Example 6 with AuthnUpdateParam
use of com.emc.storageos.model.auth.AuthnUpdateParam in project coprhd-controller by CoprHD.
the class ApiTest method authnProviderAddDomainTest.
// quick test to see if the added domain of AP server is converted to all lowercase
public void authnProviderAddDomainTest() throws Exception {
AuthnCreateParam param = new AuthnCreateParam();
param.setLabel("domain test AP server");
param.setDescription("AP server configuration created by ApiTest.java");
param.setDisable(false);
param.getDomains().add("asd.locl");
param.setManagerDn("CN=Manager,DC=root,DC=com");
param.setManagerPassword("secret");
param.setSearchBase("OU=People,DC=root,DC=com");
param.setSearchFilter("mail=%u");
param.setServerUrls(new HashSet<String>());
param.getServerUrls().add("ldaps:\\" + LDAP_SERVER1_IP);
param.setMode("ldap");
AuthnProviderRestRep resp = rSys.path("/vdc/admin/authnproviders").post(AuthnProviderRestRep.class, param);
Assert.assertNotNull(resp);
// update the AP server by adding a domain name with mixed case
AuthnUpdateParam updateParam = new AuthnUpdateParam();
Set<String> toAddSet = new HashSet<String>();
toAddSet.add("sAnItY2.local");
updateParam.getDomainChanges().setAdd(toAddSet);
ClientResponse response = rSys.path("/vdc/admin/authnproviders/" + resp.getId()).put(ClientResponse.class, updateParam);
Assert.assertEquals(200, response.getStatus());
// verify the added domain name is converted to lower case
response = rSys.path("/vdc/admin/authnproviders/" + resp.getId()).get(ClientResponse.class);
AuthnProviderRestRep responseRestRep = response.getEntity(AuthnProviderRestRep.class);
Assert.assertFalse(responseRestRep.getDomains().contains("sAnItY2.local"));
Assert.assertTrue(responseRestRep.getDomains().contains("sanity2.local"));
// use the added domain to create a subtenant, verify it's successful
TenantCreateParam tenantParam = new TenantCreateParam();
tenantParam.setLabel("sub2");
tenantParam.setDescription("My sub tenant 2");
UserMappingParam tenantMapping1 = new UserMappingParam();
tenantMapping1.setDomain("sAnItY2.local");
UserMappingAttributeParam attriParam = new UserMappingAttributeParam("department", Collections.singletonList("ASD"));
tenantMapping1.getAttributes().add(attriParam);
tenantParam.getUserMappings().add(tenantMapping1);
response = rSys.path("/tenants/" + rootTenantId + "/subtenants").post(ClientResponse.class, tenantParam);
Assert.assertEquals(200, response.getStatus());
}
Also used :
ClientResponse(com.sun.jersey.api.client.ClientResponse)
AuthnUpdateParam(com.emc.storageos.model.auth.AuthnUpdateParam)
UserMappingAttributeParam(com.emc.storageos.model.tenant.UserMappingAttributeParam)
UserMappingParam(com.emc.storageos.model.tenant.UserMappingParam)
AuthnCreateParam(com.emc.storageos.model.auth.AuthnCreateParam)
AuthnProviderRestRep(com.emc.storageos.model.auth.AuthnProviderRestRep)
HashSet(java.util.HashSet)
TenantCreateParam(com.emc.storageos.model.tenant.TenantCreateParam)
Example 7 with AuthnUpdateParam
use of com.emc.storageos.model.auth.AuthnUpdateParam in project coprhd-controller by CoprHD.
the class ApiTest method authProvidersConnectivityTests.
