use of com.nike.cerberus.domain.IamPrincipalPermission in project cerberus by Nike-Inc.
the class IamPrincipalPermissionServiceTest method testIamPrincipalPermissionUpdateWhenIamRoleIsPresent.
@Test
public void testIamPrincipalPermissionUpdateWhenIamRoleIsPresent() {
IamPrincipalPermission iamPrincipalPermission = new IamPrincipalPermission();
iamPrincipalPermission.setIamPrincipalArn("arn");
AwsIamRoleRecord awsIamRoleRecord = new AwsIamRoleRecord();
Mockito.when(awsIamRoleDao.getIamRole("arn")).thenReturn(Optional.of(awsIamRoleRecord));
iamPrincipalPermissionService.updateIamPrincipalPermission("boxId", iamPrincipalPermission, "user", OffsetDateTime.MAX);
Mockito.verify(awsIamRoleDao).updateIamRolePermission(Mockito.any(AwsIamRolePermissionRecord.class));
}
use of com.nike.cerberus.domain.IamPrincipalPermission in project cerberus by Nike-Inc.
the class IamPrincipalPermissionServiceTest method testGrantIamPermissionIfRoleIsPresentByRoleIdAndRoleRecordNotFound.
@Test
public void testGrantIamPermissionIfRoleIsPresentByRoleIdAndRoleRecordNotFound() {
IamPrincipalPermission iamPrincipalPermission = new IamPrincipalPermission();
iamPrincipalPermission.setIamPrincipalArn("arn");
iamPrincipalPermission.setRoleId("roleId");
Role role = new Role();
Mockito.when(awsIamRoleDao.getIamRole("arn")).thenReturn(Optional.empty());
Mockito.when(roleService.getRoleById("roleId")).thenReturn(Optional.of(role));
Mockito.when(uuidSupplier.get()).thenReturn("uuid");
iamPrincipalPermissionService.grantIamPrincipalPermission("boxId", iamPrincipalPermission, "user", OffsetDateTime.MAX);
Mockito.verify(awsIamRoleDao).createIamRole(Mockito.any(AwsIamRoleRecord.class));
Mockito.verify(awsIamRoleDao).createIamRolePermission(Mockito.any(AwsIamRolePermissionRecord.class));
}
use of com.nike.cerberus.domain.IamPrincipalPermission in project cerberus by Nike-Inc.
the class IamPrincipalPermissionsValidator method isValid.
public boolean isValid(Set<IamPrincipalPermission> iamRolePermissionSet, ConstraintValidatorContext context) {
if (iamRolePermissionSet == null || iamRolePermissionSet.isEmpty()) {
return true;
}
boolean isValid = true;
Set<String> iamRoles = new HashSet<>();
for (IamPrincipalPermission iamRolePermission : iamRolePermissionSet) {
final String key = buildKey(iamRolePermission);
if (iamRoles.contains(key)) {
isValid = false;
break;
} else {
iamRoles.add(key);
}
}
return isValid;
}
use of com.nike.cerberus.domain.IamPrincipalPermission in project cerberus by Nike-Inc.
the class SafeDepositBoxServiceTest method test_that_convertSafeDepositBoxV1ToV2_creates_expected_safe_deposit_box_v2.
@Test
public void test_that_convertSafeDepositBoxV1ToV2_creates_expected_safe_deposit_box_v2() {
String id = "id";
String name = "name";
String description = "description";
String path = "path";
String categoryId = "category id";
String createdBy = "created by";
String lastUpdatedBy = "last updated by";
OffsetDateTime createdTs = OffsetDateTime.now();
OffsetDateTime lastUpdatedTs = OffsetDateTime.now();
String owner = "owner";
String accountId = "123";
String roleName = "abc";
String arn = "arn:aws:iam::123:role/abc";
String roleId = "role id";
Set<UserGroupPermission> userGroupPermissions = Sets.newHashSet();
UserGroupPermission userGroupPermission = new UserGroupPermission();
userGroupPermissions.add(userGroupPermission);
Set<IamPrincipalPermission> iamRolePermissions = Sets.newHashSet();
IamPrincipalPermission iamRolePermission = new IamPrincipalPermission().withIamPrincipalArn(arn).withRoleId(roleId);
iamRolePermissions.add(iamRolePermission);
SafeDepositBoxV2 safeDepositBoxV2 = new SafeDepositBoxV2();
safeDepositBoxV2.setId(id);
safeDepositBoxV2.setName(name);
safeDepositBoxV2.setDescription(description);
safeDepositBoxV2.setPath(path);
safeDepositBoxV2.setCategoryId(categoryId);
safeDepositBoxV2.setCreatedBy(createdBy);
safeDepositBoxV2.setLastUpdatedBy(lastUpdatedBy);
safeDepositBoxV2.setCreatedTs(createdTs);
safeDepositBoxV2.setLastUpdatedTs(lastUpdatedTs);
