Search in sources :

Example 1 with UserInfo

use of com.emc.storageos.model.user.UserInfo in project coprhd-controller by CoprHD.

the class ApiTestTenants method testSubTenantDeleteByProviderTenantAdmin.

@Test
public void testSubTenantDeleteByProviderTenantAdmin() throws NoSuchAlgorithmException {
    final String testName = "testSubTenantDeleteByProviderTenantAdmin - ";
    // Create an authnprovider before creating a tenant.
    AuthnCreateParam authnProviderCreateParam = getDefaultAuthnCreateParam(testName + getTestDefaultAuthnProviderDescription());
    ClientResponse clientAuthnProviderCreateResp = rSys.path(getTestAuthnProviderApi()).post(ClientResponse.class, authnProviderCreateParam);
    // Validate the authn provider creation success and add the
    // resource to the resource clean up list.
    validateAuthnProviderCreateSuccess(clientAuthnProviderCreateResp);
    String groupToAddInUserMapping = getGroup(0);
    addUserMapping(rootTenantId, groupToAddInUserMapping);
    // Assign tenant admin role to the user ldapvipruser1@maxcrc.com
    // who is part of provider tenant.
    RoleAssignmentChanges roleAssignmentEntryParam = getDefaultRoleAssignmentChanges(false, true);
    roleAssignmentEntryParam.getAdd().get(0).setSubjectId(getUserWithDomain(0));
    roleAssignmentEntryParam.getAdd().get(0).getRoles().clear();
    roleAssignmentEntryParam.getAdd().get(0).getRoles().add(getTenantRole(0));
    String roleAssignmentsApi = getTestRoleAssignmentsApi(rootTenantId);
    RoleAssignments roleAssignmentCreateResp = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentEntryParam);
    validateRoleAssignmentCreateSuccess(roleAssignmentEntryParam, roleAssignmentCreateResp);
    // Create a ldapvipruser1@maxcrc.com who has tenant admin role.
    String ldapViPRUser1Name = getUserWithDomain(0);
    BalancedWebResource ldapViPRUser1 = getHttpsClient(ldapViPRUser1Name, getLDAPUserPassword());
    String whoAmIApi = getUserWhoAmIApi();
    UserInfo ldapViPRUser1UserInfo = ldapViPRUser1.path(whoAmIApi).get(UserInfo.class);
    List<String> expectedRoles = new ArrayList<String>();
    expectedRoles.add(getTenantRole(0));
    validateUserTenantRoles(ldapViPRUser1UserInfo, expectedRoles);
    // Create a subtenant by sec admin.
    TenantCreateParam createParam = this.getDefaultTenantCreateParam(testName + "Successful creation of subtenant by sec admin.");
    TenantOrgRestRep createResp = rSys.path(getTestApi()).post(TenantOrgRestRep.class, createParam);
    validateTenantCreateSuccess(createParam, createResp);
    URI subTenantId = createResp.getId();
    String subTenantDeleteApi = getTestDeleteApi(subTenantId);
    // Delete the subtenant tenant.
    // Only sec admin can create sub tenants, the operation will fail.
    ClientResponse clientDeleteResp = ldapViPRUser1.path(subTenantDeleteApi).post(ClientResponse.class);
    String partialExpectedErrorMsg = ERROR_INSUFFICIENT_PERMISSION_FOR_USER;
    partialExpectedErrorMsg = String.format(partialExpectedErrorMsg, ldapViPRUser1Name.toLowerCase());
    validateTenantCreateAndEditBadRequest(HttpStatus.SC_FORBIDDEN, partialExpectedErrorMsg, clientDeleteResp);
    // Logout the user.
    logoutUser(ldapViPRUser1);
    // Remove the role assignment for the user.
    roleAssignmentEntryParam.getRemove().add(roleAssignmentEntryParam.getAdd().get(0));
    roleAssignmentEntryParam.getAdd().clear();
    roleAssignmentCreateResp = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentEntryParam);
    validateVDCRoleAssignmentsRemove(roleAssignmentCreateResp, ldapViPRUser1Name, false);
    // Remove the user mappings.
    removeUserMapping(rootTenantId, groupToAddInUserMapping);
}
Also used : ClientResponse(com.sun.jersey.api.client.ClientResponse) ArrayList(java.util.ArrayList) UserInfo(com.emc.storageos.model.user.UserInfo) URI(java.net.URI) Test(org.junit.Test)

Example 2 with UserInfo

use of com.emc.storageos.model.user.UserInfo in project coprhd-controller by CoprHD.

the class ApiTestUserGroup method testSingleValueUserGroupWithTenantRoleAssignment.

