Search in sources :

Example 6 with AwsIamRoleRecord

use of com.nike.cerberus.record.AwsIamRoleRecord in project cerberus by Nike-Inc.

the class IamPrincipalPermissionService method grantIamPrincipalPermission.

/**
 * Grants a IAM role permission.
 *
 * @param safeDepositBoxId The safe deposit box id
 * @param iamPrincipalPermission The IAM principal permission
 * @param user The user making the changes
 * @param dateTime The time of the changes
 */
@Transactional
public void grantIamPrincipalPermission(final String safeDepositBoxId, final IamPrincipalPermission iamPrincipalPermission, final String user, final OffsetDateTime dateTime) {
    final Optional<AwsIamRoleRecord> possibleIamRoleRecord = awsIamRoleDao.getIamRole(iamPrincipalPermission.getIamPrincipalArn());
    final Optional<Role> role = roleService.getRoleById(iamPrincipalPermission.getRoleId());
    if (role.isEmpty()) {
        throw ApiException.newBuilder().withApiErrors(DefaultApiError.IAM_ROLE_ROLE_ID_INVALID).build();
    }
    String iamRoleId;
    if (possibleIamRoleRecord.isPresent()) {
        iamRoleId = possibleIamRoleRecord.get().getId();
    } else {
        iamRoleId = uuidSupplier.get();
        AwsIamRoleRecord awsIamRoleRecord = new AwsIamRoleRecord();
        awsIamRoleRecord.setId(iamRoleId);
        awsIamRoleRecord.setAwsIamRoleArn(iamPrincipalPermission.getIamPrincipalArn());
        awsIamRoleRecord.setCreatedBy(user);
        awsIamRoleRecord.setLastUpdatedBy(user);
        awsIamRoleRecord.setCreatedTs(dateTime);
        awsIamRoleRecord.setLastUpdatedTs(dateTime);
        awsIamRoleDao.createIamRole(awsIamRoleRecord);
    }
    AwsIamRolePermissionRecord permissionRecord = new AwsIamRolePermissionRecord();
    permissionRecord.setId(uuidSupplier.get());
    permissionRecord.setAwsIamRoleId(iamRoleId);
    permissionRecord.setRoleId(iamPrincipalPermission.getRoleId());
    permissionRecord.setSdboxId(safeDepositBoxId);
    permissionRecord.setCreatedBy(user);
    permissionRecord.setLastUpdatedBy(user);
    permissionRecord.setCreatedTs(dateTime);
    permissionRecord.setLastUpdatedTs(dateTime);
    awsIamRoleDao.createIamRolePermission(permissionRecord);
}
Also used : Role(com.nike.cerberus.domain.Role) AwsIamRoleRecord(com.nike.cerberus.record.AwsIamRoleRecord) AwsIamRolePermissionRecord(com.nike.cerberus.record.AwsIamRolePermissionRecord) Transactional(org.springframework.transaction.annotation.Transactional)

Example 7 with AwsIamRoleRecord

use of com.nike.cerberus.record.AwsIamRoleRecord in project cerberus by Nike-Inc.

the class AwsIamRoleServiceTest method test_createIamRole.

// To test create Iam Role
@Test
public void test_createIamRole() {
    Mockito.when(awsIamRoleDao.createIamRole(anyObject())).thenReturn(1);
    AwsIamRoleRecord awsIamRoleRecord = awsIamRoleService.createIamRole("iamPrincipalArn");
    assertEquals(awsIamRoleRecord.getAwsIamRoleArn(), "iamPrincipalArn");
}
Also used : AwsIamRoleRecord(com.nike.cerberus.record.AwsIamRoleRecord) Test(org.junit.Test)

Example 8 with AwsIamRoleRecord

use of com.nike.cerberus.record.AwsIamRoleRecord in project cerberus by Nike-Inc.

the class CleanUpServiceTest method test_that_cleanUpOrphanedIamRoles_succeeds.

