Example 1 with UserInfo
use of com.emc.storageos.model.user.UserInfo in project coprhd-controller by CoprHD.
the class ApiTestTenants method testSubTenantDeleteByProviderTenantAdmin.
@Test
public void testSubTenantDeleteByProviderTenantAdmin() throws NoSuchAlgorithmException {
final String testName = "testSubTenantDeleteByProviderTenantAdmin - ";
// Create an authnprovider before creating a tenant.
AuthnCreateParam authnProviderCreateParam = getDefaultAuthnCreateParam(testName + getTestDefaultAuthnProviderDescription());
ClientResponse clientAuthnProviderCreateResp = rSys.path(getTestAuthnProviderApi()).post(ClientResponse.class, authnProviderCreateParam);
// Validate the authn provider creation success and add the
// resource to the resource clean up list.
validateAuthnProviderCreateSuccess(clientAuthnProviderCreateResp);
String groupToAddInUserMapping = getGroup(0);
addUserMapping(rootTenantId, groupToAddInUserMapping);
// Assign tenant admin role to the user ldapvipruser1@maxcrc.com
// who is part of provider tenant.
RoleAssignmentChanges roleAssignmentEntryParam = getDefaultRoleAssignmentChanges(false, true);
roleAssignmentEntryParam.getAdd().get(0).setSubjectId(getUserWithDomain(0));
roleAssignmentEntryParam.getAdd().get(0).getRoles().clear();
roleAssignmentEntryParam.getAdd().get(0).getRoles().add(getTenantRole(0));
String roleAssignmentsApi = getTestRoleAssignmentsApi(rootTenantId);
RoleAssignments roleAssignmentCreateResp = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentEntryParam);
validateRoleAssignmentCreateSuccess(roleAssignmentEntryParam, roleAssignmentCreateResp);
// Create a ldapvipruser1@maxcrc.com who has tenant admin role.
String ldapViPRUser1Name = getUserWithDomain(0);
BalancedWebResource ldapViPRUser1 = getHttpsClient(ldapViPRUser1Name, getLDAPUserPassword());
String whoAmIApi = getUserWhoAmIApi();
UserInfo ldapViPRUser1UserInfo = ldapViPRUser1.path(whoAmIApi).get(UserInfo.class);
List<String> expectedRoles = new ArrayList<String>();
expectedRoles.add(getTenantRole(0));
validateUserTenantRoles(ldapViPRUser1UserInfo, expectedRoles);
// Create a subtenant by sec admin.
TenantCreateParam createParam = this.getDefaultTenantCreateParam(testName + "Successful creation of subtenant by sec admin.");
TenantOrgRestRep createResp = rSys.path(getTestApi()).post(TenantOrgRestRep.class, createParam);
validateTenantCreateSuccess(createParam, createResp);
URI subTenantId = createResp.getId();
String subTenantDeleteApi = getTestDeleteApi(subTenantId);
// Delete the subtenant tenant.
// Only sec admin can create sub tenants, the operation will fail.
ClientResponse clientDeleteResp = ldapViPRUser1.path(subTenantDeleteApi).post(ClientResponse.class);
String partialExpectedErrorMsg = ERROR_INSUFFICIENT_PERMISSION_FOR_USER;
partialExpectedErrorMsg = String.format(partialExpectedErrorMsg, ldapViPRUser1Name.toLowerCase());
validateTenantCreateAndEditBadRequest(HttpStatus.SC_FORBIDDEN, partialExpectedErrorMsg, clientDeleteResp);
// Logout the user.
logoutUser(ldapViPRUser1);
// Remove the role assignment for the user.
roleAssignmentEntryParam.getRemove().add(roleAssignmentEntryParam.getAdd().get(0));
roleAssignmentEntryParam.getAdd().clear();
roleAssignmentCreateResp = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentEntryParam);
validateVDCRoleAssignmentsRemove(roleAssignmentCreateResp, ldapViPRUser1Name, false);
// Remove the user mappings.
removeUserMapping(rootTenantId, groupToAddInUserMapping);
}
Also used :
ClientResponse(com.sun.jersey.api.client.ClientResponse)
ArrayList(java.util.ArrayList)
UserInfo(com.emc.storageos.model.user.UserInfo)
URI(java.net.URI)
Test(org.junit.Test)
Example 2 with UserInfo
use of com.emc.storageos.model.user.UserInfo in project coprhd-controller by CoprHD.
the class ApiTestUserGroup method testSingleValueUserGroupWithTenantRoleAssignment.