@Test
public void testSingleValueUserGroupWithTenantRoleAssignment() throws NoSuchAlgorithmException {
    final String testName = "testSingleValueUserGroupWithTenantRoleAssignment - ";
    createDefaultAuthnProvider(testName + DEFAULT_AUTH_PROVIDER_CREATION);
    UserGroupCreateParam createParam = getDefaultUserGroupCreateParam();
    // Set name to Depart_QE.
    createParam.setLabel("Depart_QE");
    // Remove all the attributes.
    createParam.getAttributes().clear();
    // Just set only one attribute and its only one value.
    UserAttributeParam userAttributeParam = new UserAttributeParam();
    userAttributeParam.setKey(getAttributeKey(0));
    userAttributeParam.getValues().add(getAttributeDepartmentValue(1));
    createParam.getAttributes().add(userAttributeParam);
    ClientResponse clientUserGroupCreateResp = rSys.path(getTestApi()).post(ClientResponse.class, createParam);
    UserGroupRestRep userGroupCreateResp = validateUserGroupCreateSuccess(createParam, clientUserGroupCreateResp);
    // Create a test tenant.
    URI testTenantId = createTestTenant();
    // Update the tenant user mapping with the
    // just created user group "Depart_QE".
    updateTenantGroups(testTenantId, userGroupCreateResp.getName());
    String roleAssignmentsApi = getTenantRoleAssignmentApi(testTenantId);
    boolean isGroup = true;
    // Assigning all the Tenant roles to Depart_QE user group(with attributes department = [QE]
    RoleAssignmentEntry roleAssignmentEntry1 = getRoleAssignmentEntry(userGroupCreateResp.getName(), getDefaultTenantRoles(), isGroup);
    RoleAssignmentChanges roleAssignmentChanges = getDefaultVDCRoleAssignmentChanges();
    roleAssignmentChanges.getAdd().add(roleAssignmentEntry1);
    RoleAssignments roleAssignments = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentChanges);
    validateVDCRoleAssignmentsSuccess(roleAssignments, userGroupCreateResp.getName(), isGroup);
    // Create a user whose attributes matches with the above created
    // user group "Depart_QE". Matching LDAP user is ldapViPRUser5.
    BalancedWebResource ldapViPRUser7 = getHttpsClient(getUserWithDomain(6), getLDAPUserPassword());
    String whoAmIApi = getUserWhoAmIApi();
    UserInfo ldapViPRUser7UserInfo = ldapViPRUser7.path(whoAmIApi).get(UserInfo.class);
    validateUserTenantRoles(ldapViPRUser7UserInfo, getDefaultTenantRoles());
    // Now try to delete the user group "Depart_QE".
    // It should fail, as it is associated with the tenant role assignments and
    // tenants user mapping group.
    deleteUserGroupAndExpectFailure(userGroupCreateResp.getId());
    // Now try to change the domain the of the user group "Depart_Dev".
    // It should fail, as it is associated with the tenant role assignments and
    // tenants user mapping group.
    changeUserGroupDomainAndExpectFailure(userGroupCreateResp);
    // Edit the user group but dont change any properties in the group.
    // This should be successful irrespective of whether it is used in
    // any role or acl or user mapping assignments.
    editUserGroupWithoutAnyChangeAndExpectSuccess(userGroupCreateResp);
    // Now remove the user group from the role assignments.
    roleAssignmentChanges.getAdd().clear();
    roleAssignmentChanges.getRemove().add(roleAssignmentEntry1);
    roleAssignments = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentChanges);
    validateVDCRoleAssignmentsRemove(roleAssignments, userGroupCreateResp.getName(), isGroup);
    // Now the user should not have any roles associated with the
    // user group "Depart_QE".
    ldapViPRUser7UserInfo = ldapViPRUser7.path(whoAmIApi).get(UserInfo.class);
    validateNoneUserTenantRoles(ldapViPRUser7UserInfo);
    // Now remove the user group from the tenant user mappings.
    removeTenantUserMapping(testTenantId, userGroupCreateResp.getName());
}
Also used : ClientResponse(com.sun.jersey.api.client.ClientResponse) UserInfo(com.emc.storageos.model.user.UserInfo) URI(java.net.URI) Test(org.junit.Test)

