Search in sources :

Example 21 with ACLEntry

use of com.emc.storageos.model.auth.ACLEntry in project coprhd-controller by CoprHD.

the class ApiTest method projectTests.

/**
 * projects api tests
 */
public void projectTests() {
    ProjectParam paramProj = new ProjectParam("aclstestproject1");
    ProjectEntry project1 = rSTAdminGr1.path(String.format(_projectsUrlFormat, subtenant1Id.toString())).post(ProjectEntry.class, paramProj);
    Assert.assertTrue(project1.name.equals(paramProj.getName()));
    Assert.assertTrue(project1.id != null);
    expectedProjListResults.get("st1").add(new ProjectEntry(project1));
    paramProj.setName("aclstestproject2");
    ProjectEntry project2 = rSTAdmin1.path(String.format(_projectsUrlFormat, subtenant1Id.toString())).post(ProjectEntry.class, paramProj);
    Assert.assertTrue(project2.name.equals(paramProj.getName()));
    Assert.assertTrue(project2.id != null);
    expectedProjListResults.get("st1").add(new ProjectEntry(project2));
    ACLAssignments read_assignments = rSTAdminGr1.path(String.format(_projectAclUrl, project1.id.toString())).get(ACLAssignments.class);
    Assert.assertTrue(read_assignments.getAssignments().isEmpty());
    ClientResponse resp = rSTAdmin2.path(String.format(_projectAclUrl, project1.id.toString())).get(ClientResponse.class);
    Assert.assertEquals(403, resp.getStatus());
    // name duplicate tests for PUTs.
    // add temp project 1
    ProjectParam tempProject = new ProjectParam("temproject");
    ProjectEntry projectTemp = rSTAdminGr1.path(String.format(_projectsUrlFormat, subtenant1Id.toString())).post(ProjectEntry.class, tempProject);
    Assert.assertTrue(projectTemp.id != null);
    expectedProjListResults.get("st1").add(new ProjectEntry(projectTemp));
    // add temp project 2
    ProjectParam tempProject2 = new ProjectParam("temproject2");
    ProjectEntry projectTemp2 = rSTAdminGr1.path(String.format(_projectsUrlFormat, subtenant1Id.toString())).post(ProjectEntry.class, tempProject2);
    Assert.assertTrue(projectTemp2.id != null);
    expectedProjListResults.get("st1").add(new ProjectEntry(projectTemp2));
    // attempt to modify the first project with the same name as itself. should be fine.
    ProjectUpdateParam projectUpdate1 = new ProjectUpdateParam(tempProject.getName());
    resp = rSTAdminGr1.path(String.format(_projectUrl, projectTemp.id.toString())).put(ClientResponse.class, projectUpdate1);
    Assert.assertEquals(200, resp.getStatus());
    // attempt to modify the first project with the same name as itself. upper case. should be fine.
    ProjectUpdateParam projectUpdate1b = new ProjectUpdateParam(tempProject.getName().toUpperCase());
    resp = rSTAdminGr1.path(String.format(_projectUrl, projectTemp.id.toString())).put(ClientResponse.class, projectUpdate1b);
    Assert.assertEquals(200, resp.getStatus());
    // put it back how it was
    ProjectUpdateParam projectUpdate1c = new ProjectUpdateParam(tempProject.getName());
    resp = rSTAdminGr1.path(String.format(_projectUrl, projectTemp.id.toString())).put(ClientResponse.class, projectUpdate1c);
    Assert.assertEquals(200, resp.getStatus());
    // attempt to modify the first project with the name of the second one. Should fail.
    ProjectUpdateParam projectUpdate2 = new ProjectUpdateParam(tempProject2.getName());
    resp = rSTAdminGr1.path(String.format(_projectUrl, projectTemp.id.toString())).put(ClientResponse.class, projectUpdate2);
    Assert.assertEquals(400, resp.getStatus());
    // attempt to modify the first project with the name of the second one, but upper case.
