Search in sources :

Example 21 with UserGroupPermission

use of com.nike.cerberus.domain.UserGroupPermission in project cerberus by Nike-Inc.

the class PermissionValidationServiceTest method testDoesPrincipalHaveReadPermissionWithPrincipalTypeAndGroupsCaseInSensitiveHavingUserGroupsInLowerCase.

@Test
public void testDoesPrincipalHaveReadPermissionWithPrincipalTypeAndGroupsCaseInSensitiveHavingUserGroupsInLowerCase() {
    PermissionValidationService permissionValidationService = createPermissionValidationServiceWithGroupCaseSensitive(false);
    Set<String> userGroups = new HashSet<>();
    userGroups.add("usergroup1");
    CerberusPrincipal cerberusPrincipal = mockCerberusPrincipalWithPrincipalTypeAndUserGroups(PrincipalType.USER, userGroups);
    Set<UserGroupPermission> userGroupPermissions = mockUserGroupPermissionWithName();
    Mockito.when(userGroupPermissionService.getUserGroupPermissions("sdbId")).thenReturn(userGroupPermissions);
    boolean hasPermission = permissionValidationService.doesPrincipalHaveReadPermission(cerberusPrincipal, "sdbId");
    Assert.assertTrue(hasPermission);
}
Also used : UserGroupPermission(com.nike.cerberus.domain.UserGroupPermission) CerberusPrincipal(com.nike.cerberus.security.CerberusPrincipal) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 22 with UserGroupPermission

use of com.nike.cerberus.domain.UserGroupPermission in project cerberus by Nike-Inc.

the class SafeDepositBoxServiceTest method test_that_rejects_bad_user_AD_group_name.

@Test(expected = ApiException.class)
public void test_that_rejects_bad_user_AD_group_name() {
    String id = "111";
    String categoryId = "222";
    String readId = "333";
    String sdbName = "HEALTH CHECK BUCKET";
    SafeDepositBoxV2 sdbObject = new SafeDepositBoxV2();
    sdbObject.setId(id);
    sdbObject.setPath("app/health-check-bucket/");
    sdbObject.setCategoryId(categoryId);
    sdbObject.setName(sdbName);
    sdbObject.setOwner("app.mock.test");
    sdbObject.setDescription("This SDB is read by the Health Check Lambda...");
    sdbObject.setCreatedTs(OffsetDateTime.parse("2016-09-08T15:39:31Z"));
    sdbObject.setLastUpdatedTs(OffsetDateTime.parse("2016-12-13T17:28:00Z"));
    sdbObject.setCreatedBy("foobar@nike.com");
    sdbObject.setLastUpdatedBy("foobar@nike.com");
    safeDepositBoxService.adGroupNamePrefix = "app.foo";
    Set<UserGroupPermission> userPerms = new HashSet<>();
    userPerms.add(new UserGroupPermission().withName("app.foo").withRoleId(readId));
    userPerms.add(new UserGroupPermission().withName("app.mock.blah").withRoleId(readId));
    sdbObject.setUserGroupPermissions(userPerms);
    safeDepositBoxService.validateUserGroupName(sdbObject);
}
Also used : SafeDepositBoxV2(com.nike.cerberus.domain.SafeDepositBoxV2) UserGroupPermission(com.nike.cerberus.domain.UserGroupPermission) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 23 with UserGroupPermission

use of com.nike.cerberus.domain.UserGroupPermission in project cerberus by Nike-Inc.

the class SafeDepositBoxServiceTest method test_that_validates_user_AD_group_name_on_user_group_addition.

