Search in sources :

Example 16 with IamPrincipalPermission

use of com.nike.cerberus.domain.IamPrincipalPermission in project cerberus by Nike-Inc.

the class MetadataServiceTest method test_that_get_sdb_metadata_list_returns_valid_list.

@Test
public void test_that_get_sdb_metadata_list_returns_valid_list() {
    String sdbId = "123";
    String categoryName = "foo";
    String categoryId = "321";
    String name = "test-name";
    String path = "app/test-name";
    String desc = "blah blah blah";
    String by = "justin.field@nike.com";
    String careBearsGroup = "care-bears";
    String careBearsId = "000-abc";
    String grumpyBearsGroup = "grumpy-bears";
    String grumpyBearsId = "111-def";
    String ownerId = "000";
    String readId = "111";
    String arn = "arn:aws:iam::12345:role/foo-role";
    OffsetDateTime offsetDateTime = OffsetDateTime.now();
    Map<String, String> catMap = new HashMap<>();
    catMap.put(categoryId, categoryName);
    Map<String, String> roleIdToStringMap = new HashMap<>();
    roleIdToStringMap.put(ownerId, RoleRecord.ROLE_OWNER);
    roleIdToStringMap.put(readId, RoleRecord.ROLE_READ);
    when(roleService.getRoleIdToStringMap()).thenReturn(roleIdToStringMap);
    when(categoryService.getCategoryIdToCategoryNameMap()).thenReturn(catMap);
    SafeDepositBoxV2 box = new SafeDepositBoxV2();
    box.setId(sdbId);
    box.setName(name);
    box.setPath(path);
    box.setDescription(desc);
    box.setCategoryId(categoryId);
    box.setCreatedBy(by);
    box.setLastUpdatedBy(by);
    box.setCreatedTs(offsetDateTime);
    box.setLastUpdatedTs(offsetDateTime);
    box.setOwner(careBearsGroup);
    Set<UserGroupPermission> userPerms = new HashSet<>();
    userPerms.add(new UserGroupPermission().withName(grumpyBearsGroup).withRoleId(readId));
    box.setUserGroupPermissions(userPerms);
    Set<IamPrincipalPermission> iamPerms = new HashSet<>();
    iamPerms.add(new IamPrincipalPermission().withIamPrincipalArn(arn).withRoleId(readId));
    box.setIamPrincipalPermissions(iamPerms);
    when(safeDepositBoxService.getSafeDepositBoxes(1, 0)).thenReturn(Arrays.asList(box));
    List<SDBMetadata> actual = metadataService.getSDBMetadataList(1, 0, null);
    assertEquals("List should have 1 entry", 1, actual.size());
    SDBMetadata data = actual.get(0);
    assertEquals("Name should match record", name, data.getName());
    assertEquals("path  should match record", path, data.getPath());
    assertEquals("", categoryName, data.getCategory());
    assertEquals("desc  should match record", desc, data.getDescription());
    assertEquals("created by  should match record", by, data.getCreatedBy());
    assertEquals("last updated by should match record", by, data.getLastUpdatedBy());
    assertEquals("created ts should match record", offsetDateTime, data.getCreatedTs());
    assertEquals("updated ts should match record", offsetDateTime, data.getLastUpdatedTs());
    Map<String, String> expectedIamPermMap = new HashMap<>();
    expectedIamPermMap.put(arn, RoleRecord.ROLE_READ);
    assertEquals("iam role perm map should match what is returned by getIamPrincipalPermissionMap", expectedIamPermMap, data.getIamRolePermissions());
    Map<String, String> expectedGroupPermMap = new HashMap<>();
    expectedGroupPermMap.put(grumpyBearsGroup, RoleRecord.ROLE_READ);
    assertEquals("Owner group should be care-bears", careBearsGroup, data.getOwner());
    assertEquals("The user group perms should match the expected map", expectedGroupPermMap, data.getUserGroupPermissions());
}
Also used : SafeDepositBoxV2(com.nike.cerberus.domain.SafeDepositBoxV2) SDBMetadata(com.nike.cerberus.domain.SDBMetadata) OffsetDateTime(java.time.OffsetDateTime) HashMap(java.util.HashMap) UserGroupPermission(com.nike.cerberus.domain.UserGroupPermission) IamPrincipalPermission(com.nike.cerberus.domain.IamPrincipalPermission) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 17 with IamPrincipalPermission

use of com.nike.cerberus.domain.IamPrincipalPermission in project cerberus by Nike-Inc.

the class IamPrincipalPermissionServiceTest method testRevokePermissionWhenIamRoleIsNotPresent.

@Test(expected = ApiException.class)
public void testRevokePermissionWhenIamRoleIsNotPresent() {
    IamPrincipalPermission iamPrincipalPermission = Mockito.mock(IamPrincipalPermission.class);
    Mockito.when(iamPrincipalPermission.getIamPrincipalArn()).thenReturn("arn");
    Mockito.when(awsIamRoleDao.getIamRole("arn")).thenReturn(Optional.empty());
    iamPrincipalPermissionService.revokeIamPrincipalPermission("boxId", iamPrincipalPermission);
}
Also used : IamPrincipalPermission(com.nike.cerberus.domain.IamPrincipalPermission) Test(org.junit.Test)

Example 18 with IamPrincipalPermission

use of com.nike.cerberus.domain.IamPrincipalPermission in project cerberus by Nike-Inc.

the class IamPrincipalPermissionServiceTest method testGrantIamPermissionsIfRoleIsNotPresentByRoleId.