private void authProvidersConnectivityTests() {
// Test that a config invalid server url results in 400
AuthnCreateParam param = new AuthnCreateParam();
param.setLabel("ad apitest config bad url");
param.setDescription("ad apitest config bad url");
param.setDisable(false);
param.getDomains().add("domain1.com");
param.setGroupAttribute("CN");
param.setGroupWhitelistValues(new HashSet<String>());
param.getGroupWhitelistValues().add("*Admins*");
param.getGroupWhitelistValues().add("*Test*");
param.getGroupWhitelistValues().add("*Users*");
param.setManagerDn("CN=Administrator,CN=Users,DC=sanity,DC=local");
param.setManagerPassword(AD_PASS_WORD);
param.setSearchBase("CN=Users,DC=sanity,DC=local");
param.setSearchFilter("userPrincipalName=%u");
param.setServerUrls(new HashSet<String>());
param.getServerUrls().add("ldap://" + EnvConfig.get("sanity", "ad.bogus.ip"));
param.setMode("ad");
ClientResponse resp = rSys.path("/vdc/admin/authnproviders").post(ClientResponse.class, param);
Assert.assertEquals(400, resp.getStatus());
// Test that a config invalid manager DN results in 400
param.setManagerDn("xxxxxministrator,CN=Users,DC=sanity,DC=local");
param.setServerUrls(new HashSet<String>());
param.getServerUrls().add("ldap:\\" + AD_SERVER1_IP);
resp = rSys.path("/vdc/admin/authnproviders").post(ClientResponse.class, param);
Assert.assertEquals(400, resp.getStatus());
// Test that a config invalid manager password results in 400
param.setManagerDn("CN=Administrator,CN=Users,DC=sanity,DC=local");
param.setManagerPassword("bad");
resp = rSys.path("/vdc/admin/authnproviders").post(ClientResponse.class, param);
Assert.assertEquals(400, resp.getStatus());
// test that the same invalid config as above succeeds if disable is set to true
// (validation skipped)
param.setDisable(true);
AuthnProviderRestRep authnResp = rSys.path("/vdc/admin/authnproviders").post(AuthnProviderRestRep.class, param);
Assert.assertNotNull(authnResp);
// test that trying to enable that bad disabled config fails with 400
AuthnUpdateParam updateParam = new AuthnUpdateParam();
updateParam.setDisable(false);
resp = rSys.path(String.format("/vdc/admin/authnproviders/%s", authnResp.getId().toString())).put(ClientResponse.class, updateParam);
Assert.assertEquals(400, resp.getStatus());
// fix what was wrong (password), and disable = false from above, validation should rerun and be ok
updateParam.setManagerPassword(AD_PASS_WORD);
resp = rSys.path(String.format("/vdc/admin/authnproviders/%s", authnResp.getId().toString())).put(ClientResponse.class, updateParam);
Assert.assertEquals(200, resp.getStatus());
// test basic ldap mode connectivity
AuthnCreateParam ldapParam = new AuthnCreateParam();
ldapParam.setLabel("ldap connectivity test");
ldapParam.setDescription("ldap connectivity test");
ldapParam.setDisable(false);
ldapParam.getDomains().add("domain22.com");
ldapParam.setManagerDn("CN=Administrator,CN=Users,DC=sanity,DC=local");
ldapParam.setManagerPassword(AD_PASS_WORD);
ldapParam.setSearchBase("CN=Users,DC=sanity,DC=local");
ldapParam.setSearchFilter("userPrincipalName=%u");
ldapParam.setServerUrls(new HashSet<String>());
ldapParam.getServerUrls().add("ldap:\\" + AD_SERVER1_IP);
ldapParam.setGroupAttribute("CN");
ldapParam.setMode("ldap");
AuthnProviderRestRep goodAuthnResp = rSys.path("/vdc/admin/authnproviders").post(AuthnProviderRestRep.class, ldapParam);
Assert.assertNotNull(goodAuthnResp);
// test that modifying the good config by adding one bad url still works. The good url that
// is left in the set makes the url set valid.
AuthnUpdateParam updateParamBadUrl = new AuthnUpdateParam();
updateParamBadUrl.getServerUrlChanges().setAdd(new HashSet<String>());
updateParamBadUrl.getServerUrlChanges().getAdd().add("ldap://garbage");
resp = rSys.path(String.format("/vdc/admin/authnproviders/%s", goodAuthnResp.getId().toString())).put(ClientResponse.class, updateParamBadUrl);
Assert.assertEquals(200, resp.getStatus());
// update the good config above with a bad search base which won't be found. Should fail.
