenantOrgList(com.emc.storageos.model.tenant.TenantOrgList)
ACLAssignments(com.emc.storageos.model.auth.ACLAssignments)
BlockVirtualPoolParam(com.emc.storageos.model.vpool.BlockVirtualPoolParam)
TenantResponse(com.emc.storageos.model.tenant.TenantResponse)
Example 10 with ACLAssignments
use of com.emc.storageos.model.auth.ACLAssignments in project coprhd-controller by CoprHD.
the class ApiTest method projectTests.
/**
* projects api tests
*/
public void projectTests() {
ProjectParam paramProj = new ProjectParam("aclstestproject1");
ProjectEntry project1 = rSTAdminGr1.path(String.format(_projectsUrlFormat, subtenant1Id.toString())).post(ProjectEntry.class, paramProj);
Assert.assertTrue(project1.name.equals(paramProj.getName()));
Assert.assertTrue(project1.id != null);
expectedProjListResults.get("st1").add(new ProjectEntry(project1));
paramProj.setName("aclstestproject2");
ProjectEntry project2 = rSTAdmin1.path(String.format(_projectsUrlFormat, subtenant1Id.toString())).post(ProjectEntry.class, paramProj);
Assert.assertTrue(project2.name.equals(paramProj.getName()));
Assert.assertTrue(project2.id != null);
expectedProjListResults.get("st1").add(new ProjectEntry(project2));
ACLAssignments read_assignments = rSTAdminGr1.path(String.format(_projectAclUrl, project1.id.toString())).get(ACLAssignments.class);
Assert.assertTrue(read_assignments.getAssignments().isEmpty());
ClientResponse resp = rSTAdmin2.path(String.format(_projectAclUrl, project1.id.toString())).get(ClientResponse.class);
Assert.assertEquals(403, resp.getStatus());
// name duplicate tests for PUTs.
// add temp project 1
ProjectParam tempProject = new ProjectParam("temproject");
ProjectEntry projectTemp = rSTAdminGr1.path(String.format(_projectsUrlFormat, subtenant1Id.toString())).post(ProjectEntry.class, tempProject);
Assert.assertTrue(projectTemp.id != null);
expectedProjListResults.get("st1").add(new ProjectEntry(projectTemp));
// add temp project 2
ProjectParam tempProject2 = new ProjectParam("temproject2");
ProjectEntry projectTemp2 = rSTAdminGr1.path(String.format(_projectsUrlFormat, subtenant1Id.toString())).post(ProjectEntry.class, tempProject2);
Assert.assertTrue(projectTemp2.id != null);
expectedProjListResults.get("st1").add(new ProjectEntry(projectTemp2));
// attempt to modify the first project with the same name as itself. should be fine.
ProjectUpdateParam projectUpdate1 = new ProjectUpdateParam(tempProject.getName());
resp = rSTAdminGr1.path(String.format(_projectUrl, projectTemp.id.toString())).put(ClientResponse.class, projectUpdate1);
Assert.assertEquals(200, resp.getStatus());
// attempt to modify the first project with the same name as itself. upper case. should be fine.
ProjectUpdateParam projectUpdate1b = new ProjectUpdateParam(tempProject.getName().toUpperCase());
resp = rSTAdminGr1.path(String.format(_projectUrl, projectTemp.id.toString())).put(ClientResponse.class, projectUpdate1b);
Assert.assertEquals(200, resp.getStatus());
// put it back how it was
ProjectUpdateParam projectUpdate1c = new ProjectUpdateParam(tempProject.getName());
resp = rSTAdminGr1.path(String.format(_projectUrl, projectTemp.id.toString())).put(ClientResponse.class, projectUpdate1c);
Assert.assertEquals(200, resp.getStatus());
// attempt to modify the first project with the name of the second one. Should fail.
ProjectUpdateParam projectUpdate2 = new ProjectUpdateParam(tempProject2.getName());
resp = rSTAdminGr1.path(String.format(_projectUrl, projectTemp.id.toString())).put(ClientResponse.class, projectUpdate2);
Assert.assertEquals(400, resp.getStatus());
// attempt to modify the first project with the name of the second one, but upper case.
