use of com.emc.storageos.model.user.UserInfo in project coprhd-controller by CoprHD.
the class ApiTestUserGroup method testUserGroupWithVDCRoleAssignment.
@Test
public void testUserGroupWithVDCRoleAssignment() throws NoSuchAlgorithmException {
final String testName = "testUserGroupWithVDCRoleAssignment - ";
createDefaultAuthnProvider(testName + DEFAULT_AUTH_PROVIDER_CREATION);
UserGroupCreateParam createParam = getDefaultUserGroupCreateParam();
ClientResponse clientUserGroupCreateResp = rSys.path(getTestApi()).post(ClientResponse.class, createParam);
UserGroupRestRep userGroupCreateResp = validateUserGroupCreateSuccess(createParam, clientUserGroupCreateResp);
// Update the provider tenant user mapping with the
// just created user group "Depart_Dev".
updateTenantGroups(rootTenantId, userGroupCreateResp.getName());
String roleAssignmentsApi = getVDCRoleAssignmentsApi();
boolean isGroup = true;
// Assigning all the VDC roles to Depart_Dev user group
// (with attributes department = [ENG, DEV] and l = [Boston]
RoleAssignmentEntry roleAssignmentEntry1 = getRoleAssignmentEntry(userGroupCreateResp.getName(), getDefaultVDCRoles(), isGroup);
RoleAssignmentChanges roleAssignmentChanges = getDefaultVDCRoleAssignmentChanges();
roleAssignmentChanges.getAdd().add(roleAssignmentEntry1);
RoleAssignments roleAssignments = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentChanges);
validateVDCRoleAssignmentsSuccess(roleAssignments, userGroupCreateResp.getName(), isGroup);
// Create a user whose attributes matches with the above created
// user group "Depart_Dev". Matching LDAP user is ldapViPRUser5.
BalancedWebResource ldapViPRUser5 = getHttpsClient(getUserWithDomain(4), getLDAPUserPassword());
String whoAmIApi = getUserWhoAmIApi();
UserInfo ldapViPRUser5UserInfo = ldapViPRUser5.path(whoAmIApi).get(UserInfo.class);
validateUserVDCRoles(ldapViPRUser5UserInfo, getDefaultVDCRoles());
// Now try to delete the user group "Depart_Dev".
// It should fail, as it is associated with the VDC role assignments and
// provider tenants user mapping group.
deleteUserGroupAndExpectFailure(userGroupCreateResp.getId());
// Now try to change the domain the of the user group "Depart_Dev".
// It should fail, as it is associated with the VDC role assginments and
// provider tenants user mapping group.
changeUserGroupDomainAndExpectFailure(userGroupCreateResp);
// Edit the user group but dont change any properties in the group.
// This should be successful irrespective of whether it is used in
// any role or acl or user mapping assignments.
editUserGroupWithoutAnyChangeAndExpectSuccess(userGroupCreateResp);
// Now remove the user group from the role assignments.
roleAssignmentChanges.getAdd().clear();
roleAssignmentChanges.getRemove().add(roleAssignmentEntry1);
roleAssignments = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentChanges);
validateVDCRoleAssignmentsRemove(roleAssignments, userGroupCreateResp.getName(), isGroup);
// Now the user should not have any roles associated with the
// user group "Depart_Dev".
ldapViPRUser5UserInfo = ldapViPRUser5.path(whoAmIApi).get(UserInfo.class);
validateNoneUserVDCRoles(ldapViPRUser5UserInfo);
// Now remove the user group from the
// provider tenant user mappings.
removeTenantUserMapping(rootTenantId, userGroupCreateResp.getName());
}
use of com.emc.storageos.model.user.UserInfo in project coprhd-controller by CoprHD.
the class RoleChangeTest method tenantAdmin.
