Search in sources :

Example 1 with RoleAssignmentEntry

use of com.emc.storageos.model.auth.RoleAssignmentEntry in project coprhd-controller by CoprHD.

the class AuthnConfigurationService method checkRolesUsingDomains.

/**
 * compare role assignments against domain(s), return matching users.
 *
 * @param roleAssignments
 * @param domains
 */
private List<String> checkRolesUsingDomains(List<RoleAssignmentEntry> roleAssignments, StringSet domains) {
    List<String> matchingUsers = new ArrayList<String>();
    for (RoleAssignmentEntry roleAssignment : roleAssignments) {
        String idOrGroup = !StringUtils.isEmpty(roleAssignment.getSubjectId()) ? roleAssignment.getSubjectId() : roleAssignment.getGroup();
        _log.debug("checking " + idOrGroup);
        String domain = "";
        if (idOrGroup.lastIndexOf("@") != -1) {
            domain = idOrGroup.substring(idOrGroup.lastIndexOf("@") + 1);
        } else {
            continue;
        }
        for (String domainToCheck : domains) {
            if (domainToCheck.equalsIgnoreCase(domain)) {
                matchingUsers.add(idOrGroup);
            }
        }
    }
    return matchingUsers;
}
Also used : RoleAssignmentEntry(com.emc.storageos.model.auth.RoleAssignmentEntry)

Example 2 with RoleAssignmentEntry

use of com.emc.storageos.model.auth.RoleAssignmentEntry in project coprhd-controller by CoprHD.

the class ApiTest method testVDCs.

// TODO: to be moved in another test suite
public void testVDCs() {
    // TODO: once devkit gets switched to 1+0 appliance, we should enable it again.
    if (System.getenv("APP_HOST_NAMES").equals("localhost")) {
        return;
    }
    VirtualDataCenterAddParam addParam = new VirtualDataCenterAddParam();
    addParam.setApiEndpoint("http://apitest");
    addParam.setSecretKey("apitestSecret");
    addParam.setCertificateChain("apitestCertchain");
    addParam.setName("apitestName" + System.currentTimeMillis());
    // TODO: enhance to track task progress
    // root should NOT do this.
    ClientResponse rsp = rSys.path("/vdc").post(ClientResponse.class, addParam);
    Assert.assertEquals(403, rsp.getStatus());
    // use super admin with geo securityAdmin role to do post vdc
    // assign geo securityadmin to superuser.
    RoleAssignmentChanges changes = new RoleAssignmentChanges();
    changes.setAdd(new ArrayList<RoleAssignmentEntry>());
    RoleAssignmentEntry entry1 = new RoleAssignmentEntry();
    entry1.setSubjectId(SUPERUSER);
    entry1.getRoles().add("SECURITY_ADMIN");
    changes.getAdd().add(entry1);
    ClientResponse rsp1 = rSys.path("/vdc/role-assignments").put(ClientResponse.class, changes);
    Assert.assertEquals(200, rsp1.getStatus());
    // then do post VDC using superuser. should pass.
    TaskResourceRep taskRep = rZAdminGr.path("/vdc").post(TaskResourceRep.class, addParam);
    Assert.assertNotNull("vdc create task should not be null", taskRep);
    VirtualDataCenterList vdcList = rSys.path("/vdc").get(VirtualDataCenterList.class);
    Assert.assertNotNull("vdcList should not be null", vdcList);
    Assert.assertNotNull("vdcList.getVirtualDataCenters should not be null", vdcList.getVirtualDataCenters());
    // boolean found = false;
    // for (NamedRelatedResourceRep vdcResource : vdcList.getVirtualDataCenters()) {
    // if (vdcResource.getName().equals(addParam.getName())) {
    // found = true;
    // }
    // }
    // Assert.assertTrue("newly created vdc could not be found in vdc list", found);
    VirtualDataCenterRestRep vdc = rZAdminGr.path("/vdc/" + taskRep.getResource().getId()).get(VirtualDataCenterRestRep.class);
    Assert.assertNotNull("created vdc object can't be retrieved", vdc);
    Assert.assertTrue("vdc name does not match", vdc.getName().equals(addParam.getName()));
    // TODO: enhance to track task progress
    ClientResponse response = rZAdminGr.path("/vdc/" + vdc.getId() + "/disconnect").post(ClientResponse.class);
    Assert.assertEquals(405, response.getStatus());
    // TODO: enhance to track task progress
    response = rZAdminGr.path("/vdc/" + vdc.getId() + "/reconnect").post(ClientResponse.class);
    Assert.assertEquals(405, response.getStatus());
    // TODO: enhance to track task progress
    taskRep = rZAdminGr.path("/vdc/" + vdc.getId()).delete(TaskResourceRep.class);
    Assert.assertNotNull("vdc delete task should not be null", taskRep);
}
Also used : ClientResponse(com.sun.jersey.api.client.ClientResponse) RoleAssignmentChanges(com.emc.storageos.model.auth.RoleAssignmentChanges) VirtualDataCenterList(com.emc.storageos.model.vdc.VirtualDataCenterList) VirtualDataCenterRestRep(com.emc.storageos.model.vdc.VirtualDataCenterRestRep) RoleAssignmentEntry(com.emc.storageos.model.auth.RoleAssignmentEntry) TaskResourceRep(com.emc.storageos.model.TaskResourceRep) VirtualDataCenterAddParam(com.emc.storageos.model.vdc.VirtualDataCenterAddParam)

