Example 11 with UserInfo
use of com.emc.storageos.model.user.UserInfo in project coprhd-controller by CoprHD.
the class UserInfoPage method getMyInfo.
/**
* This call returns the list of tenants that the user maps to including the details of the mappings.
* It also returns a list of the virtual data center roles and tenant roles assigned to this user.
*
* @brief Show my Tenant and assigned roles
* @prereq none
* @return List of tenants user mappings,VDC role and tenant role of the user.
*/
@GET
@Path("/whoami")
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public UserInfo getMyInfo() {
Principal principal = sc.getUserPrincipal();
if (!(principal instanceof StorageOSUser)) {
throw APIException.forbidden.invalidSecurityContext();
}
StorageOSUser user = (StorageOSUser) principal;
UserInfo info = new UserInfo();
info.setCommonName(user.getName());
// To Do - fix Distinguished name - for now setting it to name
info.setDistinguishedName(user.getName());
info.setTenant(user.getTenantId());
info.setTenantName(_permissionsHelper.getTenantNameByID(user.getTenantId()));
info.setVdcRoles(new ArrayList<String>());
info.setHomeTenantRoles(new ArrayList<String>());
info.setSubTenantRoles(new ArrayList<SubTenantRoles>());
// special check: root in geo scenario
boolean isLocalVdcSingleSite = VdcUtil.isLocalVdcSingleSite();
boolean isRootInGeo = user.getName().equalsIgnoreCase("root") && (!isLocalVdcSingleSite);
// add Vdc Roles
if (user.getRoles() != null) {
for (String role : user.getRoles()) {
// geo scenario, return RESTRICTED_*_ADMIN for root, instead of *_ADMIN
if (isRootInGeo) {
if (role.equalsIgnoreCase(Role.SYSTEM_ADMIN.toString())) {
role = Role.RESTRICTED_SYSTEM_ADMIN.toString();
}
if (role.equalsIgnoreCase(Role.SECURITY_ADMIN.toString())) {
role = Role.RESTRICTED_SECURITY_ADMIN.toString();
}
}
info.getVdcRoles().add(role);
}
}
// geo scenario, skip adding tenant roles for root
if (isRootInGeo) {
return info;
}
try {
Set<String> tenantRoles = _permissionsHelper.getTenantRolesForUser(user, URI.create(user.getTenantId()), false);
if (tenantRoles != null) {
for (String role : tenantRoles) {
info.getHomeTenantRoles().add(role);
}
}
Map<String, Collection<String>> subTenantRoles = _permissionsHelper.getSubtenantRolesForUser(user);
if (subTenantRoles != null) {
for (Entry<String, Collection<String>> entry : subTenantRoles.entrySet()) {
SubTenantRoles subRoles = new SubTenantRoles();
subRoles.setTenant(entry.getKey());
subRoles.setTenantName(_permissionsHelper.getTenantNameByID(entry.getKey()));
subRoles.setRoles(new ArrayList<String>(entry.getValue()));
info.getSubTenantRoles().add(subRoles);
}
}
} catch (DatabaseException ex) {
throw SecurityException.fatals.failedReadingTenantRoles(ex);
}
return info;
}
Also used :
UserInfo(com.emc.storageos.model.user.UserInfo)
SubTenantRoles(com.emc.storageos.model.user.SubTenantRoles)
StorageOSUser(com.emc.storageos.security.authentication.StorageOSUser)
DatabaseException(com.emc.storageos.db.exceptions.DatabaseException)
Principal(java.security.Principal)
Path(javax.ws.rs.Path)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
Example 12 with UserInfo
use of com.emc.storageos.model.user.UserInfo in project coprhd-controller by CoprHD.
the class RoleChangeTest method whoAmi.
@Test
public void whoAmi() {
// root whoami
UserInfo info = rootUser.path("/user/whoami").get(UserInfo.class);
Assert.assertEquals(SYSADMIN, info.getCommonName());
Assert.assertEquals(4, info.getVdcRoles().size());
Assert.assertEquals(0, info.getHomeTenantRoles().size());
Assert.assertEquals(0, info.getSubTenantRoles().size());
// check the root user's default vdc roles.
