use of com.nike.cerberus.domain.UserGroupPermission in project cerberus by Nike-Inc.
the class SafeDepositBoxServiceTest method test_that_convertSafeDepositBoxV1ToV2_creates_expected_safe_deposit_box_v2.
@Test
public void test_that_convertSafeDepositBoxV1ToV2_creates_expected_safe_deposit_box_v2() {
String id = "id";
String name = "name";
String description = "description";
String path = "path";
String categoryId = "category id";
String createdBy = "created by";
String lastUpdatedBy = "last updated by";
OffsetDateTime createdTs = OffsetDateTime.now();
OffsetDateTime lastUpdatedTs = OffsetDateTime.now();
String owner = "owner";
String accountId = "123";
String roleName = "abc";
String arn = "arn:aws:iam::123:role/abc";
String roleId = "role id";
Set<UserGroupPermission> userGroupPermissions = Sets.newHashSet();
UserGroupPermission userGroupPermission = new UserGroupPermission();
userGroupPermissions.add(userGroupPermission);
Set<IamPrincipalPermission> iamRolePermissions = Sets.newHashSet();
IamPrincipalPermission iamRolePermission = new IamPrincipalPermission().withIamPrincipalArn(arn).withRoleId(roleId);
iamRolePermissions.add(iamRolePermission);
SafeDepositBoxV2 safeDepositBoxV2 = new SafeDepositBoxV2();
safeDepositBoxV2.setId(id);
safeDepositBoxV2.setName(name);
safeDepositBoxV2.setDescription(description);
safeDepositBoxV2.setPath(path);
safeDepositBoxV2.setCategoryId(categoryId);
safeDepositBoxV2.setCreatedBy(createdBy);
safeDepositBoxV2.setLastUpdatedBy(lastUpdatedBy);
safeDepositBoxV2.setCreatedTs(createdTs);
safeDepositBoxV2.setLastUpdatedTs(lastUpdatedTs);
safeDepositBoxV2.setOwner(owner);
safeDepositBoxV2.setUserGroupPermissions(userGroupPermissions);
safeDepositBoxV2.setIamPrincipalPermissions(iamRolePermissions);
when(awsIamRoleArnParser.getAccountId(arn)).thenReturn(accountId);
when(awsIamRoleArnParser.getRoleName(arn)).thenReturn(roleName);
SafeDepositBoxV1 resultantSDBV1 = safeDepositBoxService.convertSafeDepositBoxV2ToV1(safeDepositBoxV2);
SafeDepositBoxV1 expectedSdbV1 = new SafeDepositBoxV1();
expectedSdbV1.setId(id);
expectedSdbV1.setName(name);
expectedSdbV1.setDescription(description);
expectedSdbV1.setPath(path);
expectedSdbV1.setCategoryId(categoryId);
expectedSdbV1.setCreatedBy(createdBy);
expectedSdbV1.setLastUpdatedBy(lastUpdatedBy);
expectedSdbV1.setCreatedTs(createdTs);
expectedSdbV1.setLastUpdatedTs(lastUpdatedTs);
expectedSdbV1.setOwner(owner);
expectedSdbV1.setUserGroupPermissions(userGroupPermissions);
Set<IamRolePermission> expectedIamRolePermissionsV1 = Sets.newHashSet();
IamRolePermission expectedIamRolePermission = new IamRolePermission().withAccountId(accountId).withIamRoleName(roleName).withRoleId(roleId);
expectedIamRolePermissionsV1.add(expectedIamRolePermission);
expectedSdbV1.setIamRolePermissions(expectedIamRolePermissionsV1);
assertEquals(expectedSdbV1, resultantSDBV1);
}
use of com.nike.cerberus.domain.UserGroupPermission in project cerberus by Nike-Inc.
the class SafeDepositBoxServiceTest method test_that_convertSafeDepositBoxV2ToV1_creates_expected_safe_deposit_box_v1.