/**
* verify TenantAdmin can do something: list RoleAssignment, whoami, create project
*/
@Test
public void tenantAdmin() throws Exception {
// assign Provider Tenant's Tenant admin to AD user
RoleAssignmentEntry roleAssignmentEntry = new RoleAssignmentEntry();
roleAssignmentEntry.setSubjectId(TENANTADMIN);
roleAssignmentEntry.setRoles(new ArrayList<String>(Arrays.asList("TENANT_ADMIN")));
List<RoleAssignmentEntry> add = new ArrayList<RoleAssignmentEntry>();
add.add(roleAssignmentEntry);
RoleAssignmentChanges roleAssignmentChanges = new RoleAssignmentChanges();
roleAssignmentChanges.setAdd(add);
ClientResponse resp = superSanity.path("/tenants/" + rootTenantId + "/role-assignments").header(AUTH_TOKEN_HEADER, superSanityToken).put(ClientResponse.class, roleAssignmentChanges);
Assert.assertEquals(200, resp.getStatus());
// list tenant's role-assignments
BalancedWebResource tenantAdmin = createHttpsClient(TENANTADMIN, AD_PASS_WORD, baseUrls);
resp = tenantAdmin.path("/tenants/" + rootTenantId + "/role-assignments").get(ClientResponse.class);
Assert.assertEquals(200, resp.getStatus());
String tenantAdminToken = (String) _savedTokens.get(TENANTADMIN);
// tenantadmin whoami
UserInfo info = tenantAdmin.path("/user/whoami").get(UserInfo.class);
Assert.assertEquals(TENANTADMIN, info.getCommonName());
Assert.assertEquals(0, info.getVdcRoles().size());
Assert.assertEquals(1, info.getHomeTenantRoles().size());
Assert.assertEquals(0, info.getSubTenantRoles().size());
Assert.assertTrue(info.getHomeTenantRoles().contains("TENANT_ADMIN"));
// create project
ProjectParam projectParam = new ProjectParam();
projectParam.setName("project_unittest" + new Random().nextInt());
resp = tenantAdmin.path("/tenants/" + rootTenantId + "/projects").header(AUTH_TOKEN_HEADER, tenantAdminToken).post(ClientResponse.class, projectParam);
Assert.assertEquals(200, resp.getStatus());
}
use of com.emc.storageos.model.user.UserInfo in project coprhd-controller by CoprHD.
the class ApiTest method userInfoCheckRoles.
/**
* Checks if the user passed in has all the roles in the provided roles list using the whoami api.
*
* @throws Exception
*/
private void userInfoCheckRoles(BalancedWebResource user, List<String> roles) throws Exception {
UserInfo info = user.path("/user/whoami").get(UserInfo.class);
// since 2.0, tenant role in home tenant roles.
List<String> allRoles = new ArrayList<>();
allRoles.addAll(info.getHomeTenantRoles());
allRoles.addAll(info.getVdcRoles());
Assert.assertTrue(allRoles.containsAll(roles));
}
use of com.emc.storageos.model.user.UserInfo in project coprhd-controller by CoprHD.
the class ApiTest method userInfoTests.
/**
* UserInfo
*
* @throws Exception
*/
private void userInfoTests() throws Exception {
UserInfo info = rSys.path("/user/whoami").get(UserInfo.class);
Assert.assertEquals(SYSADMIN, info.getCommonName());
// no tenant role since 2.0
Assert.assertEquals(4, info.getVdcRoles().size());
// check the root user's default vdc roles.
userInfoCheckRoles(rSys, new ArrayList<String>(Arrays.asList("SECURITY_ADMIN", "SYSTEM_ADMIN", "SYSTEM_MONITOR", "SYSTEM_AUDITOR")));
info = rZAdmin.path("/user/whoami").get(UserInfo.class);
Assert.assertEquals(ZONEADMIN, info.getCommonName());
Assert.assertEquals(0, info.getVdcRoles().size());
}
use of com.emc.storageos.model.user.UserInfo in project coprhd-controller by CoprHD.
the class ApiTestTenants method testTenantCreateBySubTenantAdmin.