@Test
public void test_that_validates_user_AD_group_name_on_user_group_addition() {
    String id = "111";
    String categoryId = "222";
    String readId = "333";
    String sdbName = "HEALTH CHECK BUCKET";
    SafeDepositBoxV2 sdbObject = new SafeDepositBoxV2();
    sdbObject.setId(id);
    sdbObject.setPath("app/health-check-bucket/");
    sdbObject.setCategoryId(categoryId);
    sdbObject.setName(sdbName);
    sdbObject.setOwner("app.mock.test");
    sdbObject.setDescription("This SDB is read by the Health Check Lambda...");
    sdbObject.setCreatedTs(OffsetDateTime.parse("2016-09-08T15:39:31Z"));
    sdbObject.setLastUpdatedTs(OffsetDateTime.parse("2016-12-13T17:28:00Z"));
    sdbObject.setCreatedBy("foobar@nike.com");
    sdbObject.setLastUpdatedBy("foobar@nike.com");
    SafeDepositBoxV2 newSdbObject = new SafeDepositBoxV2();
    newSdbObject.setId(id);
    newSdbObject.setPath("app/health-check-bucket/");
    newSdbObject.setCategoryId(categoryId);
    newSdbObject.setName(sdbName);
    newSdbObject.setOwner("app.mock.test");
    newSdbObject.setDescription("This SDB is read by the Health Check Lambda...");
    newSdbObject.setCreatedTs(OffsetDateTime.parse("2016-09-08T15:39:31Z"));
    newSdbObject.setLastUpdatedTs(OffsetDateTime.parse("2016-12-13T17:28:00Z"));
    newSdbObject.setCreatedBy("foobar@nike.com");
    newSdbObject.setLastUpdatedBy("foobar@nike.com");
    safeDepositBoxService.adGroupNamePrefix = "app.mock";
    Set<UserGroupPermission> userPerms = new HashSet<>();
    userPerms.add(new UserGroupPermission().withName("lst.mock").withRoleId(readId));
    userPerms.add(new UserGroupPermission().withName("app.mock.blah").withRoleId(readId));
    sdbObject.setUserGroupPermissions(userPerms);
    Set<UserGroupPermission> newUserPerms = new HashSet<>();
    newUserPerms.add(new UserGroupPermission().withName("lst.mock").withRoleId(readId));
    newUserPerms.add(new UserGroupPermission().withName("app.mock.blah").withRoleId(readId));
    newUserPerms.add(new UserGroupPermission().withName("app.mock.foobar").withRoleId(readId));
    newSdbObject.setUserGroupPermissions(newUserPerms);
    safeDepositBoxService.validateNewUserGroupPermissions(sdbObject, newSdbObject);
}
Also used : SafeDepositBoxV2(com.nike.cerberus.domain.SafeDepositBoxV2) UserGroupPermission(com.nike.cerberus.domain.UserGroupPermission) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 24 with UserGroupPermission

use of com.nike.cerberus.domain.UserGroupPermission in project cerberus by Nike-Inc.

the class SafeDepositBoxServiceTest method test_that_invalidates_user_AD_group_name_on_user_group_addition.

@Test(expected = ApiException.class)
public void test_that_invalidates_user_AD_group_name_on_user_group_addition() {
    String id = "111";
    String categoryId = "222";
    String readId = "333";
    String sdbName = "HEALTH CHECK BUCKET";
    SafeDepositBoxV2 sdbObject = new SafeDepositBoxV2();
    sdbObject.setId(id);
    sdbObject.setPath("app/health-check-bucket/");
    sdbObject.setCategoryId(categoryId);
    sdbObject.setName(sdbName);
    sdbObject.setOwner("app.mock.test");
    sdbObject.setDescription("This SDB is read by the Health Check Lambda...");
    sdbObject.setCreatedTs(OffsetDateTime.parse("2016-09-08T15:39:31Z"));
    sdbObject.setLastUpdatedTs(OffsetDateTime.parse("2016-12-13T17:28:00Z"));
    sdbObject.setCreatedBy("foobar@nike.com");
    sdbObject.setLastUpdatedBy("foobar@nike.com");
    SafeDepositBoxV2 newSdbObject = new SafeDepositBoxV2();
    newSdbObject.setId(id);
    newSdbObject.setPath("app/health-check-bucket/");
    newSdbObject.setCategoryId(categoryId);
    newSdbObject.setName(sdbName);
    newSdbObject.setOwner("app.mock.test");
    newSdbObject.setDescription("This SDB is read by the Health Check Lambda...");
    newSdbObject.setCreatedTs(OffsetDateTime.parse("2016-09-08T15:39:31Z"));
    newSdbObject.setLastUpdatedTs(OffsetDateTime.parse("2016-12-13T17:28:00Z"));
    newSdbObject.setCreatedBy("foobar@nike.com");
    newSdbObject.setLastUpdatedBy("foobar@nike.com");
    safeDepositBoxService.adGroupNamePrefix = "app.mock";
    Set<UserGroupPermission> userPerms = new HashSet<>();
    userPerms.add(new UserGroupPermission().withName("lst.mock").withRoleId(readId));
    userPerms.add(new UserGroupPermission().withName("app.mock.blah").withRoleId(readId));
    sdbObject.setUserGroupPermissions(userPerms);
    Set<UserGroupPermission> newUserPerms = new HashSet<>();
    newUserPerms.add(new UserGroupPermission().withName("lst.mock").withRoleId(readId));
    newUserPerms.add(new UserGroupPermission().withName("app.mock.blah").withRoleId(readId));
    newUserPerms.add(new UserGroupPermission().withName("app.exception").withRoleId(readId));
    newSdbObject.setUserGroupPermissions(newUserPerms);
    safeDepositBoxService.validateNewUserGroupPermissions(sdbObject, newSdbObject);
}
Also used : SafeDepositBoxV2(com.nike.cerberus.domain.SafeDepositBoxV2) UserGroupPermission(com.nike.cerberus.domain.UserGroupPermission) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 25 with UserGroupPermission

use of com.nike.cerberus.domain.UserGroupPermission in project cerberus by Nike-Inc.

the class SafeDepositBoxServiceTest method test_that_validates_user_AD_group_name_on_user_group_removal.

