Examples with Role com.nike.cerberus.domain.Role used on opensource projects

Example 1 with Role

use of com.nike.cerberus.domain.Role in project cerberus by Nike-Inc.

the class RoleControllerTest method testGetCategory.

@Test
public void testGetCategory() {
    Role role = Mockito.mock(Role.class);
    Mockito.when(roleService.getRoleById("id")).thenReturn(Optional.of(role));
    ResponseEntity<Role> categoryResponseEntity = roleController.getCategory("id");
    Assert.assertEquals(HttpStatus.OK, categoryResponseEntity.getStatusCode());
    Assert.assertSame(role, categoryResponseEntity.getBody());
}

Example 2 with Role

use of com.nike.cerberus.domain.Role in project cerberus by Nike-Inc.

the class IamPrincipalPermissionService method grantIamPrincipalPermission.

/**
 * Grants a IAM role permission.
 *
 * @param safeDepositBoxId The safe deposit box id
 * @param iamPrincipalPermission The IAM principal permission
 * @param user The user making the changes
 * @param dateTime The time of the changes
 */
@Transactional
public void grantIamPrincipalPermission(final String safeDepositBoxId, final IamPrincipalPermission iamPrincipalPermission, final String user, final OffsetDateTime dateTime) {
    final Optional<AwsIamRoleRecord> possibleIamRoleRecord = awsIamRoleDao.getIamRole(iamPrincipalPermission.getIamPrincipalArn());
    final Optional<Role> role = roleService.getRoleById(iamPrincipalPermission.getRoleId());
    if (role.isEmpty()) {
        throw ApiException.newBuilder().withApiErrors(DefaultApiError.IAM_ROLE_ROLE_ID_INVALID).build();
    }
    String iamRoleId;
    if (possibleIamRoleRecord.isPresent()) {
        iamRoleId = possibleIamRoleRecord.get().getId();
    } else {
        iamRoleId = uuidSupplier.get();
        AwsIamRoleRecord awsIamRoleRecord = new AwsIamRoleRecord();
        awsIamRoleRecord.setId(iamRoleId);
        awsIamRoleRecord.setAwsIamRoleArn(iamPrincipalPermission.getIamPrincipalArn());
        awsIamRoleRecord.setCreatedBy(user);
        awsIamRoleRecord.setLastUpdatedBy(user);
        awsIamRoleRecord.setCreatedTs(dateTime);
        awsIamRoleRecord.setLastUpdatedTs(dateTime);
        awsIamRoleDao.createIamRole(awsIamRoleRecord);
    }
    AwsIamRolePermissionRecord permissionRecord = new AwsIamRolePermissionRecord();
    permissionRecord.setId(uuidSupplier.get());
    permissionRecord.setAwsIamRoleId(iamRoleId);
    permissionRecord.setRoleId(iamPrincipalPermission.getRoleId());
    permissionRecord.setSdboxId(safeDepositBoxId);
    permissionRecord.setCreatedBy(user);
    permissionRecord.setLastUpdatedBy(user);
    permissionRecord.setCreatedTs(dateTime);
    permissionRecord.setLastUpdatedTs(dateTime);
    awsIamRoleDao.createIamRolePermission(permissionRecord);
}

Example 3 with Role

use of com.nike.cerberus.domain.Role in project cerberus by Nike-Inc.

the class MetadataServiceTest method test_that_restore_metadata_calls_the_sdb_service_with_expected_sdb_box.

