Examples with RoleAssignmentEntry com.emc.storageos.model.auth.RoleAssignmentEntry used on opensource projects

Example 1 with RoleAssignmentEntry

use of com.emc.storageos.model.auth.RoleAssignmentEntry in project coprhd-controller by CoprHD.

the class AuthnConfigurationService method checkRolesUsingDomains.

/**
 * compare role assignments against domain(s), return matching users.
 *
 * @param roleAssignments
 * @param domains
 */
private List<String> checkRolesUsingDomains(List<RoleAssignmentEntry> roleAssignments, StringSet domains) {
    List<String> matchingUsers = new ArrayList<String>();
    for (RoleAssignmentEntry roleAssignment : roleAssignments) {
        String idOrGroup = !StringUtils.isEmpty(roleAssignment.getSubjectId()) ? roleAssignment.getSubjectId() : roleAssignment.getGroup();
        _log.debug("checking " + idOrGroup);
        String domain = "";
        if (idOrGroup.lastIndexOf("@") != -1) {
            domain = idOrGroup.substring(idOrGroup.lastIndexOf("@") + 1);
        } else {
            continue;
        }
        for (String domainToCheck : domains) {
            if (domainToCheck.equalsIgnoreCase(domain)) {
                matchingUsers.add(idOrGroup);
            }
        }
    }
    return matchingUsers;
}

Example 2 with RoleAssignmentEntry

use of com.emc.storageos.model.auth.RoleAssignmentEntry in project coprhd-controller by CoprHD.

the class ApiTest method testVDCs.

// TODO: to be moved in another test suite
public void testVDCs() {
    // TODO: once devkit gets switched to 1+0 appliance, we should enable it again.
    if (System.getenv("APP_HOST_NAMES").equals("localhost")) {
        return;
    }
    VirtualDataCenterAddParam addParam = new VirtualDataCenterAddParam();
    addParam.setApiEndpoint("http://apitest");
    addParam.setSecretKey("apitestSecret");
    addParam.setCertificateChain("apitestCertchain");
    addParam.setName("apitestName" + System.currentTimeMillis());
    // TODO: enhance to track task progress
    // root should NOT do this.
    ClientResponse rsp = rSys.path("/vdc").post(ClientResponse.class, addParam);
    Assert.assertEquals(403, rsp.getStatus());
    // use super admin with geo securityAdmin role to do post vdc
    // assign geo securityadmin to superuser.
    RoleAssignmentChanges changes = new RoleAssignmentChanges();
    changes.setAdd(new ArrayList<RoleAssignmentEntry>());
    RoleAssignmentEntry entry1 = new RoleAssignmentEntry();
    entry1.setSubjectId(SUPERUSER);
    entry1.getRoles().add("SECURITY_ADMIN");
    changes.getAdd().add(entry1);
    ClientResponse rsp1 = rSys.path("/vdc/role-assignments").put(ClientResponse.class, changes);
    Assert.assertEquals(200, rsp1.getStatus());
    // then do post VDC using superuser. should pass.
    TaskResourceRep taskRep = rZAdminGr.path("/vdc").post(TaskResourceRep.class, addParam);
    Assert.assertNotNull("vdc create task should not be null", taskRep);
    VirtualDataCenterList vdcList = rSys.path("/vdc").get(VirtualDataCenterList.class);
    Assert.assertNotNull("vdcList should not be null", vdcList);
    Assert.assertNotNull("vdcList.getVirtualDataCenters should not be null", vdcList.getVirtualDataCenters());
    // boolean found = false;
    // for (NamedRelatedResourceRep vdcResource : vdcList.getVirtualDataCenters()) {
    // if (vdcResource.getName().equals(addParam.getName())) {
    // found = true;
    // }
    // }
    // Assert.assertTrue("newly created vdc could not be found in vdc list", found);
    VirtualDataCenterRestRep vdc = rZAdminGr.path("/vdc/" + taskRep.getResource().getId()).get(VirtualDataCenterRestRep.class);
    Assert.assertNotNull("created vdc object can't be retrieved", vdc);
    Assert.assertTrue("vdc name does not match", vdc.getName().equals(addParam.getName()));
    // TODO: enhance to track task progress
    ClientResponse response = rZAdminGr.path("/vdc/" + vdc.getId() + "/disconnect").post(ClientResponse.class);
    Assert.assertEquals(405, response.getStatus());
    // TODO: enhance to track task progress
    response = rZAdminGr.path("/vdc/" + vdc.getId() + "/reconnect").post(ClientResponse.class);
    Assert.assertEquals(405, response.getStatus());
    // TODO: enhance to track task progress
    taskRep = rZAdminGr.path("/vdc/" + vdc.getId()).delete(TaskResourceRep.class);
    Assert.assertNotNull("vdc delete task should not be null", taskRep);
}

