Search in sources :

Example 1 with IamPrincipalPermission

use of com.nike.cerberus.domain.IamPrincipalPermission in project cerberus by Nike-Inc.

the class IamPrincipalPermissionsValidatorTest method set_can_handle_case_sensitivity.

@Test
public void set_can_handle_case_sensitivity() {
    IamPrincipalPermission a = new IamPrincipalPermission();
    a.withIamPrincipalArn("arn:aws:iam::123:role/abc");
    IamPrincipalPermission b = new IamPrincipalPermission();
    b.withIamPrincipalArn("arn:aws:iam::123:role/ABC");
    Assert.assertTrue(subject.isValid(Sets.newSet(a, b), mockConstraintValidatorContext));
}
Also used : IamPrincipalPermission(com.nike.cerberus.domain.IamPrincipalPermission) Test(org.junit.Test)

Example 2 with IamPrincipalPermission

use of com.nike.cerberus.domain.IamPrincipalPermission in project cerberus by Nike-Inc.

the class IamPrincipalPermissionsValidatorTest method unique_set_is_valid.

@Test
public void unique_set_is_valid() {
    IamPrincipalPermission a = new IamPrincipalPermission();
    a.withIamPrincipalArn("arn:aws:iam::123:role/abc");
    IamPrincipalPermission b = new IamPrincipalPermission();
    b.withIamPrincipalArn("arn:aws:iam::123:role/def");
    Assert.assertTrue(subject.isValid(Sets.newSet(a, b), mockConstraintValidatorContext));
}
Also used : IamPrincipalPermission(com.nike.cerberus.domain.IamPrincipalPermission) Test(org.junit.Test)

Example 3 with IamPrincipalPermission

use of com.nike.cerberus.domain.IamPrincipalPermission in project cerberus by Nike-Inc.

the class MetadataServiceTest method test_that_restore_metadata_calls_the_sdb_service_with_expected_sdb_box.

@Test
public void test_that_restore_metadata_calls_the_sdb_service_with_expected_sdb_box() throws IOException {
    String user = "unit-test-user";
    String id = "111";
    String categoryId = "222";
    String categoryName = "Applications";
    String readId = "333";
    String sdbName = "HEALTH CHECK BUCKET";
    ObjectMapper mapper = ApplicationConfiguration.getObjectMapper();
    InputStream metadataStream = getClass().getClassLoader().getResourceAsStream("com/nike/cerberus/service/sdb_metadata_backup.json");
    SDBMetadata sdbMetadata = mapper.readValue(metadataStream, SDBMetadata.class);
    when(safeDepositBoxService.getSafeDepositBoxIdByName(sdbName)).thenReturn(Optional.ofNullable(null));
    when(uuidSupplier.get()).thenReturn(id);
    when(categoryService.getCategoryIdByName(categoryName)).thenReturn(Optional.of(categoryId));
    Role readRole = new Role();
    readRole.setId(readId);
    when(roleService.getRoleByName(RoleRecord.ROLE_READ)).thenReturn(Optional.of(readRole));
    metadataService.restoreMetadata(sdbMetadata, user);
    SafeDepositBoxV2 expectedSdb = new SafeDepositBoxV2();
    expectedSdb.setId(id);
    expectedSdb.setPath("app/health-check-bucket/");
    expectedSdb.setCategoryId(categoryId);
    expectedSdb.setName(sdbName);
    expectedSdb.setOwner("Lst-Squad.Carebears");
    expectedSdb.setDescription("This SDB is read by the Health Check Lambda...");
    expectedSdb.setCreatedTs(OffsetDateTime.parse("2016-09-08T15:39:31Z"));
    expectedSdb.setLastUpdatedTs(OffsetDateTime.parse("2016-12-13T17:28:00Z"));
    expectedSdb.setCreatedBy("justin.field@nike.com");
    expectedSdb.setLastUpdatedBy("todd.lisonbee@nike.com");
    Set<UserGroupPermission> userPerms = new HashSet<>();
    userPerms.add(new UserGroupPermission().withName("Foundation.Prod.Support").withRoleId(readId));
    userPerms.add(new UserGroupPermission().withName("Lst-NIKE.FOO.ISL").withRoleId(readId));
    expectedSdb.setUserGroupPermissions(userPerms);
    Set<IamPrincipalPermission> iamPerms = new HashSet<>();
    String arn = "arn:aws:iam::1111111111:role/lambda_prod_healthcheck";
    iamPerms.add(new IamPrincipalPermission().withIamPrincipalArn(arn).withRoleId(readId));
    expectedSdb.setIamPrincipalPermissions(iamPerms);
    expectedSdb.setUserGroupPermissions(userPerms);
    expectedSdb.setIamPrincipalPermissions(iamPerms);
    verify(safeDepositBoxService, times(1)).restoreSafeDepositBox(expectedSdb, user);
}
Also used : Role(com.nike.cerberus.domain.Role) SafeDepositBoxV2(com.nike.cerberus.domain.SafeDepositBoxV2) SDBMetadata(com.nike.cerberus.domain.SDBMetadata) InputStream(java.io.InputStream) UserGroupPermission(com.nike.cerberus.domain.UserGroupPermission) IamPrincipalPermission(com.nike.cerberus.domain.IamPrincipalPermission) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 4 with IamPrincipalPermission

use of com.nike.cerberus.domain.IamPrincipalPermission in project cerberus by Nike-Inc.

