Search in sources :

Example 1 with TenantResponse

use of com.emc.storageos.model.tenant.TenantResponse in project coprhd-controller by CoprHD.

the class InternalApiTest method setup.

@Before
public void setup() throws Exception {
    _requestHelper = new ClientRequestHelper(_coordinatorClient);
    _client = _requestHelper.createClient();
    _internalFileClient = new InternalFileServiceClient();
    _internalFileClient.setCoordinatorClient(_coordinatorClient);
    _internalFileClient.setServer(_server);
    _internalNetworkClient = new InternalNetworkClient();
    _internalNetworkClient.setCoordinatorClient(_coordinatorClient);
    _internalNetworkClient.setServer(_server);
    List<String> urls = new ArrayList<String>();
    urls.add(_apiServer);
    rSys = createHttpsClient(SYSADMIN, SYSADMIN_PASS_WORD, urls);
    TenantResponse tenantResp = rSys.path("/tenant").get(TenantResponse.class);
    _rootTenantId = tenantResp.getTenant();
    _rootToken = (String) _savedTokens.get("root");
    // find a CoS to use
    Resources results = rSys.path("/file/vpools/search").queryParam("name", "cosisi").get(Resources.class);
    Assert.assertTrue(results.resource.iterator().hasNext());
    _cosId = results.resource.iterator().next().getId();
    String cosAclUrl = "/file/vpools/" + _cosId.toString() + "/acl";
    ACLAssignmentChanges changes = new ACLAssignmentChanges();
    ACLEntry entry1 = new ACLEntry();
    entry1.setTenant(_rootTenantId.toString());
    entry1.getAces().add("USE");
    changes.getAdd().add(entry1);
    ClientResponse resp = rSys.path(cosAclUrl).put(ClientResponse.class, changes);
    Assert.assertEquals(200, resp.getStatus());
    // find a nh to use
    results = rSys.path("/vdc/varrays/search").queryParam("name", "nh").get(Resources.class);
    Assert.assertTrue(results.resource.iterator().hasNext());
    _nhId = results.resource.iterator().next().getId();
    String nhAclUrl = "/vdc/varrays/" + _nhId.toString() + "/acl";
    resp = rSys.path(nhAclUrl).put(ClientResponse.class, changes);
    Assert.assertEquals(200, resp.getStatus());
    // find a network to use
    results = rSys.path("/vdc/networks/search").queryParam("name", "iptz").get(Resources.class);
    Assert.assertTrue(results.resource.iterator().hasNext());
    _networkId = results.resource.iterator().next().getId();
}
Also used : InternalNetworkClient(com.emc.storageos.api.service.impl.resource.utils.InternalNetworkClient) ClientResponse(com.sun.jersey.api.client.ClientResponse) ArrayList(java.util.ArrayList) InternalFileServiceClient(com.emc.storageos.api.service.impl.resource.utils.InternalFileServiceClient) TenantResponse(com.emc.storageos.model.tenant.TenantResponse) ClientRequestHelper(com.emc.storageos.security.helpers.ClientRequestHelper) Before(org.junit.Before)

Example 2 with TenantResponse

use of com.emc.storageos.model.tenant.TenantResponse in project coprhd-controller by CoprHD.

the class InternalApiTest method testFSReleaseUsingInternalClient.