// This should fail also, as the names are case insensitive. ( proj1 == pRoJ1 )
ProjectUpdateParam projectUpdate3 = new ProjectUpdateParam(tempProject2.getName().toUpperCase());
resp = rSTAdminGr1.path(String.format(_projectUrl, projectTemp.id.toString())).put(ClientResponse.class, projectUpdate3);
Assert.assertEquals(400, resp.getStatus());
ACLAssignmentChanges changes = new ACLAssignmentChanges();
ACLEntry entry1 = new ACLEntry();
entry1.setSubjectId(SUBTENANT1_READER);
entry1.setAces(new ArrayList<String>());
entry1.getAces().add("backup");
entry1.getAces().add("all");
ACLEntry entry2 = new ACLEntry();
entry2.setSubjectId(SUBTENANT1_USER);
entry2.setAces(new ArrayList<String>());
entry2.getAces().add("all");
changes.setAdd(new ArrayList<ACLEntry>());
changes.getAdd().add(entry1);
changes.getAdd().add(entry2);
resp = rSTAdminGr1.path(String.format(_projectAclUrl, project1.id.toString())).put(ClientResponse.class, changes);
Assert.assertEquals(200, resp.getStatus());
resp = rProjRead.path(String.format(_projectAclUrl, project1.id.toString())).get(ClientResponse.class);
Assert.assertEquals(403, resp.getStatus());
resp = rProjRead.path(String.format(_projectUrl, project1.id.toString())).get(ClientResponse.class);
Assert.assertEquals(200, resp.getStatus());
read_assignments = rSTAdminGr1.path(String.format(_projectAclUrl, project1.id.toString())).get(ACLAssignments.class);
Assert.assertTrue(checkEqualsAcls(changes.getAdd(), read_assignments.getAssignments()));
// try to add more than 100 acls - this should fail (quickly, because
// it's not validating)
ACLAssignments assignements = rSTAdminGr1.path(String.format(_projectAclUrl, project1.id.toString())).get(ACLAssignments.class);
ACLAssignmentChanges tooMuchChanges = new ACLAssignmentChanges();
tooMuchChanges.setAdd(new ArrayList<ACLEntry>());
for (int i = 0; i < _maxRoleAclEntries + 1 - assignements.getAssignments().size() - 1; i++) {
ACLEntry invalidEntry = new ACLEntry();
invalidEntry.setAces(new ArrayList<String>());
invalidEntry.getAces().add("backup");
invalidEntry.setSubjectId("invalidUser" + i + "@invalidDomain.com");
tooMuchChanges.getAdd().add(invalidEntry);
}
resp = rSTAdminGr1.path(String.format(_projectAclUrl, project1.id.toString())).put(ClientResponse.class, tooMuchChanges);
final String message = String.format("Exceeding limit of %d role assignments with %d", _maxRoleAclEntries, _maxRoleAclEntries + 1);
assertExpectedError(resp, 400, ServiceCode.API_EXCEEDING_ASSIGNMENT_LIMIT, message);
// full update
entry1.getAces().remove("backup");
changes.setAdd(new ArrayList<ACLEntry>());
changes.getAdd().add(entry1);
changes.setRemove(new ArrayList<ACLEntry>());
changes.getRemove().addAll(read_assignments.getAssignments());
resp = rSTAdminGr1.path(String.format(_projectAclUrl, project1.id.toString())).put(ClientResponse.class, changes);
Assert.assertEquals(200, resp.getStatus());
read_assignments = rSTAdmin1.path(String.format(_projectAclUrl, project1.id.toString())).get(ACLAssignments.class);
Assert.assertTrue(checkEqualsAcls(changes.getAdd(), read_assignments.getAssignments()));
resp = rProjRead.path(String.format(_projectUrl, project1.id.toString())).get(ClientResponse.class);
Assert.assertEquals(200, resp.getStatus());
// partial update
entry1 = new ACLEntry();
entry1.setSubjectId(SUBTENANT1_READER);