AuthnUpdateParam updateParamBadSearchBase = new AuthnUpdateParam();
updateParamBadSearchBase.setSearchBase("CN=garbage");
resp = rSys.path(String.format("/vdc/admin/authnproviders/%s", goodAuthnResp.getId().toString())).put(ClientResponse.class, updateParamBadSearchBase);
Assert.assertEquals(400, resp.getStatus());
}
Also used :
ClientResponse(com.sun.jersey.api.client.ClientResponse)
AuthnUpdateParam(com.emc.storageos.model.auth.AuthnUpdateParam)
AuthnCreateParam(com.emc.storageos.model.auth.AuthnCreateParam)
AuthnProviderRestRep(com.emc.storageos.model.auth.AuthnProviderRestRep)
Example 8 with AuthnUpdateParam
use of com.emc.storageos.model.auth.AuthnUpdateParam in project coprhd-controller by CoprHD.
the class ApiTest method adConfigListTests.
private void adConfigListTests() {
AuthnProviderList resp = rSys.path("/vdc/admin/authnproviders").get(AuthnProviderList.class);
int sz = resp.getProviders().size();
// Add one more, then one with no name field. The new total should be sz + 2.
AuthnCreateParam param = new AuthnCreateParam();
param.setLabel("ad apitest config one");
param.setDescription("ad configuration created by ApiTest.java");
param.setDisable(false);
param.getDomains().add("sanity3.local");
param.setGroupAttribute("CN");
param.setGroupWhitelistValues(new HashSet<String>());
param.getGroupWhitelistValues().add("*Admins*");
param.getGroupWhitelistValues().add("*Test*");
param.getGroupWhitelistValues().add("*Users*");
param.setManagerDn("CN=Administrator,CN=Users,DC=sanity,DC=local");
param.setManagerPassword(AD_PASS_WORD);
param.setSearchBase("CN=Users,DC=sanity,DC=local");
param.setSearchFilter("userPrincipalName=%u");
param.setServerUrls(new HashSet<String>());
param.getServerUrls().add("ldap:\\" + AD_SERVER1_IP);
param.getServerUrls().add("ldap:\\" + AD_SERVER1_HOST);
param.setMode("ad");
ClientResponse resp2 = rSys.path("/vdc/admin/authnproviders").post(ClientResponse.class, param);
Assert.assertEquals(200, resp2.getStatus());
param.setLabel("ad apitest config two");
param.getDomains().remove("sanity3.local");
param.getDomains().add("another.com");
AuthnProviderRestRep authnResp = rSys.path("/vdc/admin/authnproviders").post(AuthnProviderRestRep.class, param);
Assert.assertNotNull(authnResp);
resp = rSys.path("/vdc/admin/authnproviders").get(AuthnProviderList.class);
int sz2 = resp.getProviders().size();
Assert.assertEquals(sz2, sz + 2);
// update test
AuthnUpdateParam updateParam = new AuthnUpdateParam();
updateParam.setLabel("ad apitest config two");
updateParam.getDomainChanges().setRemove(new HashSet<String>());
updateParam.getDomainChanges().getRemove().add("another.com");
updateParam.getGroupWhitelistValueChanges().setRemove(new HashSet<String>());
updateParam.getGroupWhitelistValueChanges().getRemove().add("*Admins*");
updateParam.getGroupWhitelistValueChanges().getRemove().add("*Test*");
updateParam.getGroupWhitelistValueChanges().getRemove().add("*Users*");
updateParam.getServerUrlChanges().setRemove(new HashSet<String>());
updateParam.getServerUrlChanges().getRemove().add("ldap:\\" + AD_SERVER1_HOST);
AuthnProviderRestRep authnResp2 = rSys.path("/vdc/admin/authnproviders/" + authnResp.getId().toString() + "/").put(AuthnProviderRestRep.class, updateParam);
Assert.assertNotNull(authnResp2);
Assert.assertEquals(0, authnResp2.getDomains().size());
Assert.assertEquals(0, authnResp2.getGroupWhitelistValues().size());
Assert.assertEquals(1, authnResp2.getServerUrls().size());
}
Also used :
ClientResponse(com.sun.jersey.api.client.ClientResponse)
AuthnUpdateParam(com.emc.storageos.model.auth.AuthnUpdateParam)
AuthnCreateParam(com.emc.storageos.model.auth.AuthnCreateParam)
AuthnProviderList(com.emc.storageos.model.auth.AuthnProviderList)
AuthnProviderRestRep(com.emc.storageos.model.auth.AuthnProviderRestRep)
Example 9 with AuthnUpdateParam
use of com.emc.storageos.model.auth.AuthnUpdateParam in project coprhd-controller by CoprHD.