    // This should fail also, as the names are case insensitive. ( proj1 == pRoJ1 )
    ProjectUpdateParam projectUpdate3 = new ProjectUpdateParam(tempProject2.getName().toUpperCase());
    resp = rSTAdminGr1.path(String.format(_projectUrl, projectTemp.id.toString())).put(ClientResponse.class, projectUpdate3);
    Assert.assertEquals(400, resp.getStatus());
    ACLAssignmentChanges changes = new ACLAssignmentChanges();
    ACLEntry entry1 = new ACLEntry();
    entry1.setSubjectId(SUBTENANT1_READER);
    entry1.setAces(new ArrayList<String>());
    entry1.getAces().add("backup");
    entry1.getAces().add("all");
    ACLEntry entry2 = new ACLEntry();
    entry2.setSubjectId(SUBTENANT1_USER);
    entry2.setAces(new ArrayList<String>());
    entry2.getAces().add("all");
    changes.setAdd(new ArrayList<ACLEntry>());
    changes.getAdd().add(entry1);
    changes.getAdd().add(entry2);
    resp = rSTAdminGr1.path(String.format(_projectAclUrl, project1.id.toString())).put(ClientResponse.class, changes);
    Assert.assertEquals(200, resp.getStatus());
    resp = rProjRead.path(String.format(_projectAclUrl, project1.id.toString())).get(ClientResponse.class);
    Assert.assertEquals(403, resp.getStatus());
    resp = rProjRead.path(String.format(_projectUrl, project1.id.toString())).get(ClientResponse.class);
    Assert.assertEquals(200, resp.getStatus());
    read_assignments = rSTAdminGr1.path(String.format(_projectAclUrl, project1.id.toString())).get(ACLAssignments.class);
    Assert.assertTrue(checkEqualsAcls(changes.getAdd(), read_assignments.getAssignments()));
    // try to add more than 100 acls - this should fail (quickly, because
    // it's not validating)
    ACLAssignments assignements = rSTAdminGr1.path(String.format(_projectAclUrl, project1.id.toString())).get(ACLAssignments.class);
    ACLAssignmentChanges tooMuchChanges = new ACLAssignmentChanges();
    tooMuchChanges.setAdd(new ArrayList<ACLEntry>());
    for (int i = 0; i < _maxRoleAclEntries + 1 - assignements.getAssignments().size() - 1; i++) {
        ACLEntry invalidEntry = new ACLEntry();
        invalidEntry.setAces(new ArrayList<String>());
        invalidEntry.getAces().add("backup");
        invalidEntry.setSubjectId("invalidUser" + i + "@invalidDomain.com");
        tooMuchChanges.getAdd().add(invalidEntry);
    }
    resp = rSTAdminGr1.path(String.format(_projectAclUrl, project1.id.toString())).put(ClientResponse.class, tooMuchChanges);
    final String message = String.format("Exceeding limit of %d role assignments with %d", _maxRoleAclEntries, _maxRoleAclEntries + 1);
    assertExpectedError(resp, 400, ServiceCode.API_EXCEEDING_ASSIGNMENT_LIMIT, message);
    // full update
    entry1.getAces().remove("backup");
    changes.setAdd(new ArrayList<ACLEntry>());
    changes.getAdd().add(entry1);
    changes.setRemove(new ArrayList<ACLEntry>());
    changes.getRemove().addAll(read_assignments.getAssignments());
    resp = rSTAdminGr1.path(String.format(_projectAclUrl, project1.id.toString())).put(ClientResponse.class, changes);
    Assert.assertEquals(200, resp.getStatus());
    read_assignments = rSTAdmin1.path(String.format(_projectAclUrl, project1.id.toString())).get(ACLAssignments.class);
    Assert.assertTrue(checkEqualsAcls(changes.getAdd(), read_assignments.getAssignments()));
    resp = rProjRead.path(String.format(_projectUrl, project1.id.toString())).get(ClientResponse.class);
    Assert.assertEquals(200, resp.getStatus());
    // partial update
    entry1 = new ACLEntry();
    entry1.setSubjectId(SUBTENANT1_READER);