@Test
public void test_that_cleanUpOrphanedIamRoles_succeeds() {
    String iamRoleRecordId = "iam role record id";
    AwsIamRoleRecord roleRecord = mock(AwsIamRoleRecord.class);
    when(roleRecord.getId()).thenReturn(iamRoleRecordId);
    when(awsIamRoleDao.getOrphanedIamRoles()).thenReturn(Lists.newArrayList(roleRecord));
    // perform the call
    cleanUpService.cleanUpOrphanedIamRoles();
    verify(awsIamRoleDao).getOrphanedIamRoles();
    verify(awsIamRoleDao).deleteIamRoleById(iamRoleRecordId);
}
Also used : AwsIamRoleRecord(com.nike.cerberus.record.AwsIamRoleRecord) Test(org.junit.Test)

Example 9 with AwsIamRoleRecord

use of com.nike.cerberus.record.AwsIamRoleRecord in project cerberus by Nike-Inc.

the class CleanUpServiceTest method test_that_cleanUpOrphanedIamRoles_does_not_throw_exception_on_failure.

@Test
public void test_that_cleanUpOrphanedIamRoles_does_not_throw_exception_on_failure() {
    String iamRoleRecordId = "iam role record id";
    AwsIamRoleRecord roleRecord = mock(AwsIamRoleRecord.class);
    when(roleRecord.getId()).thenReturn(iamRoleRecordId);
    when(awsIamRoleDao.getOrphanedIamRoles()).thenReturn(Lists.newArrayList(roleRecord));
    when(awsIamRoleDao.deleteIamRoleById(iamRoleRecordId)).thenThrow(new NullPointerException());
    cleanUpService.cleanUpOrphanedIamRoles();
}
Also used : AwsIamRoleRecord(com.nike.cerberus.record.AwsIamRoleRecord) Test(org.junit.Test)

Example 10 with AwsIamRoleRecord

use of com.nike.cerberus.record.AwsIamRoleRecord in project cerberus by Nike-Inc.

the class IamPrincipalPermissionServiceTest method testGrantIamPermissionIfRoleIsPresentByRoleIdAndRoleRecordFound.

@Test
public void testGrantIamPermissionIfRoleIsPresentByRoleIdAndRoleRecordFound() {
    IamPrincipalPermission iamPrincipalPermission = new IamPrincipalPermission();
    iamPrincipalPermission.setIamPrincipalArn("arn");
    iamPrincipalPermission.setRoleId("roleId");
    Role role = new Role();
    AwsIamRoleRecord awsIamRoleRecord = new AwsIamRoleRecord();
    Mockito.when(awsIamRoleDao.getIamRole("arn")).thenReturn(Optional.of(awsIamRoleRecord));
    Mockito.when(roleService.getRoleById("roleId")).thenReturn(Optional.of(role));
    Mockito.when(uuidSupplier.get()).thenReturn("uuid");
    iamPrincipalPermissionService.grantIamPrincipalPermission("boxId", iamPrincipalPermission, "user", OffsetDateTime.MAX);
    Mockito.verify(awsIamRoleDao, Mockito.never()).createIamRole(Mockito.any(AwsIamRoleRecord.class));
    Mockito.verify(awsIamRoleDao).createIamRolePermission(Mockito.any(AwsIamRolePermissionRecord.class));
}
Also used : Role(com.nike.cerberus.domain.Role) AwsIamRoleRecord(com.nike.cerberus.record.AwsIamRoleRecord) AwsIamRolePermissionRecord(com.nike.cerberus.record.AwsIamRolePermissionRecord) IamPrincipalPermission(com.nike.cerberus.domain.IamPrincipalPermission) Test(org.junit.Test)

Aggregations

AwsIamRoleRecord (com.nike.cerberus.record.AwsIamRoleRecord)24 Test (org.junit.Test)17 IamPrincipalPermission (com.nike.cerberus.domain.IamPrincipalPermission)8 AwsIamRolePermissionRecord (com.nike.cerberus.record.AwsIamRolePermissionRecord)8 Matchers.anyString (org.mockito.Matchers.anyString)6 Role (com.nike.cerberus.domain.Role)3 AwsIamRoleKmsKeyRecord (com.nike.cerberus.record.AwsIamRoleKmsKeyRecord)3 OffsetDateTime (java.time.OffsetDateTime)3 HashSet (java.util.HashSet)3 Transactional (org.springframework.transaction.annotation.Transactional)3 AmazonServiceException (com.amazonaws.AmazonServiceException)1 JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)1 AuthKmsKeyMetadata (com.nike.cerberus.domain.AuthKmsKeyMetadata)1 AuthTokenResponse (com.nike.cerberus.domain.AuthTokenResponse)1 EncryptedAuthDataWrapper (com.nike.cerberus.domain.EncryptedAuthDataWrapper)1 ArrayList (java.util.ArrayList)1