Search in sources :

Example 26 with UserGroupPermission

use of com.nike.cerberus.domain.UserGroupPermission in project cerberus by Nike-Inc.

the class SafeDepositBoxServiceTest method test_that_convertSafeDepositBoxV1ToV2_creates_expected_safe_deposit_box_v2.

@Test
public void test_that_convertSafeDepositBoxV1ToV2_creates_expected_safe_deposit_box_v2() {
    String id = "id";
    String name = "name";
    String description = "description";
    String path = "path";
    String categoryId = "category id";
    String createdBy = "created by";
    String lastUpdatedBy = "last updated by";
    OffsetDateTime createdTs = OffsetDateTime.now();
    OffsetDateTime lastUpdatedTs = OffsetDateTime.now();
    String owner = "owner";
    String accountId = "123";
    String roleName = "abc";
    String arn = "arn:aws:iam::123:role/abc";
    String roleId = "role id";
    Set<UserGroupPermission> userGroupPermissions = Sets.newHashSet();
    UserGroupPermission userGroupPermission = new UserGroupPermission();
    userGroupPermissions.add(userGroupPermission);
    Set<IamPrincipalPermission> iamRolePermissions = Sets.newHashSet();
    IamPrincipalPermission iamRolePermission = new IamPrincipalPermission().withIamPrincipalArn(arn).withRoleId(roleId);
    iamRolePermissions.add(iamRolePermission);
    SafeDepositBoxV2 safeDepositBoxV2 = new SafeDepositBoxV2();
    safeDepositBoxV2.setId(id);
    safeDepositBoxV2.setName(name);
    safeDepositBoxV2.setDescription(description);
    safeDepositBoxV2.setPath(path);
    safeDepositBoxV2.setCategoryId(categoryId);
    safeDepositBoxV2.setCreatedBy(createdBy);
    safeDepositBoxV2.setLastUpdatedBy(lastUpdatedBy);
    safeDepositBoxV2.setCreatedTs(createdTs);
    safeDepositBoxV2.setLastUpdatedTs(lastUpdatedTs);
    safeDepositBoxV2.setOwner(owner);
    safeDepositBoxV2.setUserGroupPermissions(userGroupPermissions);
    safeDepositBoxV2.setIamPrincipalPermissions(iamRolePermissions);
    when(awsIamRoleArnParser.getAccountId(arn)).thenReturn(accountId);
    when(awsIamRoleArnParser.getRoleName(arn)).thenReturn(roleName);
    SafeDepositBoxV1 resultantSDBV1 = safeDepositBoxService.convertSafeDepositBoxV2ToV1(safeDepositBoxV2);
    SafeDepositBoxV1 expectedSdbV1 = new SafeDepositBoxV1();
    expectedSdbV1.setId(id);
    expectedSdbV1.setName(name);
    expectedSdbV1.setDescription(description);
    expectedSdbV1.setPath(path);
    expectedSdbV1.setCategoryId(categoryId);
    expectedSdbV1.setCreatedBy(createdBy);
    expectedSdbV1.setLastUpdatedBy(lastUpdatedBy);
    expectedSdbV1.setCreatedTs(createdTs);
    expectedSdbV1.setLastUpdatedTs(lastUpdatedTs);
    expectedSdbV1.setOwner(owner);
    expectedSdbV1.setUserGroupPermissions(userGroupPermissions);
    Set<IamRolePermission> expectedIamRolePermissionsV1 = Sets.newHashSet();
    IamRolePermission expectedIamRolePermission = new IamRolePermission().withAccountId(accountId).withIamRoleName(roleName).withRoleId(roleId);
    expectedIamRolePermissionsV1.add(expectedIamRolePermission);
    expectedSdbV1.setIamRolePermissions(expectedIamRolePermissionsV1);
    assertEquals(expectedSdbV1, resultantSDBV1);
}
Also used : SafeDepositBoxV1(com.nike.cerberus.domain.SafeDepositBoxV1) SafeDepositBoxV2(com.nike.cerberus.domain.SafeDepositBoxV2) OffsetDateTime(java.time.OffsetDateTime) IamRolePermission(com.nike.cerberus.domain.IamRolePermission) UserGroupPermission(com.nike.cerberus.domain.UserGroupPermission) IamPrincipalPermission(com.nike.cerberus.domain.IamPrincipalPermission) Test(org.junit.Test)

Example 27 with UserGroupPermission

use of com.nike.cerberus.domain.UserGroupPermission in project cerberus by Nike-Inc.

the class SafeDepositBoxServiceTest method test_that_convertSafeDepositBoxV2ToV1_creates_expected_safe_deposit_box_v1.