the class SafeDepositBoxServiceTest method test_that_restore_safe_deposit_box_updates_with_expected_sdb_record_from_safe_depot_box_object_when_the_sdb_already_exists.

@Test
public void test_that_restore_safe_deposit_box_updates_with_expected_sdb_record_from_safe_depot_box_object_when_the_sdb_already_exists() {
    String id = "111";
    String categoryId = "222";
    String readId = "333";
    String sdbName = "HEALTH CHECK BUCKET";
    String sdbId = "asdf-1231-23sad-asd";
    SafeDepositBoxV2 sdbObject = new SafeDepositBoxV2();
    sdbObject.setId(id);
    sdbObject.setPath("app/health-check-bucket/");
    sdbObject.setCategoryId(categoryId);
    sdbObject.setName(sdbName);
    sdbObject.setOwner("Lst-Squad.Carebears");
    sdbObject.setDescription("This SDB is read by the Health Check Lambda...");
    sdbObject.setCreatedTs(OffsetDateTime.parse("2016-09-08T15:39:31Z"));
    sdbObject.setLastUpdatedTs(OffsetDateTime.parse("2016-12-13T17:28:00Z"));
    sdbObject.setCreatedBy("justin.field@nike.com");
    sdbObject.setLastUpdatedBy("todd.lisonbee@nike.com");
    Set<UserGroupPermission> userPerms = new HashSet<>();
    userPerms.add(new UserGroupPermission().withName("Foundation.Prod.Support").withRoleId(readId));
    userPerms.add(new UserGroupPermission().withName("Lst-NIKE.FOO.ISL").withRoleId(readId));
    sdbObject.setUserGroupPermissions(userPerms);
    Set<IamPrincipalPermission> iamPerms = new HashSet<>();
    iamPerms.add(new IamPrincipalPermission().withIamPrincipalArn("arn:aws:iam::1111111111:role/lambda_prod_healthcheck").withRoleId(readId));
    sdbObject.setIamPrincipalPermissions(iamPerms);
    sdbObject.setUserGroupPermissions(userPerms);
    sdbObject.setIamPrincipalPermissions(iamPerms);
    SafeDepositBoxRecord boxToStore = new SafeDepositBoxRecord();
    boxToStore.setId(sdbObject.getId());
    boxToStore.setPath(sdbObject.getPath());
    boxToStore.setCategoryId(sdbObject.getCategoryId());
    boxToStore.setName(sdbObject.getName());
    boxToStore.setDescription(sdbObject.getDescription());
    boxToStore.setCreatedTs(sdbObject.getCreatedTs());
    boxToStore.setLastUpdatedTs(sdbObject.getLastUpdatedTs());
    boxToStore.setCreatedBy(sdbObject.getCreatedBy());
    boxToStore.setLastUpdatedBy(sdbObject.getLastUpdatedBy());
    SafeDepositBoxRecord existingRecord = new SafeDepositBoxRecord();
    existingRecord.setId(sdbId);
    when(safeDepositBoxDao.getSafeDepositBox(sdbObject.getId())).thenReturn(Optional.of(existingRecord));
    doNothing().when(safeDepositBoxServiceSpy).updateOwner(any(), any(), any(), any());
    doNothing().when(safeDepositBoxServiceSpy).modifyUserGroupPermissions(any(), any(), any(), any());
    doNothing().when(safeDepositBoxServiceSpy).modifyIamPrincipalPermissions(any(), any(), any(), any());
    doReturn(sdbObject).when(safeDepositBoxServiceSpy).getSDBFromRecordV2(any());
    safeDepositBoxServiceSpy.restoreSafeDepositBox(sdbObject, "admin-user");
    verify(safeDepositBoxDao, times(1)).fullUpdateSafeDepositBox(boxToStore);
}
Also used : SafeDepositBoxV2(com.nike.cerberus.domain.SafeDepositBoxV2) UserGroupPermission(com.nike.cerberus.domain.UserGroupPermission) IamPrincipalPermission(com.nike.cerberus.domain.IamPrincipalPermission) HashSet(java.util.HashSet) SafeDepositBoxRecord(com.nike.cerberus.record.SafeDepositBoxRecord) Test(org.junit.Test)

Example 5 with IamPrincipalPermission

use of com.nike.cerberus.domain.IamPrincipalPermission in project cerberus by Nike-Inc.

the class SafeDepositBoxServiceTest method test_that_restore_safe_deposit_box_creates_with_expected_sdb_record_from_safe_depot_box_object.