List<String> roles = new ArrayList<String>(Arrays.asList("RESTRICTED_SECURITY_ADMIN", "RESTRICTED_SYSTEM_ADMIN", "SYSTEM_MONITOR", "SYSTEM_AUDITOR"));
Assert.assertTrue(info.getVdcRoles().containsAll(roles));
// superSanity whoami
info = superSanity.path("/user/whoami").get(UserInfo.class);
Assert.assertEquals(SUPERUSER, info.getCommonName());
Assert.assertTrue(info.getVdcRoles().size() >= 2);
Assert.assertTrue(info.getVdcRoles().contains("SECURITY_ADMIN"));
Assert.assertTrue(info.getVdcRoles().contains("SYSTEM_ADMIN"));
}Example 13 with UserInfo
use of com.emc.storageos.model.user.UserInfo in project coprhd-controller by CoprHD.
the class ApiTestTenants method testProviderTenantEditByProviderTenantAdmin.
@Test
public void testProviderTenantEditByProviderTenantAdmin() throws NoSuchAlgorithmException {
final String testName = "testProviderTenantEditByProviderTenantAdmin - ";
// Create an authnprovider before creating a tenant.
AuthnCreateParam authnProviderCreateParam = getDefaultAuthnCreateParam(testName + getTestDefaultAuthnProviderDescription());
ClientResponse clientAuthnProviderCreateResp = rSys.path(getTestAuthnProviderApi()).post(ClientResponse.class, authnProviderCreateParam);
// Validate the authn provider creation success and add the
// resource to the resource clean up list.
validateAuthnProviderCreateSuccess(clientAuthnProviderCreateResp);
String groupToAddInUserMapping = getGroup(0);
addUserMapping(rootTenantId, groupToAddInUserMapping);
// Assign tenant admin role to the user ldapvipruser1@maxcrc.com
// who is part of provider tenant.
RoleAssignmentChanges roleAssignmentEntryParam = getDefaultRoleAssignmentChanges(false, true);
roleAssignmentEntryParam.getAdd().get(0).setSubjectId(getUserWithDomain(0));
roleAssignmentEntryParam.getAdd().get(0).getRoles().clear();
roleAssignmentEntryParam.getAdd().get(0).getRoles().add(getTenantRole(0));
String roleAssignmentsApi = getTestRoleAssignmentsApi(rootTenantId);
RoleAssignments roleAssignmentCreateResp = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentEntryParam);
validateRoleAssignmentCreateSuccess(roleAssignmentEntryParam, roleAssignmentCreateResp);
// Create a ldapvipruser1@maxcrc.com who has provider tenant admin role.
String ldapViPRUser1Name = getUserWithDomain(0);
BalancedWebResource ldapViPRUser1 = getHttpsClient(ldapViPRUser1Name, getLDAPUserPassword());
String whoAmIApi = getUserWhoAmIApi();
UserInfo ldapViPRUser1UserInfo = ldapViPRUser1.path(whoAmIApi).get(UserInfo.class);
List<String> expectedRoles = new ArrayList<String>();
expectedRoles.add(getTenantRole(0));
validateUserTenantRoles(ldapViPRUser1UserInfo, expectedRoles);
String rootTenantEditApi = getTestEditApi(rootTenantId);
TenantUpdateParam editParam = new TenantUpdateParam();
editParam.setDescription(testName + "Provider tenant admin editing the provider tenant by changing the description.");
// Provider tenant edits the provider tenant by changing its description.
ClientResponse clientEditResp = ldapViPRUser1.path(rootTenantEditApi).put(ClientResponse.class, editParam);
Assert.assertEquals(HttpStatus.SC_OK, clientEditResp.getStatus());
// Add the user mapping to the provider tenant.
// Only sec admin can create sub tenants, the operation will fail.
addUserMappingAndExpectFailure(rootTenantId, getGroup(0), ldapViPRUser1);
// Logout the user.
logoutUser(ldapViPRUser1);
// Remove the role assignment for the user.
roleAssignmentEntryParam.getRemove().add(roleAssignmentEntryParam.getAdd().get(0));
roleAssignmentEntryParam.getAdd().clear();
roleAssignmentCreateResp = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentEntryParam);
validateVDCRoleAssignmentsRemove(roleAssignmentCreateResp, ldapViPRUser1Name, false);
// Remove the user mappings.
removeUserMapping(rootTenantId, groupToAddInUserMapping);
}
Also used :
ClientResponse(com.sun.jersey.api.client.ClientResponse)
ArrayList(java.util.ArrayList)
UserInfo(com.emc.storageos.model.user.UserInfo)
Test(org.junit.Test)
Example 14 with UserInfo
use of com.emc.storageos.model.user.UserInfo in project coprhd-controller by CoprHD.
the class ApiTestUserGroup method testUserGroupCreateByNonSecurityAdmin.