    entry1.setAces(new ArrayList<String>());
    entry1.getAces().add("all");
    entry2 = new ACLEntry();
    entry2.setSubjectId(SUBTENANT1_READER);
    entry2.setAces(new ArrayList<String>());
    entry2.getAces().add("backup");
    ACLEntry entry3 = new ACLEntry();
    entry3.setGroup(SUBTENANT1_USERS_GROUP);
    entry3.setAces(new ArrayList<String>());
    entry3.getAces().add("all");
    changes = new ACLAssignmentChanges();
    changes.setAdd(new ArrayList<ACLEntry>());
    changes.getAdd().add(entry2);
    changes.getAdd().add(entry3);
    changes.setRemove(new ArrayList<ACLEntry>());
    changes.getRemove().add(entry1);
    resp = rSTAdmin1.path(String.format(_projectAclUrl, project1.id.toString())).put(ClientResponse.class, changes);
    Assert.assertEquals(200, resp.getStatus());
    read_assignments = rSTAdminGr1.path(String.format(_projectAclUrl, project1.id.toString())).get(ACLAssignments.class);
    ACLAssignments assignments = new ACLAssignments();
    assignments.getAssignments().add(entry2);
    entry3.setGroup(SUBTENANT1_USERS_GROUP);
    assignments.getAssignments().add(entry3);
    Assert.assertTrue(checkEqualsAcls(assignments.getAssignments(), read_assignments.getAssignments()));
    resp = rProjRead.path(String.format(_projectUrl, project1.id.toString())).get(ClientResponse.class);
    Assert.assertEquals(200, resp.getStatus());
    resp = rProjUserGr.path(String.format(_projectUrl, project1.id.toString())).get(ClientResponse.class);
    Assert.assertEquals(200, resp.getStatus());
    // Check that a subtenant2 user who happens to be in the
    // subtenant1 users group does not have access to the project
    // in subtenant1
    resp = rSTAdminGr2.path(String.format(_projectUrl, project1.id.toString())).get(ClientResponse.class);
    Assert.assertEquals(403, resp.getStatus());
    changes = new ACLAssignmentChanges();
    changes.setAdd(new ArrayList<ACLEntry>());
    changes.getAdd().add(entry3);
    changes.setRemove(new ArrayList<ACLEntry>());
    changes.getRemove().addAll(read_assignments.getAssignments());
    resp = rSTAdmin1.path(String.format(_projectAclUrl, project2.id.toString())).put(ClientResponse.class, changes);
    Assert.assertEquals(200, resp.getStatus());
    read_assignments = rSys.path(String.format(_projectAclUrl, project2.id.toString())).get(ACLAssignments.class);
    Assert.assertTrue(checkEqualsAcls(changes.getAdd(), read_assignments.getAssignments()));
    // negatives - assign invalid acl
    ACLEntry entryBad = new ACLEntry();
    entryBad.setSubjectId("bad");
    entryBad.setAces(new ArrayList<String>());
    entryBad.getAces().add("bad");
    changes = new ACLAssignmentChanges();
    changes.setAdd(new ArrayList<ACLEntry>());
    changes.getAdd().add(entryBad);
    entry1 = new ACLEntry();
    entry1.setSubjectId(SUBTENANT1_READER);
    entry1.setAces(new ArrayList<String>());
    entry1.getAces().add("backup");
    entry1.getAces().add("all");
    changes.getAdd().add(entry1);
    resp = rSTAdminGr1.path(String.format(_projectAclUrl, project1.id.toString())).put(ClientResponse.class, changes);
    Assert.assertEquals(400, resp.getStatus());
    entryBad.getAces().clear();
    entryBad.getAces().add("own");
    resp = rSTAdminGr1.path(String.format(_projectAclUrl, project1.id.toString())).put(ClientResponse.class, changes);
    Assert.assertEquals(400, resp.getStatus());
    entryBad.getAces().clear();
    entryBad.getAces().add("any");
    resp = rSTAdminGr1.path(String.format(_projectAclUrl, project1.id.toString())).put(ClientResponse.class, changes);
