Example 21 with AuthnProviderRestRep
use of com.emc.storageos.model.auth.AuthnProviderRestRep in project coprhd-controller by CoprHD.
the class ApiTest method loneAuthnProviderDeleteTest.
// quick test to see that one can create and delete
// a provider with no errors if there are no tenants associated
public void loneAuthnProviderDeleteTest() throws Exception {
AuthnCreateParam param = new AuthnCreateParam();
param.setLabel("ldaps apitest config");
param.setDescription("ldaps configuration created by ApiTest.java");
param.setDisable(false);
param.getDomains().add("secureldap.com");
param.getDomains().add("someotherdomain2.com");
param.setManagerDn("CN=Manager,DC=root,DC=com");
param.setManagerPassword("secret");
param.setSearchBase("OU=People,DC=root,DC=com");
param.setSearchFilter("mail=%u");
param.setServerUrls(new HashSet<String>());
param.getServerUrls().add("ldaps:\\" + LDAP_SERVER1_IP);
param.setMode("ldap");
AuthnProviderRestRep resp = rSys.path("/vdc/admin/authnproviders").post(AuthnProviderRestRep.class, param);
Assert.assertNotNull(resp);
// update by removing a domain should work because neither are used by any tenants
AuthnUpdateParam updateParam = new AuthnUpdateParam();
updateParam.getDomainChanges().getRemove().add("someotherdomain2.com");
ClientResponse response = rSys.path("/vdc/admin/authnproviders/" + resp.getId()).put(ClientResponse.class, updateParam);
Assert.assertEquals(200, response.getStatus());
// disable, delete, should work, because there are no tenants associated
// with it.
// disable it
updateParam = new AuthnUpdateParam();
updateParam.setDisable(true);
response = rSys.path("/vdc/admin/authnproviders/" + resp.getId()).put(ClientResponse.class, updateParam);
Assert.assertEquals(200, response.getStatus());
// delete it
response = rSys.path("/vdc/admin/authnproviders/" + resp.getId()).delete(ClientResponse.class);
Assert.assertEquals(200, response.getStatus());
}
Also used :
ClientResponse(com.sun.jersey.api.client.ClientResponse)
AuthnUpdateParam(com.emc.storageos.model.auth.AuthnUpdateParam)
AuthnCreateParam(com.emc.storageos.model.auth.AuthnCreateParam)
AuthnProviderRestRep(com.emc.storageos.model.auth.AuthnProviderRestRep)
Example 22 with AuthnProviderRestRep
use of com.emc.storageos.model.auth.AuthnProviderRestRep in project coprhd-controller by CoprHD.
the class ApiTest method disabledAuthnProviderTest.
/**
* test tenantCreation will fail, if the authn provider is disabled
*
* @throws Exception
*/
public void disabledAuthnProviderTest() throws Exception {
// create a disabled authn provider
String domain = "secqe.com";
AuthnCreateParam param = new AuthnCreateParam();
param.setLabel("secqe.com");
param.setDescription("ad apitest disabled auth provider");
param.setDisable(true);
param.getDomains().add(domain);
param.setGroupAttribute("CN");
param.setManagerDn("CN=Administrator,CN=Users,DC=secqe,DC=com");
param.setManagerPassword(AD_PASS_WORD);
param.setSearchBase("CN=Users,DC=secqe,DC=com");
param.setSearchFilter("userPrincipalName=%u");
param.setServerUrls(new HashSet<String>());
param.getServerUrls().add("ldap:\\" + AD_SERVER2_IP);
param.setMode("ad");
AuthnProviderRestRep resp = rSys.path("/vdc/admin/authnproviders").post(AuthnProviderRestRep.class, param);
Assert.assertNotNull(resp.getId());
// create tenant against the disabled authn provider, should fail
String groupName = "e2egroup";
ClientResponse response = createTenant("disabled_tenant" + new Random().nextInt(), domain, groupName);
Assert.assertEquals(400, response.getStatus());
// enable the authn provider
AuthnUpdateParam updateParam = new AuthnUpdateParam();
updateParam.setDisable(false);
response = rSys.path("/vdc/admin/authnproviders/" + resp.getId()).put(ClientResponse.class, updateParam);
Assert.assertEquals(200, response.getStatus());
// create the tenant again, should success
response = createTenant("disabled_tenant" + new Random().nextInt(), domain, groupName);
Assert.assertEquals(200, response.getStatus());
}
Also used :
ClientResponse(com.sun.jersey.api.client.ClientResponse)
AuthnUpdateParam(com.emc.storageos.model.auth.AuthnUpdateParam)
Random(java.util.Random)
AuthnCreateParam(com.emc.storageos.model.auth.AuthnCreateParam)
AuthnProviderRestRep(com.emc.storageos.model.auth.AuthnProviderRestRep)
Example 23 with AuthnProviderRestRep
use of com.emc.storageos.model.auth.AuthnProviderRestRep in project coprhd-controller by CoprHD.