@Test
public void testSingleValueUserGroupWithTenantRoleAssignment() throws NoSuchAlgorithmException {
final String testName = "testSingleValueUserGroupWithTenantRoleAssignment - ";
createDefaultAuthnProvider(testName + DEFAULT_AUTH_PROVIDER_CREATION);
UserGroupCreateParam createParam = getDefaultUserGroupCreateParam();
// Set name to Depart_QE.
createParam.setLabel("Depart_QE");
// Remove all the attributes.
createParam.getAttributes().clear();
// Just set only one attribute and its only one value.
UserAttributeParam userAttributeParam = new UserAttributeParam();
userAttributeParam.setKey(getAttributeKey(0));
userAttributeParam.getValues().add(getAttributeDepartmentValue(1));
createParam.getAttributes().add(userAttributeParam);
ClientResponse clientUserGroupCreateResp = rSys.path(getTestApi()).post(ClientResponse.class, createParam);
UserGroupRestRep userGroupCreateResp = validateUserGroupCreateSuccess(createParam, clientUserGroupCreateResp);
// Create a test tenant.
URI testTenantId = createTestTenant();
// Update the tenant user mapping with the
// just created user group "Depart_QE".
updateTenantGroups(testTenantId, userGroupCreateResp.getName());
String roleAssignmentsApi = getTenantRoleAssignmentApi(testTenantId);
boolean isGroup = true;
// Assigning all the Tenant roles to Depart_QE user group(with attributes department = [QE]
RoleAssignmentEntry roleAssignmentEntry1 = getRoleAssignmentEntry(userGroupCreateResp.getName(), getDefaultTenantRoles(), isGroup);
RoleAssignmentChanges roleAssignmentChanges = getDefaultVDCRoleAssignmentChanges();
roleAssignmentChanges.getAdd().add(roleAssignmentEntry1);
RoleAssignments roleAssignments = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentChanges);
validateVDCRoleAssignmentsSuccess(roleAssignments, userGroupCreateResp.getName(), isGroup);
// Create a user whose attributes matches with the above created
// user group "Depart_QE". Matching LDAP user is ldapViPRUser5.
BalancedWebResource ldapViPRUser7 = getHttpsClient(getUserWithDomain(6), getLDAPUserPassword());
String whoAmIApi = getUserWhoAmIApi();
UserInfo ldapViPRUser7UserInfo = ldapViPRUser7.path(whoAmIApi).get(UserInfo.class);
validateUserTenantRoles(ldapViPRUser7UserInfo, getDefaultTenantRoles());
// Now try to delete the user group "Depart_QE".
// It should fail, as it is associated with the tenant role assignments and
// tenants user mapping group.
deleteUserGroupAndExpectFailure(userGroupCreateResp.getId());
// Now try to change the domain the of the user group "Depart_Dev".
// It should fail, as it is associated with the tenant role assignments and
// tenants user mapping group.
changeUserGroupDomainAndExpectFailure(userGroupCreateResp);
// Edit the user group but dont change any properties in the group.
