use of com.emc.storageos.model.auth.ACLEntry in project coprhd-controller by CoprHD.
the class ApiTest method projectTests.
/**
* projects api tests
*/
public void projectTests() {
ProjectParam paramProj = new ProjectParam("aclstestproject1");
ProjectEntry project1 = rSTAdminGr1.path(String.format(_projectsUrlFormat, subtenant1Id.toString())).post(ProjectEntry.class, paramProj);
Assert.assertTrue(project1.name.equals(paramProj.getName()));
Assert.assertTrue(project1.id != null);
expectedProjListResults.get("st1").add(new ProjectEntry(project1));
paramProj.setName("aclstestproject2");
ProjectEntry project2 = rSTAdmin1.path(String.format(_projectsUrlFormat, subtenant1Id.toString())).post(ProjectEntry.class, paramProj);
Assert.assertTrue(project2.name.equals(paramProj.getName()));
Assert.assertTrue(project2.id != null);
expectedProjListResults.get("st1").add(new ProjectEntry(project2));
ACLAssignments read_assignments = rSTAdminGr1.path(String.format(_projectAclUrl, project1.id.toString())).get(ACLAssignments.class);
Assert.assertTrue(read_assignments.getAssignments().isEmpty());
ClientResponse resp = rSTAdmin2.path(String.format(_projectAclUrl, project1.id.toString())).get(ClientResponse.class);
Assert.assertEquals(403, resp.getStatus());
// name duplicate tests for PUTs.
// add temp project 1
ProjectParam tempProject = new ProjectParam("temproject");
ProjectEntry projectTemp = rSTAdminGr1.path(String.format(_projectsUrlFormat, subtenant1Id.toString())).post(ProjectEntry.class, tempProject);
Assert.assertTrue(projectTemp.id != null);
expectedProjListResults.get("st1").add(new ProjectEntry(projectTemp));
// add temp project 2
ProjectParam tempProject2 = new ProjectParam("temproject2");
ProjectEntry projectTemp2 = rSTAdminGr1.path(String.format(_projectsUrlFormat, subtenant1Id.toString())).post(ProjectEntry.class, tempProject2);
Assert.assertTrue(projectTemp2.id != null);
expectedProjListResults.get("st1").add(new ProjectEntry(projectTemp2));
// attempt to modify the first project with the same name as itself. should be fine.
ProjectUpdateParam projectUpdate1 = new ProjectUpdateParam(tempProject.getName());
resp = rSTAdminGr1.path(String.format(_projectUrl, projectTemp.id.toString())).put(ClientResponse.class, projectUpdate1);
Assert.assertEquals(200, resp.getStatus());
// attempt to modify the first project with the same name as itself. upper case. should be fine.
ProjectUpdateParam projectUpdate1b = new ProjectUpdateParam(tempProject.getName().toUpperCase());
resp = rSTAdminGr1.path(String.format(_projectUrl, projectTemp.id.toString())).put(ClientResponse.class, projectUpdate1b);
Assert.assertEquals(200, resp.getStatus());
// put it back how it was
ProjectUpdateParam projectUpdate1c = new ProjectUpdateParam(tempProject.getName());
resp = rSTAdminGr1.path(String.format(_projectUrl, projectTemp.id.toString())).put(ClientResponse.class, projectUpdate1c);
Assert.assertEquals(200, resp.getStatus());
// attempt to modify the first project with the name of the second one. Should fail.
ProjectUpdateParam projectUpdate2 = new ProjectUpdateParam(tempProject2.getName());
resp = rSTAdminGr1.path(String.format(_projectUrl, projectTemp.id.toString())).put(ClientResponse.class, projectUpdate2);
Assert.assertEquals(400, resp.getStatus());
// attempt to modify the first project with the name of the second one, but upper case.