@Test
public void testTenantCreateBySubTenantAdmin() throws NoSuchAlgorithmException {
final String testName = "testTenantCreateBySubTenantAdmin - ";
// Create an authnprovider before creating a tenant.
AuthnCreateParam authnProviderCreateParam = getDefaultAuthnCreateParam(testName + getTestDefaultAuthnProviderDescription());
ClientResponse clientAuthnProviderCreateResp = rSys.path(getTestAuthnProviderApi()).post(ClientResponse.class, authnProviderCreateParam);
// Validate the authn provider creation success and add the
// resource to the resource clean up list.
validateAuthnProviderCreateSuccess(clientAuthnProviderCreateResp);
// Create a subtenant by sec admin.
TenantCreateParam createParam = this.getDefaultTenantCreateParam(testName + "Successful creation of tenant by sec admin.");
TenantOrgRestRep createResp = rSys.path(getTestApi()).post(TenantOrgRestRep.class, createParam);
validateTenantCreateSuccess(createParam, createResp);
URI tenantId = createResp.getId();
String groupToAddInUserMapping = getGroup(0);
addUserMapping(tenantId, groupToAddInUserMapping);
// Assign tenant admin role to the user ldapvipruser1@maxcrc.com
// who is part of subtenant.
RoleAssignmentChanges roleAssignmentEntryParam = getDefaultRoleAssignmentChanges(false, true);
roleAssignmentEntryParam.getAdd().get(0).setSubjectId(getUserWithDomain(0));
roleAssignmentEntryParam.getAdd().get(0).getRoles().clear();
roleAssignmentEntryParam.getAdd().get(0).getRoles().add(getTenantRole(0));
String roleAssignmentsApi = getTestRoleAssignmentsApi(tenantId);
RoleAssignments roleAssignmentCreateResp = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentEntryParam);
validateRoleAssignmentCreateSuccess(roleAssignmentEntryParam, roleAssignmentCreateResp);
// Create a ldapvipruser1@maxcrc.com who has subtenant admin role.
String ldapViPRUser1Name = getUserWithDomain(0);
BalancedWebResource ldapViPRUser1 = getHttpsClient(ldapViPRUser1Name, getLDAPUserPassword());
String whoAmIApi = getUserWhoAmIApi();
UserInfo ldapViPRUser1UserInfo = ldapViPRUser1.path(whoAmIApi).get(UserInfo.class);
List<String> expectedRoles = new ArrayList<String>();
expectedRoles.add(getTenantRole(0));
validateUserTenantRoles(ldapViPRUser1UserInfo, expectedRoles);
// Change the name the subtenant to something different.
createParam = this.getDefaultTenantCreateParam(testName + "Tenant creation by subtenant admin should fail.");
createParam.setLabel("Tenant Created by subtenant admin");
// Create a subtenant by subtenant admin.
ClientResponse clientCreateResp = ldapViPRUser1.path(getTestApi()).post(ClientResponse.class, createParam);
// Only sec admin can create sub tenants, the operation will fail.
String partialExpectedErrorMsg = ERROR_INSUFFICIENT_PERMISSION_FOR_USER;
partialExpectedErrorMsg = String.format(partialExpectedErrorMsg, ldapViPRUser1Name.toLowerCase());
validateTenantCreateAndEditBadRequest(HttpStatus.SC_FORBIDDEN, partialExpectedErrorMsg, clientCreateResp);
// Logout the user.
logoutUser(ldapViPRUser1);
// Remove the role assignment for the user.
roleAssignmentEntryParam.getRemove().add(roleAssignmentEntryParam.getAdd().get(0));
roleAssignmentEntryParam.getAdd().clear();
roleAssignmentCreateResp = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentEntryParam);
validateVDCRoleAssignmentsRemove(roleAssignmentCreateResp, ldapViPRUser1Name, false);
// Remove the user mappings.
removeUserMapping(tenantId, groupToAddInUserMapping);
}
Aggregations