the class ApiTest method addBadADConfig.
// right now, this only test one particular bad parameter (search filter).
// We can enhance this to test out all the precheckConditions present in the AuthnConfigurationService
private void addBadADConfig() throws NoSuchAlgorithmException {
// Test that a config without a proper filter (key=%u) results in 400
AuthnCreateParam param = new AuthnCreateParam();
param.setLabel("ad apitest config bad");
param.setDescription("ad configuration created by ApiTest.java");
param.setDisable(false);
param.getDomains().add("sanity2.local");
param.setGroupAttribute("CN");
param.setGroupWhitelistValues(new HashSet<String>());
param.getGroupWhitelistValues().add("*Admins*");
param.getGroupWhitelistValues().add("*Test*");
param.getGroupWhitelistValues().add("*Users*");
param.setManagerDn("CN=Administrator,CN=Users,DC=sanity,DC=local");
param.setManagerPassword(AD_PASS_WORD);
param.setSearchBase("CN=Users,DC=sanity,DC=local");
// %u is there but not on the right side of the "=". Adding this config should fail
param.setSearchFilter("%u=userPrincipalName");
param.setServerUrls(new HashSet<String>());
param.getServerUrls().add("ldap:\\" + AD_SERVER1_IP);
param.setMode("ad");
ClientResponse resp = rSys.path("/vdc/admin/authnproviders").post(ClientResponse.class, param);
Assert.assertEquals(400, resp.getStatus());
// Test that adding two profiles with the same domain name results in 400
String label = "ad apitest config duplicate 1";
AuthnCreateParam duplicateConfig1 = new AuthnCreateParam();
duplicateConfig1.setLabel(label);
duplicateConfig1.setDescription("ad configuration created by ApiTest.java");
duplicateConfig1.setDisable(false);
duplicateConfig1.getDomains().add("mydomain.com");
duplicateConfig1.setGroupAttribute("CN");
duplicateConfig1.setGroupWhitelistValues(new HashSet<String>());
duplicateConfig1.getGroupWhitelistValues().add("*Admins*");
duplicateConfig1.setManagerDn("CN=Administrator,CN=Users,DC=sanity,DC=local");
duplicateConfig1.setManagerPassword(AD_PASS_WORD);
duplicateConfig1.setSearchBase("CN=Users,DC=sanity,DC=local");
duplicateConfig1.setSearchFilter("userPrincipalName=%u");
duplicateConfig1.setServerUrls(new HashSet<String>());
duplicateConfig1.getServerUrls().add("ldap:\\" + AD_SERVER1_IP);
duplicateConfig1.setMode("ad");
AuthnProviderRestRep authnResp = rSys.path("/vdc/admin/authnproviders").post(AuthnProviderRestRep.class, duplicateConfig1);
Assert.assertNotNull(authnResp);
URI firstCreatedConfig = authnResp.getId();
AuthnCreateParam duplicateConfig2 = new AuthnCreateParam();
duplicateConfig2.setLabel("ad apitest config duplicate 2");
duplicateConfig2.setDescription("ad configuration created by ApiTest.java");
duplicateConfig2.setDisable(false);
duplicateConfig2.getDomains().add("mydomain.com");
duplicateConfig2.setGroupAttribute("CN");
duplicateConfig2.setGroupWhitelistValues(new HashSet<String>());
duplicateConfig2.getGroupWhitelistValues().add("*Admins*");
duplicateConfig2.setManagerDn("CN=Administrator,CN=Users,DC=sanity,DC=local");
duplicateConfig2.setManagerPassword(AD_PASS_WORD);
duplicateConfig2.setSearchBase("CN=Users,DC=sanity,DC=local");
duplicateConfig2.setSearchFilter("userPrincipalName=%u");
duplicateConfig2.setServerUrls(new HashSet<String>());
duplicateConfig2.getServerUrls().add("ldap:\\" + AD_SERVER1_IP);
duplicateConfig2.setMode("ad");
resp = rSys.path("/vdc/admin/authnproviders").post(ClientResponse.class, duplicateConfig2);
Assert.assertEquals(400, resp.getStatus());
// Test for duplicate name check (post)
duplicateConfig2.setLabel(label);