// This should fail also, as the names are case insensitive. ( proj1 == pRoJ1 )
ProjectUpdateParam projectUpdate3 = new ProjectUpdateParam(tempProject2.getName().toUpperCase());
resp = rSTAdminGr1.path(String.format(_projectUrl, projectTemp.id.toString())).put(ClientResponse.class, projectUpdate3);
Assert.assertEquals(400, resp.getStatus());
ACLAssignmentChanges changes = new ACLAssignmentChanges();
ACLEntry entry1 = new ACLEntry();
entry1.setSubjectId(SUBTENANT1_READER);
entry1.setAces(new ArrayList<String>());
entry1.getAces().add("backup");
entry1.getAces().add("all");
ACLEntry entry2 = new ACLEntry();
entry2.setSubjectId(SUBTENANT1_USER);
entry2.setAces(new ArrayList<String>());
entry2.getAces().add("all");
changes.setAdd(new ArrayList<ACLEntry>());
changes.getAdd().add(entry1);
changes.getAdd().add(entry2);
resp = rSTAdminGr1.path(String.format(_projectAclUrl, project1.id.toString())).put(ClientResponse.class, changes);
Assert.assertEquals(200, resp.getStatus());
resp = rProjRead.path(String.format(_projectAclUrl, project1.id.toString())).get(ClientResponse.class);
Assert.assertEquals(403, resp.getStatus());
resp = rProjRead.path(String.format(_projectUrl, project1.id.toString())).get(ClientResponse.class);
Assert.assertEquals(200, resp.getStatus());
read_assignments = rSTAdminGr1.path(String.format(_projectAclUrl, project1.id.toString())).get(ACLAssignments.class);
Assert.assertTrue(checkEqualsAcls(changes.getAdd(), read_assignments.getAssignments()));
// try to add more than 100 acls - this should fail (quickly, because
// it's not validating)
ACLAssignments assignements = rSTAdminGr1.path(String.format(_projectAclUrl, project1.id.toString())).get(ACLAssignments.class);
ACLAssignmentChanges tooMuchChanges = new ACLAssignmentChanges();
tooMuchChanges.setAdd(new ArrayList<ACLEntry>());
for (int i = 0; i < _maxRoleAclEntries + 1 - assignements.getAssignments().size() - 1; i++) {
ACLEntry invalidEntry = new ACLEntry();
invalidEntry.setAces(new ArrayList<String>());
invalidEntry.getAces().add("backup");
invalidEntry.setSubjectId("invalidUser" + i + "@invalidDomain.com");
tooMuchChanges.getAdd().add(invalidEntry);
}
resp = rSTAdminGr1.path(String.format(_projectAclUrl, project1.id.toString())).put(ClientResponse.class, tooMuchChanges);
final String message = String.format("Exceeding limit of %d role assignments with %d", _maxRoleAclEntries, _maxRoleAclEntries + 1);
assertExpectedError(resp, 400, ServiceCode.API_EXCEEDING_ASSIGNMENT_LIMIT, message);
// full update
entry1.getAces().remove("backup");
changes.setAdd(new ArrayList<ACLEntry>());
changes.getAdd().add(entry1);
changes.setRemove(new ArrayList<ACLEntry>());
changes.getRemove().addAll(read_assignments.getAssignments());
resp = rSTAdminGr1.path(String.format(_projectAclUrl, project1.id.toString())).put(ClientResponse.class, changes);
Assert.assertEquals(200, resp.getStatus());
read_assignments = rSTAdmin1.path(String.format(_projectAclUrl, project1.id.toString())).get(ACLAssignments.class);
Assert.assertTrue(checkEqualsAcls(changes.getAdd(), read_assignments.getAssignments()));
resp = rProjRead.path(String.format(_projectUrl, project1.id.toString())).get(ClientResponse.class);
Assert.assertEquals(200, resp.getStatus());
// partial update
entry1 = new ACLEntry();
entry1.setSubjectId(SUBTENANT1_READER);
entry1.setAces(new ArrayList<String>());
entry1.getAces().add("all");
entry2 = new ACLEntry();
entry2.setSubjectId(SUBTENANT1_READER);
entry2.setAces(new ArrayList<String>());
entry2.getAces().add("backup");
ACLEntry entry3 = new ACLEntry();
entry3.setGroup(SUBTENANT1_USERS_GROUP);
entry3.setAces(new ArrayList<String>());
entry3.getAces().add("all");
changes = new ACLAssignmentChanges();
changes.setAdd(new ArrayList<ACLEntry>());
changes.getAdd().add(entry2);
changes.getAdd().add(entry3);
changes.setRemove(new ArrayList<ACLEntry>());
changes.getRemove().add(entry1);
resp = rSTAdmin1.path(String.format(_projectAclUrl, project1.id.toString())).put(ClientResponse.class, changes);
Assert.assertEquals(200, resp.getStatus());