the class AuthSvcTests method runProxyTokenExpiryTest.
private void runProxyTokenExpiryTest() throws Exception {
try {
String timeToWaitInMinsStr = System.getenv("TIME_TO_WAIT_IN_MINUTES_SET_IN_SECURITY_MODULE_XML");
int timeToWaitInMinutes = Integer.parseInt(timeToWaitInMinsStr);
} catch (Exception e) {
timeToWaitInMinutes = 1;
}
WebResource rRoot = createHttpsClient(SYSADMIN, SYSADMIN_PASS_WORD, true).resource(baseAuthServiceURL);
rRoot.path("/login").get(ClientResponse.class);
// post authProvider
updateADConfig();
// login with a user from ldap
WebResource rSanityUser = createHttpsClient(ROOTUSER, AD_PASS_WORD, true).resource(baseAuthServiceURL);
rSanityUser.path("/login").get(ClientResponse.class);
TenantResponse tenant = rSanityUser.path("/tenant").get(TenantResponse.class);
// make the user a tenant_admin
RoleAssignmentChanges changes = new RoleAssignmentChanges();
RoleAssignmentEntry addTenantAdmin = new RoleAssignmentEntry();
addTenantAdmin.setSubjectId(ROOTUSER);
addTenantAdmin.getRoles().add("TENANT_ADMIN");
changes.setAdd(new ArrayList<RoleAssignmentEntry>());
changes.getAdd().add(addTenantAdmin);
rRoot.path("/tenants/" + tenant.getTenant() + "/role-assignments").put(changes);
// create a proxy token for that user
ClientResponse resp = rSanityUser.path("/proxytoken").get(ClientResponse.class);
Assert.assertEquals(200, resp.getStatus());
String proxyToken = (String) _savedProxyTokens.get(ROOTUSER);
Assert.assertNotNull(proxyToken);
// logon with proxyuser
WebResource rProxy = createHttpsClient(PROXY_USER, PROXY_USER_PWD, true).resource(baseApiServiceURL);
rProxy.path("/login").get(ClientResponse.class);
// try to get sanity user's tenant as proxy user with proxy token
// should get a 200
resp = rProxy.path("/tenants/" + tenant.getTenant()).header(AUTH_PROXY_TOKEN_HEADER, proxyToken).get(ClientResponse.class);
Assert.assertEquals(200, resp.getStatus());
// wait x amount of time for token to expire
Thread.sleep(timeToWaitInMinutes * 60 * 1000);
// try to get sanity user's tenant as proxy user with proxy token
// should get a 200 again
resp = rProxy.path("/tenants/" + tenant.getTenant()).header(AUTH_PROXY_TOKEN_HEADER, proxyToken).get(ClientResponse.class);
Assert.assertEquals(200, resp.getStatus());
// do a put on the authprovider so it is disabled
AuthnUpdateParam updateParam = new AuthnUpdateParam();
updateParam.setDisable(true);
rRoot.path("/vdc/admin/authnproviders/" + _goodADConfig).put(updateParam);
// wait x amount of time for token to expire
Thread.sleep(timeToWaitInMinutes * 60 * 1000);
// try to get the tenant with proxy user using the proxy token
// should fail with a 401
resp = rProxy.path("/tenants/" + tenant.getTenant()).header(AUTH_PROXY_TOKEN_HEADER, proxyToken).get(ClientResponse.class);
Assert.assertEquals(401, resp.getStatus());
}
Also used :
AuthnUpdateParam(com.emc.storageos.model.auth.AuthnUpdateParam)
RoleAssignmentChanges(com.emc.storageos.model.auth.RoleAssignmentChanges)
RoleAssignmentEntry(com.emc.storageos.model.auth.RoleAssignmentEntry)
TenantResponse(com.emc.storageos.model.tenant.TenantResponse)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Example 10 with AuthnUpdateParam
use of com.emc.storageos.model.auth.AuthnUpdateParam in project coprhd-controller by CoprHD.
the class ApiTest method loneAuthnProviderDeleteTest.