@Test
public void test_that_validates_user_AD_group_name_on_user_group_removal() {
    String id = "111";
    String categoryId = "222";
    String readId = "333";
    String sdbName = "HEALTH CHECK BUCKET";
    SafeDepositBoxV2 sdbObject = new SafeDepositBoxV2();
    sdbObject.setId(id);
    sdbObject.setPath("app/health-check-bucket/");
    sdbObject.setCategoryId(categoryId);
    sdbObject.setName(sdbName);
    sdbObject.setOwner("app.mock.test");
    sdbObject.setDescription("This SDB is read by the Health Check Lambda...");
    sdbObject.setCreatedTs(OffsetDateTime.parse("2016-09-08T15:39:31Z"));
    sdbObject.setLastUpdatedTs(OffsetDateTime.parse("2016-12-13T17:28:00Z"));
    sdbObject.setCreatedBy("foobar@nike.com");
    sdbObject.setLastUpdatedBy("foobar@nike.com");
    SafeDepositBoxV2 newSdbObject = new SafeDepositBoxV2();
    newSdbObject.setId(id);
    newSdbObject.setPath("app/health-check-bucket/");
    newSdbObject.setCategoryId(categoryId);
    newSdbObject.setName(sdbName);
    newSdbObject.setOwner("app.mock.test");
    newSdbObject.setDescription("This SDB is read by the Health Check Lambda...");
    newSdbObject.setCreatedTs(OffsetDateTime.parse("2016-09-08T15:39:31Z"));
    newSdbObject.setLastUpdatedTs(OffsetDateTime.parse("2016-12-13T17:28:00Z"));
    newSdbObject.setCreatedBy("foobar@nike.com");
    newSdbObject.setLastUpdatedBy("foobar@nike.com");
    safeDepositBoxService.adGroupNamePrefix = "app.mock";
    Set<UserGroupPermission> userPerms = new HashSet<>();
    userPerms.add(new UserGroupPermission().withName("lst.mock").withRoleId(readId));
    userPerms.add(new UserGroupPermission().withName("app.mock.blah").withRoleId(readId));
    sdbObject.setUserGroupPermissions(userPerms);
    Set<UserGroupPermission> newUserPerms = new HashSet<>();
    newUserPerms.add(new UserGroupPermission().withName("lst.mock").withRoleId(readId));
    newSdbObject.setUserGroupPermissions(newUserPerms);
    safeDepositBoxService.validateNewUserGroupPermissions(sdbObject, newSdbObject);
}
Also used : SafeDepositBoxV2(com.nike.cerberus.domain.SafeDepositBoxV2) UserGroupPermission(com.nike.cerberus.domain.UserGroupPermission) HashSet(java.util.HashSet) Test(org.junit.Test)

Aggregations

UserGroupPermission (com.nike.cerberus.domain.UserGroupPermission)38 Test (org.junit.Test)34 HashSet (java.util.HashSet)17 SafeDepositBoxV2 (com.nike.cerberus.domain.SafeDepositBoxV2)15 UserGroupPermissionRecord (com.nike.cerberus.record.UserGroupPermissionRecord)8 UserGroupRecord (com.nike.cerberus.record.UserGroupRecord)8 IamPrincipalPermission (com.nike.cerberus.domain.IamPrincipalPermission)6 ApiError (com.nike.backstopper.apierror.ApiError)5 ApiException (com.nike.backstopper.exception.ApiException)5 Role (com.nike.cerberus.domain.Role)5 DefaultApiError (com.nike.cerberus.error.DefaultApiError)5 SafeDepositBoxV1 (com.nike.cerberus.domain.SafeDepositBoxV1)4 CerberusPrincipal (com.nike.cerberus.security.CerberusPrincipal)4 OffsetDateTime (java.time.OffsetDateTime)3 IamRolePermission (com.nike.cerberus.domain.IamRolePermission)2 SDBMetadata (com.nike.cerberus.domain.SDBMetadata)2 SafeDepositBoxRecord (com.nike.cerberus.record.SafeDepositBoxRecord)2 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1 InputStream (java.io.InputStream)1 HashMap (java.util.HashMap)1