@Test
public void test_that_convertSafeDepositBoxV2ToV1_creates_expected_safe_deposit_box_v1() {
String id = "id";
String name = "name";
String description = "description";
String path = "path";
String categoryId = "category id";
String createdBy = "created by";
String lastUpdatedBy = "last updated by";
OffsetDateTime createdTs = OffsetDateTime.now();
OffsetDateTime lastUpdatedTs = OffsetDateTime.now();
String owner = "owner";
String accountId = "123";
String roleName = "abc";
String arn = "arn:aws:iam::123:role/abc";
String roleId = "role id";
Set<UserGroupPermission> userGroupPermissions = Sets.newHashSet();
UserGroupPermission userGroupPermission = new UserGroupPermission();
userGroupPermissions.add(userGroupPermission);
Set<IamRolePermission> iamRolePermissions = Sets.newHashSet();
IamRolePermission iamRolePermission = new IamRolePermission().withAccountId(accountId).withIamRoleName(roleName).withRoleId(roleId);
iamRolePermissions.add(iamRolePermission);
SafeDepositBoxV1 safeDepositBoxV1 = new SafeDepositBoxV1();
safeDepositBoxV1.setId(id);
safeDepositBoxV1.setName(name);
safeDepositBoxV1.setDescription(description);
safeDepositBoxV1.setPath(path);
safeDepositBoxV1.setCategoryId(categoryId);
safeDepositBoxV1.setCreatedBy(createdBy);
safeDepositBoxV1.setLastUpdatedBy(lastUpdatedBy);
safeDepositBoxV1.setCreatedTs(createdTs);
safeDepositBoxV1.setLastUpdatedTs(lastUpdatedTs);
safeDepositBoxV1.setOwner(owner);
safeDepositBoxV1.setUserGroupPermissions(userGroupPermissions);
safeDepositBoxV1.setIamRolePermissions(iamRolePermissions);
SafeDepositBoxV2 resultantSDBV1 = safeDepositBoxService.convertSafeDepositBoxV1ToV2(safeDepositBoxV1);
SafeDepositBoxV2 expectedSdbV2 = new SafeDepositBoxV2();
expectedSdbV2.setId(id);
expectedSdbV2.setName(name);
expectedSdbV2.setDescription(description);
expectedSdbV2.setPath(path);
expectedSdbV2.setCategoryId(categoryId);
expectedSdbV2.setCreatedBy(createdBy);
expectedSdbV2.setLastUpdatedBy(lastUpdatedBy);
expectedSdbV2.setCreatedTs(createdTs);
expectedSdbV2.setLastUpdatedTs(lastUpdatedTs);
expectedSdbV2.setOwner(owner);
expectedSdbV2.setUserGroupPermissions(userGroupPermissions);
Set<IamPrincipalPermission> expectedIamRolePermissionsV2 = Sets.newHashSet();
IamPrincipalPermission expectedIamPrincipalPermission = new IamPrincipalPermission().withIamPrincipalArn(arn).withRoleId(roleId);
expectedIamRolePermissionsV2.add(expectedIamPrincipalPermission);
expectedSdbV2.setIamPrincipalPermissions(expectedIamRolePermissionsV2);
assertEquals(expectedSdbV2, resultantSDBV1);
}
use of com.nike.cerberus.domain.UserGroupPermission in project cerberus by Nike-Inc.
the class MetadataServiceTest method test_that_get_sdb_metadata_list_returns_valid_list.
@Test
public void test_that_get_sdb_metadata_list_returns_valid_list() {
String sdbId = "123";
String categoryName = "foo";
String categoryId = "321";
String name = "test-name";
String path = "app/test-name";
String desc = "blah blah blah";
String by = "justin.field@nike.com";
String careBearsGroup = "care-bears";
String careBearsId = "000-abc";
String grumpyBearsGroup = "grumpy-bears";
String grumpyBearsId = "111-def";
String ownerId = "000";
String readId = "111";
String arn = "arn:aws:iam::12345:role/foo-role";
OffsetDateTime offsetDateTime = OffsetDateTime.now();
Map<String, String> catMap = new HashMap<>();
catMap.put(categoryId, categoryName);
Map<String, String> roleIdToStringMap = new HashMap<>();
roleIdToStringMap.put(ownerId, RoleRecord.ROLE_OWNER);
roleIdToStringMap.put(readId, RoleRecord.ROLE_READ);
when(roleService.getRoleIdToStringMap()).thenReturn(roleIdToStringMap);
when(categoryService.getCategoryIdToCategoryNameMap()).thenReturn(catMap);
SafeDepositBoxV2 box = new SafeDepositBoxV2();
box.setId(sdbId);
box.setName(name);
box.setPath(path);
box.setDescription(desc);