    Assert.assertEquals(400, resp.getStatus());
    // batch acl assignment test - 2 users and 2 groups added at the same time
    ACLAssignments assignmentsToHaveWhenImDone = rSTAdmin1.path(String.format(_projectAclUrl, project1.id.toString())).get(ACLAssignments.class);
    changes = new ACLAssignmentChanges();
    changes.setRemove(assignmentsToHaveWhenImDone.getAssignments());
    entry2 = new ACLEntry();
    entry2.setSubjectId(SUBTENANT1_USER);
    entry2.setAces(new ArrayList<String>());
    entry2.getAces().add("all");
    entry3 = new ACLEntry();
    entry3.setGroup(SUBTENANT1_USERS_GROUP);
    entry3.setAces(new ArrayList<String>());
    entry3.getAces().add("backup");
    ACLEntry entry4 = new ACLEntry();
    entry4.setGroup(SUBTENANT1_ADMINS_GROUP);
    entry4.setAces(new ArrayList<String>());
    entry4.getAces().add("all");
    changes.setAdd(new ArrayList<ACLEntry>());
    changes.getAdd().add(entry1);
    changes.getAdd().add(entry2);
    changes.getAdd().add(entry3);
    changes.getAdd().add(entry4);
    resp = rSTAdmin1.path(String.format(_projectAclUrl, project1.id.toString())).put(ClientResponse.class, changes);
    Assert.assertEquals(200, resp.getStatus());
    read_assignments = rSTAdminGr1.path(String.format(_projectAclUrl, project1.id.toString())).get(ACLAssignments.class);
    Assert.assertTrue(checkEqualsAcls(changes.getAdd(), read_assignments.getAssignments()));
    // reverting all the batch acl assignment changes back to how it was
    changes = new ACLAssignmentChanges(assignmentsToHaveWhenImDone.getAssignments(), read_assignments.getAssignments());
    resp = rSTAdmin1.path(String.format(_projectAclUrl, project1.id.toString())).put(ClientResponse.class, changes);
    Assert.assertEquals(200, resp.getStatus());
    // test lists
    ProjectList projList = rSTAdmin1.path(String.format(_projectsUrlFormat, subtenant1Id.toString())).get(ProjectList.class);
    Assert.assertTrue(checkEqualsList(projList._projects, expectedProjListResults.get("st1")));
    // read - only one project
    // 
    projList = rProjRead.path(String.format(_projectsUrlFormat, subtenant1Id.toString())).get(ProjectList.class);
    Assert.assertEquals(1, projList._projects.size());
    Assert.assertEquals(project1.id, projList._projects.get(0).id);
    Assert.assertEquals(project1.name, projList._projects.get(0).name);
    // use set on both, so we should see both
    projList = rProjUserGr.path(String.format(_projectsUrlFormat, subtenant1Id.toString())).get(ProjectList.class);
    ArrayList<ProjectEntry> expected = new ArrayList<ProjectEntry>();
    expected.add(new ProjectEntry(project1));
    expected.add(new ProjectEntry(project2));
    Assert.assertTrue(checkEqualsList(projList._projects, expected));
    resp = rProjUserGr.path(String.format(_projectUrl + "/deactivate", project2.id.toString())).post(ClientResponse.class);
    Assert.assertEquals(403, resp.getStatus());
    resp = rProjRead.path(String.format(_projectUrl + "/deactivate", project1.id.toString())).post(ClientResponse.class);
    Assert.assertEquals(403, resp.getStatus());
    // project update - change owner
    ProjectUpdateParam project1Updated = new ProjectUpdateParam();
    project1Updated.setOwner(SUBTENANT1_USER);
    resp = rSTAdmin1.path(String.format(_projectUrl, project1.id.toString())).put(ClientResponse.class, project1Updated);
    Assert.assertEquals(200, resp.getStatus());
    // project update - change owner to a user that is not part of the project's tenant. Should fail with 400.