Example 3 with RoleAssignmentEntry

use of com.emc.storageos.model.auth.RoleAssignmentEntry in project coprhd-controller by CoprHD.

the class ApiTest method changeTenantRoles.

private ClientResponse changeTenantRoles(String tenantId, String subjectId, List<String> addRoles, List<String> removeRoles) throws Exception {
    BalancedWebResource rootUser = createHttpsClient(SYSADMIN, SYSADMIN_PASS_WORD, baseUrls);
    rootUser.path("/user/whoami").get(UserInfo.class);
    String rootToken = (String) _savedTokens.get(SYSADMIN);
    RoleAssignmentEntry roleAssignmentEntry;
    RoleAssignmentChanges roleAssignmentChanges = new RoleAssignmentChanges();
    if (!addRoles.isEmpty()) {
        List<RoleAssignmentEntry> add = new ArrayList<>();
        roleAssignmentEntry = new RoleAssignmentEntry();
        roleAssignmentEntry.setSubjectId(subjectId);
        roleAssignmentEntry.setRoles(addRoles);
        add.add(roleAssignmentEntry);
        roleAssignmentChanges.setAdd(add);
    }
    if (!removeRoles.isEmpty()) {
        List<RoleAssignmentEntry> remove = new ArrayList<>();
        roleAssignmentEntry = new RoleAssignmentEntry();
        roleAssignmentEntry.setSubjectId(subjectId);
        roleAssignmentEntry.setRoles(removeRoles);
        remove.add(roleAssignmentEntry);
        roleAssignmentChanges.setRemove(remove);
    }
    return rootUser.path("/tenants/" + tenantId + "/role-assignments").header(AUTH_TOKEN_HEADER, rootToken).put(ClientResponse.class, roleAssignmentChanges);
}
Also used : RoleAssignmentChanges(com.emc.storageos.model.auth.RoleAssignmentChanges) RoleAssignmentEntry(com.emc.storageos.model.auth.RoleAssignmentEntry) VirtualArrayList(com.emc.storageos.model.varray.VirtualArrayList) ArrayList(java.util.ArrayList)

Example 4 with RoleAssignmentEntry

use of com.emc.storageos.model.auth.RoleAssignmentEntry in project coprhd-controller by CoprHD.

the class VDCRoleAssignments method listJson.

