use of com.emc.storageos.model.user.UserInfo in project coprhd-controller by CoprHD.
the class ApiTestTenants method testSubTenantDeleteBySubTenantAdmin.
@Test
public void testSubTenantDeleteBySubTenantAdmin() throws NoSuchAlgorithmException {
final String testName = "testSubTenantDeleteBySubTenantAdmin - ";
// Create an authnprovider before creating a tenant.
AuthnCreateParam authnProviderCreateParam = getDefaultAuthnCreateParam(testName + getTestDefaultAuthnProviderDescription());
ClientResponse clientAuthnProviderCreateResp = rSys.path(getTestAuthnProviderApi()).post(ClientResponse.class, authnProviderCreateParam);
// Validate the authn provider creation success and add the
// resource to the resource clean up list.
validateAuthnProviderCreateSuccess(clientAuthnProviderCreateResp);
TenantCreateParam createParam = this.getDefaultTenantCreateParam(testName + "Successful creation of sbutenant by sec admin.");
TenantOrgRestRep createResp = rSys.path(getTestApi()).post(TenantOrgRestRep.class, createParam);
validateTenantCreateSuccess(createParam, createResp);
URI subTenantId = createResp.getId();
String groupToAddInUserMapping = getGroup(0);
addUserMapping(subTenantId, groupToAddInUserMapping);
// Assign tenant admin role to the user ldapvipruser1@maxcrc.com
// who is part of subtenant.
RoleAssignmentChanges roleAssignmentEntryParam = getDefaultRoleAssignmentChanges(false, true);
roleAssignmentEntryParam.getAdd().get(0).setSubjectId(getUserWithDomain(0));
roleAssignmentEntryParam.getAdd().get(0).getRoles().clear();
roleAssignmentEntryParam.getAdd().get(0).getRoles().add(getTenantRole(0));
String roleAssignmentsApi = getTestRoleAssignmentsApi(subTenantId);
RoleAssignments roleAssignmentCreateResp = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentEntryParam);
validateRoleAssignmentCreateSuccess(roleAssignmentEntryParam, roleAssignmentCreateResp);
// Create a ldapvipruser1@maxcrc.com who has subtenant admin role.
String ldapViPRUser1Name = getUserWithDomain(0);
BalancedWebResource ldapViPRUser1 = getHttpsClient(ldapViPRUser1Name, getLDAPUserPassword());
String whoAmIApi = getUserWhoAmIApi();
UserInfo ldapViPRUser1UserInfo = ldapViPRUser1.path(whoAmIApi).get(UserInfo.class);
List<String> expectedRoles = new ArrayList<String>();
expectedRoles.add(getTenantRole(0));
validateUserTenantRoles(ldapViPRUser1UserInfo, expectedRoles);
String subTenantDeleteApi = getTestDeleteApi(subTenantId);
// Delete the subtenant.
// Only sec admin can create sub tenants, the operation will fail.
ClientResponse clientDeleteResp = ldapViPRUser1.path(subTenantDeleteApi).post(ClientResponse.class);
String partialExpectedErrorMsg = ERROR_INSUFFICIENT_PERMISSION_FOR_USER;
partialExpectedErrorMsg = String.format(partialExpectedErrorMsg, ldapViPRUser1Name.toLowerCase());
validateTenantCreateAndEditBadRequest(HttpStatus.SC_FORBIDDEN, partialExpectedErrorMsg, clientDeleteResp);
// Logout the user.
logoutUser(ldapViPRUser1);
// Remove the role assignment for the user.
roleAssignmentEntryParam.getRemove().add(roleAssignmentEntryParam.getAdd().get(0));
roleAssignmentEntryParam.getAdd().clear();
roleAssignmentCreateResp = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentEntryParam);
validateVDCRoleAssignmentsRemove(roleAssignmentCreateResp, ldapViPRUser1Name, false);
// Remove the user mappings.
removeUserMapping(subTenantId, groupToAddInUserMapping);
}
use of com.emc.storageos.model.user.UserInfo in project coprhd-controller by CoprHD.
the class ApiTestTenants method testSubTenantEditBySubTenantAdmin.
