Search in sources :

Example 11 with IamPrincipalPermission

use of com.nike.cerberus.domain.IamPrincipalPermission in project cerberus by Nike-Inc.

the class IamPrincipalPermissionServiceTest method testIamPrincipalPermissionUpdateWhenIamRoleIsPresent.

@Test
public void testIamPrincipalPermissionUpdateWhenIamRoleIsPresent() {
    IamPrincipalPermission iamPrincipalPermission = new IamPrincipalPermission();
    iamPrincipalPermission.setIamPrincipalArn("arn");
    AwsIamRoleRecord awsIamRoleRecord = new AwsIamRoleRecord();
    Mockito.when(awsIamRoleDao.getIamRole("arn")).thenReturn(Optional.of(awsIamRoleRecord));
    iamPrincipalPermissionService.updateIamPrincipalPermission("boxId", iamPrincipalPermission, "user", OffsetDateTime.MAX);
    Mockito.verify(awsIamRoleDao).updateIamRolePermission(Mockito.any(AwsIamRolePermissionRecord.class));
}
Also used : AwsIamRoleRecord(com.nike.cerberus.record.AwsIamRoleRecord) AwsIamRolePermissionRecord(com.nike.cerberus.record.AwsIamRolePermissionRecord) IamPrincipalPermission(com.nike.cerberus.domain.IamPrincipalPermission) Test(org.junit.Test)

Example 12 with IamPrincipalPermission

use of com.nike.cerberus.domain.IamPrincipalPermission in project cerberus by Nike-Inc.

the class IamPrincipalPermissionServiceTest method testGrantIamPermissionIfRoleIsPresentByRoleIdAndRoleRecordNotFound.

@Test
public void testGrantIamPermissionIfRoleIsPresentByRoleIdAndRoleRecordNotFound() {
    IamPrincipalPermission iamPrincipalPermission = new IamPrincipalPermission();
    iamPrincipalPermission.setIamPrincipalArn("arn");
    iamPrincipalPermission.setRoleId("roleId");
    Role role = new Role();
    Mockito.when(awsIamRoleDao.getIamRole("arn")).thenReturn(Optional.empty());
    Mockito.when(roleService.getRoleById("roleId")).thenReturn(Optional.of(role));
    Mockito.when(uuidSupplier.get()).thenReturn("uuid");
    iamPrincipalPermissionService.grantIamPrincipalPermission("boxId", iamPrincipalPermission, "user", OffsetDateTime.MAX);
    Mockito.verify(awsIamRoleDao).createIamRole(Mockito.any(AwsIamRoleRecord.class));
    Mockito.verify(awsIamRoleDao).createIamRolePermission(Mockito.any(AwsIamRolePermissionRecord.class));
}
Also used : Role(com.nike.cerberus.domain.Role) AwsIamRoleRecord(com.nike.cerberus.record.AwsIamRoleRecord) AwsIamRolePermissionRecord(com.nike.cerberus.record.AwsIamRolePermissionRecord) IamPrincipalPermission(com.nike.cerberus.domain.IamPrincipalPermission) Test(org.junit.Test)

Example 13 with IamPrincipalPermission

use of com.nike.cerberus.domain.IamPrincipalPermission in project cerberus by Nike-Inc.

the class IamPrincipalPermissionsValidator method isValid.

public boolean isValid(Set<IamPrincipalPermission> iamRolePermissionSet, ConstraintValidatorContext context) {
    if (iamRolePermissionSet == null || iamRolePermissionSet.isEmpty()) {
        return true;
    }
    boolean isValid = true;
    Set<String> iamRoles = new HashSet<>();
    for (IamPrincipalPermission iamRolePermission : iamRolePermissionSet) {
        final String key = buildKey(iamRolePermission);
        if (iamRoles.contains(key)) {
            isValid = false;
            break;
        } else {
            iamRoles.add(key);
        }
    }
    return isValid;
}
Also used : IamPrincipalPermission(com.nike.cerberus.domain.IamPrincipalPermission) HashSet(java.util.HashSet)

Example 14 with IamPrincipalPermission

use of com.nike.cerberus.domain.IamPrincipalPermission in project cerberus by Nike-Inc.

the class SafeDepositBoxServiceTest method test_that_convertSafeDepositBoxV1ToV2_creates_expected_safe_deposit_box_v2.