// This should be successful irrespective of whether it is used in
// any role or acl or user mapping assignments.
editUserGroupWithoutAnyChangeAndExpectSuccess(userGroupCreateResp);
// Now remove the user group from the role assignments.
roleAssignmentChanges.getAdd().clear();
roleAssignmentChanges.getRemove().add(roleAssignmentEntry1);
roleAssignments = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentChanges);
validateVDCRoleAssignmentsRemove(roleAssignments, userGroupCreateResp.getName(), isGroup);
// Now the user should not have any roles associated with the
// user group "Depart_QE".
ldapViPRUser7UserInfo = ldapViPRUser7.path(whoAmIApi).get(UserInfo.class);
validateNoneUserTenantRoles(ldapViPRUser7UserInfo);
// Now remove the user group from the tenant user mappings.
removeTenantUserMapping(testTenantId, userGroupCreateResp.getName());
}
Also used :
ClientResponse(com.sun.jersey.api.client.ClientResponse)
UserInfo(com.emc.storageos.model.user.UserInfo)
URI(java.net.URI)
Test(org.junit.Test)
Example 3 with UserInfo
use of com.emc.storageos.model.user.UserInfo in project coprhd-controller by CoprHD.
the class ApiTestUserGroup method testUserGroupCreateByTenantAdmin.
@Test
public void testUserGroupCreateByTenantAdmin() throws NoSuchAlgorithmException {
final String testName = "testUserGroupCreateByTenantAdmin - ";
createDefaultAuthnProvider(testName + DEFAULT_AUTH_PROVIDER_CREATION);
// Create a test tenant.
URI testTenantId = createTestTenant();
// Remove the group from just created tenant user mapping.
// So that, all the users in the domain can be assigned with
// tenant roles. Here getting the ldapGroup(2) as that is the
// one used as default one for creating the tenant.
removeUserMappingGroups(testTenantId, getLDAPGroup(2));
// Assigning the VDC role Tenant Admin to ldapViPRUser5.
List<String> roles = new ArrayList<String>();
roles.add(getTenantRole(0));
String userNameWithDomain = getUserWithDomain(4);
String roleAssignmentsApi = getTenantRoleAssignmentApi(testTenantId);
boolean isGroup = false;
RoleAssignmentEntry roleAssignmentEntry1 = getRoleAssignmentEntry(userNameWithDomain, roles, isGroup);
RoleAssignmentChanges roleAssignmentChanges = getDefaultVDCRoleAssignmentChanges();
roleAssignmentChanges.getAdd().add(roleAssignmentEntry1);
RoleAssignments roleAssignments = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentChanges);
validateVDCRoleAssignmentsSuccess(roleAssignments, userNameWithDomain, isGroup);
// Create a user ldapViPRUser5.
BalancedWebResource ldapViPRUser5 = getHttpsClient(userNameWithDomain, getLDAPUserPassword());
String whoAmIApi = getUserWhoAmIApi();
UserInfo ldapViPRUser5UserInfo = ldapViPRUser5.path(whoAmIApi).get(UserInfo.class);
validateUserTenantRoles(ldapViPRUser5UserInfo, roles);
UserGroupCreateParam createParam = getDefaultUserGroupCreateParam();
// Try to create a user group by non security admin user (ldapViPRUser5).
ClientResponse clientResponseUserGroupCreate = ldapViPRUser5.path(getTestApi()).post(ClientResponse.class, createParam);
String partialErrorMessage = ERROR_INSUFFICIENT_PERMISSION_FOR_USER;
partialErrorMessage = String.format(partialErrorMessage, userNameWithDomain.toLowerCase());
validateUserGroupBadRequest(HttpStatus.SC_FORBIDDEN, partialErrorMessage, clientResponseUserGroupCreate);
// Tenant Admin and Project owner has a readonly access.
clientResponseUserGroupCreate = ldapViPRUser5.path(getTestApi()).get(ClientResponse.class);
Assert.assertEquals(HttpStatus.SC_OK, clientResponseUserGroupCreate.getStatus());
// Test the bulk api. Here expecting false for get, as ldapViPRUser5
// is not a sysadmin or sysmonitor and expecting true for post, as
// ldapViPRUser5 is tenant admin.
testUserGroupBulkApi(ldapViPRUser5, false, true);
// Now remove the user group from the role assignments.
