Example 6 with RoleAssignmentEntry
use of com.emc.storageos.model.auth.RoleAssignmentEntry in project coprhd-controller by CoprHD.
the class RoleAssignmentUtils method addRootUserIfRequired.
private static void addRootUserIfRequired(List<RoleAssignmentEntry> roleAssignmentEntries) {
RoleAssignmentEntry rootRoleAssignmentEntry = null;
for (RoleAssignmentEntry roleAssignmentEntry : roleAssignmentEntries) {
if (StringUtils.equalsIgnoreCase(ROOT_USERNAME, roleAssignmentEntry.getSubjectId())) {
rootRoleAssignmentEntry = roleAssignmentEntry;
break;
}
}
if (rootRoleAssignmentEntry == null) {
rootRoleAssignmentEntry = new RoleAssignmentEntry();
rootRoleAssignmentEntry.setSubjectId(ROOT_USERNAME);
roleAssignmentEntries.add(rootRoleAssignmentEntry);
}
rootRoleAssignmentEntry.getRoles().add(Security.SYSTEM_ADMIN);
rootRoleAssignmentEntry.getRoles().add(Security.SYSTEM_MONITOR);
rootRoleAssignmentEntry.getRoles().add(Security.SYSTEM_AUDITOR);
rootRoleAssignmentEntry.getRoles().add(Security.SECURITY_ADMIN);
}
Also used :
RoleAssignmentEntry(com.emc.storageos.model.auth.RoleAssignmentEntry)
Example 7 with RoleAssignmentEntry
use of com.emc.storageos.model.auth.RoleAssignmentEntry in project coprhd-controller by CoprHD.
the class RoleAssignmentUtils method getVDCRoleAssignments.
public static List<RoleAssignmentEntry> getVDCRoleAssignments() {
List<RoleAssignmentEntry> allRollAssignments = Lists.newArrayList();
if (Security.isSecurityAdminOrRestrictedSecurityAdmin()) {
for (RoleAssignmentEntry vdcRoleAssignment : getViprClient().vdc().getRoleAssignments()) {
boolean found = false;
for (RoleAssignmentEntry roleAssignment : allRollAssignments) {
if (isSameRoleAssignmentEntry(roleAssignment, vdcRoleAssignment)) {
roleAssignment.getRoles().addAll(vdcRoleAssignment.getRoles());
found = true;
break;
}
}
if (found == false) {
allRollAssignments.add(vdcRoleAssignment);
}
}
}
addRootUserIfRequired(allRollAssignments);
return allRollAssignments;
}
Also used :
RoleAssignmentEntry(com.emc.storageos.model.auth.RoleAssignmentEntry)
Example 8 with RoleAssignmentEntry
use of com.emc.storageos.model.auth.RoleAssignmentEntry in project coprhd-controller by CoprHD.
the class RoleAssignmentUtils method createRoleAssignmentEntry.
public static RoleAssignmentEntry createRoleAssignmentEntry(RoleAssignmentType type, String name, String role) {
RoleAssignmentEntry roleAssignmentEntry = new RoleAssignmentEntry();
if (RoleAssignmentType.USER.equals(type)) {
roleAssignmentEntry.setSubjectId(name);
} else if (RoleAssignmentType.GROUP.equals(type)) {
roleAssignmentEntry.setGroup(name);
}
roleAssignmentEntry.getRoles().add(role);
return roleAssignmentEntry;
}
Also used :
RoleAssignmentEntry(com.emc.storageos.model.auth.RoleAssignmentEntry)
Example 9 with RoleAssignmentEntry
use of com.emc.storageos.model.auth.RoleAssignmentEntry in project coprhd-controller by CoprHD.
the class AuthSvcTests method runProxyTokenExpiryTest.