Example 3 with UserInfo

use of com.emc.storageos.model.user.UserInfo in project coprhd-controller by CoprHD.

the class ApiTestUserGroup method testUserGroupCreateByTenantAdmin.

@Test
public void testUserGroupCreateByTenantAdmin() throws NoSuchAlgorithmException {
    final String testName = "testUserGroupCreateByTenantAdmin - ";
    createDefaultAuthnProvider(testName + DEFAULT_AUTH_PROVIDER_CREATION);
    // Create a test tenant.
    URI testTenantId = createTestTenant();
    // Remove the group from just created tenant user mapping.
    // So that, all the users in the domain can be assigned with
    // tenant roles. Here getting the ldapGroup(2) as that is the
    // one used as default one for creating the tenant.
    removeUserMappingGroups(testTenantId, getLDAPGroup(2));
    // Assigning the VDC role Tenant Admin to ldapViPRUser5.
    List<String> roles = new ArrayList<String>();
    roles.add(getTenantRole(0));
    String userNameWithDomain = getUserWithDomain(4);
    String roleAssignmentsApi = getTenantRoleAssignmentApi(testTenantId);
    boolean isGroup = false;
    RoleAssignmentEntry roleAssignmentEntry1 = getRoleAssignmentEntry(userNameWithDomain, roles, isGroup);
    RoleAssignmentChanges roleAssignmentChanges = getDefaultVDCRoleAssignmentChanges();
    roleAssignmentChanges.getAdd().add(roleAssignmentEntry1);
    RoleAssignments roleAssignments = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentChanges);
    validateVDCRoleAssignmentsSuccess(roleAssignments, userNameWithDomain, isGroup);
    // Create a user ldapViPRUser5.
    BalancedWebResource ldapViPRUser5 = getHttpsClient(userNameWithDomain, getLDAPUserPassword());
    String whoAmIApi = getUserWhoAmIApi();
    UserInfo ldapViPRUser5UserInfo = ldapViPRUser5.path(whoAmIApi).get(UserInfo.class);
    validateUserTenantRoles(ldapViPRUser5UserInfo, roles);
    UserGroupCreateParam createParam = getDefaultUserGroupCreateParam();
    // Try to create a user group by non security admin user (ldapViPRUser5).
    ClientResponse clientResponseUserGroupCreate = ldapViPRUser5.path(getTestApi()).post(ClientResponse.class, createParam);
    String partialErrorMessage = ERROR_INSUFFICIENT_PERMISSION_FOR_USER;
    partialErrorMessage = String.format(partialErrorMessage, userNameWithDomain.toLowerCase());
    validateUserGroupBadRequest(HttpStatus.SC_FORBIDDEN, partialErrorMessage, clientResponseUserGroupCreate);
    // Tenant Admin and Project owner has a readonly access.
    clientResponseUserGroupCreate = ldapViPRUser5.path(getTestApi()).get(ClientResponse.class);
    Assert.assertEquals(HttpStatus.SC_OK, clientResponseUserGroupCreate.getStatus());
    // Test the bulk api. Here expecting false for get, as ldapViPRUser5
    // is not a sysadmin or sysmonitor and expecting true for post, as
    // ldapViPRUser5 is tenant admin.
    testUserGroupBulkApi(ldapViPRUser5, false, true);
    // Now remove the user group from the role assignments.
    roleAssignmentChanges.getAdd().clear();
    roleAssignmentChanges.getRemove().add(roleAssignmentEntry1);
    roleAssignments = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentChanges);
    validateVDCRoleAssignmentsRemove(roleAssignments, userNameWithDomain, isGroup);
    // Now the user should not have any roles.
    ldapViPRUser5UserInfo = ldapViPRUser5.path(whoAmIApi).get(UserInfo.class);
    validateNoneUserTenantRoles(ldapViPRUser5UserInfo);
}
Also used : ClientResponse(com.sun.jersey.api.client.ClientResponse) ArrayList(java.util.ArrayList) UserInfo(com.emc.storageos.model.user.UserInfo) URI(java.net.URI) Test(org.junit.Test)