    ProjectUpdateParam project1UpdatedBadOwner = new ProjectUpdateParam();
    project1UpdatedBadOwner.setOwner(SUBTENANT2_ADMIN);
    resp = rSTAdmin1.path(String.format(_projectUrl, project1.id.toString())).put(ClientResponse.class, project1UpdatedBadOwner);
    Assert.assertEquals(403, resp.getStatus());
    resp = rProjUserGr.path(String.format(_projectUrl + "/deactivate", project1.id.toString())).post(ClientResponse.class);
    Assert.assertEquals(200, resp.getStatus());
    // Test bad parameter is returned if the name in the project is not specified
    paramProj = new ProjectParam(null);
    resp = rTAdmin.path(String.format(_projectsUrlFormat, rootTenantId.toString())).post(ClientResponse.class, paramProj);
    Assert.assertEquals(400, resp.getStatus());
    // URL with bad project id
    resp = rSTAdmin1.path("/projects/null.xml").get(ClientResponse.class);
    Assert.assertEquals(404, resp.getStatus());
    // Test entity not found is returned if we try to retrieve a project that does not exist
    String getProjectUrl = "/tenants/%s/projects/%s";
    resp = rTAdmin.path(String.format(getProjectUrl, rootTenantId.toString(), "urn:storageos:Project:815b507c-26eb-4124-bc96-9d0400a16596:")).get(ClientResponse.class);
    Assert.assertEquals(404, resp.getStatus());
    // Tests for duplicate name checks for projects
    paramProj = new ProjectParam("root project1");
    resp = rTAdmin.path(String.format(_projectsUrlFormat, rootTenantId.toString())).post(ClientResponse.class, paramProj);
    Assert.assertEquals(400, resp.getStatus());
    paramProj = new ProjectParam("subtenant project for name check");
    resp = rSTAdmin1.path(String.format(_projectsUrlFormat, subtenant1Id.toString())).post(ClientResponse.class, paramProj);
    Assert.assertEquals(200, resp.getStatus());
    resp = rSTAdmin1.path(String.format(_projectsUrlFormat, subtenant1Id.toString())).post(ClientResponse.class, paramProj);
    Assert.assertEquals(400, resp.getStatus());
    resp = rSTAdmin2.path(String.format(_projectsUrlFormat, subtenant2Id.toString())).post(ClientResponse.class, paramProj);
    Assert.assertEquals(200, resp.getStatus());
    resp = rSTAdmin2.path(String.format(_projectsUrlFormat, subtenant2Id.toString())).post(ClientResponse.class, paramProj);
    Assert.assertEquals(400, resp.getStatus());
}
Also used : ClientResponse(com.sun.jersey.api.client.ClientResponse) ProjectParam(com.emc.storageos.model.project.ProjectParam) ACLAssignmentChanges(com.emc.storageos.model.auth.ACLAssignmentChanges) VirtualArrayList(com.emc.storageos.model.varray.VirtualArrayList) ArrayList(java.util.ArrayList) ProjectUpdateParam(com.emc.storageos.model.project.ProjectUpdateParam) ACLEntry(com.emc.storageos.model.auth.ACLEntry) ACLAssignments(com.emc.storageos.model.auth.ACLAssignments)

Aggregations

ACLEntry (com.emc.storageos.model.auth.ACLEntry)21 ACLAssignmentChanges (com.emc.storageos.model.auth.ACLAssignmentChanges)6 ClientResponse (com.sun.jersey.api.client.ClientResponse)4 URI (java.net.URI)4 ArrayList (java.util.ArrayList)4 VirtualArrayList (com.emc.storageos.model.varray.VirtualArrayList)3 HashSet (java.util.HashSet)3 ACLAssignments (com.emc.storageos.model.auth.ACLAssignments)2 ProjectParam (com.emc.storageos.model.project.ProjectParam)2 BlockVirtualPoolParam (com.emc.storageos.model.vpool.BlockVirtualPoolParam)2 BlockVirtualPoolRestRep (com.emc.storageos.model.vpool.BlockVirtualPoolRestRep)2 FileVirtualPoolParam (com.emc.storageos.model.vpool.FileVirtualPoolParam)2 AbstractChangeTrackingSet (com.emc.storageos.db.client.model.AbstractChangeTrackingSet)1 NamedURI (com.emc.storageos.db.client.model.NamedURI)1 StringSet (com.emc.storageos.db.client.model.StringSet)1 StringSetMap (com.emc.storageos.db.client.model.StringSetMap)1 NamedRelatedResourceRep (com.emc.storageos.model.NamedRelatedResourceRep)1 TagAssignment (com.emc.storageos.model.TagAssignment)1 ProjectElement (com.emc.storageos.model.project.ProjectElement)1 ProjectUpdateParam (com.emc.storageos.model.project.ProjectUpdateParam)1