entry1.setAces(new ArrayList<String>());
entry1.getAces().add("all");
entry2 = new ACLEntry();
entry2.setSubjectId(SUBTENANT1_READER);
entry2.setAces(new ArrayList<String>());
entry2.getAces().add("backup");
ACLEntry entry3 = new ACLEntry();
entry3.setGroup(SUBTENANT1_USERS_GROUP);
entry3.setAces(new ArrayList<String>());
entry3.getAces().add("all");
changes = new ACLAssignmentChanges();
changes.setAdd(new ArrayList<ACLEntry>());
changes.getAdd().add(entry2);
changes.getAdd().add(entry3);
changes.setRemove(new ArrayList<ACLEntry>());
changes.getRemove().add(entry1);
resp = rSTAdmin1.path(String.format(_projectAclUrl, project1.id.toString())).put(ClientResponse.class, changes);
Assert.assertEquals(200, resp.getStatus());
read_assignments = rSTAdminGr1.path(String.format(_projectAclUrl, project1.id.toString())).get(ACLAssignments.class);
ACLAssignments assignments = new ACLAssignments();
assignments.getAssignments().add(entry2);
entry3.setGroup(SUBTENANT1_USERS_GROUP);
assignments.getAssignments().add(entry3);
Assert.assertTrue(checkEqualsAcls(assignments.getAssignments(), read_assignments.getAssignments()));
resp = rProjRead.path(String.format(_projectUrl, project1.id.toString())).get(ClientResponse.class);
Assert.assertEquals(200, resp.getStatus());
resp = rProjUserGr.path(String.format(_projectUrl, project1.id.toString())).get(ClientResponse.class);
Assert.assertEquals(200, resp.getStatus());
// Check that a subtenant2 user who happens to be in the
// subtenant1 users group does not have access to the project
// in subtenant1
resp = rSTAdminGr2.path(String.format(_projectUrl, project1.id.toString())).get(ClientResponse.class);
Assert.assertEquals(403, resp.getStatus());
changes = new ACLAssignmentChanges();
changes.setAdd(new ArrayList<ACLEntry>());
changes.getAdd().add(entry3);
changes.setRemove(new ArrayList<ACLEntry>());
changes.getRemove().addAll(read_assignments.getAssignments());
resp = rSTAdmin1.path(String.format(_projectAclUrl, project2.id.toString())).put(ClientResponse.class, changes);
Assert.assertEquals(200, resp.getStatus());
read_assignments = rSys.path(String.format(_projectAclUrl, project2.id.toString())).get(ACLAssignments.class);
Assert.assertTrue(checkEqualsAcls(changes.getAdd(), read_assignments.getAssignments()));
// negatives - assign invalid acl
ACLEntry entryBad = new ACLEntry();
entryBad.setSubjectId("bad");
entryBad.setAces(new ArrayList<String>());
entryBad.getAces().add("bad");
changes = new ACLAssignmentChanges();
changes.setAdd(new ArrayList<ACLEntry>());
changes.getAdd().add(entryBad);
entry1 = new ACLEntry();
entry1.setSubjectId(SUBTENANT1_READER);
entry1.setAces(new ArrayList<String>());
entry1.getAces().add("backup");
entry1.getAces().add("all");
changes.getAdd().add(entry1);
resp = rSTAdminGr1.path(String.format(_projectAclUrl, project1.id.toString())).put(ClientResponse.class, changes);
Assert.assertEquals(400, resp.getStatus());
entryBad.getAces().clear();
entryBad.getAces().add("own");
resp = rSTAdminGr1.path(String.format(_projectAclUrl, project1.id.toString())).put(ClientResponse.class, changes);
Assert.assertEquals(400, resp.getStatus());
entryBad.getAces().clear();
entryBad.getAces().add("any");
resp = rSTAdminGr1.path(String.format(_projectAclUrl, project1.id.toString())).put(ClientResponse.class, changes);