duplicateConfig2.getDomains().add("mydomain2.com");
resp = rSys.path("/vdc/admin/authnproviders").post(ClientResponse.class, duplicateConfig2);
Assert.assertEquals(400, resp.getStatus());
// Test that you cannot update an existing with a domain name that exists somewhere else
AuthnUpdateParam updateParam = new AuthnUpdateParam();
updateParam.getDomainChanges().getAdd().add("sanity.local");
String myDomainComauthnProvidersUrlFormat = String.format("/vdc/admin/authnproviders/%s", firstCreatedConfig.toString());
resp = rSys.path(myDomainComauthnProvidersUrlFormat).put(ClientResponse.class, updateParam);
Assert.assertEquals(400, resp.getStatus());
// test that updating the config with the same name as itself is fine (no op)
AuthnUpdateParam updateParamSameName = new AuthnUpdateParam();
updateParamSameName.getDomainChanges().getAdd().add("mydomain.com");
resp = rSys.path(myDomainComauthnProvidersUrlFormat).put(ClientResponse.class, updateParamSameName);
Assert.assertEquals(200, resp.getStatus());
// test that trying to update a config with a name too short causes 400
AuthnUpdateParam updateParamNameTooShort = new AuthnUpdateParam();
updateParamNameTooShort.setLabel("a");
resp = rSys.path(myDomainComauthnProvidersUrlFormat).put(ClientResponse.class, updateParamNameTooShort);
Assert.assertEquals(400, resp.getStatus());
// test that trying to update a config with a name too long causes 400
AuthnUpdateParam updateParamNameTooLong = new AuthnUpdateParam();
updateParamNameTooLong.setLabel("authn" + STR144);
resp = rSys.path(myDomainComauthnProvidersUrlFormat).put(ClientResponse.class, updateParamNameTooLong);
Assert.assertEquals(400, resp.getStatus());
// test that trying to update a config with the same name doesn't cause an error
AuthnUpdateParam updateParam2 = new AuthnUpdateParam();
updateParam2.setLabel(label);
resp = rSys.path(myDomainComauthnProvidersUrlFormat).put(ClientResponse.class, updateParam2);
Assert.assertEquals(200, resp.getStatus());
// test that the String payload will be trimmed
updateParam2 = new AuthnUpdateParam();
updateParam2.setLabel(" " + label + " ");
authnResp = rSys.path(myDomainComauthnProvidersUrlFormat).put(AuthnProviderRestRep.class, updateParam2);
Assert.assertTrue(authnResp.getName().equals(label));
// Mark the mydomain.com provider as disabled. Try to add a conflicting domain provider.
// Should still fail. Because even though disabled the provider can eventually be renabled.
AuthnUpdateParam updateParam3 = new AuthnUpdateParam();
updateParam3.setDisable(true);
resp = rSys.path(myDomainComauthnProvidersUrlFormat).put(ClientResponse.class, updateParam3);
Assert.assertEquals(200, resp.getStatus());
resp = rSys.path(myDomainComauthnProvidersUrlFormat).put(ClientResponse.class, updateParam);
Assert.assertEquals(400, resp.getStatus());
// Now delete that mydomain.com provider and re-add it, see that
// it is now allowed because the conflicting provider has been deleted
resp = rSys.path(myDomainComauthnProvidersUrlFormat).delete(ClientResponse.class);
Assert.assertEquals(200, resp.getStatus());
authnResp = rSys.path("/vdc/admin/authnproviders").post(AuthnProviderRestRep.class, duplicateConfig1);
Assert.assertNotNull(authnResp);
// Test that updating a config with a MaxPageSize=0 fails
AuthnUpdateParam pageSizeUpdateParam = new AuthnUpdateParam();
pageSizeUpdateParam.setMaxPageSize(0);
resp = rSys.path(String.format("/vdc/admin/authnproviders/%s", authnResp.getId().toString())).put(ClientResponse.class, pageSizeUpdateParam);
Assert.assertEquals(400, resp.getStatus());
// Set the page size and verify that it is successful.
