Search in sources :

Example 16 with UserInfo

use of com.emc.storageos.model.user.UserInfo in project coprhd-controller by CoprHD.

the class ApiTestUserGroup method testUserGroupWithVDCRoleAssignment.

@Test
public void testUserGroupWithVDCRoleAssignment() throws NoSuchAlgorithmException {
    final String testName = "testUserGroupWithVDCRoleAssignment - ";
    createDefaultAuthnProvider(testName + DEFAULT_AUTH_PROVIDER_CREATION);
    UserGroupCreateParam createParam = getDefaultUserGroupCreateParam();
    ClientResponse clientUserGroupCreateResp = rSys.path(getTestApi()).post(ClientResponse.class, createParam);
    UserGroupRestRep userGroupCreateResp = validateUserGroupCreateSuccess(createParam, clientUserGroupCreateResp);
    // Update the provider tenant user mapping with the
    // just created user group "Depart_Dev".
    updateTenantGroups(rootTenantId, userGroupCreateResp.getName());
    String roleAssignmentsApi = getVDCRoleAssignmentsApi();
    boolean isGroup = true;
    // Assigning all the VDC roles to Depart_Dev user group
    // (with attributes department = [ENG, DEV] and l = [Boston]
    RoleAssignmentEntry roleAssignmentEntry1 = getRoleAssignmentEntry(userGroupCreateResp.getName(), getDefaultVDCRoles(), isGroup);
    RoleAssignmentChanges roleAssignmentChanges = getDefaultVDCRoleAssignmentChanges();
    roleAssignmentChanges.getAdd().add(roleAssignmentEntry1);
    RoleAssignments roleAssignments = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentChanges);
    validateVDCRoleAssignmentsSuccess(roleAssignments, userGroupCreateResp.getName(), isGroup);
    // Create a user whose attributes matches with the above created
    // user group "Depart_Dev". Matching LDAP user is ldapViPRUser5.
    BalancedWebResource ldapViPRUser5 = getHttpsClient(getUserWithDomain(4), getLDAPUserPassword());
    String whoAmIApi = getUserWhoAmIApi();
    UserInfo ldapViPRUser5UserInfo = ldapViPRUser5.path(whoAmIApi).get(UserInfo.class);
    validateUserVDCRoles(ldapViPRUser5UserInfo, getDefaultVDCRoles());
    // Now try to delete the user group "Depart_Dev".
    // It should fail, as it is associated with the VDC role assignments and
    // provider tenants user mapping group.
    deleteUserGroupAndExpectFailure(userGroupCreateResp.getId());
    // Now try to change the domain the of the user group "Depart_Dev".
    // It should fail, as it is associated with the VDC role assginments and
    // provider tenants user mapping group.
    changeUserGroupDomainAndExpectFailure(userGroupCreateResp);
    // Edit the user group but dont change any properties in the group.
    // This should be successful irrespective of whether it is used in
    // any role or acl or user mapping assignments.
    editUserGroupWithoutAnyChangeAndExpectSuccess(userGroupCreateResp);
    // Now remove the user group from the role assignments.
    roleAssignmentChanges.getAdd().clear();
    roleAssignmentChanges.getRemove().add(roleAssignmentEntry1);
    roleAssignments = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentChanges);
    validateVDCRoleAssignmentsRemove(roleAssignments, userGroupCreateResp.getName(), isGroup);
    // Now the user should not have any roles associated with the
    // user group "Depart_Dev".
    ldapViPRUser5UserInfo = ldapViPRUser5.path(whoAmIApi).get(UserInfo.class);
    validateNoneUserVDCRoles(ldapViPRUser5UserInfo);
    // Now remove the user group from the
    // provider tenant user mappings.
    removeTenantUserMapping(rootTenantId, userGroupCreateResp.getName());
}
Also used : ClientResponse(com.sun.jersey.api.client.ClientResponse) UserInfo(com.emc.storageos.model.user.UserInfo) Test(org.junit.Test)

Example 17 with UserInfo

use of com.emc.storageos.model.user.UserInfo in project coprhd-controller by CoprHD.

the class RoleChangeTest method tenantAdmin.