Assert.assertEquals(400, resp.getStatus());
// batch acl assignment test - 2 users and 2 groups added at the same time
ACLAssignments assignmentsToHaveWhenImDone = rSTAdmin1.path(String.format(_projectAclUrl, project1.id.toString())).get(ACLAssignments.class);
changes = new ACLAssignmentChanges();
changes.setRemove(assignmentsToHaveWhenImDone.getAssignments());
entry2 = new ACLEntry();
entry2.setSubjectId(SUBTENANT1_USER);
entry2.setAces(new ArrayList<String>());
entry2.getAces().add("all");
entry3 = new ACLEntry();
entry3.setGroup(SUBTENANT1_USERS_GROUP);
entry3.setAces(new ArrayList<String>());
entry3.getAces().add("backup");
ACLEntry entry4 = new ACLEntry();
entry4.setGroup(SUBTENANT1_ADMINS_GROUP);
entry4.setAces(new ArrayList<String>());
entry4.getAces().add("all");
changes.setAdd(new ArrayList<ACLEntry>());
changes.getAdd().add(entry1);
changes.getAdd().add(entry2);
changes.getAdd().add(entry3);
changes.getAdd().add(entry4);
resp = rSTAdmin1.path(String.format(_projectAclUrl, project1.id.toString())).put(ClientResponse.class, changes);
Assert.assertEquals(200, resp.getStatus());
read_assignments = rSTAdminGr1.path(String.format(_projectAclUrl, project1.id.toString())).get(ACLAssignments.class);
Assert.assertTrue(checkEqualsAcls(changes.getAdd(), read_assignments.getAssignments()));
// reverting all the batch acl assignment changes back to how it was
changes = new ACLAssignmentChanges(assignmentsToHaveWhenImDone.getAssignments(), read_assignments.getAssignments());
resp = rSTAdmin1.path(String.format(_projectAclUrl, project1.id.toString())).put(ClientResponse.class, changes);
Assert.assertEquals(200, resp.getStatus());
// test lists
ProjectList projList = rSTAdmin1.path(String.format(_projectsUrlFormat, subtenant1Id.toString())).get(ProjectList.class);
Assert.assertTrue(checkEqualsList(projList._projects, expectedProjListResults.get("st1")));
// read - only one project
//
projList = rProjRead.path(String.format(_projectsUrlFormat, subtenant1Id.toString())).get(ProjectList.class);
Assert.assertEquals(1, projList._projects.size());
Assert.assertEquals(project1.id, projList._projects.get(0).id);
Assert.assertEquals(project1.name, projList._projects.get(0).name);
// use set on both, so we should see both
projList = rProjUserGr.path(String.format(_projectsUrlFormat, subtenant1Id.toString())).get(ProjectList.class);
ArrayList<ProjectEntry> expected = new ArrayList<ProjectEntry>();
expected.add(new ProjectEntry(project1));
expected.add(new ProjectEntry(project2));
Assert.assertTrue(checkEqualsList(projList._projects, expected));
resp = rProjUserGr.path(String.format(_projectUrl + "/deactivate", project2.id.toString())).post(ClientResponse.class);
Assert.assertEquals(403, resp.getStatus());
resp = rProjRead.path(String.format(_projectUrl + "/deactivate", project1.id.toString())).post(ClientResponse.class);
Assert.assertEquals(403, resp.getStatus());
// project update - change owner
ProjectUpdateParam project1Updated = new ProjectUpdateParam();
project1Updated.setOwner(SUBTENANT1_USER);
resp = rSTAdmin1.path(String.format(_projectUrl, project1.id.toString())).put(ClientResponse.class, project1Updated);
Assert.assertEquals(200, resp.getStatus());
// project update - change owner to a user that is not part of the project's tenant. Should fail with 400.