box.setCategoryId(categoryId);
box.setCreatedBy(by);
box.setLastUpdatedBy(by);
box.setCreatedTs(offsetDateTime);
box.setLastUpdatedTs(offsetDateTime);
box.setOwner(careBearsGroup);
Set<UserGroupPermission> userPerms = new HashSet<>();
userPerms.add(new UserGroupPermission().withName(grumpyBearsGroup).withRoleId(readId));
box.setUserGroupPermissions(userPerms);
Set<IamPrincipalPermission> iamPerms = new HashSet<>();
iamPerms.add(new IamPrincipalPermission().withIamPrincipalArn(arn).withRoleId(readId));
box.setIamPrincipalPermissions(iamPerms);
when(safeDepositBoxService.getSafeDepositBoxes(1, 0)).thenReturn(Arrays.asList(box));
List<SDBMetadata> actual = metadataService.getSDBMetadataList(1, 0, null);
assertEquals("List should have 1 entry", 1, actual.size());
SDBMetadata data = actual.get(0);
assertEquals("Name should match record", name, data.getName());
assertEquals("path should match record", path, data.getPath());
assertEquals("", categoryName, data.getCategory());
assertEquals("desc should match record", desc, data.getDescription());
assertEquals("created by should match record", by, data.getCreatedBy());
assertEquals("last updated by should match record", by, data.getLastUpdatedBy());
assertEquals("created ts should match record", offsetDateTime, data.getCreatedTs());
assertEquals("updated ts should match record", offsetDateTime, data.getLastUpdatedTs());
Map<String, String> expectedIamPermMap = new HashMap<>();
expectedIamPermMap.put(arn, RoleRecord.ROLE_READ);
assertEquals("iam role perm map should match what is returned by getIamPrincipalPermissionMap", expectedIamPermMap, data.getIamRolePermissions());
Map<String, String> expectedGroupPermMap = new HashMap<>();
expectedGroupPermMap.put(grumpyBearsGroup, RoleRecord.ROLE_READ);
assertEquals("Owner group should be care-bears", careBearsGroup, data.getOwner());
assertEquals("The user group perms should match the expected map", expectedGroupPermMap, data.getUserGroupPermissions());
}
use of com.nike.cerberus.domain.UserGroupPermission in project cerberus by Nike-Inc.
the class PermissionValidationServiceTest method testDoesPrincipalHaveReadPermissionWithPrincipalTypeAndGroupsCaseSensitive.
@Test
public void testDoesPrincipalHaveReadPermissionWithPrincipalTypeAndGroupsCaseSensitive() {
PermissionValidationService permissionValidationService = createPermissionValidationServiceWithGroupCaseSensitive(true);
Set<String> userGroups = new HashSet<>();
userGroups.add("userGroup1");
CerberusPrincipal cerberusPrincipal = mockCerberusPrincipalWithPrincipalTypeAndUserGroups(PrincipalType.USER, userGroups);
Set<UserGroupPermission> userGroupPermissions = mockUserGroupPermissionWithName();
Mockito.when(userGroupPermissionService.getUserGroupPermissions("sdbId")).thenReturn(userGroupPermissions);
boolean hasPermission = permissionValidationService.doesPrincipalHaveReadPermission(cerberusPrincipal, "sdbId");
Assert.assertTrue(hasPermission);
}
use of com.nike.cerberus.domain.UserGroupPermission in project cerberus by Nike-Inc.
the class UserGroupPermissionServiceTest method testGrantUserGroupPermissionWhenRoleIsNotPresentForGivenRoleId.
@Test
public void testGrantUserGroupPermissionWhenRoleIsNotPresentForGivenRoleId() {
UserGroupPermission userGroupPermission = mockUserGroupPermissionWithNameAndRoleId("name", "roleId");
Mockito.when(roleService.getRoleById("roleId")).thenReturn(Optional.empty());
List<ApiError> apiErrorList = new ArrayList<>();
try {
userGroupPermissionService.grantUserGroupPermission("safeBoxId", userGroupPermission, "user", OffsetDateTime.MAX);
} catch (ApiException apiException) {
apiErrorList = apiException.getApiErrors();
}
assertFalse(apiErrorList.isEmpty());
Assert.assertEquals(DefaultApiError.USER_GROUP_ROLE_ID_INVALID, apiErrorList.get(0));
}
Aggregations