@FlashException("list")
public static void listJson() {
    List<RoleAssignmentEntry> viprRoleAssignments = getVDCRoleAssignments();
    List<VDCRoleAssignmentDataTable.RoleInfo> roles = Lists.newArrayList();
    for (RoleAssignmentEntry viprRoleAssignment : viprRoleAssignments) {
        roles.add(new VDCRoleAssignmentDataTable.RoleInfo(viprRoleAssignment));
    }
    renderJSON(DataTablesSupport.createJSON(roles, params));
}
Also used : RoleAssignmentEntry(com.emc.storageos.model.auth.RoleAssignmentEntry) RoleAssignmentUtils.createRoleAssignmentEntry(util.RoleAssignmentUtils.createRoleAssignmentEntry) VDCRoleAssignmentDataTable(models.datatable.VDCRoleAssignmentDataTable) FlashException(controllers.util.FlashException)

Example 5 with RoleAssignmentEntry

use of com.emc.storageos.model.auth.RoleAssignmentEntry in project coprhd-controller by CoprHD.

the class VDCRoleAssignments method edit.

@FlashException("list")
public static void edit(@Required String id) {
    String name = VDCRoleAssignmentForm.extractNameFromId(id);
    RoleAssignmentType type = VDCRoleAssignmentForm.extractTypeFromId(id);
    RoleAssignmentEntry roleAssignmentEntry = getVDCRoleAssignment(name, type);
    if (roleAssignmentEntry != null) {
        addRolesToRenderArgs();
        Boolean isRootUser = RoleAssignmentUtils.isRootUser(roleAssignmentEntry);
        VDCRoleAssignmentForm roleAssignment = new VDCRoleAssignmentForm();
        roleAssignment.id = id;
        roleAssignment.readFrom(roleAssignmentEntry);
        render(roleAssignment, isRootUser);
    } else {
        flash.error(MessagesUtils.get("roleAssignments.unknown", name));
        list();
    }
}
Also used : RoleAssignmentType(models.RoleAssignmentType) RoleAssignmentEntry(com.emc.storageos.model.auth.RoleAssignmentEntry) RoleAssignmentUtils.createRoleAssignmentEntry(util.RoleAssignmentUtils.createRoleAssignmentEntry) FlashException(controllers.util.FlashException)

Aggregations

RoleAssignmentEntry (com.emc.storageos.model.auth.RoleAssignmentEntry)16 RoleAssignmentChanges (com.emc.storageos.model.auth.RoleAssignmentChanges)7 ClientResponse (com.sun.jersey.api.client.ClientResponse)5 RoleAssignmentUtils.createRoleAssignmentEntry (util.RoleAssignmentUtils.createRoleAssignmentEntry)4 ArrayList (java.util.ArrayList)3 Test (org.junit.Test)3 AuthnUpdateParam (com.emc.storageos.model.auth.AuthnUpdateParam)2 ProjectParam (com.emc.storageos.model.project.ProjectParam)2 TenantResponse (com.emc.storageos.model.tenant.TenantResponse)2 VirtualArrayList (com.emc.storageos.model.varray.VirtualArrayList)2 Restrictions (controllers.deadbolt.Restrictions)2 FlashException (controllers.util.FlashException)2 RoleAssignmentType (models.RoleAssignmentType)2 TaskResourceRep (com.emc.storageos.model.TaskResourceRep)1 RoleAssignments (com.emc.storageos.model.auth.RoleAssignments)1 TenantCreateParam (com.emc.storageos.model.tenant.TenantCreateParam)1 TenantOrgList (com.emc.storageos.model.tenant.TenantOrgList)1 TenantOrgRestRep (com.emc.storageos.model.tenant.TenantOrgRestRep)1 TenantUpdateParam (com.emc.storageos.model.tenant.TenantUpdateParam)1 UserMappingAttributeParam (com.emc.storageos.model.tenant.UserMappingAttributeParam)1