@Test(expected = ApiException.class)
public void testGrantIamPermissionsIfRoleIsNotPresentByRoleId() {
    IamPrincipalPermission iamPrincipalPermission = new IamPrincipalPermission();
    iamPrincipalPermission.setIamPrincipalArn("arn");
    iamPrincipalPermission.setRoleId("roleId");
    Set<IamPrincipalPermission> iamPrincipalPermissions = new HashSet<>();
    iamPrincipalPermissions.add(iamPrincipalPermission);
    Mockito.when(awsIamRoleDao.getIamRole("arn")).thenReturn(Optional.empty());
    Mockito.when(roleService.getRoleById("roleId")).thenReturn(Optional.empty());
    iamPrincipalPermissionService.grantIamPrincipalPermissions("boxId", iamPrincipalPermissions, "user", OffsetDateTime.MAX);
}
Also used : IamPrincipalPermission(com.nike.cerberus.domain.IamPrincipalPermission) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 19 with IamPrincipalPermission

use of com.nike.cerberus.domain.IamPrincipalPermission in project cerberus by Nike-Inc.

the class IamPrincipalPermissionServiceTest method testIamPrincipalPermissionsUpdateWhenIamRoleIsPresent.

@Test
public void testIamPrincipalPermissionsUpdateWhenIamRoleIsPresent() {
    IamPrincipalPermission iamPrincipalPermission = new IamPrincipalPermission();
    iamPrincipalPermission.setIamPrincipalArn("arn");
    AwsIamRoleRecord awsIamRoleRecord = new AwsIamRoleRecord();
    Set<IamPrincipalPermission> iamPrincipalPermissions = new HashSet<>();
    iamPrincipalPermissions.add(iamPrincipalPermission);
    Mockito.when(awsIamRoleDao.getIamRole("arn")).thenReturn(Optional.of(awsIamRoleRecord));
    iamPrincipalPermissionService.updateIamPrincipalPermissions("boxId", iamPrincipalPermissions, "user", OffsetDateTime.MAX);
    Mockito.verify(awsIamRoleDao).updateIamRolePermission(Mockito.any(AwsIamRolePermissionRecord.class));
}
Also used : AwsIamRoleRecord(com.nike.cerberus.record.AwsIamRoleRecord) AwsIamRolePermissionRecord(com.nike.cerberus.record.AwsIamRolePermissionRecord) IamPrincipalPermission(com.nike.cerberus.domain.IamPrincipalPermission) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 20 with IamPrincipalPermission

use of com.nike.cerberus.domain.IamPrincipalPermission in project cerberus by Nike-Inc.

the class IamPrincipalPermissionServiceTest method testIamPrincipalPermissionsUpdateWhenIamRoleIsNotPresent.

@Test(expected = ApiException.class)
public void testIamPrincipalPermissionsUpdateWhenIamRoleIsNotPresent() {
    IamPrincipalPermission iamPrincipalPermission = new IamPrincipalPermission();
    iamPrincipalPermission.setIamPrincipalArn("arn");
    Set<IamPrincipalPermission> iamPrincipalPermissions = new HashSet<>();
    iamPrincipalPermissions.add(iamPrincipalPermission);
    Mockito.when(awsIamRoleDao.getIamRole("arn")).thenReturn(Optional.empty());
    iamPrincipalPermissionService.updateIamPrincipalPermissions("boxId", iamPrincipalPermissions, "user", OffsetDateTime.MAX);
}
Also used : IamPrincipalPermission(com.nike.cerberus.domain.IamPrincipalPermission) HashSet(java.util.HashSet) Test(org.junit.Test)

Aggregations

IamPrincipalPermission (com.nike.cerberus.domain.IamPrincipalPermission)25 Test (org.junit.Test)23 HashSet (java.util.HashSet)12 AwsIamRoleRecord (com.nike.cerberus.record.AwsIamRoleRecord)10 AwsIamRolePermissionRecord (com.nike.cerberus.record.AwsIamRolePermissionRecord)8 SafeDepositBoxV2 (com.nike.cerberus.domain.SafeDepositBoxV2)6 UserGroupPermission (com.nike.cerberus.domain.UserGroupPermission)6 Role (com.nike.cerberus.domain.Role)5 OffsetDateTime (java.time.OffsetDateTime)3 IamRolePermission (com.nike.cerberus.domain.IamRolePermission)2 SDBMetadata (com.nike.cerberus.domain.SDBMetadata)2 SafeDepositBoxV1 (com.nike.cerberus.domain.SafeDepositBoxV1)2 SafeDepositBoxRecord (com.nike.cerberus.record.SafeDepositBoxRecord)2 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1 InputStream (java.io.InputStream)1 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1