roleAssignmentChanges.getAdd().clear();
roleAssignmentChanges.getRemove().add(roleAssignmentEntry1);
roleAssignments = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentChanges);
validateVDCRoleAssignmentsRemove(roleAssignments, userNameWithDomain, isGroup);
// Now the user should not have any roles.
ldapViPRUser5UserInfo = ldapViPRUser5.path(whoAmIApi).get(UserInfo.class);
validateNoneUserTenantRoles(ldapViPRUser5UserInfo);
}
Also used :
ClientResponse(com.sun.jersey.api.client.ClientResponse)
ArrayList(java.util.ArrayList)
UserInfo(com.emc.storageos.model.user.UserInfo)
URI(java.net.URI)
Test(org.junit.Test)
Example 4 with UserInfo
use of com.emc.storageos.model.user.UserInfo in project coprhd-controller by CoprHD.
the class ApiTestUserGroup method testUserGroupWithTenantRoleAssignment.
@Test
public void testUserGroupWithTenantRoleAssignment() throws NoSuchAlgorithmException {
final String testName = "testUserGroupWithTenantRoleAssignment - ";
createDefaultAuthnProvider(testName + DEFAULT_AUTH_PROVIDER_CREATION);
UserGroupCreateParam createParam = getDefaultUserGroupCreateParam();
ClientResponse clientUserGroupCreateResp = rSys.path(getTestApi()).post(ClientResponse.class, createParam);
UserGroupRestRep userGroupCreateResp = validateUserGroupCreateSuccess(createParam, clientUserGroupCreateResp);
// Create a test tenant.
URI testTenantId = createTestTenant();
// Update the tenant user mapping with the
// just created user group "Depart_Dev".
updateTenantGroups(testTenantId, userGroupCreateResp.getName());
String roleAssignmentsApi = getTenantRoleAssignmentApi(testTenantId);
boolean isGroup = true;
// Assigning all the Tenant roles to Depart_Dev user group
// (with attributes department = [ENG, DEV] and l = [Boston]
RoleAssignmentEntry roleAssignmentEntry1 = getRoleAssignmentEntry(userGroupCreateResp.getName(), getDefaultTenantRoles(), isGroup);
RoleAssignmentChanges roleAssignmentChanges = getDefaultVDCRoleAssignmentChanges();
roleAssignmentChanges.getAdd().add(roleAssignmentEntry1);
RoleAssignments roleAssignments = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentChanges);
validateVDCRoleAssignmentsSuccess(roleAssignments, userGroupCreateResp.getName(), isGroup);
// Create a user whose attributes matches with the above created
// user group "Depart_Dev". Matching LDAP user is ldapViPRUser5.
BalancedWebResource ldapViPRUser5 = getHttpsClient(getUserWithDomain(4), getLDAPUserPassword());
String whoAmIApi = getUserWhoAmIApi();
UserInfo ldapViPRUser5UserInfo = ldapViPRUser5.path(whoAmIApi).get(UserInfo.class);
validateUserTenantRoles(ldapViPRUser5UserInfo, getDefaultTenantRoles());
// Now try to delete the user group "Depart_Dev".
// It should fail, as it is associated with the tenant role assignments and
// tenants user mapping group.
deleteUserGroupAndExpectFailure(userGroupCreateResp.getId());
// Now try to change the domain the of the user group "Depart_Dev".
// It should fail, as it is associated with the tenant role assignments and
// tenants user mapping group.
changeUserGroupDomainAndExpectFailure(userGroupCreateResp);
// Edit the user group but dont change any properties in the group.