Example 4 with UserInfo

use of com.emc.storageos.model.user.UserInfo in project coprhd-controller by CoprHD.

the class ApiTestUserGroup method testUserGroupWithTenantRoleAssignment.

@Test
public void testUserGroupWithTenantRoleAssignment() throws NoSuchAlgorithmException {
    final String testName = "testUserGroupWithTenantRoleAssignment - ";
    createDefaultAuthnProvider(testName + DEFAULT_AUTH_PROVIDER_CREATION);
    UserGroupCreateParam createParam = getDefaultUserGroupCreateParam();
    ClientResponse clientUserGroupCreateResp = rSys.path(getTestApi()).post(ClientResponse.class, createParam);
    UserGroupRestRep userGroupCreateResp = validateUserGroupCreateSuccess(createParam, clientUserGroupCreateResp);
    // Create a test tenant.
    URI testTenantId = createTestTenant();
    // Update the tenant user mapping with the
    // just created user group "Depart_Dev".
    updateTenantGroups(testTenantId, userGroupCreateResp.getName());
    String roleAssignmentsApi = getTenantRoleAssignmentApi(testTenantId);
    boolean isGroup = true;
    // Assigning all the Tenant roles to Depart_Dev user group
    // (with attributes department = [ENG, DEV] and l = [Boston]
    RoleAssignmentEntry roleAssignmentEntry1 = getRoleAssignmentEntry(userGroupCreateResp.getName(), getDefaultTenantRoles(), isGroup);
    RoleAssignmentChanges roleAssignmentChanges = getDefaultVDCRoleAssignmentChanges();
    roleAssignmentChanges.getAdd().add(roleAssignmentEntry1);
    RoleAssignments roleAssignments = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentChanges);
    validateVDCRoleAssignmentsSuccess(roleAssignments, userGroupCreateResp.getName(), isGroup);
    // Create a user whose attributes matches with the above created
    // user group "Depart_Dev". Matching LDAP user is ldapViPRUser5.
    BalancedWebResource ldapViPRUser5 = getHttpsClient(getUserWithDomain(4), getLDAPUserPassword());
    String whoAmIApi = getUserWhoAmIApi();
    UserInfo ldapViPRUser5UserInfo = ldapViPRUser5.path(whoAmIApi).get(UserInfo.class);
    validateUserTenantRoles(ldapViPRUser5UserInfo, getDefaultTenantRoles());
    // Now try to delete the user group "Depart_Dev".
    // It should fail, as it is associated with the tenant role assignments and
    // tenants user mapping group.
    deleteUserGroupAndExpectFailure(userGroupCreateResp.getId());
    // Now try to change the domain the of the user group "Depart_Dev".
    // It should fail, as it is associated with the tenant role assignments and
    // tenants user mapping group.
    changeUserGroupDomainAndExpectFailure(userGroupCreateResp);
    // Edit the user group but dont change any properties in the group.
    // This should be successful irrespective of whether it is used in
    // any role or acl or user mapping assignments.
    editUserGroupWithoutAnyChangeAndExpectSuccess(userGroupCreateResp);
    // Now remove the user group from the role assignments.
    roleAssignmentChanges.getAdd().clear();
    roleAssignmentChanges.getRemove().add(roleAssignmentEntry1);
    roleAssignments = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentChanges);
    validateVDCRoleAssignmentsRemove(roleAssignments, userGroupCreateResp.getName(), isGroup);
    // Now the user should not have any roles associated with the
    // user group "Depart_Dev".
    ldapViPRUser5UserInfo = ldapViPRUser5.path(whoAmIApi).get(UserInfo.class);
    validateNoneUserTenantRoles(ldapViPRUser5UserInfo);
    // Now remove the user group from the tenant user mappings.
    removeTenantUserMapping(testTenantId, userGroupCreateResp.getName());
}
Also used : ClientResponse(com.sun.jersey.api.client.ClientResponse) UserInfo(com.emc.storageos.model.user.UserInfo) URI(java.net.URI) Test(org.junit.Test)