read_assignments = rSTAdminGr1.path(String.format(_projectAclUrl, project1.id.toString())).get(ACLAssignments.class);
ACLAssignments assignments = new ACLAssignments();
assignments.getAssignments().add(entry2);
entry3.setGroup(SUBTENANT1_USERS_GROUP);
assignments.getAssignments().add(entry3);
Assert.assertTrue(checkEqualsAcls(assignments.getAssignments(), read_assignments.getAssignments()));
resp = rProjRead.path(String.format(_projectUrl, project1.id.toString())).get(ClientResponse.class);
Assert.assertEquals(200, resp.getStatus());
resp = rProjUserGr.path(String.format(_projectUrl, project1.id.toString())).get(ClientResponse.class);
Assert.assertEquals(200, resp.getStatus());
// Check that a subtenant2 user who happens to be in the
// subtenant1 users group does not have access to the project
// in subtenant1
resp = rSTAdminGr2.path(String.format(_projectUrl, project1.id.toString())).get(ClientResponse.class);
Assert.assertEquals(403, resp.getStatus());
changes = new ACLAssignmentChanges();
changes.setAdd(new ArrayList<ACLEntry>());
changes.getAdd().add(entry3);
changes.setRemove(new ArrayList<ACLEntry>());
changes.getRemove().addAll(read_assignments.getAssignments());
resp = rSTAdmin1.path(String.format(_projectAclUrl, project2.id.toString())).put(ClientResponse.class, changes);
Assert.assertEquals(200, resp.getStatus());
read_assignments = rSys.path(String.format(_projectAclUrl, project2.id.toString())).get(ACLAssignments.class);
Assert.assertTrue(checkEqualsAcls(changes.getAdd(), read_assignments.getAssignments()));
// negatives - assign invalid acl
ACLEntry entryBad = new ACLEntry();
entryBad.setSubjectId("bad");
entryBad.setAces(new ArrayList<String>());
entryBad.getAces().add("bad");
changes = new ACLAssignmentChanges();
changes.setAdd(new ArrayList<ACLEntry>());
changes.getAdd().add(entryBad);
entry1 = new ACLEntry();
entry1.setSubjectId(SUBTENANT1_READER);
entry1.setAces(new ArrayList<String>());
entry1.getAces().add("backup");
entry1.getAces().add("all");
changes.getAdd().add(entry1);
resp = rSTAdminGr1.path(String.format(_projectAclUrl, project1.id.toString())).put(ClientResponse.class, changes);
Assert.assertEquals(400, resp.getStatus());
entryBad.getAces().clear();
entryBad.getAces().add("own");
resp = rSTAdminGr1.path(String.format(_projectAclUrl, project1.id.toString())).put(ClientResponse.class, changes);
Assert.assertEquals(400, resp.getStatus());
entryBad.getAces().clear();
entryBad.getAces().add("any");
resp = rSTAdminGr1.path(String.format(_projectAclUrl, project1.id.toString())).put(ClientResponse.class, changes);
Assert.assertEquals(400, resp.getStatus());
// batch acl assignment test - 2 users and 2 groups added at the same time
ACLAssignments assignmentsToHaveWhenImDone = rSTAdmin1.path(String.format(_projectAclUrl, project1.id.toString())).get(ACLAssignments.class);
changes = new ACLAssignmentChanges();
changes.setRemove(assignmentsToHaveWhenImDone.getAssignments());
entry2 = new ACLEntry();
entry2.setSubjectId(SUBTENANT1_USER);
entry2.setAces(new ArrayList<String>());
entry2.getAces().add("all");
entry3 = new ACLEntry();
entry3.setGroup(SUBTENANT1_USERS_GROUP);
entry3.setAces(new ArrayList<String>());
entry3.getAces().add("backup");
ACLEntry entry4 = new ACLEntry();
entry4.setGroup(SUBTENANT1_ADMINS_GROUP);
entry4.setAces(new ArrayList<String>());
entry4.getAces().add("all");
changes.setAdd(new ArrayList<ACLEntry>());
changes.getAdd().add(entry1);
changes.getAdd().add(entry2);
changes.getAdd().add(entry3);
changes.getAdd().add(entry4);
resp = rSTAdmin1.path(String.format(_projectAclUrl, project1.id.toString())).put(ClientResponse.class, changes);
Assert.assertEquals(200, resp.getStatus());
read_assignments = rSTAdminGr1.path(String.format(_projectAclUrl, project1.id.toString())).get(ACLAssignments.class);
Assert.assertTrue(checkEqualsAcls(changes.getAdd(), read_assignments.getAssignments()));
// reverting all the batch acl assignment changes back to how it was
changes = new ACLAssignmentChanges(assignmentsToHaveWhenImDone.getAssignments(), read_assignments.getAssignments());