// This should be successful irrespective of whether it is used in
// any role or acl or user mapping assignments.
editUserGroupWithoutAnyChangeAndExpectSuccess(userGroupCreateResp);
// Now remove the user group from the role assignments.
roleAssignmentChanges.getAdd().clear();
roleAssignmentChanges.getRemove().add(roleAssignmentEntry1);
roleAssignments = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentChanges);
validateVDCRoleAssignmentsRemove(roleAssignments, userGroupCreateResp.getName(), isGroup);
// Now the user should not have any roles associated with the
// user group "Depart_Dev".
ldapViPRUser5UserInfo = ldapViPRUser5.path(whoAmIApi).get(UserInfo.class);
validateNoneUserTenantRoles(ldapViPRUser5UserInfo);
// Now remove the user group from the tenant user mappings.
removeTenantUserMapping(testTenantId, userGroupCreateResp.getName());
}
Also used :
ClientResponse(com.sun.jersey.api.client.ClientResponse)
UserInfo(com.emc.storageos.model.user.UserInfo)
URI(java.net.URI)
Test(org.junit.Test)
Example 5 with UserInfo
use of com.emc.storageos.model.user.UserInfo in project coprhd-controller by CoprHD.
the class ApiTest method createTenant.
private TenantOrgRestRep createTenant(String label, String domain, String attrKey, String attrValue) throws Exception {
BalancedWebResource rootUser = createHttpsClient(SYSADMIN, SYSADMIN_PASS_WORD, baseUrls);
UserInfo info = rootUser.path("/user/whoami").get(UserInfo.class);
String rootTenantId = info.getTenant();
String rootToken = (String) _savedTokens.get(SYSADMIN);
TenantCreateParam tenantParam = new TenantCreateParam();
tenantParam.setLabel(label);
tenantParam.setDescription("description for " + label);
tenantParam.setUserMappings(new ArrayList<UserMappingParam>());
UserMappingParam tenant2UserMapping = new UserMappingParam();
tenant2UserMapping.setDomain(domain);
UserMappingAttributeParam tenant2Attr = new UserMappingAttributeParam();
tenant2Attr.setKey(attrKey);
tenant2Attr.setValues(Collections.singletonList(attrValue));
tenant2UserMapping.setAttributes(Collections.singletonList(tenant2Attr));
tenantParam.getUserMappings().add(tenant2UserMapping);
String subtenant_url = "/tenants/" + rootTenantId + "/subtenants";
TenantOrgRestRep tenantOrg = rootUser.path(subtenant_url).header(AUTH_TOKEN_HEADER, rootToken).post(TenantOrgRestRep.class, tenantParam);
return tenantOrg;
}
Also used :
UserMappingAttributeParam(com.emc.storageos.model.tenant.UserMappingAttributeParam)
UserMappingParam(com.emc.storageos.model.tenant.UserMappingParam)
UserInfo(com.emc.storageos.model.user.UserInfo)
TenantOrgRestRep(com.emc.storageos.model.tenant.TenantOrgRestRep)
TenantCreateParam(com.emc.storageos.model.tenant.TenantCreateParam)
Aggregations
UserInfo (com.emc.storageos.model.user.UserInfo)22
ClientResponse (com.sun.jersey.api.client.ClientResponse)17
Test (org.junit.Test)16
ArrayList (java.util.ArrayList)12
URI (java.net.URI)9
RoleAssignmentChanges (com.emc.storageos.model.auth.RoleAssignmentChanges)2
ProjectParam (com.emc.storageos.model.project.ProjectParam)2
TenantOrgRestRep (com.emc.storageos.model.tenant.TenantOrgRestRep)2
DatabaseException (com.emc.storageos.db.exceptions.DatabaseException)1
RoleAssignmentEntry (com.emc.storageos.model.auth.RoleAssignmentEntry)1
TenantCreateParam (com.emc.storageos.model.tenant.TenantCreateParam)1
TenantResponse (com.emc.storageos.model.tenant.TenantResponse)1
UserMappingAttributeParam (com.emc.storageos.model.tenant.UserMappingAttributeParam)1
UserMappingParam (com.emc.storageos.model.tenant.UserMappingParam)1
SubTenantRoles (com.emc.storageos.model.user.SubTenantRoles)1
VirtualArrayList (com.emc.storageos.model.varray.VirtualArrayList)1
StorageOSUser (com.emc.storageos.security.authentication.StorageOSUser)1
Principal (java.security.Principal)1
Random (java.util.Random)1
GET (javax.ws.rs.GET)1