@Test
public void testFSReleaseUsingInternalClient() throws Exception {
    // get tenant
    TenantResponse tenant = rSys.path("/tenant").get(TenantResponse.class);
    Assert.assertNotNull(tenant);
    // create a project to host a normal file system
    ProjectParam projectParam = new ProjectParam();
    projectParam.setName("test-internalapi-" + System.currentTimeMillis());
    ProjectElement projectResp = rSys.path("/tenants/" + tenant.getTenant().toString() + "/projects").post(ProjectElement.class, projectParam);
    Assert.assertNotNull(projectResp);
    // create a normal file system which we can then release
    FileSystemParam fsparam = new FileSystemParam();
    fsparam.setVpool(_cosId);
    fsparam.setLabel("test-internalapi-" + System.currentTimeMillis());
    fsparam.setVarray(_nhId);
    fsparam.setSize("20971520");
    TaskResourceRep taskResp = rSys.path("/file/filesystems").queryParam("project", projectResp.getId().toString()).post(TaskResourceRep.class, fsparam);
    Assert.assertTrue(taskResp != null);
    Assert.assertNotNull(taskResp.getOpId());
    Assert.assertNotNull(taskResp.getResource());
    URI fsId = taskResp.getResource().getId();
    String opId = taskResp.getOpId();
    // get the file system object we just created
    ClientResponse response = rSys.path("/file/filesystems/" + fsId.toString()).get(ClientResponse.class);
    Assert.assertTrue(response != null);
    Assert.assertEquals(200, response.getStatus());
    // wait for for the file system create to complete
    int checkCount = 1200;
    String status;
    do {
        // wait upto ~2 minute for fs creation
        Thread.sleep(100);
        taskResp = rSys.path("/file/filesystems/" + fsId + "/tasks/" + opId).get(TaskResourceRep.class);
        status = taskResp.getState();
    } while (status.equals("pending") && checkCount-- > 0);
    if (!status.equals("ready")) {
        Assert.assertTrue("Fileshare create timed out", false);
    }
    // a normal file system should be present in the bulk results
    BulkIdParam bulkIds = rSys.path("/file/filesystems/bulk").get(BulkIdParam.class);
    Assert.assertNotNull("bulk ids should not be null", bulkIds);
    FileShareBulkRep bulkFileShares = rSys.path("/file/filesystems/bulk").post(FileShareBulkRep.class, bulkIds);
    Assert.assertNotNull("bulk response should not be null", bulkFileShares);
    boolean found = false;
    for (FileShareRestRep fs : bulkFileShares.getFileShares()) {
        if (fs.getId().equals(fsId)) {
            found = true;
        }
    }
    Assert.assertTrue("unable to find public FileShare in the bulk results", found);
    // only token is used in release file system operation and hence
    // setting dummy strings for username and tenant ID do not matter
    StorageOSUser user = new StorageOSUser("dummyUserName", "dummyTeneatId");
    user.setToken(_rootToken);
    FileShareRestRep fileShareResponse = _internalFileClient.releaseFileSystem(fsId, user);
    Assert.assertNotNull(fileShareResponse);
    // after release, the file system should no longer be present in the bulk results
    bulkFileShares = rSys.path("/file/filesystems/bulk").post(FileShareBulkRep.class, bulkIds);
    Assert.assertNotNull("bulk response should not be null", bulkFileShares);
    found = false;
    for (FileShareRestRep fs : bulkFileShares.getFileShares()) {
        if (fs.getId().equals(fsId)) {
            found = true;
        }
    }
    Assert.assertFalse("found internal FileShare in the bulk results", found);
    // undo the release of the file system
    fileShareResponse = _internalFileClient.undoReleaseFileSystem(fsId);
    Assert.assertNotNull(fileShareResponse);
    // release it again
    fileShareResponse = _internalFileClient.releaseFileSystem(fsId, user);
    Assert.assertNotNull(fileShareResponse);
    // delete the file system via the internal api
    FileSystemDeleteParam deleteParam = new FileSystemDeleteParam();
    deleteParam.setForceDelete(false);
    taskResp = _internalFileClient.deactivateFileSystem(fsId, _rootToken, deleteParam);
    Assert.assertNotNull(taskResp);
}
Also used : ClientResponse(com.sun.jersey.api.client.ClientResponse) FileSystemParam(com.emc.storageos.model.file.FileSystemParam) ProjectParam(com.emc.storageos.model.project.ProjectParam) BulkIdParam(com.emc.storageos.model.BulkIdParam) FileShareBulkRep(com.emc.storageos.model.file.FileShareBulkRep) TaskResourceRep(com.emc.storageos.model.TaskResourceRep) FileShareRestRep(com.emc.storageos.model.file.FileShareRestRep) FileSystemDeleteParam(com.emc.storageos.model.file.FileSystemDeleteParam) URI(java.net.URI) ProjectElement(com.emc.storageos.model.project.ProjectElement) StorageOSUser(com.emc.storageos.security.authentication.StorageOSUser) TenantResponse(com.emc.storageos.model.tenant.TenantResponse) Test(org.junit.Test)

Example 3 with TenantResponse

use of com.emc.storageos.model.tenant.TenantResponse in project coprhd-controller by CoprHD.

the class ApiTestBase method updateRootTenantAttrs.