@Test
public void test_that_convertSafeDepositBoxV2ToV1_creates_expected_safe_deposit_box_v1() {
    String id = "id";
    String name = "name";
    String description = "description";
    String path = "path";
    String categoryId = "category id";
    String createdBy = "created by";
    String lastUpdatedBy = "last updated by";
    OffsetDateTime createdTs = OffsetDateTime.now();
    OffsetDateTime lastUpdatedTs = OffsetDateTime.now();
    String owner = "owner";
    String accountId = "123";
    String roleName = "abc";
    String arn = "arn:aws:iam::123:role/abc";
    String roleId = "role id";
    Set<UserGroupPermission> userGroupPermissions = Sets.newHashSet();
    UserGroupPermission userGroupPermission = new UserGroupPermission();
    userGroupPermissions.add(userGroupPermission);
    Set<IamRolePermission> iamRolePermissions = Sets.newHashSet();
    IamRolePermission iamRolePermission = new IamRolePermission().withAccountId(accountId).withIamRoleName(roleName).withRoleId(roleId);
    iamRolePermissions.add(iamRolePermission);
    SafeDepositBoxV1 safeDepositBoxV1 = new SafeDepositBoxV1();
    safeDepositBoxV1.setId(id);
    safeDepositBoxV1.setName(name);
    safeDepositBoxV1.setDescription(description);
    safeDepositBoxV1.setPath(path);
    safeDepositBoxV1.setCategoryId(categoryId);
    safeDepositBoxV1.setCreatedBy(createdBy);
    safeDepositBoxV1.setLastUpdatedBy(lastUpdatedBy);
    safeDepositBoxV1.setCreatedTs(createdTs);
    safeDepositBoxV1.setLastUpdatedTs(lastUpdatedTs);
    safeDepositBoxV1.setOwner(owner);
    safeDepositBoxV1.setUserGroupPermissions(userGroupPermissions);
    safeDepositBoxV1.setIamRolePermissions(iamRolePermissions);
    SafeDepositBoxV2 resultantSDBV1 = safeDepositBoxService.convertSafeDepositBoxV1ToV2(safeDepositBoxV1);
    SafeDepositBoxV2 expectedSdbV2 = new SafeDepositBoxV2();
    expectedSdbV2.setId(id);
    expectedSdbV2.setName(name);
    expectedSdbV2.setDescription(description);
    expectedSdbV2.setPath(path);
    expectedSdbV2.setCategoryId(categoryId);
    expectedSdbV2.setCreatedBy(createdBy);
    expectedSdbV2.setLastUpdatedBy(lastUpdatedBy);
    expectedSdbV2.setCreatedTs(createdTs);
    expectedSdbV2.setLastUpdatedTs(lastUpdatedTs);
    expectedSdbV2.setOwner(owner);
    expectedSdbV2.setUserGroupPermissions(userGroupPermissions);
    Set<IamPrincipalPermission> expectedIamRolePermissionsV2 = Sets.newHashSet();
    IamPrincipalPermission expectedIamPrincipalPermission = new IamPrincipalPermission().withIamPrincipalArn(arn).withRoleId(roleId);
    expectedIamRolePermissionsV2.add(expectedIamPrincipalPermission);
    expectedSdbV2.setIamPrincipalPermissions(expectedIamRolePermissionsV2);
    assertEquals(expectedSdbV2, resultantSDBV1);
}
Also used : SafeDepositBoxV1(com.nike.cerberus.domain.SafeDepositBoxV1) SafeDepositBoxV2(com.nike.cerberus.domain.SafeDepositBoxV2) OffsetDateTime(java.time.OffsetDateTime) IamRolePermission(com.nike.cerberus.domain.IamRolePermission) UserGroupPermission(com.nike.cerberus.domain.UserGroupPermission) IamPrincipalPermission(com.nike.cerberus.domain.IamPrincipalPermission) Test(org.junit.Test)

Example 28 with UserGroupPermission

use of com.nike.cerberus.domain.UserGroupPermission in project cerberus by Nike-Inc.

the class MetadataServiceTest method test_that_get_sdb_metadata_list_returns_valid_list.