@Test
public void testSubTenantEditBySubTenantAdmin() throws NoSuchAlgorithmException {
final String testName = "testSubTenantEditBySubTenantAdmin - ";
// Create an authnprovider before creating a tenant.
AuthnCreateParam authnProviderCreateParam = getDefaultAuthnCreateParam(testName + getTestDefaultAuthnProviderDescription());
ClientResponse clientAuthnProviderCreateResp = rSys.path(getTestAuthnProviderApi()).post(ClientResponse.class, authnProviderCreateParam);
// Validate the authn provider creation success and add the
// resource to the resource clean up list.
validateAuthnProviderCreateSuccess(clientAuthnProviderCreateResp);
// Create a subtenant by the sec admin.
TenantCreateParam createParam = this.getDefaultTenantCreateParam(testName + "Successful creation of tenant by sec admin.");
TenantOrgRestRep createResp = rSys.path(getTestApi()).post(TenantOrgRestRep.class, createParam);
validateTenantCreateSuccess(createParam, createResp);
// Add the user mapping to the subtenant.
URI subTenantId = createResp.getId();
String groupToAddInUserMapping = getGroup(0);
addUserMapping(subTenantId, groupToAddInUserMapping);
// Assign tenant admin role to the user ldapvipruser1@maxcrc.com
// who is part of subtenant.
RoleAssignmentChanges roleAssignmentEntryParam = getDefaultRoleAssignmentChanges(false, true);
roleAssignmentEntryParam.getAdd().get(0).setSubjectId(getUserWithDomain(0));
roleAssignmentEntryParam.getAdd().get(0).getRoles().clear();
roleAssignmentEntryParam.getAdd().get(0).getRoles().add(getTenantRole(0));
String roleAssignmentsApi = getTestRoleAssignmentsApi(subTenantId);
RoleAssignments roleAssignmentCreateResp = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentEntryParam);
validateRoleAssignmentCreateSuccess(roleAssignmentEntryParam, roleAssignmentCreateResp);
// Create a ldapvipruser1@maxcrc.com who has subtenant admin role.
String ldapViPRUser1Name = getUserWithDomain(0);
BalancedWebResource ldapViPRUser1 = getHttpsClient(ldapViPRUser1Name, getLDAPUserPassword());
String whoAmIApi = getUserWhoAmIApi();
UserInfo ldapViPRUser1UserInfo = ldapViPRUser1.path(whoAmIApi).get(UserInfo.class);
List<String> expectedRoles = new ArrayList<String>();
expectedRoles.add(getTenantRole(0));
validateUserTenantRoles(ldapViPRUser1UserInfo, expectedRoles);
String subTenantEditApi = getTestEditApi(subTenantId);
// Edit the sub tenant by changing its description.
TenantUpdateParam editParam = new TenantUpdateParam();
editParam.setDescription(testName + "SubTenant - Set by subtenant admin");
ClientResponse clientEditResp = ldapViPRUser1.path(subTenantEditApi).put(ClientResponse.class, editParam);
Assert.assertEquals(HttpStatus.SC_OK, clientEditResp.getStatus());
// Add the user mapping to it. It should fail as this is done by provider tenant admin.
// Only sec admin can edit sub tenants, the operation will fail.
addUserMappingAndExpectFailure(subTenantId, getGroup(0), ldapViPRUser1);
// Logout the user.
logoutUser(ldapViPRUser1);
// Remove the role assignment for the user.
roleAssignmentEntryParam.getRemove().add(roleAssignmentEntryParam.getAdd().get(0));
roleAssignmentEntryParam.getAdd().clear();
roleAssignmentCreateResp = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentEntryParam);
validateVDCRoleAssignmentsRemove(roleAssignmentCreateResp, ldapViPRUser1Name, false);
// Remove the user mappings.
removeUserMapping(subTenantId, groupToAddInUserMapping);
}
Aggregations