Search in sources :

Example 16 with SafeDepositBoxV2

use of com.nike.cerberus.domain.SafeDepositBoxV2 in project cerberus by Nike-Inc.

the class PermissionValidationServiceTest method mockSafeDepositBoxV2WithId.

private SafeDepositBoxV2 mockSafeDepositBoxV2WithId(String id) {
    SafeDepositBoxV2 safeDepositBoxV2 = Mockito.mock(SafeDepositBoxV2.class);
    Mockito.when(safeDepositBoxV2.getId()).thenReturn(id);
    return safeDepositBoxV2;
}
Also used : SafeDepositBoxV2(com.nike.cerberus.domain.SafeDepositBoxV2)

Example 17 with SafeDepositBoxV2

use of com.nike.cerberus.domain.SafeDepositBoxV2 in project cerberus by Nike-Inc.

the class PermissionValidationServiceTest method testDoesPrincipalHaveOwnerPermissionsWithGroupsCaseSensitiveAndUserGroupsInUpperCase.

@Test
public void testDoesPrincipalHaveOwnerPermissionsWithGroupsCaseSensitiveAndUserGroupsInUpperCase() {
    PermissionValidationService permissionValidationService = createPermissionValidationServiceWithGroupCaseSensitive(true);
    Set<String> userGroups = new HashSet<>();
    userGroups.add("USERGROUP1");
    SafeDepositBoxV2 safeDepositBoxV2 = mockSafeDepositBoxV2WithOwner("userGroup1");
    Mockito.when(safeDepositBoxService.getSafeDepositBoxDangerouslyWithoutPermissionValidation("sdbId")).thenReturn(safeDepositBoxV2);
    CerberusPrincipal cerberusPrincipal = mockCerberusPrincipalWithPrincipalTypeAndUserGroups(PrincipalType.USER, userGroups);
    boolean hasOwnerPermission = permissionValidationService.doesPrincipalHaveOwnerPermissions(cerberusPrincipal, "sdbId");
    Assert.assertFalse(hasOwnerPermission);
}
Also used : SafeDepositBoxV2(com.nike.cerberus.domain.SafeDepositBoxV2) CerberusPrincipal(com.nike.cerberus.security.CerberusPrincipal) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 18 with SafeDepositBoxV2

use of com.nike.cerberus.domain.SafeDepositBoxV2 in project cerberus by Nike-Inc.

the class PermissionValidationServiceTest method mockSafeDepositBoxV2WithOwner.

private SafeDepositBoxV2 mockSafeDepositBoxV2WithOwner(String owner) {
    SafeDepositBoxV2 safeDepositBoxV2 = Mockito.mock(SafeDepositBoxV2.class);
    Mockito.when(safeDepositBoxV2.getOwner()).thenReturn(owner);
    return safeDepositBoxV2;
}
Also used : SafeDepositBoxV2(com.nike.cerberus.domain.SafeDepositBoxV2)

Example 19 with SafeDepositBoxV2

use of com.nike.cerberus.domain.SafeDepositBoxV2 in project cerberus by Nike-Inc.

the class PermissionValidationServiceTest method testDoesPrincipalHaveOwnerPermissionsWithPrincipalTypeIAMWhenRoleIsNotAssumed.