/**
 * verify TenantAdmin can do something: list RoleAssignment, whoami, create project
 */
@Test
public void tenantAdmin() throws Exception {
    // assign Provider Tenant's Tenant admin to AD user
    RoleAssignmentEntry roleAssignmentEntry = new RoleAssignmentEntry();
    roleAssignmentEntry.setSubjectId(TENANTADMIN);
    roleAssignmentEntry.setRoles(new ArrayList<String>(Arrays.asList("TENANT_ADMIN")));
    List<RoleAssignmentEntry> add = new ArrayList<RoleAssignmentEntry>();
    add.add(roleAssignmentEntry);
    RoleAssignmentChanges roleAssignmentChanges = new RoleAssignmentChanges();
    roleAssignmentChanges.setAdd(add);
    ClientResponse resp = superSanity.path("/tenants/" + rootTenantId + "/role-assignments").header(AUTH_TOKEN_HEADER, superSanityToken).put(ClientResponse.class, roleAssignmentChanges);
    Assert.assertEquals(200, resp.getStatus());
    // list tenant's role-assignments
    BalancedWebResource tenantAdmin = createHttpsClient(TENANTADMIN, AD_PASS_WORD, baseUrls);
    resp = tenantAdmin.path("/tenants/" + rootTenantId + "/role-assignments").get(ClientResponse.class);
    Assert.assertEquals(200, resp.getStatus());
    String tenantAdminToken = (String) _savedTokens.get(TENANTADMIN);
    // tenantadmin whoami
    UserInfo info = tenantAdmin.path("/user/whoami").get(UserInfo.class);
    Assert.assertEquals(TENANTADMIN, info.getCommonName());
    Assert.assertEquals(0, info.getVdcRoles().size());
    Assert.assertEquals(1, info.getHomeTenantRoles().size());
    Assert.assertEquals(0, info.getSubTenantRoles().size());
    Assert.assertTrue(info.getHomeTenantRoles().contains("TENANT_ADMIN"));
    // create project
    ProjectParam projectParam = new ProjectParam();
    projectParam.setName("project_unittest" + new Random().nextInt());
    resp = tenantAdmin.path("/tenants/" + rootTenantId + "/projects").header(AUTH_TOKEN_HEADER, tenantAdminToken).post(ClientResponse.class, projectParam);
    Assert.assertEquals(200, resp.getStatus());
}
Also used : ClientResponse(com.sun.jersey.api.client.ClientResponse) RoleAssignmentChanges(com.emc.storageos.model.auth.RoleAssignmentChanges) ProjectParam(com.emc.storageos.model.project.ProjectParam) RoleAssignmentEntry(com.emc.storageos.model.auth.RoleAssignmentEntry) UserInfo(com.emc.storageos.model.user.UserInfo) Test(org.junit.Test)

Example 18 with UserInfo

use of com.emc.storageos.model.user.UserInfo in project coprhd-controller by CoprHD.

the class ApiTest method userInfoCheckRoles.

/**
 * Checks if the user passed in has all the roles in the provided roles list using the whoami api.
 *
 * @throws Exception
 */
private void userInfoCheckRoles(BalancedWebResource user, List<String> roles) throws Exception {
    UserInfo info = user.path("/user/whoami").get(UserInfo.class);
    // since 2.0, tenant role in home tenant roles.
    List<String> allRoles = new ArrayList<>();
    allRoles.addAll(info.getHomeTenantRoles());
    allRoles.addAll(info.getVdcRoles());
    Assert.assertTrue(allRoles.containsAll(roles));
}
Also used : VirtualArrayList(com.emc.storageos.model.varray.VirtualArrayList) ArrayList(java.util.ArrayList) UserInfo(com.emc.storageos.model.user.UserInfo)

Example 19 with UserInfo

use of com.emc.storageos.model.user.UserInfo in project coprhd-controller by CoprHD.

the class ApiTest method userInfoTests.

/**
 * UserInfo
 *
 * @throws Exception
 */
private void userInfoTests() throws Exception {
    UserInfo info = rSys.path("/user/whoami").get(UserInfo.class);
    Assert.assertEquals(SYSADMIN, info.getCommonName());
    // no tenant role since 2.0
    Assert.assertEquals(4, info.getVdcRoles().size());
    // check the root user's default vdc roles.
    userInfoCheckRoles(rSys, new ArrayList<String>(Arrays.asList("SECURITY_ADMIN", "SYSTEM_ADMIN", "SYSTEM_MONITOR", "SYSTEM_AUDITOR")));
    info = rZAdmin.path("/user/whoami").get(UserInfo.class);
    Assert.assertEquals(ZONEADMIN, info.getCommonName());
    Assert.assertEquals(0, info.getVdcRoles().size());
}
Also used : UserInfo(com.emc.storageos.model.user.UserInfo)

Example 20 with UserInfo

use of com.emc.storageos.model.user.UserInfo in project coprhd-controller by CoprHD.

the class ApiTestTenants method testTenantCreateBySubTenantAdmin.