Example 3 with RoleAssignmentEntry

use of com.emc.storageos.model.auth.RoleAssignmentEntry in project coprhd-controller by CoprHD.

the class ApiTest method changeTenantRoles.

private ClientResponse changeTenantRoles(String tenantId, String subjectId, List<String> addRoles, List<String> removeRoles) throws Exception {
    BalancedWebResource rootUser = createHttpsClient(SYSADMIN, SYSADMIN_PASS_WORD, baseUrls);
    rootUser.path("/user/whoami").get(UserInfo.class);
    String rootToken = (String) _savedTokens.get(SYSADMIN);
    RoleAssignmentEntry roleAssignmentEntry;
    RoleAssignmentChanges roleAssignmentChanges = new RoleAssignmentChanges();
    if (!addRoles.isEmpty()) {
        List<RoleAssignmentEntry> add = new ArrayList<>();
        roleAssignmentEntry = new RoleAssignmentEntry();
        roleAssignmentEntry.setSubjectId(subjectId);
        roleAssignmentEntry.setRoles(addRoles);
        add.add(roleAssignmentEntry);
        roleAssignmentChanges.setAdd(add);
    }
    if (!removeRoles.isEmpty()) {
        List<RoleAssignmentEntry> remove = new ArrayList<>();
        roleAssignmentEntry = new RoleAssignmentEntry();
        roleAssignmentEntry.setSubjectId(subjectId);
        roleAssignmentEntry.setRoles(removeRoles);
        remove.add(roleAssignmentEntry);
        roleAssignmentChanges.setRemove(remove);
    }
    return rootUser.path("/tenants/" + tenantId + "/role-assignments").header(AUTH_TOKEN_HEADER, rootToken).put(ClientResponse.class, roleAssignmentChanges);
}

Example 4 with RoleAssignmentEntry

use of com.emc.storageos.model.auth.RoleAssignmentEntry in project coprhd-controller by CoprHD.

the class VDCRoleAssignments method listJson.

@FlashException("list")
public static void listJson() {
    List<RoleAssignmentEntry> viprRoleAssignments = getVDCRoleAssignments();
    List<VDCRoleAssignmentDataTable.RoleInfo> roles = Lists.newArrayList();
    for (RoleAssignmentEntry viprRoleAssignment : viprRoleAssignments) {
        roles.add(new VDCRoleAssignmentDataTable.RoleInfo(viprRoleAssignment));
    }
    renderJSON(DataTablesSupport.createJSON(roles, params));
}

Example 5 with RoleAssignmentEntry

use of com.emc.storageos.model.auth.RoleAssignmentEntry in project coprhd-controller by CoprHD.

the class VDCRoleAssignments method edit.

@FlashException("list")
public static void edit(@Required String id) {
    String name = VDCRoleAssignmentForm.extractNameFromId(id);
    RoleAssignmentType type = VDCRoleAssignmentForm.extractTypeFromId(id);
    RoleAssignmentEntry roleAssignmentEntry = getVDCRoleAssignment(name, type);
    if (roleAssignmentEntry != null) {
        addRolesToRenderArgs();
        Boolean isRootUser = RoleAssignmentUtils.isRootUser(roleAssignmentEntry);
        VDCRoleAssignmentForm roleAssignment = new VDCRoleAssignmentForm();
        roleAssignment.id = id;
        roleAssignment.readFrom(roleAssignmentEntry);
        render(roleAssignment, isRootUser);
    } else {
        flash.error(MessagesUtils.get("roleAssignments.unknown", name));
        list();
    }
}