use of com.emc.storageos.model.auth.RoleAssignmentEntry in project coprhd-controller by CoprHD.
the class AuthnConfigurationService method checkRolesUsingDomains.
/**
* compare role assignments against domain(s), return matching users.
*
* @param roleAssignments
* @param domains
*/
private List<String> checkRolesUsingDomains(List<RoleAssignmentEntry> roleAssignments, StringSet domains) {
List<String> matchingUsers = new ArrayList<String>();
for (RoleAssignmentEntry roleAssignment : roleAssignments) {
String idOrGroup = !StringUtils.isEmpty(roleAssignment.getSubjectId()) ? roleAssignment.getSubjectId() : roleAssignment.getGroup();
_log.debug("checking " + idOrGroup);
String domain = "";
if (idOrGroup.lastIndexOf("@") != -1) {
domain = idOrGroup.substring(idOrGroup.lastIndexOf("@") + 1);
} else {
continue;
}
for (String domainToCheck : domains) {
if (domainToCheck.equalsIgnoreCase(domain)) {
matchingUsers.add(idOrGroup);
}
}
}
return matchingUsers;
}
use of com.emc.storageos.model.auth.RoleAssignmentEntry in project coprhd-controller by CoprHD.
the class ApiTest method testVDCs.
// TODO: to be moved in another test suite
public void testVDCs() {
// TODO: once devkit gets switched to 1+0 appliance, we should enable it again.
if (System.getenv("APP_HOST_NAMES").equals("localhost")) {
return;
}
VirtualDataCenterAddParam addParam = new VirtualDataCenterAddParam();
addParam.setApiEndpoint("http://apitest");
addParam.setSecretKey("apitestSecret");
addParam.setCertificateChain("apitestCertchain");
addParam.setName("apitestName" + System.currentTimeMillis());
// TODO: enhance to track task progress
// root should NOT do this.
ClientResponse rsp = rSys.path("/vdc").post(ClientResponse.class, addParam);
Assert.assertEquals(403, rsp.getStatus());
// use super admin with geo securityAdmin role to do post vdc
// assign geo securityadmin to superuser.
RoleAssignmentChanges changes = new RoleAssignmentChanges();
changes.setAdd(new ArrayList<RoleAssignmentEntry>());
RoleAssignmentEntry entry1 = new RoleAssignmentEntry();
entry1.setSubjectId(SUPERUSER);
entry1.getRoles().add("SECURITY_ADMIN");
changes.getAdd().add(entry1);
ClientResponse rsp1 = rSys.path("/vdc/role-assignments").put(ClientResponse.class, changes);
Assert.assertEquals(200, rsp1.getStatus());
// then do post VDC using superuser. should pass.
TaskResourceRep taskRep = rZAdminGr.path("/vdc").post(TaskResourceRep.class, addParam);
Assert.assertNotNull("vdc create task should not be null", taskRep);
VirtualDataCenterList vdcList = rSys.path("/vdc").get(VirtualDataCenterList.class);
Assert.assertNotNull("vdcList should not be null", vdcList);
Assert.assertNotNull("vdcList.getVirtualDataCenters should not be null", vdcList.getVirtualDataCenters());
// boolean found = false;
// for (NamedRelatedResourceRep vdcResource : vdcList.getVirtualDataCenters()) {
// if (vdcResource.getName().equals(addParam.getName())) {
// found = true;
// }
// }
// Assert.assertTrue("newly created vdc could not be found in vdc list", found);
VirtualDataCenterRestRep vdc = rZAdminGr.path("/vdc/" + taskRep.getResource().getId()).get(VirtualDataCenterRestRep.class);
Assert.assertNotNull("created vdc object can't be retrieved", vdc);
Assert.assertTrue("vdc name does not match", vdc.getName().equals(addParam.getName()));
// TODO: enhance to track task progress
ClientResponse response = rZAdminGr.path("/vdc/" + vdc.getId() + "/disconnect").post(ClientResponse.class);
Assert.assertEquals(405, response.getStatus());
// TODO: enhance to track task progress
response = rZAdminGr.path("/vdc/" + vdc.getId() + "/reconnect").post(ClientResponse.class);
Assert.assertEquals(405, response.getStatus());
// TODO: enhance to track task progress
taskRep = rZAdminGr.path("/vdc/" + vdc.getId()).delete(TaskResourceRep.class);
Assert.assertNotNull("vdc delete task should not be null", taskRep);
}
use of com.emc.storageos.model.auth.RoleAssignmentEntry in project coprhd-controller by CoprHD.
