Search in sources :

Example 21 with UserInfo

use of com.emc.storageos.model.user.UserInfo in project coprhd-controller by CoprHD.

the class ApiTestTenants method testSubTenantDeleteBySubTenantAdmin.

@Test
public void testSubTenantDeleteBySubTenantAdmin() throws NoSuchAlgorithmException {
    final String testName = "testSubTenantDeleteBySubTenantAdmin - ";
    // Create an authnprovider before creating a tenant.
    AuthnCreateParam authnProviderCreateParam = getDefaultAuthnCreateParam(testName + getTestDefaultAuthnProviderDescription());
    ClientResponse clientAuthnProviderCreateResp = rSys.path(getTestAuthnProviderApi()).post(ClientResponse.class, authnProviderCreateParam);
    // Validate the authn provider creation success and add the
    // resource to the resource clean up list.
    validateAuthnProviderCreateSuccess(clientAuthnProviderCreateResp);
    TenantCreateParam createParam = this.getDefaultTenantCreateParam(testName + "Successful creation of sbutenant by sec admin.");
    TenantOrgRestRep createResp = rSys.path(getTestApi()).post(TenantOrgRestRep.class, createParam);
    validateTenantCreateSuccess(createParam, createResp);
    URI subTenantId = createResp.getId();
    String groupToAddInUserMapping = getGroup(0);
    addUserMapping(subTenantId, groupToAddInUserMapping);
    // Assign tenant admin role to the user ldapvipruser1@maxcrc.com
    // who is part of subtenant.
    RoleAssignmentChanges roleAssignmentEntryParam = getDefaultRoleAssignmentChanges(false, true);
    roleAssignmentEntryParam.getAdd().get(0).setSubjectId(getUserWithDomain(0));
    roleAssignmentEntryParam.getAdd().get(0).getRoles().clear();
    roleAssignmentEntryParam.getAdd().get(0).getRoles().add(getTenantRole(0));
    String roleAssignmentsApi = getTestRoleAssignmentsApi(subTenantId);
    RoleAssignments roleAssignmentCreateResp = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentEntryParam);
    validateRoleAssignmentCreateSuccess(roleAssignmentEntryParam, roleAssignmentCreateResp);
    // Create a ldapvipruser1@maxcrc.com who has subtenant admin role.
    String ldapViPRUser1Name = getUserWithDomain(0);
    BalancedWebResource ldapViPRUser1 = getHttpsClient(ldapViPRUser1Name, getLDAPUserPassword());
    String whoAmIApi = getUserWhoAmIApi();
    UserInfo ldapViPRUser1UserInfo = ldapViPRUser1.path(whoAmIApi).get(UserInfo.class);
    List<String> expectedRoles = new ArrayList<String>();
    expectedRoles.add(getTenantRole(0));
    validateUserTenantRoles(ldapViPRUser1UserInfo, expectedRoles);
    String subTenantDeleteApi = getTestDeleteApi(subTenantId);
    // Delete the subtenant.
    // Only sec admin can create sub tenants, the operation will fail.
    ClientResponse clientDeleteResp = ldapViPRUser1.path(subTenantDeleteApi).post(ClientResponse.class);
    String partialExpectedErrorMsg = ERROR_INSUFFICIENT_PERMISSION_FOR_USER;
    partialExpectedErrorMsg = String.format(partialExpectedErrorMsg, ldapViPRUser1Name.toLowerCase());
    validateTenantCreateAndEditBadRequest(HttpStatus.SC_FORBIDDEN, partialExpectedErrorMsg, clientDeleteResp);
    // Logout the user.
    logoutUser(ldapViPRUser1);
    // Remove the role assignment for the user.
    roleAssignmentEntryParam.getRemove().add(roleAssignmentEntryParam.getAdd().get(0));
    roleAssignmentEntryParam.getAdd().clear();
    roleAssignmentCreateResp = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentEntryParam);
    validateVDCRoleAssignmentsRemove(roleAssignmentCreateResp, ldapViPRUser1Name, false);
    // Remove the user mappings.
    removeUserMapping(subTenantId, groupToAddInUserMapping);
}
Also used : ClientResponse(com.sun.jersey.api.client.ClientResponse) ArrayList(java.util.ArrayList) UserInfo(com.emc.storageos.model.user.UserInfo) URI(java.net.URI) Test(org.junit.Test)

Example 22 with UserInfo

use of com.emc.storageos.model.user.UserInfo in project coprhd-controller by CoprHD.

the class ApiTestTenants method testSubTenantEditBySubTenantAdmin.