@Test
public void test_that_restore_safe_deposit_box_creates_with_expected_sdb_record_from_safe_depot_box_object() {
    String id = "111";
    String categoryId = "222";
    String readId = "333";
    String sdbName = "HEALTH CHECK BUCKET";
    SafeDepositBoxV2 sdbObject = new SafeDepositBoxV2();
    sdbObject.setId(id);
    sdbObject.setPath("app/health-check-bucket/");
    sdbObject.setCategoryId(categoryId);
    sdbObject.setName(sdbName);
    sdbObject.setOwner("Lst-Squad.Carebears");
    sdbObject.setDescription("This SDB is read by the Health Check Lambda...");
    sdbObject.setCreatedTs(OffsetDateTime.parse("2016-09-08T15:39:31Z"));
    sdbObject.setLastUpdatedTs(OffsetDateTime.parse("2016-12-13T17:28:00Z"));
    sdbObject.setCreatedBy("justin.field@nike.com");
    sdbObject.setLastUpdatedBy("todd.lisonbee@nike.com");
    Set<UserGroupPermission> userPerms = new HashSet<>();
    userPerms.add(new UserGroupPermission().withName("Foundation.Prod.Support").withRoleId(readId));
    userPerms.add(new UserGroupPermission().withName("Lst-NIKE.FOO.ISL").withRoleId(readId));
    sdbObject.setUserGroupPermissions(userPerms);
    Set<IamPrincipalPermission> iamPerms = new HashSet<>();
    iamPerms.add(new IamPrincipalPermission().withIamPrincipalArn("arn:aws:iam::1111111111:role/lambda_prod_healthcheck").withRoleId(readId));
    sdbObject.setIamPrincipalPermissions(iamPerms);
    sdbObject.setUserGroupPermissions(userPerms);
    sdbObject.setIamPrincipalPermissions(iamPerms);
    SafeDepositBoxRecord boxToStore = new SafeDepositBoxRecord();
    boxToStore.setId(sdbObject.getId());
    boxToStore.setPath(sdbObject.getPath());
    boxToStore.setCategoryId(sdbObject.getCategoryId());
    boxToStore.setName(sdbObject.getName());
    boxToStore.setDescription(sdbObject.getDescription());
    boxToStore.setCreatedTs(sdbObject.getCreatedTs());
    boxToStore.setLastUpdatedTs(sdbObject.getLastUpdatedTs());
    boxToStore.setCreatedBy(sdbObject.getCreatedBy());
    boxToStore.setLastUpdatedBy(sdbObject.getLastUpdatedBy());
    when(safeDepositBoxDao.getSafeDepositBox(sdbObject.getId())).thenReturn(Optional.ofNullable(null));
    doNothing().when(safeDepositBoxServiceSpy).addOwnerPermission(any(), any());
    safeDepositBoxServiceSpy.restoreSafeDepositBox(sdbObject, "admin-user");
    verify(safeDepositBoxDao, times(1)).createSafeDepositBox(boxToStore);
}
Also used : SafeDepositBoxV2(com.nike.cerberus.domain.SafeDepositBoxV2) UserGroupPermission(com.nike.cerberus.domain.UserGroupPermission) IamPrincipalPermission(com.nike.cerberus.domain.IamPrincipalPermission) HashSet(java.util.HashSet) SafeDepositBoxRecord(com.nike.cerberus.record.SafeDepositBoxRecord) Test(org.junit.Test)

Aggregations

IamPrincipalPermission (com.nike.cerberus.domain.IamPrincipalPermission)25 Test (org.junit.Test)23 HashSet (java.util.HashSet)12 AwsIamRoleRecord (com.nike.cerberus.record.AwsIamRoleRecord)10 AwsIamRolePermissionRecord (com.nike.cerberus.record.AwsIamRolePermissionRecord)8 SafeDepositBoxV2 (com.nike.cerberus.domain.SafeDepositBoxV2)6 UserGroupPermission (com.nike.cerberus.domain.UserGroupPermission)6 Role (com.nike.cerberus.domain.Role)5 OffsetDateTime (java.time.OffsetDateTime)3 IamRolePermission (com.nike.cerberus.domain.IamRolePermission)2 SDBMetadata (com.nike.cerberus.domain.SDBMetadata)2 SafeDepositBoxV1 (com.nike.cerberus.domain.SafeDepositBoxV1)2 SafeDepositBoxRecord (com.nike.cerberus.record.SafeDepositBoxRecord)2 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1 InputStream (java.io.InputStream)1 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1