/**
 * Update tenant attributes for the root tenant
 */
protected void updateRootTenantAttrs() {
    TenantResponse tenantResp = rSys.path("/tenant").get(TenantResponse.class);
    rootTenantId = tenantResp.getTenant();
    /*
         * PUT the ou=sanity attribute mapping into the root tenant attributes
         */
    TenantUpdateParam tenantUpdate = new TenantUpdateParam();
    tenantUpdate.setUserMappingChanges(new UserMappingChanges());
    tenantUpdate.getUserMappingChanges().setAdd(new ArrayList<UserMappingParam>());
    UserMappingParam rootMapping = new UserMappingParam();
    rootMapping.setDomain("SANITY.local");
    UserMappingAttributeParam rootAttr = new UserMappingAttributeParam();
    rootAttr.setKey("ou");
    rootAttr.setValues(Collections.singletonList(ROOTTENANT_ATTR));
    rootMapping.setAttributes(Collections.singletonList(rootAttr));
    tenantUpdate.getUserMappingChanges().getAdd().add(rootMapping);
    // TODO: FIX: not sure why name is required for update
    tenantUpdate.setLabel(ROOTTENANT_NAME);
    ClientResponse resp = rSys.path("/tenants/" + rootTenantId.toString()).put(ClientResponse.class, tenantUpdate);
    Assert.assertEquals(200, resp.getStatus());
}
Also used : ClientResponse(com.sun.jersey.api.client.ClientResponse) UserMappingAttributeParam(com.emc.storageos.model.tenant.UserMappingAttributeParam) UserMappingChanges(com.emc.storageos.model.tenant.UserMappingChanges) UserMappingParam(com.emc.storageos.model.tenant.UserMappingParam) TenantResponse(com.emc.storageos.model.tenant.TenantResponse) TenantUpdateParam(com.emc.storageos.model.tenant.TenantUpdateParam)

Example 4 with TenantResponse

use of com.emc.storageos.model.tenant.TenantResponse in project coprhd-controller by CoprHD.

the class ComputeSystemServiceApiTest method setup.

@BeforeClass(alwaysRun = true)
public void setup() throws Exception {
    List<String> urls = new ArrayList<String>();
    urls.add(_apiServer);
    rSys = createHttpsClient(SYSADMIN, SYSADMIN_PASS_WORD, urls);
    TenantResponse tenantResp = rSys.path("/tenant").get(TenantResponse.class);
    _rootTenantId = tenantResp.getTenant();
    _rootToken = (String) _savedTokens.get("root");
}
Also used : ArrayList(java.util.ArrayList) TenantResponse(com.emc.storageos.model.tenant.TenantResponse) BeforeClass(org.testng.annotations.BeforeClass)

Example 5 with TenantResponse

use of com.emc.storageos.model.tenant.TenantResponse in project coprhd-controller by CoprHD.

the class ApiTest method proxyTokenTests.