pageSizeUpdateParam.setMaxPageSize(500);
resp = rSys.path(String.format("/vdc/admin/authnproviders/%s", authnResp.getId().toString())).put(ClientResponse.class, pageSizeUpdateParam);
Assert.assertEquals(200, resp.getStatus());
// Get the provider and verify that it has the new page size
authnResp = rSys.path(String.format("/vdc/admin/authnproviders/%s", authnResp.getId().toString())).get(AuthnProviderRestRep.class);
Assert.assertEquals(pageSizeUpdateParam.getMaxPageSize().intValue(), authnResp.getMaxPageSize().intValue());
// Test that a bad search scope gets rejected.
// Missing scope is tested by all the other tests above which do not
// supply scope.
AuthnCreateParam badScopeParam = new AuthnCreateParam();
badScopeParam.setLabel("ad apitest config with bad scope");
badScopeParam.setDescription("ad configuration created by ApiTest.java");
badScopeParam.setDisable(false);
badScopeParam.getDomains().add("mydomain4.com");
badScopeParam.setGroupAttribute("CN");
badScopeParam.setGroupWhitelistValues(new HashSet<String>());
badScopeParam.getGroupWhitelistValues().add("*Admins*");
badScopeParam.setManagerDn("CN=Administrator,CN=Users,DC=sanity,DC=local");
badScopeParam.setManagerPassword(AD_PASS_WORD);
badScopeParam.setSearchBase("CN=Users,DC=sanity,DC=local");
badScopeParam.setSearchFilter("userPrincipalName=%u");
badScopeParam.setServerUrls(new HashSet<String>());
badScopeParam.getServerUrls().add("ldap:\\" + AD_SERVER1_IP);
// BAD SCOPE
badScopeParam.setSearchScope("bad scope");
badScopeParam.setMode("ad");
resp = rSys.path("/vdc/admin/authnproviders").post(ClientResponse.class, badScopeParam);
Assert.assertEquals(400, resp.getStatus());
// Test that a good search scope works
AuthnCreateParam goodScopeParam = new AuthnCreateParam();
String goodScopeName = "ad apitest config with good scope";
goodScopeParam.setLabel(goodScopeName);
goodScopeParam.setDescription("ad configuration created by ApiTest.java");
goodScopeParam.setDisable(false);
goodScopeParam.getDomains().add("mydomain5.com");
goodScopeParam.setGroupAttribute("CN");
goodScopeParam.setGroupWhitelistValues(new HashSet<String>());
goodScopeParam.getGroupWhitelistValues().add("*Admins*");
goodScopeParam.setManagerDn("CN=Administrator,CN=Users,DC=sanity,DC=local");
goodScopeParam.setManagerPassword(AD_PASS_WORD);
goodScopeParam.setSearchBase("CN=Users,DC=sanity,DC=local");
goodScopeParam.setSearchFilter("userPrincipalName=%u");
goodScopeParam.setServerUrls(new HashSet<String>());
goodScopeParam.getServerUrls().add("ldap:\\" + AD_SERVER1_IP);
goodScopeParam.setSearchScope(AuthnProvider.SearchScope.SUBTREE.toString());
goodScopeParam.setMode("ad");
resp = rSys.path("/vdc/admin/authnproviders").post(ClientResponse.class, goodScopeParam);
Assert.assertEquals(200, resp.getStatus());
// create a config, then try to modify its name to one that exists.
