use of com.hubspot.singularity.auth.SingularityAuthorizationHelper in project Singularity by HubSpot.
the class SingularityAuthorizationHelperTest method testCheckForAuthorizationThrowsOnForbiddenChange.
@Test(expected = WebApplicationException.class)
public void testCheckForAuthorizationThrowsOnForbiddenChange() {
final SingularityAuthorizationHelper authorizationHelper = buildAuthorizationHelper(buildAuthEnabledConfig(Collections.<String>emptySet(), ImmutableSet.of("admin"), Collections.<String>emptySet()));
authorizationHelper.checkForAuthorization(REQUEST_WITH_GROUP_A_CHANGED_TO_B, USER_GROUP_A, SingularityAuthorizationScope.READ);
}
use of com.hubspot.singularity.auth.SingularityAuthorizationHelper in project Singularity by HubSpot.
the class SingularityAuthorizationHelperTest method testCheckForAuthorizationThrowsOnForbidden.
@Test(expected = WebApplicationException.class)
public void testCheckForAuthorizationThrowsOnForbidden() {
final SingularityAuthorizationHelper authorizationHelper = buildAuthorizationHelper(buildAuthEnabledConfig(Collections.<String>emptySet(), ImmutableSet.of("admin"), Collections.<String>emptySet()));
authorizationHelper.checkForAuthorization(REQUEST_WITH_GROUP_A, USER_GROUP_B, SingularityAuthorizationScope.READ);
}
use of com.hubspot.singularity.auth.SingularityAuthorizationHelper in project Singularity by HubSpot.
the class SingularityAuthorizationHelperTest method testAuthDisabled.
@Test
public void testAuthDisabled() {
final SingularityAuthorizationHelper authorizationHelper = buildAuthorizationHelper(buildAuthDisabledConfig());
// anyone should be authorized for requests with no group
assertTrue(authorizationHelper.isAuthorizedForRequest(REQUEST_WITH_NO_GROUP, NOT_LOGGED_IN, SingularityAuthorizationScope.READ));
assertTrue(authorizationHelper.isAuthorizedForRequest(REQUEST_WITH_NO_GROUP, USER_GROUP_A, SingularityAuthorizationScope.READ));
// users with matching group(s) should be authorized
assertTrue(authorizationHelper.isAuthorizedForRequest(REQUEST_WITH_GROUP_A, USER_GROUP_A, SingularityAuthorizationScope.READ));
assertTrue(authorizationHelper.isAuthorizedForRequest(REQUEST_WITH_GROUP_A, USER_GROUP_AB, SingularityAuthorizationScope.READ));
// users without matching group(s) should be authorized
assertTrue(authorizationHelper.isAuthorizedForRequest(REQUEST_WITH_GROUP_A, USER_GROUP_B, SingularityAuthorizationScope.READ));
}
use of com.hubspot.singularity.auth.SingularityAuthorizationHelper in project Singularity by HubSpot.
the class SingularityAuthorizationHelperTest method testCheckForAuthorizationDoesntThrowOnAuthorized.
@Test
public void testCheckForAuthorizationDoesntThrowOnAuthorized() {
final SingularityAuthorizationHelper authorizationHelper = buildAuthorizationHelper(buildAuthEnabledConfig(Collections.<String>emptySet(), ImmutableSet.of("admin"), Collections.<String>emptySet()));
authorizationHelper.checkForAuthorization(REQUEST_WITH_GROUP_A, USER_GROUP_A, SingularityAuthorizationScope.READ);
}
use of com.hubspot.singularity.auth.SingularityAuthorizationHelper in project Singularity by HubSpot.
the class SingularityAuthorizationHelperTest method testAuthJitaGroup.
@Test
public void testAuthJitaGroup() {
final SingularityAuthorizationHelper authorizationHelper = buildAuthorizationHelper(buildAuthEnabledConfig(Collections.<String>emptySet(), ImmutableSet.of("admin"), ImmutableSet.of("b")));
// user in JITA group(s) are authorized for all requests
assertTrue(authorizationHelper.isAuthorizedForRequest(REQUEST_WITH_NO_GROUP, USER_GROUP_B, SingularityAuthorizationScope.READ));
assertTrue(authorizationHelper.isAuthorizedForRequest(REQUEST_WITH_GROUP_A, USER_GROUP_B, SingularityAuthorizationScope.READ));
assertTrue(authorizationHelper.isAuthorizedForRequest(REQUEST_WITH_GROUP_B, USER_GROUP_B, SingularityAuthorizationScope.READ));
// but still aren't admins
assertFalse(authorizationHelper.hasAdminAuthorization(USER_GROUP_B));
}
Aggregations