private void runProxyTokenExpiryTest() throws Exception {
try {
String timeToWaitInMinsStr = System.getenv("TIME_TO_WAIT_IN_MINUTES_SET_IN_SECURITY_MODULE_XML");
int timeToWaitInMinutes = Integer.parseInt(timeToWaitInMinsStr);
} catch (Exception e) {
timeToWaitInMinutes = 1;
}
WebResource rRoot = createHttpsClient(SYSADMIN, SYSADMIN_PASS_WORD, true).resource(baseAuthServiceURL);
rRoot.path("/login").get(ClientResponse.class);
// post authProvider
updateADConfig();
// login with a user from ldap
WebResource rSanityUser = createHttpsClient(ROOTUSER, AD_PASS_WORD, true).resource(baseAuthServiceURL);
rSanityUser.path("/login").get(ClientResponse.class);
TenantResponse tenant = rSanityUser.path("/tenant").get(TenantResponse.class);
// make the user a tenant_admin
RoleAssignmentChanges changes = new RoleAssignmentChanges();
RoleAssignmentEntry addTenantAdmin = new RoleAssignmentEntry();
addTenantAdmin.setSubjectId(ROOTUSER);
addTenantAdmin.getRoles().add("TENANT_ADMIN");
changes.setAdd(new ArrayList<RoleAssignmentEntry>());
changes.getAdd().add(addTenantAdmin);
rRoot.path("/tenants/" + tenant.getTenant() + "/role-assignments").put(changes);
// create a proxy token for that user
ClientResponse resp = rSanityUser.path("/proxytoken").get(ClientResponse.class);
Assert.assertEquals(200, resp.getStatus());
String proxyToken = (String) _savedProxyTokens.get(ROOTUSER);
Assert.assertNotNull(proxyToken);
// logon with proxyuser
WebResource rProxy = createHttpsClient(PROXY_USER, PROXY_USER_PWD, true).resource(baseApiServiceURL);
rProxy.path("/login").get(ClientResponse.class);
// try to get sanity user's tenant as proxy user with proxy token
// should get a 200
resp = rProxy.path("/tenants/" + tenant.getTenant()).header(AUTH_PROXY_TOKEN_HEADER, proxyToken).get(ClientResponse.class);
Assert.assertEquals(200, resp.getStatus());
// wait x amount of time for token to expire
Thread.sleep(timeToWaitInMinutes * 60 * 1000);
// try to get sanity user's tenant as proxy user with proxy token
// should get a 200 again
resp = rProxy.path("/tenants/" + tenant.getTenant()).header(AUTH_PROXY_TOKEN_HEADER, proxyToken).get(ClientResponse.class);
Assert.assertEquals(200, resp.getStatus());
// do a put on the authprovider so it is disabled
AuthnUpdateParam updateParam = new AuthnUpdateParam();
updateParam.setDisable(true);
rRoot.path("/vdc/admin/authnproviders/" + _goodADConfig).put(updateParam);
// wait x amount of time for token to expire
Thread.sleep(timeToWaitInMinutes * 60 * 1000);
// try to get the tenant with proxy user using the proxy token
// should fail with a 401
resp = rProxy.path("/tenants/" + tenant.getTenant()).header(AUTH_PROXY_TOKEN_HEADER, proxyToken).get(ClientResponse.class);
Assert.assertEquals(401, resp.getStatus());
}
Also used :
AuthnUpdateParam(com.emc.storageos.model.auth.AuthnUpdateParam)
RoleAssignmentChanges(com.emc.storageos.model.auth.RoleAssignmentChanges)
RoleAssignmentEntry(com.emc.storageos.model.auth.RoleAssignmentEntry)
TenantResponse(com.emc.storageos.model.tenant.TenantResponse)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Example 10 with RoleAssignmentEntry
use of com.emc.storageos.model.auth.RoleAssignmentEntry in project coprhd-controller by CoprHD.
the class RoleChangeTest method tenantAdmin.