@Test
public void testUserGroupCreateByNonSecurityAdmin() throws NoSuchAlgorithmException {
final String testName = "testUserGroupCreateByNonSecurityAdmin - ";
createDefaultAuthnProvider(testName + DEFAULT_AUTH_PROVIDER_CREATION);
// Update one of the provider tenant user mapping with the
// with null group.
updateTenantGroups(rootTenantId, null);
// Assigning the VDC role System Admin to ldapViPRUser5.
List<String> roles = new ArrayList<String>();
roles.add(getVDCRole(0));
String userNameWithDomain = getUserWithDomain(4);
boolean isGroup = false;
RoleAssignmentEntry roleAssignmentEntry1 = getRoleAssignmentEntry(userNameWithDomain, roles, isGroup);
RoleAssignmentChanges roleAssignmentChanges = getDefaultVDCRoleAssignmentChanges();
roleAssignmentChanges.getAdd().add(roleAssignmentEntry1);
String roleAssignmentsApi = getVDCRoleAssignmentsApi();
RoleAssignments roleAssignments = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentChanges);
validateVDCRoleAssignmentsSuccess(roleAssignments, userNameWithDomain, isGroup);
// Create a user ldpaViPRUser5.
BalancedWebResource ldapViPRUser5 = getHttpsClient(userNameWithDomain, getLDAPUserPassword());
String whoAmIApi = getUserWhoAmIApi();
UserInfo ldapViPRUser5UserInfo = ldapViPRUser5.path(whoAmIApi).get(UserInfo.class);
validateUserVDCRoles(ldapViPRUser5UserInfo, roles);
UserGroupCreateParam createParam = getDefaultUserGroupCreateParam();
// Try to create a user group by non security admin user (ldapViPRUser5).
ClientResponse clientResponseUserGroupCreate = ldapViPRUser5.path(getTestApi()).post(ClientResponse.class, createParam);
String partialErrorMessage = ERROR_INSUFFICIENT_PERMISSION_FOR_USER;
partialErrorMessage = String.format(partialErrorMessage, userNameWithDomain.toLowerCase());
validateUserGroupBadRequest(HttpStatus.SC_FORBIDDEN, partialErrorMessage, clientResponseUserGroupCreate);
// Try to get a list of user groups by non security/tenant admin or project owner (ldapViPRUser5).
clientResponseUserGroupCreate = ldapViPRUser5.path(getTestApi()).get(ClientResponse.class);
partialErrorMessage = ERROR_INSUFFICIENT_PERMISSION_FOR_USER;
partialErrorMessage = String.format(partialErrorMessage, userNameWithDomain.toLowerCase());
validateUserGroupBadRequest(HttpStatus.SC_FORBIDDEN, partialErrorMessage, clientResponseUserGroupCreate);
// Test the bulk api. Here expecting true as ldapViPRUser5 is a sysadmin
testUserGroupBulkApi(ldapViPRUser5, true, true);
// Now remove the role assignments for the user..
roleAssignmentChanges.getAdd().clear();
roleAssignmentChanges.getRemove().add(roleAssignmentEntry1);
roleAssignments = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentChanges);
validateVDCRoleAssignmentsRemove(roleAssignments, userNameWithDomain, isGroup);
// Now remove the user group from the tenant user mappings.
removeTenantUserMapping(rootTenantId, null);
}
Also used :
ClientResponse(com.sun.jersey.api.client.ClientResponse)
ArrayList(java.util.ArrayList)
UserInfo(com.emc.storageos.model.user.UserInfo)
Test(org.junit.Test)
Example 15 with UserInfo
use of com.emc.storageos.model.user.UserInfo in project coprhd-controller by CoprHD.
the class ApiTestUserGroup method testUserGroupCreateByNonTenantAdmin.
@Test
public void testUserGroupCreateByNonTenantAdmin() throws NoSuchAlgorithmException {
final String testName = "testUserGroupCreateByNonTenantAdmin - ";
createDefaultAuthnProvider(testName + DEFAULT_AUTH_PROVIDER_CREATION);
// Create a test tenant.
URI testTenantId = createTestTenant();
// Remove the group just created tenant user mapping.
// So that, all the users in the domain can be assigned with
// tenant roles. Here getting the ldapGroup(2) as that is the
// one used as default one for creating the tenant.
removeUserMappingGroups(testTenantId, getLDAPGroup(2));
// Assigning the tenant role Project admin to ldapViPRUser5.