ProjectUpdateParam project1UpdatedBadOwner = new ProjectUpdateParam();
project1UpdatedBadOwner.setOwner(SUBTENANT2_ADMIN);
resp = rSTAdmin1.path(String.format(_projectUrl, project1.id.toString())).put(ClientResponse.class, project1UpdatedBadOwner);
Assert.assertEquals(403, resp.getStatus());
resp = rProjUserGr.path(String.format(_projectUrl + "/deactivate", project1.id.toString())).post(ClientResponse.class);
Assert.assertEquals(200, resp.getStatus());
// Test bad parameter is returned if the name in the project is not specified
paramProj = new ProjectParam(null);
resp = rTAdmin.path(String.format(_projectsUrlFormat, rootTenantId.toString())).post(ClientResponse.class, paramProj);
Assert.assertEquals(400, resp.getStatus());
// URL with bad project id
resp = rSTAdmin1.path("/projects/null.xml").get(ClientResponse.class);
Assert.assertEquals(404, resp.getStatus());
// Test entity not found is returned if we try to retrieve a project that does not exist
String getProjectUrl = "/tenants/%s/projects/%s";
resp = rTAdmin.path(String.format(getProjectUrl, rootTenantId.toString(), "urn:storageos:Project:815b507c-26eb-4124-bc96-9d0400a16596:")).get(ClientResponse.class);
Assert.assertEquals(404, resp.getStatus());
// Tests for duplicate name checks for projects
paramProj = new ProjectParam("root project1");
resp = rTAdmin.path(String.format(_projectsUrlFormat, rootTenantId.toString())).post(ClientResponse.class, paramProj);
Assert.assertEquals(400, resp.getStatus());
paramProj = new ProjectParam("subtenant project for name check");
resp = rSTAdmin1.path(String.format(_projectsUrlFormat, subtenant1Id.toString())).post(ClientResponse.class, paramProj);
Assert.assertEquals(200, resp.getStatus());
resp = rSTAdmin1.path(String.format(_projectsUrlFormat, subtenant1Id.toString())).post(ClientResponse.class, paramProj);
Assert.assertEquals(400, resp.getStatus());
resp = rSTAdmin2.path(String.format(_projectsUrlFormat, subtenant2Id.toString())).post(ClientResponse.class, paramProj);
Assert.assertEquals(200, resp.getStatus());
resp = rSTAdmin2.path(String.format(_projectsUrlFormat, subtenant2Id.toString())).post(ClientResponse.class, paramProj);
Assert.assertEquals(400, resp.getStatus());
}
Also used :
ClientResponse(com.sun.jersey.api.client.ClientResponse)
ProjectParam(com.emc.storageos.model.project.ProjectParam)
ACLAssignmentChanges(com.emc.storageos.model.auth.ACLAssignmentChanges)
VirtualArrayList(com.emc.storageos.model.varray.VirtualArrayList)
ArrayList(java.util.ArrayList)
ProjectUpdateParam(com.emc.storageos.model.project.ProjectUpdateParam)
ACLEntry(com.emc.storageos.model.auth.ACLEntry)
ACLAssignments(com.emc.storageos.model.auth.ACLAssignments)
Aggregations
ACLAssignments (com.emc.storageos.model.auth.ACLAssignments)10
ACLAssignmentChanges (com.emc.storageos.model.auth.ACLAssignmentChanges)2
ACLEntry (com.emc.storageos.model.auth.ACLEntry)2
VirtualArrayList (com.emc.storageos.model.varray.VirtualArrayList)2
ClientResponse (com.sun.jersey.api.client.ClientResponse)2
ArrayList (java.util.ArrayList)2
CatalogCategoryMapper.createNewCatalogCategory (com.emc.sa.api.mapper.CatalogCategoryMapper.createNewCatalogCategory)1
ComputeVirtualPoolMapper.toComputeVirtualPool (com.emc.storageos.api.mapper.ComputeVirtualPoolMapper.toComputeVirtualPool)1
MapFilePolicy (com.emc.storageos.api.mapper.functions.MapFilePolicy)1
MapProject (com.emc.storageos.api.mapper.functions.MapProject)1
MapVcenter (com.emc.storageos.api.mapper.functions.MapVcenter)1
MapVirtualArray (com.emc.storageos.api.mapper.functions.MapVirtualArray)1
ComputeVirtualPool (com.emc.storageos.db.client.model.ComputeVirtualPool)1
FilePolicy (com.emc.storageos.db.client.model.FilePolicy)1
Project (com.emc.storageos.db.client.model.Project)1
StringSet (com.emc.storageos.db.client.model.StringSet)1
VirtualArray (com.emc.storageos.db.client.model.VirtualArray)1
VirtualPool (com.emc.storageos.db.client.model.VirtualPool)1
CatalogCategory (com.emc.storageos.db.client.model.uimodels.CatalogCategory)1
CatalogService (com.emc.storageos.db.client.model.uimodels.CatalogService)1