@Test
public void test_that_convertSafeDepositBoxV1ToV2_creates_expected_safe_deposit_box_v2() {
    String id = "id";
    String name = "name";
    String description = "description";
    String path = "path";
    String categoryId = "category id";
    String createdBy = "created by";
    String lastUpdatedBy = "last updated by";
    OffsetDateTime createdTs = OffsetDateTime.now();
    OffsetDateTime lastUpdatedTs = OffsetDateTime.now();
    String owner = "owner";
    String accountId = "123";
    String roleName = "abc";
    String arn = "arn:aws:iam::123:role/abc";
    String roleId = "role id";
    Set<UserGroupPermission> userGroupPermissions = Sets.newHashSet();
    UserGroupPermission userGroupPermission = new UserGroupPermission();
    userGroupPermissions.add(userGroupPermission);
    Set<IamPrincipalPermission> iamRolePermissions = Sets.newHashSet();
    IamPrincipalPermission iamRolePermission = new IamPrincipalPermission().withIamPrincipalArn(arn).withRoleId(roleId);
    iamRolePermissions.add(iamRolePermission);
    SafeDepositBoxV2 safeDepositBoxV2 = new SafeDepositBoxV2();
    safeDepositBoxV2.setId(id);
    safeDepositBoxV2.setName(name);
    safeDepositBoxV2.setDescription(description);
    safeDepositBoxV2.setPath(path);
    safeDepositBoxV2.setCategoryId(categoryId);
    safeDepositBoxV2.setCreatedBy(createdBy);
    safeDepositBoxV2.setLastUpdatedBy(lastUpdatedBy);
    safeDepositBoxV2.setCreatedTs(createdTs);
    safeDepositBoxV2.setLastUpdatedTs(lastUpdatedTs);
    safeDepositBoxV2.setOwner(owner);
    safeDepositBoxV2.setUserGroupPermissions(userGroupPermissions);
    safeDepositBoxV2.setIamPrincipalPermissions(iamRolePermissions);
    when(awsIamRoleArnParser.getAccountId(arn)).thenReturn(accountId);
    when(awsIamRoleArnParser.getRoleName(arn)).thenReturn(roleName);
    SafeDepositBoxV1 resultantSDBV1 = safeDepositBoxService.convertSafeDepositBoxV2ToV1(safeDepositBoxV2);
    SafeDepositBoxV1 expectedSdbV1 = new SafeDepositBoxV1();
    expectedSdbV1.setId(id);
    expectedSdbV1.setName(name);
    expectedSdbV1.setDescription(description);
    expectedSdbV1.setPath(path);
    expectedSdbV1.setCategoryId(categoryId);
    expectedSdbV1.setCreatedBy(createdBy);
    expectedSdbV1.setLastUpdatedBy(lastUpdatedBy);
    expectedSdbV1.setCreatedTs(createdTs);
    expectedSdbV1.setLastUpdatedTs(lastUpdatedTs);
    expectedSdbV1.setOwner(owner);
    expectedSdbV1.setUserGroupPermissions(userGroupPermissions);
    Set<IamRolePermission> expectedIamRolePermissionsV1 = Sets.newHashSet();
    IamRolePermission expectedIamRolePermission = new IamRolePermission().withAccountId(accountId).withIamRoleName(roleName).withRoleId(roleId);
    expectedIamRolePermissionsV1.add(expectedIamRolePermission);
    expectedSdbV1.setIamRolePermissions(expectedIamRolePermissionsV1);
    assertEquals(expectedSdbV1, resultantSDBV1);
}
Also used : SafeDepositBoxV1(com.nike.cerberus.domain.SafeDepositBoxV1) SafeDepositBoxV2(com.nike.cerberus.domain.SafeDepositBoxV2) OffsetDateTime(java.time.OffsetDateTime) IamRolePermission(com.nike.cerberus.domain.IamRolePermission) UserGroupPermission(com.nike.cerberus.domain.UserGroupPermission) IamPrincipalPermission(com.nike.cerberus.domain.IamPrincipalPermission) Test(org.junit.Test)

Example 15 with IamPrincipalPermission

use of com.nike.cerberus.domain.IamPrincipalPermission in project cerberus by Nike-Inc.

the class SafeDepositBoxServiceTest method test_that_convertSafeDepositBoxV2ToV1_creates_expected_safe_deposit_box_v1.