@Test
public void testTenantCreateBySubTenantAdmin() throws NoSuchAlgorithmException {
    final String testName = "testTenantCreateBySubTenantAdmin - ";
    // Create an authnprovider before creating a tenant.
    AuthnCreateParam authnProviderCreateParam = getDefaultAuthnCreateParam(testName + getTestDefaultAuthnProviderDescription());
    ClientResponse clientAuthnProviderCreateResp = rSys.path(getTestAuthnProviderApi()).post(ClientResponse.class, authnProviderCreateParam);
    // Validate the authn provider creation success and add the
    // resource to the resource clean up list.
    validateAuthnProviderCreateSuccess(clientAuthnProviderCreateResp);
    // Create a subtenant by sec admin.
    TenantCreateParam createParam = this.getDefaultTenantCreateParam(testName + "Successful creation of tenant by sec admin.");
    TenantOrgRestRep createResp = rSys.path(getTestApi()).post(TenantOrgRestRep.class, createParam);
    validateTenantCreateSuccess(createParam, createResp);
    URI tenantId = createResp.getId();
    String groupToAddInUserMapping = getGroup(0);
    addUserMapping(tenantId, groupToAddInUserMapping);
    // Assign tenant admin role to the user ldapvipruser1@maxcrc.com
    // who is part of subtenant.
    RoleAssignmentChanges roleAssignmentEntryParam = getDefaultRoleAssignmentChanges(false, true);
    roleAssignmentEntryParam.getAdd().get(0).setSubjectId(getUserWithDomain(0));
    roleAssignmentEntryParam.getAdd().get(0).getRoles().clear();
    roleAssignmentEntryParam.getAdd().get(0).getRoles().add(getTenantRole(0));
    String roleAssignmentsApi = getTestRoleAssignmentsApi(tenantId);
    RoleAssignments roleAssignmentCreateResp = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentEntryParam);
    validateRoleAssignmentCreateSuccess(roleAssignmentEntryParam, roleAssignmentCreateResp);
    // Create a ldapvipruser1@maxcrc.com who has subtenant admin role.
    String ldapViPRUser1Name = getUserWithDomain(0);
    BalancedWebResource ldapViPRUser1 = getHttpsClient(ldapViPRUser1Name, getLDAPUserPassword());
    String whoAmIApi = getUserWhoAmIApi();
    UserInfo ldapViPRUser1UserInfo = ldapViPRUser1.path(whoAmIApi).get(UserInfo.class);
    List<String> expectedRoles = new ArrayList<String>();
    expectedRoles.add(getTenantRole(0));
    validateUserTenantRoles(ldapViPRUser1UserInfo, expectedRoles);
    // Change the name the subtenant to something different.
    createParam = this.getDefaultTenantCreateParam(testName + "Tenant creation by subtenant admin should fail.");
    createParam.setLabel("Tenant Created by subtenant admin");
    // Create a subtenant by subtenant admin.
    ClientResponse clientCreateResp = ldapViPRUser1.path(getTestApi()).post(ClientResponse.class, createParam);
    // Only sec admin can create sub tenants, the operation will fail.
    String partialExpectedErrorMsg = ERROR_INSUFFICIENT_PERMISSION_FOR_USER;
    partialExpectedErrorMsg = String.format(partialExpectedErrorMsg, ldapViPRUser1Name.toLowerCase());
    validateTenantCreateAndEditBadRequest(HttpStatus.SC_FORBIDDEN, partialExpectedErrorMsg, clientCreateResp);
    // Logout the user.
    logoutUser(ldapViPRUser1);
    // Remove the role assignment for the user.
    roleAssignmentEntryParam.getRemove().add(roleAssignmentEntryParam.getAdd().get(0));
    roleAssignmentEntryParam.getAdd().clear();
    roleAssignmentCreateResp = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentEntryParam);
    validateVDCRoleAssignmentsRemove(roleAssignmentCreateResp, ldapViPRUser1Name, false);
    // Remove the user mappings.
    removeUserMapping(tenantId, groupToAddInUserMapping);
}
Also used : ClientResponse(com.sun.jersey.api.client.ClientResponse) ArrayList(java.util.ArrayList) UserInfo(com.emc.storageos.model.user.UserInfo) URI(java.net.URI) Test(org.junit.Test)

Aggregations

UserInfo (com.emc.storageos.model.user.UserInfo)22 ClientResponse (com.sun.jersey.api.client.ClientResponse)17 Test (org.junit.Test)16 ArrayList (java.util.ArrayList)12 URI (java.net.URI)9 RoleAssignmentChanges (com.emc.storageos.model.auth.RoleAssignmentChanges)2 ProjectParam (com.emc.storageos.model.project.ProjectParam)2 TenantOrgRestRep (com.emc.storageos.model.tenant.TenantOrgRestRep)2 DatabaseException (com.emc.storageos.db.exceptions.DatabaseException)1 RoleAssignmentEntry (com.emc.storageos.model.auth.RoleAssignmentEntry)1 TenantCreateParam (com.emc.storageos.model.tenant.TenantCreateParam)1 TenantResponse (com.emc.storageos.model.tenant.TenantResponse)1 UserMappingAttributeParam (com.emc.storageos.model.tenant.UserMappingAttributeParam)1 UserMappingParam (com.emc.storageos.model.tenant.UserMappingParam)1 SubTenantRoles (com.emc.storageos.model.user.SubTenantRoles)1 VirtualArrayList (com.emc.storageos.model.varray.VirtualArrayList)1 StorageOSUser (com.emc.storageos.security.authentication.StorageOSUser)1 Principal (java.security.Principal)1 Random (java.util.Random)1 GET (javax.ws.rs.GET)1