@Test
public void testSubTenantEditBySubTenantAdmin() throws NoSuchAlgorithmException {
    final String testName = "testSubTenantEditBySubTenantAdmin - ";
    // Create an authnprovider before creating a tenant.
    AuthnCreateParam authnProviderCreateParam = getDefaultAuthnCreateParam(testName + getTestDefaultAuthnProviderDescription());
    ClientResponse clientAuthnProviderCreateResp = rSys.path(getTestAuthnProviderApi()).post(ClientResponse.class, authnProviderCreateParam);
    // Validate the authn provider creation success and add the
    // resource to the resource clean up list.
    validateAuthnProviderCreateSuccess(clientAuthnProviderCreateResp);
    // Create a subtenant by the sec admin.
    TenantCreateParam createParam = this.getDefaultTenantCreateParam(testName + "Successful creation of tenant by sec admin.");
    TenantOrgRestRep createResp = rSys.path(getTestApi()).post(TenantOrgRestRep.class, createParam);
    validateTenantCreateSuccess(createParam, createResp);
    // Add the user mapping to the subtenant.
    URI subTenantId = createResp.getId();
    String groupToAddInUserMapping = getGroup(0);
    addUserMapping(subTenantId, groupToAddInUserMapping);
    // Assign tenant admin role to the user ldapvipruser1@maxcrc.com
    // who is part of subtenant.
    RoleAssignmentChanges roleAssignmentEntryParam = getDefaultRoleAssignmentChanges(false, true);
    roleAssignmentEntryParam.getAdd().get(0).setSubjectId(getUserWithDomain(0));
    roleAssignmentEntryParam.getAdd().get(0).getRoles().clear();
    roleAssignmentEntryParam.getAdd().get(0).getRoles().add(getTenantRole(0));
    String roleAssignmentsApi = getTestRoleAssignmentsApi(subTenantId);
    RoleAssignments roleAssignmentCreateResp = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentEntryParam);
    validateRoleAssignmentCreateSuccess(roleAssignmentEntryParam, roleAssignmentCreateResp);
    // Create a ldapvipruser1@maxcrc.com who has subtenant admin role.
    String ldapViPRUser1Name = getUserWithDomain(0);
    BalancedWebResource ldapViPRUser1 = getHttpsClient(ldapViPRUser1Name, getLDAPUserPassword());
    String whoAmIApi = getUserWhoAmIApi();
    UserInfo ldapViPRUser1UserInfo = ldapViPRUser1.path(whoAmIApi).get(UserInfo.class);
    List<String> expectedRoles = new ArrayList<String>();
    expectedRoles.add(getTenantRole(0));
    validateUserTenantRoles(ldapViPRUser1UserInfo, expectedRoles);
    String subTenantEditApi = getTestEditApi(subTenantId);
    // Edit the sub tenant by changing its description.
    TenantUpdateParam editParam = new TenantUpdateParam();
    editParam.setDescription(testName + "SubTenant - Set by subtenant admin");
    ClientResponse clientEditResp = ldapViPRUser1.path(subTenantEditApi).put(ClientResponse.class, editParam);
    Assert.assertEquals(HttpStatus.SC_OK, clientEditResp.getStatus());
    // Add the user mapping to it. It should fail as this is done by provider tenant admin.
    // Only sec admin can edit sub tenants, the operation will fail.
    addUserMappingAndExpectFailure(subTenantId, getGroup(0), ldapViPRUser1);
    // Logout the user.
    logoutUser(ldapViPRUser1);
    // Remove the role assignment for the user.
    roleAssignmentEntryParam.getRemove().add(roleAssignmentEntryParam.getAdd().get(0));
    roleAssignmentEntryParam.getAdd().clear();
    roleAssignmentCreateResp = rSys.path(roleAssignmentsApi).put(RoleAssignments.class, roleAssignmentEntryParam);
    validateVDCRoleAssignmentsRemove(roleAssignmentCreateResp, ldapViPRUser1Name, false);
    // Remove the user mappings.
    removeUserMapping(subTenantId, groupToAddInUserMapping);
}
Also used : ClientResponse(com.sun.jersey.api.client.ClientResponse) ArrayList(java.util.ArrayList) UserInfo(com.emc.storageos.model.user.UserInfo) URI(java.net.URI) Test(org.junit.Test)

Aggregations

UserInfo (com.emc.storageos.model.user.UserInfo)22 ClientResponse (com.sun.jersey.api.client.ClientResponse)17 Test (org.junit.Test)16 ArrayList (java.util.ArrayList)12 URI (java.net.URI)9 RoleAssignmentChanges (com.emc.storageos.model.auth.RoleAssignmentChanges)2 ProjectParam (com.emc.storageos.model.project.ProjectParam)2 TenantOrgRestRep (com.emc.storageos.model.tenant.TenantOrgRestRep)2 DatabaseException (com.emc.storageos.db.exceptions.DatabaseException)1 RoleAssignmentEntry (com.emc.storageos.model.auth.RoleAssignmentEntry)1 TenantCreateParam (com.emc.storageos.model.tenant.TenantCreateParam)1 TenantResponse (com.emc.storageos.model.tenant.TenantResponse)1 UserMappingAttributeParam (com.emc.storageos.model.tenant.UserMappingAttributeParam)1 UserMappingParam (com.emc.storageos.model.tenant.UserMappingParam)1 SubTenantRoles (com.emc.storageos.model.user.SubTenantRoles)1 VirtualArrayList (com.emc.storageos.model.varray.VirtualArrayList)1 StorageOSUser (com.emc.storageos.security.authentication.StorageOSUser)1 Principal (java.security.Principal)1 Random (java.util.Random)1 GET (javax.ws.rs.GET)1