use of com.nike.cerberus.record.AwsIamRoleRecord in project cerberus by Nike-Inc.
the class IamPrincipalPermissionService method grantIamPrincipalPermission.
/**
* Grants a IAM role permission.
*
* @param safeDepositBoxId The safe deposit box id
* @param iamPrincipalPermission The IAM principal permission
* @param user The user making the changes
* @param dateTime The time of the changes
*/
@Transactional
public void grantIamPrincipalPermission(final String safeDepositBoxId, final IamPrincipalPermission iamPrincipalPermission, final String user, final OffsetDateTime dateTime) {
final Optional<AwsIamRoleRecord> possibleIamRoleRecord = awsIamRoleDao.getIamRole(iamPrincipalPermission.getIamPrincipalArn());
final Optional<Role> role = roleService.getRoleById(iamPrincipalPermission.getRoleId());
if (role.isEmpty()) {
throw ApiException.newBuilder().withApiErrors(DefaultApiError.IAM_ROLE_ROLE_ID_INVALID).build();
}
String iamRoleId;
if (possibleIamRoleRecord.isPresent()) {
iamRoleId = possibleIamRoleRecord.get().getId();
} else {
iamRoleId = uuidSupplier.get();
AwsIamRoleRecord awsIamRoleRecord = new AwsIamRoleRecord();
awsIamRoleRecord.setId(iamRoleId);
awsIamRoleRecord.setAwsIamRoleArn(iamPrincipalPermission.getIamPrincipalArn());
awsIamRoleRecord.setCreatedBy(user);
awsIamRoleRecord.setLastUpdatedBy(user);
awsIamRoleRecord.setCreatedTs(dateTime);
awsIamRoleRecord.setLastUpdatedTs(dateTime);
awsIamRoleDao.createIamRole(awsIamRoleRecord);
}
AwsIamRolePermissionRecord permissionRecord = new AwsIamRolePermissionRecord();
permissionRecord.setId(uuidSupplier.get());
permissionRecord.setAwsIamRoleId(iamRoleId);
permissionRecord.setRoleId(iamPrincipalPermission.getRoleId());
permissionRecord.setSdboxId(safeDepositBoxId);
permissionRecord.setCreatedBy(user);
permissionRecord.setLastUpdatedBy(user);
permissionRecord.setCreatedTs(dateTime);
permissionRecord.setLastUpdatedTs(dateTime);
awsIamRoleDao.createIamRolePermission(permissionRecord);
}
use of com.nike.cerberus.record.AwsIamRoleRecord in project cerberus by Nike-Inc.
the class AwsIamRoleServiceTest method test_createIamRole.
// To test create Iam Role
@Test
public void test_createIamRole() {
Mockito.when(awsIamRoleDao.createIamRole(anyObject())).thenReturn(1);
AwsIamRoleRecord awsIamRoleRecord = awsIamRoleService.createIamRole("iamPrincipalArn");
assertEquals(awsIamRoleRecord.getAwsIamRoleArn(), "iamPrincipalArn");
}
use of com.nike.cerberus.record.AwsIamRoleRecord in project cerberus by Nike-Inc.
the class CleanUpServiceTest method test_that_cleanUpOrphanedIamRoles_succeeds.
@Test
public void test_that_cleanUpOrphanedIamRoles_succeeds() {
String iamRoleRecordId = "iam role record id";
AwsIamRoleRecord roleRecord = mock(AwsIamRoleRecord.class);
when(roleRecord.getId()).thenReturn(iamRoleRecordId);
when(awsIamRoleDao.getOrphanedIamRoles()).thenReturn(Lists.newArrayList(roleRecord));
// perform the call
cleanUpService.cleanUpOrphanedIamRoles();
verify(awsIamRoleDao).getOrphanedIamRoles();
verify(awsIamRoleDao).deleteIamRoleById(iamRoleRecordId);
}
use of com.nike.cerberus.record.AwsIamRoleRecord in project cerberus by Nike-Inc.
the class CleanUpServiceTest method test_that_cleanUpOrphanedIamRoles_does_not_throw_exception_on_failure.
@Test
public void test_that_cleanUpOrphanedIamRoles_does_not_throw_exception_on_failure() {
String iamRoleRecordId = "iam role record id";
AwsIamRoleRecord roleRecord = mock(AwsIamRoleRecord.class);
when(roleRecord.getId()).thenReturn(iamRoleRecordId);
when(awsIamRoleDao.getOrphanedIamRoles()).thenReturn(Lists.newArrayList(roleRecord));
when(awsIamRoleDao.deleteIamRoleById(iamRoleRecordId)).thenThrow(new NullPointerException());
cleanUpService.cleanUpOrphanedIamRoles();
}
use of com.nike.cerberus.record.AwsIamRoleRecord in project cerberus by Nike-Inc.
the class IamPrincipalPermissionServiceTest method testGrantIamPermissionIfRoleIsPresentByRoleIdAndRoleRecordFound.
@Test
public void testGrantIamPermissionIfRoleIsPresentByRoleIdAndRoleRecordFound() {
IamPrincipalPermission iamPrincipalPermission = new IamPrincipalPermission();
iamPrincipalPermission.setIamPrincipalArn("arn");
iamPrincipalPermission.setRoleId("roleId");
Role role = new Role();
AwsIamRoleRecord awsIamRoleRecord = new AwsIamRoleRecord();
Mockito.when(awsIamRoleDao.getIamRole("arn")).thenReturn(Optional.of(awsIamRoleRecord));
Mockito.when(roleService.getRoleById("roleId")).thenReturn(Optional.of(role));
Mockito.when(uuidSupplier.get()).thenReturn("uuid");
iamPrincipalPermissionService.grantIamPrincipalPermission("boxId", iamPrincipalPermission, "user", OffsetDateTime.MAX);
Mockito.verify(awsIamRoleDao, Mockito.never()).createIamRole(Mockito.any(AwsIamRoleRecord.class));
Mockito.verify(awsIamRoleDao).createIamRolePermission(Mockito.any(AwsIamRolePermissionRecord.class));
}
Aggregations