// quick test to see that one can create and delete
// a provider with no errors if there are no tenants associated
public void loneAuthnProviderDeleteTest() throws Exception {
AuthnCreateParam param = new AuthnCreateParam();
param.setLabel("ldaps apitest config");
param.setDescription("ldaps configuration created by ApiTest.java");
param.setDisable(false);
param.getDomains().add("secureldap.com");
param.getDomains().add("someotherdomain2.com");
param.setManagerDn("CN=Manager,DC=root,DC=com");
param.setManagerPassword("secret");
param.setSearchBase("OU=People,DC=root,DC=com");
param.setSearchFilter("mail=%u");
param.setServerUrls(new HashSet<String>());
param.getServerUrls().add("ldaps:\\" + LDAP_SERVER1_IP);
param.setMode("ldap");
AuthnProviderRestRep resp = rSys.path("/vdc/admin/authnproviders").post(AuthnProviderRestRep.class, param);
Assert.assertNotNull(resp);
// update by removing a domain should work because neither are used by any tenants
AuthnUpdateParam updateParam = new AuthnUpdateParam();
updateParam.getDomainChanges().getRemove().add("someotherdomain2.com");
ClientResponse response = rSys.path("/vdc/admin/authnproviders/" + resp.getId()).put(ClientResponse.class, updateParam);
Assert.assertEquals(200, response.getStatus());
// disable, delete, should work, because there are no tenants associated
// with it.
// disable it
updateParam = new AuthnUpdateParam();
updateParam.setDisable(true);
response = rSys.path("/vdc/admin/authnproviders/" + resp.getId()).put(ClientResponse.class, updateParam);
Assert.assertEquals(200, response.getStatus());
// delete it
response = rSys.path("/vdc/admin/authnproviders/" + resp.getId()).delete(ClientResponse.class);
Assert.assertEquals(200, response.getStatus());
}
Also used :
ClientResponse(com.sun.jersey.api.client.ClientResponse)
AuthnUpdateParam(com.emc.storageos.model.auth.AuthnUpdateParam)
AuthnCreateParam(com.emc.storageos.model.auth.AuthnCreateParam)
AuthnProviderRestRep(com.emc.storageos.model.auth.AuthnProviderRestRep)
Aggregations
AuthnUpdateParam (com.emc.storageos.model.auth.AuthnUpdateParam)15
AuthnCreateParam (com.emc.storageos.model.auth.AuthnCreateParam)12
AuthnProviderRestRep (com.emc.storageos.model.auth.AuthnProviderRestRep)12
ClientResponse (com.sun.jersey.api.client.ClientResponse)9
Test (org.junit.Test)6
RoleAssignmentChanges (com.emc.storageos.model.auth.RoleAssignmentChanges)2
RoleAssignmentEntry (com.emc.storageos.model.auth.RoleAssignmentEntry)2
TenantCreateParam (com.emc.storageos.model.tenant.TenantCreateParam)2
TenantResponse (com.emc.storageos.model.tenant.TenantResponse)2
UserMappingAttributeParam (com.emc.storageos.model.tenant.UserMappingAttributeParam)2
UserMappingParam (com.emc.storageos.model.tenant.UserMappingParam)2
AuthnProviderList (com.emc.storageos.model.auth.AuthnProviderList)1
RoleAssignments (com.emc.storageos.model.auth.RoleAssignments)1
ProjectParam (com.emc.storageos.model.project.ProjectParam)1
TenantOrgList (com.emc.storageos.model.tenant.TenantOrgList)1
TenantOrgRestRep (com.emc.storageos.model.tenant.TenantOrgRestRep)1
TenantUpdateParam (com.emc.storageos.model.tenant.TenantUpdateParam)1
UserMappingChanges (com.emc.storageos.model.tenant.UserMappingChanges)1
VirtualArrayList (com.emc.storageos.model.varray.VirtualArrayList)1
UserTenant (com.emc.storageos.security.resource.UserInfoPage.UserTenant)1