@Test
public void test_that_get_sdb_metadata_list_returns_valid_list() {
    String sdbId = "123";
    String categoryName = "foo";
    String categoryId = "321";
    String name = "test-name";
    String path = "app/test-name";
    String desc = "blah blah blah";
    String by = "justin.field@nike.com";
    String careBearsGroup = "care-bears";
    String careBearsId = "000-abc";
    String grumpyBearsGroup = "grumpy-bears";
    String grumpyBearsId = "111-def";
    String ownerId = "000";
    String readId = "111";
    String arn = "arn:aws:iam::12345:role/foo-role";
    OffsetDateTime offsetDateTime = OffsetDateTime.now();
    Map<String, String> catMap = new HashMap<>();
    catMap.put(categoryId, categoryName);
    Map<String, String> roleIdToStringMap = new HashMap<>();
    roleIdToStringMap.put(ownerId, RoleRecord.ROLE_OWNER);
    roleIdToStringMap.put(readId, RoleRecord.ROLE_READ);
    when(roleService.getRoleIdToStringMap()).thenReturn(roleIdToStringMap);
    when(categoryService.getCategoryIdToCategoryNameMap()).thenReturn(catMap);
    SafeDepositBoxV2 box = new SafeDepositBoxV2();
    box.setId(sdbId);
    box.setName(name);
    box.setPath(path);
    box.setDescription(desc);
    box.setCategoryId(categoryId);
    box.setCreatedBy(by);
    box.setLastUpdatedBy(by);
    box.setCreatedTs(offsetDateTime);
    box.setLastUpdatedTs(offsetDateTime);
    box.setOwner(careBearsGroup);
    Set<UserGroupPermission> userPerms = new HashSet<>();
    userPerms.add(new UserGroupPermission().withName(grumpyBearsGroup).withRoleId(readId));
    box.setUserGroupPermissions(userPerms);
    Set<IamPrincipalPermission> iamPerms = new HashSet<>();
    iamPerms.add(new IamPrincipalPermission().withIamPrincipalArn(arn).withRoleId(readId));
    box.setIamPrincipalPermissions(iamPerms);
    when(safeDepositBoxService.getSafeDepositBoxes(1, 0)).thenReturn(Arrays.asList(box));
    List<SDBMetadata> actual = metadataService.getSDBMetadataList(1, 0, null);
    assertEquals("List should have 1 entry", 1, actual.size());
    SDBMetadata data = actual.get(0);
    assertEquals("Name should match record", name, data.getName());
    assertEquals("path  should match record", path, data.getPath());
    assertEquals("", categoryName, data.getCategory());
    assertEquals("desc  should match record", desc, data.getDescription());
    assertEquals("created by  should match record", by, data.getCreatedBy());
    assertEquals("last updated by should match record", by, data.getLastUpdatedBy());
    assertEquals("created ts should match record", offsetDateTime, data.getCreatedTs());
    assertEquals("updated ts should match record", offsetDateTime, data.getLastUpdatedTs());
    Map<String, String> expectedIamPermMap = new HashMap<>();
    expectedIamPermMap.put(arn, RoleRecord.ROLE_READ);
    assertEquals("iam role perm map should match what is returned by getIamPrincipalPermissionMap", expectedIamPermMap, data.getIamRolePermissions());
    Map<String, String> expectedGroupPermMap = new HashMap<>();
    expectedGroupPermMap.put(grumpyBearsGroup, RoleRecord.ROLE_READ);
    assertEquals("Owner group should be care-bears", careBearsGroup, data.getOwner());
    assertEquals("The user group perms should match the expected map", expectedGroupPermMap, data.getUserGroupPermissions());
}
Also used : SafeDepositBoxV2(com.nike.cerberus.domain.SafeDepositBoxV2) SDBMetadata(com.nike.cerberus.domain.SDBMetadata) OffsetDateTime(java.time.OffsetDateTime) HashMap(java.util.HashMap) UserGroupPermission(com.nike.cerberus.domain.UserGroupPermission) IamPrincipalPermission(com.nike.cerberus.domain.IamPrincipalPermission) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 29 with UserGroupPermission

use of com.nike.cerberus.domain.UserGroupPermission in project cerberus by Nike-Inc.

the class PermissionValidationServiceTest method testDoesPrincipalHaveReadPermissionWithPrincipalTypeAndGroupsCaseSensitive.