@Test
public void test_that_convertSafeDepositBoxV2ToV1_creates_expected_safe_deposit_box_v1() {
    String id = "id";
    String name = "name";
    String description = "description";
    String path = "path";
    String categoryId = "category id";
    String createdBy = "created by";
    String lastUpdatedBy = "last updated by";
    OffsetDateTime createdTs = OffsetDateTime.now();
    OffsetDateTime lastUpdatedTs = OffsetDateTime.now();
    String owner = "owner";
    String accountId = "123";
    String roleName = "abc";
    String arn = "arn:aws:iam::123:role/abc";
    String roleId = "role id";
    Set<UserGroupPermission> userGroupPermissions = Sets.newHashSet();
    UserGroupPermission userGroupPermission = new UserGroupPermission();
    userGroupPermissions.add(userGroupPermission);
    Set<IamRolePermission> iamRolePermissions = Sets.newHashSet();
    IamRolePermission iamRolePermission = new IamRolePermission().withAccountId(accountId).withIamRoleName(roleName).withRoleId(roleId);
    iamRolePermissions.add(iamRolePermission);
    SafeDepositBoxV1 safeDepositBoxV1 = new SafeDepositBoxV1();
    safeDepositBoxV1.setId(id);
    safeDepositBoxV1.setName(name);
    safeDepositBoxV1.setDescription(description);
    safeDepositBoxV1.setPath(path);
    safeDepositBoxV1.setCategoryId(categoryId);
    safeDepositBoxV1.setCreatedBy(createdBy);
    safeDepositBoxV1.setLastUpdatedBy(lastUpdatedBy);
    safeDepositBoxV1.setCreatedTs(createdTs);
    safeDepositBoxV1.setLastUpdatedTs(lastUpdatedTs);
    safeDepositBoxV1.setOwner(owner);
    safeDepositBoxV1.setUserGroupPermissions(userGroupPermissions);
    safeDepositBoxV1.setIamRolePermissions(iamRolePermissions);
    SafeDepositBoxV2 resultantSDBV1 = safeDepositBoxService.convertSafeDepositBoxV1ToV2(safeDepositBoxV1);
    SafeDepositBoxV2 expectedSdbV2 = new SafeDepositBoxV2();
    expectedSdbV2.setId(id);
    expectedSdbV2.setName(name);
    expectedSdbV2.setDescription(description);
    expectedSdbV2.setPath(path);
    expectedSdbV2.setCategoryId(categoryId);
    expectedSdbV2.setCreatedBy(createdBy);
    expectedSdbV2.setLastUpdatedBy(lastUpdatedBy);
    expectedSdbV2.setCreatedTs(createdTs);
    expectedSdbV2.setLastUpdatedTs(lastUpdatedTs);
    expectedSdbV2.setOwner(owner);
    expectedSdbV2.setUserGroupPermissions(userGroupPermissions);
    Set<IamPrincipalPermission> expectedIamRolePermissionsV2 = Sets.newHashSet();
    IamPrincipalPermission expectedIamPrincipalPermission = new IamPrincipalPermission().withIamPrincipalArn(arn).withRoleId(roleId);
    expectedIamRolePermissionsV2.add(expectedIamPrincipalPermission);
    expectedSdbV2.setIamPrincipalPermissions(expectedIamRolePermissionsV2);
    assertEquals(expectedSdbV2, resultantSDBV1);
}
Also used : SafeDepositBoxV1(com.nike.cerberus.domain.SafeDepositBoxV1) SafeDepositBoxV2(com.nike.cerberus.domain.SafeDepositBoxV2) OffsetDateTime(java.time.OffsetDateTime) IamRolePermission(com.nike.cerberus.domain.IamRolePermission) UserGroupPermission(com.nike.cerberus.domain.UserGroupPermission) IamPrincipalPermission(com.nike.cerberus.domain.IamPrincipalPermission) Test(org.junit.Test)

Aggregations

IamPrincipalPermission (com.nike.cerberus.domain.IamPrincipalPermission)25 Test (org.junit.Test)23 HashSet (java.util.HashSet)12 AwsIamRoleRecord (com.nike.cerberus.record.AwsIamRoleRecord)10 AwsIamRolePermissionRecord (com.nike.cerberus.record.AwsIamRolePermissionRecord)8 SafeDepositBoxV2 (com.nike.cerberus.domain.SafeDepositBoxV2)6 UserGroupPermission (com.nike.cerberus.domain.UserGroupPermission)6 Role (com.nike.cerberus.domain.Role)5 OffsetDateTime (java.time.OffsetDateTime)3 IamRolePermission (com.nike.cerberus.domain.IamRolePermission)2 SDBMetadata (com.nike.cerberus.domain.SDBMetadata)2 SafeDepositBoxV1 (com.nike.cerberus.domain.SafeDepositBoxV1)2 SafeDepositBoxRecord (com.nike.cerberus.record.SafeDepositBoxRecord)2 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1 InputStream (java.io.InputStream)1 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1