use of com.nike.cerberus.domain.UserGroupPermission in project cerberus by Nike-Inc.
the class MetadataServiceTest method test_that_restore_metadata_calls_the_sdb_service_with_expected_sdb_box.
@Test
public void test_that_restore_metadata_calls_the_sdb_service_with_expected_sdb_box() throws IOException {
String user = "unit-test-user";
String id = "111";
String categoryId = "222";
String categoryName = "Applications";
String readId = "333";
String sdbName = "HEALTH CHECK BUCKET";
ObjectMapper mapper = ApplicationConfiguration.getObjectMapper();
InputStream metadataStream = getClass().getClassLoader().getResourceAsStream("com/nike/cerberus/service/sdb_metadata_backup.json");
SDBMetadata sdbMetadata = mapper.readValue(metadataStream, SDBMetadata.class);
when(safeDepositBoxService.getSafeDepositBoxIdByName(sdbName)).thenReturn(Optional.ofNullable(null));
when(uuidSupplier.get()).thenReturn(id);
when(categoryService.getCategoryIdByName(categoryName)).thenReturn(Optional.of(categoryId));
Role readRole = new Role();
readRole.setId(readId);
when(roleService.getRoleByName(RoleRecord.ROLE_READ)).thenReturn(Optional.of(readRole));
metadataService.restoreMetadata(sdbMetadata, user);
SafeDepositBoxV2 expectedSdb = new SafeDepositBoxV2();
expectedSdb.setId(id);
expectedSdb.setPath("app/health-check-bucket/");
expectedSdb.setCategoryId(categoryId);
expectedSdb.setName(sdbName);
expectedSdb.setOwner("Lst-Squad.Carebears");
expectedSdb.setDescription("This SDB is read by the Health Check Lambda...");
expectedSdb.setCreatedTs(OffsetDateTime.parse("2016-09-08T15:39:31Z"));
expectedSdb.setLastUpdatedTs(OffsetDateTime.parse("2016-12-13T17:28:00Z"));
expectedSdb.setCreatedBy("justin.field@nike.com");
expectedSdb.setLastUpdatedBy("todd.lisonbee@nike.com");
Set<UserGroupPermission> userPerms = new HashSet<>();
userPerms.add(new UserGroupPermission().withName("Foundation.Prod.Support").withRoleId(readId));
userPerms.add(new UserGroupPermission().withName("Lst-NIKE.FOO.ISL").withRoleId(readId));
expectedSdb.setUserGroupPermissions(userPerms);
Set<IamPrincipalPermission> iamPerms = new HashSet<>();
String arn = "arn:aws:iam::1111111111:role/lambda_prod_healthcheck";
iamPerms.add(new IamPrincipalPermission().withIamPrincipalArn(arn).withRoleId(readId));
expectedSdb.setIamPrincipalPermissions(iamPerms);
expectedSdb.setUserGroupPermissions(userPerms);
expectedSdb.setIamPrincipalPermissions(iamPerms);
verify(safeDepositBoxService, times(1)).restoreSafeDepositBox(expectedSdb, user);
}
use of com.nike.cerberus.domain.UserGroupPermission in project cerberus by Nike-Inc.
the class PermissionValidationServiceTest method testDoesPrincipalHaveReadPermissionWithPrincipalTypeAndGroupsCaseInSensitiveHavingUserGroupsInUpperCase.
@Test
public void testDoesPrincipalHaveReadPermissionWithPrincipalTypeAndGroupsCaseInSensitiveHavingUserGroupsInUpperCase() {
PermissionValidationService permissionValidationService = createPermissionValidationServiceWithGroupCaseSensitive(false);
Set<String> userGroups = new HashSet<>();
userGroups.add("USERGROUP1");
CerberusPrincipal cerberusPrincipal = mockCerberusPrincipalWithPrincipalTypeAndUserGroups(PrincipalType.USER, userGroups);
Set<UserGroupPermission> userGroupPermissions = mockUserGroupPermissionWithName();
Mockito.when(userGroupPermissionService.getUserGroupPermissions("sdbId")).thenReturn(userGroupPermissions);
boolean hasPermission = permissionValidationService.doesPrincipalHaveReadPermission(cerberusPrincipal, "sdbId");
Assert.assertTrue(hasPermission);
}
use of com.nike.cerberus.domain.UserGroupPermission in project cerberus by Nike-Inc.
the class SafeDepositBoxServiceTest method test_that_restore_safe_deposit_box_updates_with_expected_sdb_record_from_safe_depot_box_object_when_the_sdb_already_exists.