private void proxyTokenTests() {
    // Login as root
    TenantResponse tenantResp = rSys.path("/tenant").get(TenantResponse.class);
    rootTenantId = tenantResp.getTenant();
    // Get a proxy token for root
    ClientResponse resp = rSys.path("/proxytoken").get(ClientResponse.class);
    Assert.assertEquals(200, resp.getStatus());
    String proxyToken = (String) _savedProxyTokens.get("root");
    Assert.assertNotNull(proxyToken);
    // try to access tenant/id as proxy user. Does not work because proxy token was not passed in.
    // Proxy user by itself doesn't have TENANT_ADMIN.
    resp = rProxyUser.path("/tenants/" + rootTenantId.toString()).get(ClientResponse.class);
    Assert.assertEquals(403, resp.getStatus());
    // try to access tenant/id as proxy user with proxy token this time.
    resp = rProxyUser.path("/tenants/" + rootTenantId.toString()).header(ApiTestBase.AUTH_PROXY_TOKEN_HEADER, proxyToken).get(ClientResponse.class);
    Assert.assertEquals(200, resp.getStatus());
    // negative tests
    // proxy token, but a user without PROXY_USER role
    resp = rZAdmin.path("/tenants/" + rootTenantId.toString()).header(ApiTestBase.AUTH_PROXY_TOKEN_HEADER, proxyToken).get(ClientResponse.class);
    Assert.assertEquals(403, resp.getStatus());
    // check that the root when proxied does not have SECURITY_ADMIN in it.
    UserInfo info = rProxyUser.path("/user/whoami").header(ApiTestBase.AUTH_PROXY_TOKEN_HEADER, proxyToken).get(UserInfo.class);
    Assert.assertEquals("root", info.getCommonName());
    Assert.assertTrue(!info.getVdcRoles().contains(Role.SECURITY_ADMIN.toString()));
    // zone admin, when proxied, can not do role assignments
    resp = rZAdmin.path("/proxytoken").get(ClientResponse.class);
    Assert.assertEquals(200, resp.getStatus());
    String zAdminProxyToken = (String) _savedProxyTokens.get(ZONEADMIN);
    Assert.assertNotNull(zAdminProxyToken);
    resp = rProxyUser.path("/vdc/role-assignments").header(ApiTestBase.AUTH_PROXY_TOKEN_HEADER, zAdminProxyToken).put(ClientResponse.class, new RoleAssignmentChanges());
    Assert.assertEquals(403, resp.getStatus());
    // logout issuer of the proxy token with the force option. This should wipe out
    // all tokens including proxy tokens. Consequently, proxyuser should no longer be able
    // to access the tenants/id call with that proxy token anymore.
    // ( added .xml and used mixed cases to test that the logout filter forwards the request
    // appropriately)
    // resp = rSys.path("/loGout.XmL").queryParam("force", "true").get(ClientResponse.class);
    resp = rSys.path("/logout.xml").queryParam("force", "true").queryParam("proxytokens", "true").get(ClientResponse.class);
    Assert.assertEquals(200, resp.getStatus());
    resp = rProxyUser.path("/tenants/" + rootTenantId.toString()).header(ApiTestBase.AUTH_PROXY_TOKEN_HEADER, proxyToken).get(ClientResponse.class);
    Assert.assertEquals(401, resp.getStatus());
}
Also used : ClientResponse(com.sun.jersey.api.client.ClientResponse) RoleAssignmentChanges(com.emc.storageos.model.auth.RoleAssignmentChanges) UserInfo(com.emc.storageos.model.user.UserInfo) TenantResponse(com.emc.storageos.model.tenant.TenantResponse)

Aggregations

TenantResponse (com.emc.storageos.model.tenant.TenantResponse)12 ClientResponse (com.sun.jersey.api.client.ClientResponse)6 ArrayList (java.util.ArrayList)5 RoleAssignmentChanges (com.emc.storageos.model.auth.RoleAssignmentChanges)3 UserMappingAttributeParam (com.emc.storageos.model.tenant.UserMappingAttributeParam)3 UserMappingParam (com.emc.storageos.model.tenant.UserMappingParam)3 Before (org.junit.Before)3 AuthnUpdateParam (com.emc.storageos.model.auth.AuthnUpdateParam)2 RoleAssignmentEntry (com.emc.storageos.model.auth.RoleAssignmentEntry)2 ProjectParam (com.emc.storageos.model.project.ProjectParam)2 TenantCreateParam (com.emc.storageos.model.tenant.TenantCreateParam)2 TenantOrgList (com.emc.storageos.model.tenant.TenantOrgList)2 TenantOrgRestRep (com.emc.storageos.model.tenant.TenantOrgRestRep)2 TenantUpdateParam (com.emc.storageos.model.tenant.TenantUpdateParam)2 UserMappingChanges (com.emc.storageos.model.tenant.UserMappingChanges)2 VirtualArrayList (com.emc.storageos.model.varray.VirtualArrayList)2 StorageOSUser (com.emc.storageos.security.authentication.StorageOSUser)2 InternalFileServiceClient (com.emc.storageos.api.service.impl.resource.utils.InternalFileServiceClient)1 InternalNetworkClient (com.emc.storageos.api.service.impl.resource.utils.InternalNetworkClient)1 StringSet (com.emc.storageos.db.client.model.StringSet)1