safeDepositBoxV2.setOwner(owner);
safeDepositBoxV2.setUserGroupPermissions(userGroupPermissions);
safeDepositBoxV2.setIamPrincipalPermissions(iamRolePermissions);
when(awsIamRoleArnParser.getAccountId(arn)).thenReturn(accountId);
when(awsIamRoleArnParser.getRoleName(arn)).thenReturn(roleName);
SafeDepositBoxV1 resultantSDBV1 = safeDepositBoxService.convertSafeDepositBoxV2ToV1(safeDepositBoxV2);
SafeDepositBoxV1 expectedSdbV1 = new SafeDepositBoxV1();
expectedSdbV1.setId(id);
expectedSdbV1.setName(name);
expectedSdbV1.setDescription(description);
expectedSdbV1.setPath(path);
expectedSdbV1.setCategoryId(categoryId);
expectedSdbV1.setCreatedBy(createdBy);
expectedSdbV1.setLastUpdatedBy(lastUpdatedBy);
expectedSdbV1.setCreatedTs(createdTs);
expectedSdbV1.setLastUpdatedTs(lastUpdatedTs);
expectedSdbV1.setOwner(owner);
expectedSdbV1.setUserGroupPermissions(userGroupPermissions);
Set<IamRolePermission> expectedIamRolePermissionsV1 = Sets.newHashSet();
IamRolePermission expectedIamRolePermission = new IamRolePermission().withAccountId(accountId).withIamRoleName(roleName).withRoleId(roleId);
expectedIamRolePermissionsV1.add(expectedIamRolePermission);
expectedSdbV1.setIamRolePermissions(expectedIamRolePermissionsV1);
assertEquals(expectedSdbV1, resultantSDBV1);
}
use of com.nike.cerberus.domain.IamPrincipalPermission in project cerberus by Nike-Inc.
the class SafeDepositBoxServiceTest method test_that_convertSafeDepositBoxV2ToV1_creates_expected_safe_deposit_box_v1.
@Test
public void test_that_convertSafeDepositBoxV2ToV1_creates_expected_safe_deposit_box_v1() {
String id = "id";
String name = "name";
String description = "description";
String path = "path";
String categoryId = "category id";
String createdBy = "created by";
String lastUpdatedBy = "last updated by";
OffsetDateTime createdTs = OffsetDateTime.now();
OffsetDateTime lastUpdatedTs = OffsetDateTime.now();
String owner = "owner";
String accountId = "123";
String roleName = "abc";
String arn = "arn:aws:iam::123:role/abc";
String roleId = "role id";
Set<UserGroupPermission> userGroupPermissions = Sets.newHashSet();
UserGroupPermission userGroupPermission = new UserGroupPermission();
userGroupPermissions.add(userGroupPermission);
Set<IamRolePermission> iamRolePermissions = Sets.newHashSet();
IamRolePermission iamRolePermission = new IamRolePermission().withAccountId(accountId).withIamRoleName(roleName).withRoleId(roleId);
iamRolePermissions.add(iamRolePermission);
SafeDepositBoxV1 safeDepositBoxV1 = new SafeDepositBoxV1();
safeDepositBoxV1.setId(id);
safeDepositBoxV1.setName(name);
safeDepositBoxV1.setDescription(description);
safeDepositBoxV1.setPath(path);
safeDepositBoxV1.setCategoryId(categoryId);
safeDepositBoxV1.setCreatedBy(createdBy);
safeDepositBoxV1.setLastUpdatedBy(lastUpdatedBy);
safeDepositBoxV1.setCreatedTs(createdTs);
safeDepositBoxV1.setLastUpdatedTs(lastUpdatedTs);
safeDepositBoxV1.setOwner(owner);
safeDepositBoxV1.setUserGroupPermissions(userGroupPermissions);
safeDepositBoxV1.setIamRolePermissions(iamRolePermissions);
SafeDepositBoxV2 resultantSDBV1 = safeDepositBoxService.convertSafeDepositBoxV1ToV2(safeDepositBoxV1);
SafeDepositBoxV2 expectedSdbV2 = new SafeDepositBoxV2();
expectedSdbV2.setId(id);
expectedSdbV2.setName(name);
expectedSdbV2.setDescription(description);
expectedSdbV2.setPath(path);
expectedSdbV2.setCategoryId(categoryId);
expectedSdbV2.setCreatedBy(createdBy);
expectedSdbV2.setLastUpdatedBy(lastUpdatedBy);
expectedSdbV2.setCreatedTs(createdTs);
expectedSdbV2.setLastUpdatedTs(lastUpdatedTs);
expectedSdbV2.setOwner(owner);
expectedSdbV2.setUserGroupPermissions(userGroupPermissions);
Set<IamPrincipalPermission> expectedIamRolePermissionsV2 = Sets.newHashSet();
IamPrincipalPermission expectedIamPrincipalPermission = new IamPrincipalPermission().withIamPrincipalArn(arn).withRoleId(roleId);
expectedIamRolePermissionsV2.add(expectedIamPrincipalPermission);
expectedSdbV2.setIamPrincipalPermissions(expectedIamRolePermissionsV2);
assertEquals(expectedSdbV2, resultantSDBV1);
}
Aggregations