the class ApiTest method changeTenantRoles.
private ClientResponse changeTenantRoles(String tenantId, String subjectId, List<String> addRoles, List<String> removeRoles) throws Exception {
BalancedWebResource rootUser = createHttpsClient(SYSADMIN, SYSADMIN_PASS_WORD, baseUrls);
rootUser.path("/user/whoami").get(UserInfo.class);
String rootToken = (String) _savedTokens.get(SYSADMIN);
RoleAssignmentEntry roleAssignmentEntry;
RoleAssignmentChanges roleAssignmentChanges = new RoleAssignmentChanges();
if (!addRoles.isEmpty()) {
List<RoleAssignmentEntry> add = new ArrayList<>();
roleAssignmentEntry = new RoleAssignmentEntry();
roleAssignmentEntry.setSubjectId(subjectId);
roleAssignmentEntry.setRoles(addRoles);
add.add(roleAssignmentEntry);
roleAssignmentChanges.setAdd(add);
}
if (!removeRoles.isEmpty()) {
List<RoleAssignmentEntry> remove = new ArrayList<>();
roleAssignmentEntry = new RoleAssignmentEntry();
roleAssignmentEntry.setSubjectId(subjectId);
roleAssignmentEntry.setRoles(removeRoles);
remove.add(roleAssignmentEntry);
roleAssignmentChanges.setRemove(remove);
}
return rootUser.path("/tenants/" + tenantId + "/role-assignments").header(AUTH_TOKEN_HEADER, rootToken).put(ClientResponse.class, roleAssignmentChanges);
}
use of com.emc.storageos.model.auth.RoleAssignmentEntry in project coprhd-controller by CoprHD.
the class VDCRoleAssignments method listJson.
@FlashException("list")
public static void listJson() {
List<RoleAssignmentEntry> viprRoleAssignments = getVDCRoleAssignments();
List<VDCRoleAssignmentDataTable.RoleInfo> roles = Lists.newArrayList();
for (RoleAssignmentEntry viprRoleAssignment : viprRoleAssignments) {
roles.add(new VDCRoleAssignmentDataTable.RoleInfo(viprRoleAssignment));
}
renderJSON(DataTablesSupport.createJSON(roles, params));
}
use of com.emc.storageos.model.auth.RoleAssignmentEntry in project coprhd-controller by CoprHD.
the class VDCRoleAssignments method edit.
@FlashException("list")
public static void edit(@Required String id) {
String name = VDCRoleAssignmentForm.extractNameFromId(id);
RoleAssignmentType type = VDCRoleAssignmentForm.extractTypeFromId(id);
RoleAssignmentEntry roleAssignmentEntry = getVDCRoleAssignment(name, type);
if (roleAssignmentEntry != null) {
addRolesToRenderArgs();
Boolean isRootUser = RoleAssignmentUtils.isRootUser(roleAssignmentEntry);
VDCRoleAssignmentForm roleAssignment = new VDCRoleAssignmentForm();
roleAssignment.id = id;
roleAssignment.readFrom(roleAssignmentEntry);
render(roleAssignment, isRootUser);
} else {
flash.error(MessagesUtils.get("roleAssignments.unknown", name));
list();
}
}
Aggregations