List<String> roles = new ArrayList<String>();
roles.add(getTenantRole(1));
String userNameWithDomain = getUserWithDomain(4);
String roleAssignmentsApi = getTenantRoleAssignmentApi(testTenantId);
boolean isGroup = false;
RoleAssignmentEntry roleAssignmentEntry1 = getRoleAssignmentEntry(userNameWithDomain, roles, isGroup);
RoleAssignmentChanges roleAssignmentChanges = getDefaultVDCRoleAssignmentChanges();
roleAssignmentChanges.getAdd().add(roleAssignmentEntry1);
RoleAssignments roleAssignments = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentChanges);
validateVDCRoleAssignmentsSuccess(roleAssignments, userNameWithDomain, isGroup);
// Create a user ldapViPRUser5.
BalancedWebResource ldapViPRUser5 = getHttpsClient(userNameWithDomain, getLDAPUserPassword());
String whoAmIApi = getUserWhoAmIApi();
UserInfo ldapViPRUser5UserInfo = ldapViPRUser5.path(whoAmIApi).get(UserInfo.class);
validateUserTenantRoles(ldapViPRUser5UserInfo, roles);
UserGroupCreateParam createParam = getDefaultUserGroupCreateParam();
// Try to create a user group by non security admin user (ldapViPRUser5).
ClientResponse clientResponseUserGroupCreate = ldapViPRUser5.path(getTestApi()).post(ClientResponse.class, createParam);
String partialErrorMessage = ERROR_INSUFFICIENT_PERMISSION_FOR_USER;
partialErrorMessage = String.format(partialErrorMessage, userNameWithDomain.toLowerCase());
validateUserGroupBadRequest(HttpStatus.SC_FORBIDDEN, partialErrorMessage, clientResponseUserGroupCreate);
// Only tenant Admin and Project owner has a readonly access.
clientResponseUserGroupCreate = ldapViPRUser5.path(getTestApi()).get(ClientResponse.class);
validateUserGroupBadRequest(HttpStatus.SC_FORBIDDEN, partialErrorMessage, clientResponseUserGroupCreate);
// Test the bulk api. Here expecting false as ldapViPRUser5
// is not a sysadmin, project owner, tenant admin.
testUserGroupBulkApi(ldapViPRUser5, false, false);
// Now remove the user group from the role assignments.
roleAssignmentChanges.getAdd().clear();
roleAssignmentChanges.getRemove().add(roleAssignmentEntry1);
roleAssignments = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentChanges);
validateVDCRoleAssignmentsRemove(roleAssignments, userNameWithDomain, isGroup);
// Now the user should not have any roles
ldapViPRUser5UserInfo = ldapViPRUser5.path(whoAmIApi).get(UserInfo.class);
validateNoneUserTenantRoles(ldapViPRUser5UserInfo);
}
Also used :
ClientResponse(com.sun.jersey.api.client.ClientResponse)
ArrayList(java.util.ArrayList)
UserInfo(com.emc.storageos.model.user.UserInfo)
URI(java.net.URI)
Test(org.junit.Test)
Aggregations
UserInfo (com.emc.storageos.model.user.UserInfo)22
ClientResponse (com.sun.jersey.api.client.ClientResponse)17
Test (org.junit.Test)16
ArrayList (java.util.ArrayList)12
URI (java.net.URI)9
RoleAssignmentChanges (com.emc.storageos.model.auth.RoleAssignmentChanges)2
ProjectParam (com.emc.storageos.model.project.ProjectParam)2
TenantOrgRestRep (com.emc.storageos.model.tenant.TenantOrgRestRep)2
DatabaseException (com.emc.storageos.db.exceptions.DatabaseException)1
RoleAssignmentEntry (com.emc.storageos.model.auth.RoleAssignmentEntry)1
TenantCreateParam (com.emc.storageos.model.tenant.TenantCreateParam)1
TenantResponse (com.emc.storageos.model.tenant.TenantResponse)1
UserMappingAttributeParam (com.emc.storageos.model.tenant.UserMappingAttributeParam)1
UserMappingParam (com.emc.storageos.model.tenant.UserMappingParam)1
SubTenantRoles (com.emc.storageos.model.user.SubTenantRoles)1
VirtualArrayList (com.emc.storageos.model.varray.VirtualArrayList)1
StorageOSUser (com.emc.storageos.security.authentication.StorageOSUser)1
Principal (java.security.Principal)1
Random (java.util.Random)1
GET (javax.ws.rs.GET)1
