use of com.nike.cerberus.domain.SafeDepositBoxV2 in project cerberus by Nike-Inc.
the class PermissionValidationServiceTest method mockSafeDepositBoxV2WithId.
private SafeDepositBoxV2 mockSafeDepositBoxV2WithId(String id) {
SafeDepositBoxV2 safeDepositBoxV2 = Mockito.mock(SafeDepositBoxV2.class);
Mockito.when(safeDepositBoxV2.getId()).thenReturn(id);
return safeDepositBoxV2;
}
use of com.nike.cerberus.domain.SafeDepositBoxV2 in project cerberus by Nike-Inc.
the class PermissionValidationServiceTest method testDoesPrincipalHaveOwnerPermissionsWithGroupsCaseSensitiveAndUserGroupsInUpperCase.
@Test
public void testDoesPrincipalHaveOwnerPermissionsWithGroupsCaseSensitiveAndUserGroupsInUpperCase() {
PermissionValidationService permissionValidationService = createPermissionValidationServiceWithGroupCaseSensitive(true);
Set<String> userGroups = new HashSet<>();
userGroups.add("USERGROUP1");
SafeDepositBoxV2 safeDepositBoxV2 = mockSafeDepositBoxV2WithOwner("userGroup1");
Mockito.when(safeDepositBoxService.getSafeDepositBoxDangerouslyWithoutPermissionValidation("sdbId")).thenReturn(safeDepositBoxV2);
CerberusPrincipal cerberusPrincipal = mockCerberusPrincipalWithPrincipalTypeAndUserGroups(PrincipalType.USER, userGroups);
boolean hasOwnerPermission = permissionValidationService.doesPrincipalHaveOwnerPermissions(cerberusPrincipal, "sdbId");
Assert.assertFalse(hasOwnerPermission);
}
use of com.nike.cerberus.domain.SafeDepositBoxV2 in project cerberus by Nike-Inc.
the class PermissionValidationServiceTest method mockSafeDepositBoxV2WithOwner.
private SafeDepositBoxV2 mockSafeDepositBoxV2WithOwner(String owner) {
SafeDepositBoxV2 safeDepositBoxV2 = Mockito.mock(SafeDepositBoxV2.class);
Mockito.when(safeDepositBoxV2.getOwner()).thenReturn(owner);
return safeDepositBoxV2;
}
use of com.nike.cerberus.domain.SafeDepositBoxV2 in project cerberus by Nike-Inc.
the class PermissionValidationServiceTest method testDoesPrincipalHaveOwnerPermissionsWithPrincipalTypeIAMWhenRoleIsNotAssumed.
@Test
public void testDoesPrincipalHaveOwnerPermissionsWithPrincipalTypeIAMWhenRoleIsNotAssumed() {
PermissionValidationService permissionValidationService = createPermissionValidationServiceWithGroupCaseSensitive(false);
SafeDepositBoxV2 safeDepositBoxV2 = mockSafeDepositBoxV2WithId("id");
Mockito.when(safeDepositBoxService.getSafeDepositBoxDangerouslyWithoutPermissionValidation("sdbId")).thenReturn(safeDepositBoxV2);
CerberusPrincipal cerberusPrincipal = mockCerberusPrincipalWithPrincipalTypeAndName(PrincipalType.IAM, IAM_PRINCIPAL_ARN);
String iamRootArn = "iamRootArn";
Mockito.when(awsIamRoleArnParser.convertPrincipalArnToRootArn(IAM_PRINCIPAL_ARN)).thenReturn(iamRootArn);
Mockito.when(awsIamRoleArnParser.isAssumedRoleArn(IAM_PRINCIPAL_ARN)).thenReturn(false);
String iamRoleArn = "iamRoleArn";
Mockito.when(awsIamRoleArnParser.convertPrincipalArnToRoleArn(IAM_PRINCIPAL_ARN)).thenReturn(iamRoleArn);
Mockito.when(permissionsDao.doesIamPrincipalHaveRoleForSdb(Mockito.eq("id"), Mockito.eq(IAM_PRINCIPAL_ARN), Mockito.eq(iamRootArn), Mockito.anySet())).thenReturn(true);
boolean hasOwnerPermission = permissionValidationService.doesPrincipalHaveOwnerPermissions(cerberusPrincipal, "sdbId");
Assert.assertTrue(hasOwnerPermission);
Mockito.verify(awsIamRoleArnParser).convertPrincipalArnToRootArn(IAM_PRINCIPAL_ARN);
Mockito.verify(awsIamRoleArnParser).isAssumedRoleArn(IAM_PRINCIPAL_ARN);
Mockito.verify(awsIamRoleArnParser, Mockito.never()).convertPrincipalArnToRoleArn(IAM_PRINCIPAL_ARN);
Mockito.verify(permissionsDao, Mockito.never()).doesAssumedRoleHaveRoleForSdb(Mockito.anyString(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString(), Mockito.anySet());
}
use of com.nike.cerberus.domain.SafeDepositBoxV2 in project cerberus by Nike-Inc.
the class SafeDepositBoxServiceTest method test_that_rejects_bad_user_AD_group_name.
@Test(expected = ApiException.class)
public void test_that_rejects_bad_user_AD_group_name() {
String id = "111";
String categoryId = "222";
String readId = "333";
String sdbName = "HEALTH CHECK BUCKET";
SafeDepositBoxV2 sdbObject = new SafeDepositBoxV2();
sdbObject.setId(id);
sdbObject.setPath("app/health-check-bucket/");
sdbObject.setCategoryId(categoryId);
sdbObject.setName(sdbName);
sdbObject.setOwner("app.mock.test");
sdbObject.setDescription("This SDB is read by the Health Check Lambda...");
sdbObject.setCreatedTs(OffsetDateTime.parse("2016-09-08T15:39:31Z"));
sdbObject.setLastUpdatedTs(OffsetDateTime.parse("2016-12-13T17:28:00Z"));
sdbObject.setCreatedBy("foobar@nike.com");
sdbObject.setLastUpdatedBy("foobar@nike.com");
safeDepositBoxService.adGroupNamePrefix = "app.foo";
Set<UserGroupPermission> userPerms = new HashSet<>();
userPerms.add(new UserGroupPermission().withName("app.foo").withRoleId(readId));
userPerms.add(new UserGroupPermission().withName("app.mock.blah").withRoleId(readId));
sdbObject.setUserGroupPermissions(userPerms);
safeDepositBoxService.validateUserGroupName(sdbObject);
}
Aggregations