Examples with AwsIamRoleRecord com.nike.cerberus.record.AwsIamRoleRecord used on opensource projects

Example 11 with AwsIamRoleRecord

use of com.nike.cerberus.record.AwsIamRoleRecord in project cerberus by Nike-Inc.

the class IamPrincipalPermissionServiceTest method testRevokePermissionsWhenIamRoleIsPresent.

@Test
public void testRevokePermissionsWhenIamRoleIsPresent() {
    IamPrincipalPermission iamPrincipalPermission = Mockito.mock(IamPrincipalPermission.class);
    Mockito.when(iamPrincipalPermission.getIamPrincipalArn()).thenReturn("arn");
    AwsIamRoleRecord awsIamRoleRecord = Mockito.mock(AwsIamRoleRecord.class);
    Mockito.when(awsIamRoleRecord.getId()).thenReturn("id");
    Mockito.when(awsIamRoleDao.getIamRole("arn")).thenReturn(Optional.of(awsIamRoleRecord));
    Set<IamPrincipalPermission> iamPrincipalPermissions = new HashSet<>();
    iamPrincipalPermissions.add(iamPrincipalPermission);
    iamPrincipalPermissionService.revokeIamPrincipalPermissions("boxId", iamPrincipalPermissions);
    Mockito.verify(awsIamRoleDao).deleteIamRolePermission("boxId", "id");
}

Example 12 with AwsIamRoleRecord

use of com.nike.cerberus.record.AwsIamRoleRecord in project cerberus by Nike-Inc.

the class IamPrincipalPermissionServiceTest method testGrantIamPermissionsIfRoleIsPresentByRoleIdAndRoleRecordFound.

@Test
public void testGrantIamPermissionsIfRoleIsPresentByRoleIdAndRoleRecordFound() {
    IamPrincipalPermission iamPrincipalPermission = new IamPrincipalPermission();
    iamPrincipalPermission.setIamPrincipalArn("arn");
    iamPrincipalPermission.setRoleId("roleId");
    Set<IamPrincipalPermission> iamPrincipalPermissions = new HashSet<>();
    iamPrincipalPermissions.add(iamPrincipalPermission);
    Role role = new Role();
    AwsIamRoleRecord awsIamRoleRecord = new AwsIamRoleRecord();
    Mockito.when(awsIamRoleDao.getIamRole("arn")).thenReturn(Optional.of(awsIamRoleRecord));
    Mockito.when(roleService.getRoleById("roleId")).thenReturn(Optional.of(role));
    Mockito.when(uuidSupplier.get()).thenReturn("uuid");
    iamPrincipalPermissionService.grantIamPrincipalPermissions("boxId", iamPrincipalPermissions, "user", OffsetDateTime.MAX);
    Mockito.verify(awsIamRoleDao, Mockito.never()).createIamRole(Mockito.any(AwsIamRoleRecord.class));
    Mockito.verify(awsIamRoleDao).createIamRolePermission(Mockito.any(AwsIamRolePermissionRecord.class));
}

Example 13 with AwsIamRoleRecord

use of com.nike.cerberus.record.AwsIamRoleRecord in project cerberus by Nike-Inc.

the class IamPrincipalPermissionServiceTest method testIamPrincipalPermissionUpdateWhenIamRoleIsPresent.

@Test
public void testIamPrincipalPermissionUpdateWhenIamRoleIsPresent() {
    IamPrincipalPermission iamPrincipalPermission = new IamPrincipalPermission();
    iamPrincipalPermission.setIamPrincipalArn("arn");
    AwsIamRoleRecord awsIamRoleRecord = new AwsIamRoleRecord();
    Mockito.when(awsIamRoleDao.getIamRole("arn")).thenReturn(Optional.of(awsIamRoleRecord));
    iamPrincipalPermissionService.updateIamPrincipalPermission("boxId", iamPrincipalPermission, "user", OffsetDateTime.MAX);
    Mockito.verify(awsIamRoleDao).updateIamRolePermission(Mockito.any(AwsIamRolePermissionRecord.class));
}

Example 14 with AwsIamRoleRecord

use of com.nike.cerberus.record.AwsIamRoleRecord in project cerberus by Nike-Inc.

the class AuthenticationServiceTest method test_that_findIamRoleAssociatedWithSdb_returns_first_matching_iam_role_record_if_found.

@Test
public void test_that_findIamRoleAssociatedWithSdb_returns_first_matching_iam_role_record_if_found() {
    String principalArn = "principal arn";
    AwsIamRoleRecord awsIamRoleRecord = mock(AwsIamRoleRecord.class);
    when(awsIamRoleDao.getIamRole(principalArn)).thenReturn(Optional.of(awsIamRoleRecord));
    Optional<AwsIamRoleRecord> result = authenticationService.findIamRoleAssociatedWithSdb(principalArn);
    assertEquals(awsIamRoleRecord, result.get());
}

Example 15 with AwsIamRoleRecord

use of com.nike.cerberus.record.AwsIamRoleRecord in project cerberus by Nike-Inc.

the class AuthenticationServiceTest method test_that_getKeyId_only_validates_kms_policy_one_time_within_interval.

@Test
public void test_that_getKeyId_only_validates_kms_policy_one_time_within_interval() {
    String principalArn = "principal arn";
    String region = "region";
    String iamRoleId = "iam role id";
    String kmsKeyId = "kms id";
    String cmkId = "key id";
    // ensure that validate interval is passed
    OffsetDateTime dateTime = OffsetDateTime.of(2016, 1, 1, 1, 1, 1, 1, ZoneOffset.UTC);
    OffsetDateTime now = OffsetDateTime.now();
    AwsIamRoleRecord awsIamRoleRecord = new AwsIamRoleRecord().setAwsIamRoleArn(principalArn);
    awsIamRoleRecord.setAwsIamRoleArn(principalArn);
    awsIamRoleRecord.setId(iamRoleId);
    when(awsIamRoleDao.getIamRole(principalArn)).thenReturn(Optional.of(awsIamRoleRecord));
    AwsIamRoleKmsKeyRecord awsIamRoleKmsKeyRecord = new AwsIamRoleKmsKeyRecord();
    awsIamRoleKmsKeyRecord.setId(kmsKeyId);
    awsIamRoleKmsKeyRecord.setAwsKmsKeyId(cmkId);
    awsIamRoleKmsKeyRecord.setLastValidatedTs(dateTime);
    when(awsIamRoleDao.getKmsKey(iamRoleId, region)).thenReturn(Optional.of(awsIamRoleKmsKeyRecord));
    when(dateTimeSupplier.get()).thenReturn(now);
    String result = authenticationService.getKmsKeyRecordForIamPrincipal(awsIamRoleRecord, region).getAwsKmsKeyId();
    // verify validate is called once interval has passed
    assertEquals(cmkId, result);
    verify(kmsService, times(1)).validateKeyAndPolicy(awsIamRoleKmsKeyRecord, principalArn);
}