@Test
public void test_that_restore_metadata_calls_the_sdb_service_with_expected_sdb_box() throws IOException {
    String user = "unit-test-user";
    String id = "111";
    String categoryId = "222";
    String categoryName = "Applications";
    String readId = "333";
    String sdbName = "HEALTH CHECK BUCKET";
    ObjectMapper mapper = ApplicationConfiguration.getObjectMapper();
    InputStream metadataStream = getClass().getClassLoader().getResourceAsStream("com/nike/cerberus/service/sdb_metadata_backup.json");
    SDBMetadata sdbMetadata = mapper.readValue(metadataStream, SDBMetadata.class);
    when(safeDepositBoxService.getSafeDepositBoxIdByName(sdbName)).thenReturn(Optional.ofNullable(null));
    when(uuidSupplier.get()).thenReturn(id);
    when(categoryService.getCategoryIdByName(categoryName)).thenReturn(Optional.of(categoryId));
    Role readRole = new Role();
    readRole.setId(readId);
    when(roleService.getRoleByName(RoleRecord.ROLE_READ)).thenReturn(Optional.of(readRole));
    metadataService.restoreMetadata(sdbMetadata, user);
    SafeDepositBoxV2 expectedSdb = new SafeDepositBoxV2();
    expectedSdb.setId(id);
    expectedSdb.setPath("app/health-check-bucket/");
    expectedSdb.setCategoryId(categoryId);
    expectedSdb.setName(sdbName);
    expectedSdb.setOwner("Lst-Squad.Carebears");
    expectedSdb.setDescription("This SDB is read by the Health Check Lambda...");
    expectedSdb.setCreatedTs(OffsetDateTime.parse("2016-09-08T15:39:31Z"));
    expectedSdb.setLastUpdatedTs(OffsetDateTime.parse("2016-12-13T17:28:00Z"));
    expectedSdb.setCreatedBy("justin.field@nike.com");
    expectedSdb.setLastUpdatedBy("todd.lisonbee@nike.com");
    Set<UserGroupPermission> userPerms = new HashSet<>();
    userPerms.add(new UserGroupPermission().withName("Foundation.Prod.Support").withRoleId(readId));
    userPerms.add(new UserGroupPermission().withName("Lst-NIKE.FOO.ISL").withRoleId(readId));
    expectedSdb.setUserGroupPermissions(userPerms);
    Set<IamPrincipalPermission> iamPerms = new HashSet<>();
    String arn = "arn:aws:iam::1111111111:role/lambda_prod_healthcheck";
    iamPerms.add(new IamPrincipalPermission().withIamPrincipalArn(arn).withRoleId(readId));
    expectedSdb.setIamPrincipalPermissions(iamPerms);
    expectedSdb.setUserGroupPermissions(userPerms);
    expectedSdb.setIamPrincipalPermissions(iamPerms);
    verify(safeDepositBoxService, times(1)).restoreSafeDepositBox(expectedSdb, user);
}

Example 4 with Role

use of com.nike.cerberus.domain.Role in project cerberus by Nike-Inc.

the class RoleServiceTest method testGetRoleByIdIfRoleIsPresentForGivenName.

@Test
public void testGetRoleByIdIfRoleIsPresentForGivenName() {
    RoleRecord roleRecord = createRoleRecord();
    Mockito.when(roleDao.getRoleByName("name")).thenReturn(Optional.of(roleRecord));
    Optional<Role> roleById = roleService.getRoleByName("name");
    Assert.assertTrue(roleById.isPresent());
}

Example 5 with Role

use of com.nike.cerberus.domain.Role in project cerberus by Nike-Inc.

the class UserGroupPermissionServiceTest method testGrantUserGroupPermissionsWhenUserGroupRecordIsPresentForGivenName.

@Test
public void testGrantUserGroupPermissionsWhenUserGroupRecordIsPresentForGivenName() {
    UserGroupPermission userGroupPermission = mockUserGroupPermissionWithNameAndRoleId("name", "roleId");
    Role role = Mockito.mock(Role.class);
    Mockito.when(roleService.getRoleById("roleId")).thenReturn(Optional.of(role));
    Optional<UserGroupRecord> userGroupRecord = getUserGroup();
    Mockito.when(userGroupDao.getUserGroupByName("name")).thenReturn(userGroupRecord);
    Set<UserGroupPermission> userGroupPermissions = new HashSet<>();
    userGroupPermissions.add(userGroupPermission);
    userGroupPermissionService.grantUserGroupPermissions("safeBoxId", userGroupPermissions, "user", OffsetDateTime.MAX);
    Mockito.verify(userGroupDao).createUserGroupPermission(Mockito.any(UserGroupPermissionRecord.class));
}