@Test
public void testDoesPrincipalHaveOwnerPermissionsWithPrincipalTypeIAMWhenRoleIsNotAssumed() {
    PermissionValidationService permissionValidationService = createPermissionValidationServiceWithGroupCaseSensitive(false);
    SafeDepositBoxV2 safeDepositBoxV2 = mockSafeDepositBoxV2WithId("id");
    Mockito.when(safeDepositBoxService.getSafeDepositBoxDangerouslyWithoutPermissionValidation("sdbId")).thenReturn(safeDepositBoxV2);
    CerberusPrincipal cerberusPrincipal = mockCerberusPrincipalWithPrincipalTypeAndName(PrincipalType.IAM, IAM_PRINCIPAL_ARN);
    String iamRootArn = "iamRootArn";
    Mockito.when(awsIamRoleArnParser.convertPrincipalArnToRootArn(IAM_PRINCIPAL_ARN)).thenReturn(iamRootArn);
    Mockito.when(awsIamRoleArnParser.isAssumedRoleArn(IAM_PRINCIPAL_ARN)).thenReturn(false);
    String iamRoleArn = "iamRoleArn";
    Mockito.when(awsIamRoleArnParser.convertPrincipalArnToRoleArn(IAM_PRINCIPAL_ARN)).thenReturn(iamRoleArn);
    Mockito.when(permissionsDao.doesIamPrincipalHaveRoleForSdb(Mockito.eq("id"), Mockito.eq(IAM_PRINCIPAL_ARN), Mockito.eq(iamRootArn), Mockito.anySet())).thenReturn(true);
    boolean hasOwnerPermission = permissionValidationService.doesPrincipalHaveOwnerPermissions(cerberusPrincipal, "sdbId");
    Assert.assertTrue(hasOwnerPermission);
    Mockito.verify(awsIamRoleArnParser).convertPrincipalArnToRootArn(IAM_PRINCIPAL_ARN);
    Mockito.verify(awsIamRoleArnParser).isAssumedRoleArn(IAM_PRINCIPAL_ARN);
    Mockito.verify(awsIamRoleArnParser, Mockito.never()).convertPrincipalArnToRoleArn(IAM_PRINCIPAL_ARN);
    Mockito.verify(permissionsDao, Mockito.never()).doesAssumedRoleHaveRoleForSdb(Mockito.anyString(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString(), Mockito.anySet());
}
Also used : SafeDepositBoxV2(com.nike.cerberus.domain.SafeDepositBoxV2) CerberusPrincipal(com.nike.cerberus.security.CerberusPrincipal) Test(org.junit.Test)

Example 20 with SafeDepositBoxV2

use of com.nike.cerberus.domain.SafeDepositBoxV2 in project cerberus by Nike-Inc.

the class SafeDepositBoxServiceTest method test_that_rejects_bad_user_AD_group_name.

@Test(expected = ApiException.class)
public void test_that_rejects_bad_user_AD_group_name() {
    String id = "111";
    String categoryId = "222";
    String readId = "333";
    String sdbName = "HEALTH CHECK BUCKET";
    SafeDepositBoxV2 sdbObject = new SafeDepositBoxV2();
    sdbObject.setId(id);
    sdbObject.setPath("app/health-check-bucket/");
    sdbObject.setCategoryId(categoryId);
    sdbObject.setName(sdbName);
    sdbObject.setOwner("app.mock.test");
    sdbObject.setDescription("This SDB is read by the Health Check Lambda...");
    sdbObject.setCreatedTs(OffsetDateTime.parse("2016-09-08T15:39:31Z"));
    sdbObject.setLastUpdatedTs(OffsetDateTime.parse("2016-12-13T17:28:00Z"));
    sdbObject.setCreatedBy("foobar@nike.com");
    sdbObject.setLastUpdatedBy("foobar@nike.com");
    safeDepositBoxService.adGroupNamePrefix = "app.foo";
    Set<UserGroupPermission> userPerms = new HashSet<>();
    userPerms.add(new UserGroupPermission().withName("app.foo").withRoleId(readId));
    userPerms.add(new UserGroupPermission().withName("app.mock.blah").withRoleId(readId));
    sdbObject.setUserGroupPermissions(userPerms);
    safeDepositBoxService.validateUserGroupName(sdbObject);
}
Also used : SafeDepositBoxV2(com.nike.cerberus.domain.SafeDepositBoxV2) UserGroupPermission(com.nike.cerberus.domain.UserGroupPermission) HashSet(java.util.HashSet) Test(org.junit.Test)

Aggregations

SafeDepositBoxV2 (com.nike.cerberus.domain.SafeDepositBoxV2)31 Test (org.junit.Test)29 UserGroupPermission (com.nike.cerberus.domain.UserGroupPermission)15 HashSet (java.util.HashSet)15 CerberusPrincipal (com.nike.cerberus.security.CerberusPrincipal)7 IamPrincipalPermission (com.nike.cerberus.domain.IamPrincipalPermission)6 SafeDepositBoxV1 (com.nike.cerberus.domain.SafeDepositBoxV1)6 OffsetDateTime (java.time.OffsetDateTime)3 IamRolePermission (com.nike.cerberus.domain.IamRolePermission)2 SDBMetadata (com.nike.cerberus.domain.SDBMetadata)2 SafeDepositBoxRecord (com.nike.cerberus.record.SafeDepositBoxRecord)2 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1 Role (com.nike.cerberus.domain.Role)1 InputStream (java.io.InputStream)1 HashMap (java.util.HashMap)1 HttpHeaders (org.springframework.http.HttpHeaders)1 Authentication (org.springframework.security.core.Authentication)1 UriComponentsBuilder (org.springframework.web.util.UriComponentsBuilder)1