@Test
public void test_that_restore_safe_deposit_box_updates_with_expected_sdb_record_from_safe_depot_box_object_when_the_sdb_already_exists() {
String id = "111";
String categoryId = "222";
String readId = "333";
String sdbName = "HEALTH CHECK BUCKET";
String sdbId = "asdf-1231-23sad-asd";
SafeDepositBoxV2 sdbObject = new SafeDepositBoxV2();
sdbObject.setId(id);
sdbObject.setPath("app/health-check-bucket/");
sdbObject.setCategoryId(categoryId);
sdbObject.setName(sdbName);
sdbObject.setOwner("Lst-Squad.Carebears");
sdbObject.setDescription("This SDB is read by the Health Check Lambda...");
sdbObject.setCreatedTs(OffsetDateTime.parse("2016-09-08T15:39:31Z"));
sdbObject.setLastUpdatedTs(OffsetDateTime.parse("2016-12-13T17:28:00Z"));
sdbObject.setCreatedBy("justin.field@nike.com");
sdbObject.setLastUpdatedBy("todd.lisonbee@nike.com");
Set<UserGroupPermission> userPerms = new HashSet<>();
userPerms.add(new UserGroupPermission().withName("Foundation.Prod.Support").withRoleId(readId));
userPerms.add(new UserGroupPermission().withName("Lst-NIKE.FOO.ISL").withRoleId(readId));
sdbObject.setUserGroupPermissions(userPerms);
Set<IamPrincipalPermission> iamPerms = new HashSet<>();
iamPerms.add(new IamPrincipalPermission().withIamPrincipalArn("arn:aws:iam::1111111111:role/lambda_prod_healthcheck").withRoleId(readId));
sdbObject.setIamPrincipalPermissions(iamPerms);
sdbObject.setUserGroupPermissions(userPerms);
sdbObject.setIamPrincipalPermissions(iamPerms);
SafeDepositBoxRecord boxToStore = new SafeDepositBoxRecord();
boxToStore.setId(sdbObject.getId());
boxToStore.setPath(sdbObject.getPath());
boxToStore.setCategoryId(sdbObject.getCategoryId());
boxToStore.setName(sdbObject.getName());
boxToStore.setDescription(sdbObject.getDescription());
boxToStore.setCreatedTs(sdbObject.getCreatedTs());
boxToStore.setLastUpdatedTs(sdbObject.getLastUpdatedTs());
boxToStore.setCreatedBy(sdbObject.getCreatedBy());
boxToStore.setLastUpdatedBy(sdbObject.getLastUpdatedBy());
SafeDepositBoxRecord existingRecord = new SafeDepositBoxRecord();
existingRecord.setId(sdbId);
when(safeDepositBoxDao.getSafeDepositBox(sdbObject.getId())).thenReturn(Optional.of(existingRecord));
doNothing().when(safeDepositBoxServiceSpy).updateOwner(any(), any(), any(), any());
doNothing().when(safeDepositBoxServiceSpy).modifyUserGroupPermissions(any(), any(), any(), any());
doNothing().when(safeDepositBoxServiceSpy).modifyIamPrincipalPermissions(any(), any(), any(), any());
doReturn(sdbObject).when(safeDepositBoxServiceSpy).getSDBFromRecordV2(any());
safeDepositBoxServiceSpy.restoreSafeDepositBox(sdbObject, "admin-user");
verify(safeDepositBoxDao, times(1)).fullUpdateSafeDepositBox(boxToStore);
}
use of com.nike.cerberus.domain.UserGroupPermission in project cerberus by Nike-Inc.
the class SafeDepositBoxServiceTest method test_that_validates_user_AD_group_name_on_user_group_change.