/**
* verify TenantAdmin can do something: list RoleAssignment, whoami, create project
*/
@Test
public void tenantAdmin() throws Exception {
// assign Provider Tenant's Tenant admin to AD user
RoleAssignmentEntry roleAssignmentEntry = new RoleAssignmentEntry();
roleAssignmentEntry.setSubjectId(TENANTADMIN);
roleAssignmentEntry.setRoles(new ArrayList<String>(Arrays.asList("TENANT_ADMIN")));
List<RoleAssignmentEntry> add = new ArrayList<RoleAssignmentEntry>();
add.add(roleAssignmentEntry);
RoleAssignmentChanges roleAssignmentChanges = new RoleAssignmentChanges();
roleAssignmentChanges.setAdd(add);
ClientResponse resp = superSanity.path("/tenants/" + rootTenantId + "/role-assignments").header(AUTH_TOKEN_HEADER, superSanityToken).put(ClientResponse.class, roleAssignmentChanges);
Assert.assertEquals(200, resp.getStatus());
// list tenant's role-assignments
BalancedWebResource tenantAdmin = createHttpsClient(TENANTADMIN, AD_PASS_WORD, baseUrls);
resp = tenantAdmin.path("/tenants/" + rootTenantId + "/role-assignments").get(ClientResponse.class);
Assert.assertEquals(200, resp.getStatus());
String tenantAdminToken = (String) _savedTokens.get(TENANTADMIN);
// tenantadmin whoami
UserInfo info = tenantAdmin.path("/user/whoami").get(UserInfo.class);
Assert.assertEquals(TENANTADMIN, info.getCommonName());
Assert.assertEquals(0, info.getVdcRoles().size());
Assert.assertEquals(1, info.getHomeTenantRoles().size());
Assert.assertEquals(0, info.getSubTenantRoles().size());
Assert.assertTrue(info.getHomeTenantRoles().contains("TENANT_ADMIN"));
// create project
ProjectParam projectParam = new ProjectParam();
projectParam.setName("project_unittest" + new Random().nextInt());
resp = tenantAdmin.path("/tenants/" + rootTenantId + "/projects").header(AUTH_TOKEN_HEADER, tenantAdminToken).post(ClientResponse.class, projectParam);
Assert.assertEquals(200, resp.getStatus());
}
Also used :
ClientResponse(com.sun.jersey.api.client.ClientResponse)
RoleAssignmentChanges(com.emc.storageos.model.auth.RoleAssignmentChanges)
ProjectParam(com.emc.storageos.model.project.ProjectParam)
RoleAssignmentEntry(com.emc.storageos.model.auth.RoleAssignmentEntry)
UserInfo(com.emc.storageos.model.user.UserInfo)
Test(org.junit.Test)
Aggregations
RoleAssignmentEntry (com.emc.storageos.model.auth.RoleAssignmentEntry)16
RoleAssignmentChanges (com.emc.storageos.model.auth.RoleAssignmentChanges)7
ClientResponse (com.sun.jersey.api.client.ClientResponse)5
RoleAssignmentUtils.createRoleAssignmentEntry (util.RoleAssignmentUtils.createRoleAssignmentEntry)4
ArrayList (java.util.ArrayList)3
Test (org.junit.Test)3
AuthnUpdateParam (com.emc.storageos.model.auth.AuthnUpdateParam)2
ProjectParam (com.emc.storageos.model.project.ProjectParam)2
TenantResponse (com.emc.storageos.model.tenant.TenantResponse)2
VirtualArrayList (com.emc.storageos.model.varray.VirtualArrayList)2
Restrictions (controllers.deadbolt.Restrictions)2
FlashException (controllers.util.FlashException)2
RoleAssignmentType (models.RoleAssignmentType)2
TaskResourceRep (com.emc.storageos.model.TaskResourceRep)1
RoleAssignments (com.emc.storageos.model.auth.RoleAssignments)1
TenantCreateParam (com.emc.storageos.model.tenant.TenantCreateParam)1
TenantOrgList (com.emc.storageos.model.tenant.TenantOrgList)1
TenantOrgRestRep (com.emc.storageos.model.tenant.TenantOrgRestRep)1
TenantUpdateParam (com.emc.storageos.model.tenant.TenantUpdateParam)1
UserMappingAttributeParam (com.emc.storageos.model.tenant.UserMappingAttributeParam)1