AuthnCreateParam randomConfig = new AuthnCreateParam();
randomConfig.setLabel("random");
randomConfig.setDescription("random provider");
randomConfig.setDisable(false);
randomConfig.getDomains().add("mydomain6.com");
randomConfig.setGroupAttribute("CN");
randomConfig.setGroupWhitelistValues(new HashSet<String>());
randomConfig.getGroupWhitelistValues().add("*Admins*");
randomConfig.setManagerDn("CN=Administrator,CN=Users,DC=sanity,DC=local");
randomConfig.setManagerPassword(AD_PASS_WORD);
randomConfig.setSearchBase("CN=Users,DC=sanity,DC=local");
randomConfig.setSearchFilter("userPrincipalName=%u");
randomConfig.setServerUrls(new HashSet<String>());
randomConfig.getServerUrls().add("ldap:\\" + AD_SERVER1_IP);
randomConfig.setSearchScope(AuthnProvider.SearchScope.SUBTREE.toString());
randomConfig.setMode("ad");
AuthnProviderRestRep authnResp2 = rSys.path("/vdc/admin/authnproviders").post(AuthnProviderRestRep.class, randomConfig);
Assert.assertNotNull(authnResp2);
AuthnUpdateParam updateParam4 = new AuthnUpdateParam();
updateParam4.setLabel(goodScopeName);
resp = rSys.path(String.format("/vdc/admin/authnproviders/%s", authnResp2.getId().toString())).put(ClientResponse.class, updateParam4);
Assert.assertEquals(400, resp.getStatus());
// attempt to delete the only url in the config. should fail with 400
AuthnUpdateParam lastUrl = new AuthnUpdateParam();
lastUrl.getServerUrlChanges().setRemove(new HashSet<String>());
lastUrl.getServerUrlChanges().getRemove().add("ldap:\\" + AD_SERVER1_IP);
resp = rSys.path(String.format("/vdc/admin/authnproviders/%s", _goodADConfig)).put(ClientResponse.class, lastUrl);
Assert.assertEquals(400, resp.getStatus());
// modify the main config with a bad group CN. Verify you get 400
AuthnUpdateParam badCN = new AuthnUpdateParam();
badCN.setGroupAttribute("garbage");
resp = rSys.path(String.format("/vdc/admin/authnproviders/%s", _goodADConfig)).queryParam("allow_group_attr_change", "true").put(ClientResponse.class, badCN);
String errorMessage = String.format("The authentication provider could not be added or modified because of the following error: The group attribute %s could not be found in AD schema at server [%s].", badCN.getGroupAttribute(), "ldap:\\" + AD_SERVER1_IP);
assertExpectedError(resp, 400, ServiceCode.API_PARAMETER_INVALID, errorMessage);
_savedTokens.remove(ROOTTENANTADMIN);
// put the config back.
AuthnUpdateParam goodCN = new AuthnUpdateParam();
goodCN.setGroupAttribute("CN");
resp = rSys.path(String.format("/vdc/admin/authnproviders/%s", _goodADConfig)).queryParam("allow_group_attr_change", "true").put(ClientResponse.class, goodCN);
Assert.assertEquals(200, resp.getStatus());
// modify the group attribute. Should fail.
AuthnUpdateParam changeCN = new AuthnUpdateParam();
changeCN.setGroupAttribute("objectSid");
resp = rSys.path(String.format("/vdc/admin/authnproviders/%s", _goodADConfig)).put(ClientResponse.class, changeCN);
Assert.assertEquals(400, resp.getStatus());
// modify the group attribute with force flag. Should succeed.
resp = rSys.path(String.format("/vdc/admin/authnproviders/%s", _goodADConfig)).queryParam("allow_group_attr_change", "true").put(ClientResponse.class, changeCN);
Assert.assertEquals(200, resp.getStatus());
// put the original group attribute back for the rest of the tests.
changeCN.setGroupAttribute("CN");
resp = rSys.path(String.format("/vdc/admin/authnproviders/%s", _goodADConfig)).queryParam("allow_group_attr_change", "true").put(ClientResponse.class, changeCN);
Assert.assertEquals(200, resp.getStatus());
}
Also used :
ClientResponse(com.sun.jersey.api.client.ClientResponse)
AuthnUpdateParam(com.emc.storageos.model.auth.AuthnUpdateParam)
AuthnCreateParam(com.emc.storageos.model.auth.AuthnCreateParam)
URI(java.net.URI)
AuthnProviderRestRep(com.emc.storageos.model.auth.AuthnProviderRestRep)
Example 24 with AuthnProviderRestRep
use of com.emc.storageos.model.auth.AuthnProviderRestRep in project coprhd-controller by CoprHD.
the class ApiTestAuthnProviders method testAuthnProviderCreateDuplicateLDAPGroupProperties.