@Test
public void test_that_validates_user_AD_group_name_on_user_group_change() {
String id = "111";
String categoryId = "222";
String readId = "333";
String sdbName = "HEALTH CHECK BUCKET";
SafeDepositBoxV2 sdbObject = new SafeDepositBoxV2();
sdbObject.setId(id);
sdbObject.setPath("app/health-check-bucket/");
sdbObject.setCategoryId(categoryId);
sdbObject.setName(sdbName);
sdbObject.setOwner("app.mock.test");
sdbObject.setDescription("This SDB is read by the Health Check Lambda...");
sdbObject.setCreatedTs(OffsetDateTime.parse("2016-09-08T15:39:31Z"));
sdbObject.setLastUpdatedTs(OffsetDateTime.parse("2016-12-13T17:28:00Z"));
sdbObject.setCreatedBy("foobar@nike.com");
sdbObject.setLastUpdatedBy("foobar@nike.com");
SafeDepositBoxV2 newSdbObject = new SafeDepositBoxV2();
newSdbObject.setId(id);
newSdbObject.setPath("app/health-check-bucket/");
newSdbObject.setCategoryId(categoryId);
newSdbObject.setName(sdbName);
newSdbObject.setOwner("app.mock.test");
newSdbObject.setDescription("This SDB is read by the Health Check Lambda...");
newSdbObject.setCreatedTs(OffsetDateTime.parse("2016-09-08T15:39:31Z"));
newSdbObject.setLastUpdatedTs(OffsetDateTime.parse("2016-12-13T17:28:00Z"));
newSdbObject.setCreatedBy("foobar@nike.com");
newSdbObject.setLastUpdatedBy("foobar@nike.com");
safeDepositBoxService.adGroupNamePrefix = "app.mock";
Set<UserGroupPermission> userPerms = new HashSet<>();
userPerms.add(new UserGroupPermission().withName("lst.mock").withRoleId(readId));
userPerms.add(new UserGroupPermission().withName("app.mock.blah").withRoleId(readId));
sdbObject.setUserGroupPermissions(userPerms);
Set<UserGroupPermission> newUserPerms = new HashSet<>();
newUserPerms.add(new UserGroupPermission().withName("app.mock").withRoleId(readId));
newUserPerms.add(new UserGroupPermission().withName("app.mock.blah").withRoleId(readId));
newSdbObject.setUserGroupPermissions(newUserPerms);
safeDepositBoxService.validateNewUserGroupPermissions(sdbObject, newSdbObject);
}
use of com.nike.cerberus.domain.UserGroupPermission in project cerberus by Nike-Inc.
the class SafeDepositBoxServiceTest method test_that_restore_safe_deposit_box_creates_with_expected_sdb_record_from_safe_depot_box_object.
@Test
public void test_that_restore_safe_deposit_box_creates_with_expected_sdb_record_from_safe_depot_box_object() {
String id = "111";
String categoryId = "222";
String readId = "333";
String sdbName = "HEALTH CHECK BUCKET";
SafeDepositBoxV2 sdbObject = new SafeDepositBoxV2();
sdbObject.setId(id);
sdbObject.setPath("app/health-check-bucket/");
sdbObject.setCategoryId(categoryId);
sdbObject.setName(sdbName);
sdbObject.setOwner("Lst-Squad.Carebears");
sdbObject.setDescription("This SDB is read by the Health Check Lambda...");
sdbObject.setCreatedTs(OffsetDateTime.parse("2016-09-08T15:39:31Z"));
sdbObject.setLastUpdatedTs(OffsetDateTime.parse("2016-12-13T17:28:00Z"));
sdbObject.setCreatedBy("justin.field@nike.com");
sdbObject.setLastUpdatedBy("todd.lisonbee@nike.com");
Set<UserGroupPermission> userPerms = new HashSet<>();
userPerms.add(new UserGroupPermission().withName("Foundation.Prod.Support").withRoleId(readId));
userPerms.add(new UserGroupPermission().withName("Lst-NIKE.FOO.ISL").withRoleId(readId));
sdbObject.setUserGroupPermissions(userPerms);
Set<IamPrincipalPermission> iamPerms = new HashSet<>();
iamPerms.add(new IamPrincipalPermission().withIamPrincipalArn("arn:aws:iam::1111111111:role/lambda_prod_healthcheck").withRoleId(readId));
sdbObject.setIamPrincipalPermissions(iamPerms);
sdbObject.setUserGroupPermissions(userPerms);
sdbObject.setIamPrincipalPermissions(iamPerms);
SafeDepositBoxRecord boxToStore = new SafeDepositBoxRecord();
boxToStore.setId(sdbObject.getId());
boxToStore.setPath(sdbObject.getPath());
boxToStore.setCategoryId(sdbObject.getCategoryId());
boxToStore.setName(sdbObject.getName());
boxToStore.setDescription(sdbObject.getDescription());
boxToStore.setCreatedTs(sdbObject.getCreatedTs());
boxToStore.setLastUpdatedTs(sdbObject.getLastUpdatedTs());
boxToStore.setCreatedBy(sdbObject.getCreatedBy());
boxToStore.setLastUpdatedBy(sdbObject.getLastUpdatedBy());
when(safeDepositBoxDao.getSafeDepositBox(sdbObject.getId())).thenReturn(Optional.ofNullable(null));
doNothing().when(safeDepositBoxServiceSpy).addOwnerPermission(any(), any());
safeDepositBoxServiceSpy.restoreSafeDepositBox(sdbObject, "admin-user");
verify(safeDepositBoxDao, times(1)).createSafeDepositBox(boxToStore);
}
Aggregations