resp = rSTAdmin1.path(String.format(_projectAclUrl, project1.id.toString())).put(ClientResponse.class, changes);
Assert.assertEquals(200, resp.getStatus());
// test lists
ProjectList projList = rSTAdmin1.path(String.format(_projectsUrlFormat, subtenant1Id.toString())).get(ProjectList.class);
Assert.assertTrue(checkEqualsList(projList._projects, expectedProjListResults.get("st1")));
// read - only one project
//
projList = rProjRead.path(String.format(_projectsUrlFormat, subtenant1Id.toString())).get(ProjectList.class);
Assert.assertEquals(1, projList._projects.size());
Assert.assertEquals(project1.id, projList._projects.get(0).id);
Assert.assertEquals(project1.name, projList._projects.get(0).name);
// use set on both, so we should see both
projList = rProjUserGr.path(String.format(_projectsUrlFormat, subtenant1Id.toString())).get(ProjectList.class);
ArrayList<ProjectEntry> expected = new ArrayList<ProjectEntry>();
expected.add(new ProjectEntry(project1));
expected.add(new ProjectEntry(project2));
Assert.assertTrue(checkEqualsList(projList._projects, expected));
resp = rProjUserGr.path(String.format(_projectUrl + "/deactivate", project2.id.toString())).post(ClientResponse.class);
Assert.assertEquals(403, resp.getStatus());
resp = rProjRead.path(String.format(_projectUrl + "/deactivate", project1.id.toString())).post(ClientResponse.class);
Assert.assertEquals(403, resp.getStatus());
// project update - change owner
ProjectUpdateParam project1Updated = new ProjectUpdateParam();
project1Updated.setOwner(SUBTENANT1_USER);
resp = rSTAdmin1.path(String.format(_projectUrl, project1.id.toString())).put(ClientResponse.class, project1Updated);
Assert.assertEquals(200, resp.getStatus());
// project update - change owner to a user that is not part of the project's tenant. Should fail with 400.
ProjectUpdateParam project1UpdatedBadOwner = new ProjectUpdateParam();
project1UpdatedBadOwner.setOwner(SUBTENANT2_ADMIN);
resp = rSTAdmin1.path(String.format(_projectUrl, project1.id.toString())).put(ClientResponse.class, project1UpdatedBadOwner);
Assert.assertEquals(403, resp.getStatus());
resp = rProjUserGr.path(String.format(_projectUrl + "/deactivate", project1.id.toString())).post(ClientResponse.class);
Assert.assertEquals(200, resp.getStatus());
// Test bad parameter is returned if the name in the project is not specified
paramProj = new ProjectParam(null);
resp = rTAdmin.path(String.format(_projectsUrlFormat, rootTenantId.toString())).post(ClientResponse.class, paramProj);
Assert.assertEquals(400, resp.getStatus());
// URL with bad project id
resp = rSTAdmin1.path("/projects/null.xml").get(ClientResponse.class);
Assert.assertEquals(404, resp.getStatus());
// Test entity not found is returned if we try to retrieve a project that does not exist
String getProjectUrl = "/tenants/%s/projects/%s";
resp = rTAdmin.path(String.format(getProjectUrl, rootTenantId.toString(), "urn:storageos:Project:815b507c-26eb-4124-bc96-9d0400a16596:")).get(ClientResponse.class);
Assert.assertEquals(404, resp.getStatus());
// Tests for duplicate name checks for projects
paramProj = new ProjectParam("root project1");
resp = rTAdmin.path(String.format(_projectsUrlFormat, rootTenantId.toString())).post(ClientResponse.class, paramProj);
Assert.assertEquals(400, resp.getStatus());
paramProj = new ProjectParam("subtenant project for name check");
resp = rSTAdmin1.path(String.format(_projectsUrlFormat, subtenant1Id.toString())).post(ClientResponse.class, paramProj);
Assert.assertEquals(200, resp.getStatus());
resp = rSTAdmin1.path(String.format(_projectsUrlFormat, subtenant1Id.toString())).post(ClientResponse.class, paramProj);
Assert.assertEquals(400, resp.getStatus());
resp = rSTAdmin2.path(String.format(_projectsUrlFormat, subtenant2Id.toString())).post(ClientResponse.class, paramProj);
Assert.assertEquals(200, resp.getStatus());
resp = rSTAdmin2.path(String.format(_projectsUrlFormat, subtenant2Id.toString())).post(ClientResponse.class, paramProj);
Assert.assertEquals(400, resp.getStatus());
}
Aggregations