@Test
public void testAuthnProviderCreateDuplicateLDAPGroupProperties() {
final String testName = "testAuthnProviderCreateDuplicateLDAPGroupProperties - ";
AuthnCreateParam createParam = getDefaultAuthnCreateParam(testName + TRACE_SUCCESSFUL + "(Duplicate group objectClasses and memberAttributes)");
// Add the same group objectClasses and memberAttributes to the createParam as duplicates.
createParam.getGroupObjectClasses().addAll(getDefaultGroupObjectClasses());
createParam.getGroupMemberAttributes().addAll(getDefaultGroupMemberAttributes());
AuthnProviderRestRep createResp = rSys.path(getTestApi()).post(AuthnProviderRestRep.class, createParam);
validateAuthProviderCreateSuccess(createParam, createResp);
// Validate the counts separately to make sure that the counts are removed.
final int expected = 4;
Assert.assertEquals(expected, createResp.getGroupObjectClasses().size());
Assert.assertEquals(expected, createResp.getGroupMemberAttributes().size());
}
Also used :
AuthnCreateParam(com.emc.storageos.model.auth.AuthnCreateParam)
AuthnProviderRestRep(com.emc.storageos.model.auth.AuthnProviderRestRep)
Test(org.junit.Test)
Example 25 with AuthnProviderRestRep
use of com.emc.storageos.model.auth.AuthnProviderRestRep in project coprhd-controller by CoprHD.
the class ApiTestAuthnProviders method testAuthnProviderCreateWithLDAPGroupPropertiesAndNonManagerDN.
@Test
public void testAuthnProviderCreateWithLDAPGroupPropertiesAndNonManagerDN() {
final String testName = "testAuthnProviderCreateWithLDAPGroupPropertiesAndNonManagerDN - ";
AuthnCreateParam createParam = getDefaultAuthnCreateParam(testName + "Successful creation of authn provider with non managerDN");
// overwrite the managerdn with some user information. Just to make sure that ldap schema schema search
// does not need only the managerdn's.
createParam.setManagerDn(getNonManagerBindDN());
createParam.setManagerPassword(getNonManagerBindDNPwd());
AuthnProviderRestRep createResp = rSys.path(getTestApi()).post(AuthnProviderRestRep.class, createParam);
validateAuthProviderCreateSuccess(createParam, createResp);
}
Also used :
AuthnCreateParam(com.emc.storageos.model.auth.AuthnCreateParam)
AuthnProviderRestRep(com.emc.storageos.model.auth.AuthnProviderRestRep)
Test(org.junit.Test)
Aggregations
AuthnProviderRestRep (com.emc.storageos.model.auth.AuthnProviderRestRep)29
AuthnCreateParam (com.emc.storageos.model.auth.AuthnCreateParam)18
AuthnUpdateParam (com.emc.storageos.model.auth.AuthnUpdateParam)12
ClientResponse (com.sun.jersey.api.client.ClientResponse)11
Test (org.junit.Test)11
FlashException (controllers.util.FlashException)2
RestLinkRep (com.emc.storageos.model.RestLinkRep)1
AuthnProviderList (com.emc.storageos.model.auth.AuthnProviderList)1
TenantCreateParam (com.emc.storageos.model.tenant.TenantCreateParam)1
UserMappingAttributeParam (com.emc.storageos.model.tenant.UserMappingAttributeParam)1
UserMappingParam (com.emc.storageos.model.tenant.UserMappingParam)1
Gson (com.google.gson.Gson)1
ClientHandlerException (com.sun.jersey.api.client.ClientHandlerException)1
UniformInterfaceException (com.sun.jersey.api.client.UniformInterfaceException)1
URI (java.net.URI)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
HashSet (java.util.HashSet)1
LinkedHashSet (java.util.LinkedHashSet)1
Random (java.util.Random)1
OpenStackTenantsDataTable (models.datatable.OpenStackTenantsDataTable)1