Example 5 with UserInfo

use of com.emc.storageos.model.user.UserInfo in project coprhd-controller by CoprHD.

the class ApiTest method createTenant.

private TenantOrgRestRep createTenant(String label, String domain, String attrKey, String attrValue) throws Exception {
    BalancedWebResource rootUser = createHttpsClient(SYSADMIN, SYSADMIN_PASS_WORD, baseUrls);
    UserInfo info = rootUser.path("/user/whoami").get(UserInfo.class);
    String rootTenantId = info.getTenant();
    String rootToken = (String) _savedTokens.get(SYSADMIN);
    TenantCreateParam tenantParam = new TenantCreateParam();
    tenantParam.setLabel(label);
    tenantParam.setDescription("description for " + label);
    tenantParam.setUserMappings(new ArrayList<UserMappingParam>());
    UserMappingParam tenant2UserMapping = new UserMappingParam();
    tenant2UserMapping.setDomain(domain);
    UserMappingAttributeParam tenant2Attr = new UserMappingAttributeParam();
    tenant2Attr.setKey(attrKey);
    tenant2Attr.setValues(Collections.singletonList(attrValue));
    tenant2UserMapping.setAttributes(Collections.singletonList(tenant2Attr));
    tenantParam.getUserMappings().add(tenant2UserMapping);
    String subtenant_url = "/tenants/" + rootTenantId + "/subtenants";
    TenantOrgRestRep tenantOrg = rootUser.path(subtenant_url).header(AUTH_TOKEN_HEADER, rootToken).post(TenantOrgRestRep.class, tenantParam);
    return tenantOrg;
}
Also used : UserMappingAttributeParam(com.emc.storageos.model.tenant.UserMappingAttributeParam) UserMappingParam(com.emc.storageos.model.tenant.UserMappingParam) UserInfo(com.emc.storageos.model.user.UserInfo) TenantOrgRestRep(com.emc.storageos.model.tenant.TenantOrgRestRep) TenantCreateParam(com.emc.storageos.model.tenant.TenantCreateParam)

Aggregations

UserInfo (com.emc.storageos.model.user.UserInfo)22 ClientResponse (com.sun.jersey.api.client.ClientResponse)17 Test (org.junit.Test)16 ArrayList (java.util.ArrayList)12 URI (java.net.URI)9 RoleAssignmentChanges (com.emc.storageos.model.auth.RoleAssignmentChanges)2 ProjectParam (com.emc.storageos.model.project.ProjectParam)2 TenantOrgRestRep (com.emc.storageos.model.tenant.TenantOrgRestRep)2 DatabaseException (com.emc.storageos.db.exceptions.DatabaseException)1 RoleAssignmentEntry (com.emc.storageos.model.auth.RoleAssignmentEntry)1 TenantCreateParam (com.emc.storageos.model.tenant.TenantCreateParam)1 TenantResponse (com.emc.storageos.model.tenant.TenantResponse)1 UserMappingAttributeParam (com.emc.storageos.model.tenant.UserMappingAttributeParam)1 UserMappingParam (com.emc.storageos.model.tenant.UserMappingParam)1 SubTenantRoles (com.emc.storageos.model.user.SubTenantRoles)1 VirtualArrayList (com.emc.storageos.model.varray.VirtualArrayList)1 StorageOSUser (com.emc.storageos.security.authentication.StorageOSUser)1 Principal (java.security.Principal)1 Random (java.util.Random)1 GET (javax.ws.rs.GET)1