@Test
public void testDoesPrincipalHaveReadPermissionWithPrincipalTypeAndGroupsCaseSensitive() {
    PermissionValidationService permissionValidationService = createPermissionValidationServiceWithGroupCaseSensitive(true);
    Set<String> userGroups = new HashSet<>();
    userGroups.add("userGroup1");
    CerberusPrincipal cerberusPrincipal = mockCerberusPrincipalWithPrincipalTypeAndUserGroups(PrincipalType.USER, userGroups);
    Set<UserGroupPermission> userGroupPermissions = mockUserGroupPermissionWithName();
    Mockito.when(userGroupPermissionService.getUserGroupPermissions("sdbId")).thenReturn(userGroupPermissions);
    boolean hasPermission = permissionValidationService.doesPrincipalHaveReadPermission(cerberusPrincipal, "sdbId");
    Assert.assertTrue(hasPermission);
}
Also used : UserGroupPermission(com.nike.cerberus.domain.UserGroupPermission) CerberusPrincipal(com.nike.cerberus.security.CerberusPrincipal) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 30 with UserGroupPermission

use of com.nike.cerberus.domain.UserGroupPermission in project cerberus by Nike-Inc.

the class UserGroupPermissionServiceTest method testGrantUserGroupPermissionWhenRoleIsNotPresentForGivenRoleId.

@Test
public void testGrantUserGroupPermissionWhenRoleIsNotPresentForGivenRoleId() {
    UserGroupPermission userGroupPermission = mockUserGroupPermissionWithNameAndRoleId("name", "roleId");
    Mockito.when(roleService.getRoleById("roleId")).thenReturn(Optional.empty());
    List<ApiError> apiErrorList = new ArrayList<>();
    try {
        userGroupPermissionService.grantUserGroupPermission("safeBoxId", userGroupPermission, "user", OffsetDateTime.MAX);
    } catch (ApiException apiException) {
        apiErrorList = apiException.getApiErrors();
    }
    assertFalse(apiErrorList.isEmpty());
    Assert.assertEquals(DefaultApiError.USER_GROUP_ROLE_ID_INVALID, apiErrorList.get(0));
}
Also used : UserGroupPermission(com.nike.cerberus.domain.UserGroupPermission) DefaultApiError(com.nike.cerberus.error.DefaultApiError) ApiError(com.nike.backstopper.apierror.ApiError) ApiException(com.nike.backstopper.exception.ApiException) Test(org.junit.Test)

Aggregations

UserGroupPermission (com.nike.cerberus.domain.UserGroupPermission)38 Test (org.junit.Test)34 HashSet (java.util.HashSet)17 SafeDepositBoxV2 (com.nike.cerberus.domain.SafeDepositBoxV2)15 UserGroupPermissionRecord (com.nike.cerberus.record.UserGroupPermissionRecord)8 UserGroupRecord (com.nike.cerberus.record.UserGroupRecord)8 IamPrincipalPermission (com.nike.cerberus.domain.IamPrincipalPermission)6 ApiError (com.nike.backstopper.apierror.ApiError)5 ApiException (com.nike.backstopper.exception.ApiException)5 Role (com.nike.cerberus.domain.Role)5 DefaultApiError (com.nike.cerberus.error.DefaultApiError)5 SafeDepositBoxV1 (com.nike.cerberus.domain.SafeDepositBoxV1)4 CerberusPrincipal (com.nike.cerberus.security.CerberusPrincipal)4 OffsetDateTime (java.time.OffsetDateTime)3 IamRolePermission (com.nike.cerberus.domain.IamRolePermission)2 SDBMetadata (com.nike.cerberus.domain.SDBMetadata)2 SafeDepositBoxRecord (com.nike.cerberus.record.SafeDepositBoxRecord)2 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1 InputStream (java.io.InputStream)1 HashMap (java.util.HashMap)1