use of com.nike.cerberus.security.CerberusPrincipal in project cerberus by Nike-Inc.
the class PermissionValidationServiceTest method testDoesPrincipalHaveSdbPermissionsForActionWhenRequestAttributesWhenServletPathIsSecuredAndVerifySdbidPresent.
private void testDoesPrincipalHaveSdbPermissionsForActionWhenRequestAttributesWhenServletPathIsSecuredAndVerifySdbidPresent() {
PermissionValidationService permissionValidationService = Mockito.spy(createPermissionValidationServiceWithGroupCaseSensitive(false));
RequestAttributes requestAttributes = mockServletRequestAttributesWithRequestWithServletPath("/v1/secret/1/2/3/4");
Mockito.when(permissionValidationService.getRequestAttributesFromContext()).thenReturn(requestAttributes);
Mockito.when(sdbAccessRequest.getCategory()).thenReturn("category");
Mockito.when(sdbAccessRequest.getSdbSlug()).thenReturn("slug");
CerberusPrincipal cerberusPrincipal = mockCerberusPrincipalWithPrincipalTypeAndName(PrincipalType.USER, "name");
Mockito.when(permissionValidationService.getCerberusPrincipalFromContext()).thenReturn(cerberusPrincipal);
Mockito.when(safeDepositBoxService.getSafeDepositBoxIdByPath("category/slug/")).thenReturn(Optional.of("sdbId"));
String exceptionMessage = "";
try {
permissionValidationService.doesPrincipalHaveSdbPermissionsForAction("READ");
} catch (ApiException apiException) {
exceptionMessage = apiException.getMessage();
}
Assert.assertEquals("Permission was not granted for principal: name for path: category/slug/", exceptionMessage);
}
use of com.nike.cerberus.security.CerberusPrincipal in project cerberus by Nike-Inc.
the class PermissionValidationServiceTest method testDoesPrincipalHaveReadPermissionWithPrincipalTypeAndGroupsCaseInSensitiveHavingUserGroupsInUpperCase.
@Test
public void testDoesPrincipalHaveReadPermissionWithPrincipalTypeAndGroupsCaseInSensitiveHavingUserGroupsInUpperCase() {
PermissionValidationService permissionValidationService = createPermissionValidationServiceWithGroupCaseSensitive(false);
Set<String> userGroups = new HashSet<>();
userGroups.add("USERGROUP1");
CerberusPrincipal cerberusPrincipal = mockCerberusPrincipalWithPrincipalTypeAndUserGroups(PrincipalType.USER, userGroups);
Set<UserGroupPermission> userGroupPermissions = mockUserGroupPermissionWithName();
Mockito.when(userGroupPermissionService.getUserGroupPermissions("sdbId")).thenReturn(userGroupPermissions);
boolean hasPermission = permissionValidationService.doesPrincipalHaveReadPermission(cerberusPrincipal, "sdbId");
Assert.assertTrue(hasPermission);
}
use of com.nike.cerberus.security.CerberusPrincipal in project cerberus by Nike-Inc.
the class PermissionValidationServiceTest method testDoesPrincipalHaveSdbPermissionsForActionWhenRequestAttributesWhenServletPathIsSecuredAndVerifyPathIsValid.
private void testDoesPrincipalHaveSdbPermissionsForActionWhenRequestAttributesWhenServletPathIsSecuredAndVerifyPathIsValid() {
PermissionValidationService permissionValidationService = Mockito.spy(createPermissionValidationServiceWithGroupCaseSensitive(false));
RequestAttributes requestAttributes = mockServletRequestAttributesWithRequestWithServletPath("/v1/secret/1/2/3/4");
Mockito.when(permissionValidationService.getRequestAttributesFromContext()).thenReturn(requestAttributes);
Mockito.when(sdbAccessRequest.getCategory()).thenReturn("category");
Mockito.when(sdbAccessRequest.getSdbSlug()).thenReturn("slug");
CerberusPrincipal cerberusPrincipal = mockCerberusPrincipalWithPrincipalTypeAndName(PrincipalType.USER, "name");
Mockito.when(permissionValidationService.getCerberusPrincipalFromContext()).thenReturn(cerberusPrincipal);
Mockito.when(safeDepositBoxService.getSafeDepositBoxIdByPath("category/slug/")).thenReturn(Optional.empty());
String exceptionMessage = "";
try {
permissionValidationService.doesPrincipalHaveSdbPermissionsForAction("READ");
} catch (ApiException apiException) {
exceptionMessage = apiException.getMessage();
}
Assert.assertTrue("The SDB for the path: category/slug/ was not found.".equals(exceptionMessage));
}
use of com.nike.cerberus.security.CerberusPrincipal in project cerberus by Nike-Inc.
the class PermissionValidationServiceTest method testDoesPrincipalHavePermissionForSdbWithPrincipalTypeIAMAndRoleIsNotAssumed.
@Test
public void testDoesPrincipalHavePermissionForSdbWithPrincipalTypeIAMAndRoleIsNotAssumed() {
PermissionValidationService permissionValidationService = createPermissionValidationServiceWithGroupCaseSensitive(true);
CerberusPrincipal cerberusPrincipal = mockCerberusPrincipalWithPrincipalTypeAndName(PrincipalType.IAM, IAM_PRINCIPAL_ARN);
String iamRootArn = "iamRootArn";
Mockito.when(awsIamRoleArnParser.convertPrincipalArnToRootArn(IAM_PRINCIPAL_ARN)).thenReturn(iamRootArn);
Mockito.when(awsIamRoleArnParser.isAssumedRoleArn(IAM_PRINCIPAL_ARN)).thenReturn(false);
String iamRoleArn = "iamRoleArn";
Mockito.when(awsIamRoleArnParser.convertPrincipalArnToRoleArn(IAM_PRINCIPAL_ARN)).thenReturn(iamRoleArn);
Mockito.when(permissionsDao.doesIamPrincipalHaveRoleForSdb(Mockito.eq("sdbId"), Mockito.eq(IAM_PRINCIPAL_ARN), Mockito.eq(iamRootArn), Mockito.anySet())).thenReturn(true);
boolean hasPermission = permissionValidationService.doesPrincipalHavePermissionForSdb(cerberusPrincipal, "sdbId", SecureDataAction.READ);
Assert.assertTrue(hasPermission);
Mockito.verify(permissionsDao, Mockito.never()).doesUserHavePermsForRoleAndSdbCaseInsensitive(Mockito.eq("sdbId"), Mockito.anySet(), Mockito.anySet());
Mockito.verify(permissionsDao).doesIamPrincipalHaveRoleForSdb(Mockito.anyString(), Mockito.anyString(), Mockito.anyString(), Mockito.anySet());
}
use of com.nike.cerberus.security.CerberusPrincipal in project cerberus by Nike-Inc.
the class PermissionValidationServiceTest method mockCerberusPrincipalWithPrincipalTypeAndUserGroups.
private CerberusPrincipal mockCerberusPrincipalWithPrincipalTypeAndUserGroups(PrincipalType principalType, Set<String> userGroups) {
CerberusPrincipal cerberusPrincipal = Mockito.mock(CerberusPrincipal.class);
Mockito.when(cerberusPrincipal.getPrincipalType()).thenReturn(principalType);
Mockito.when(cerberusPrincipal.getUserGroups()).thenReturn(userGroups);
return cerberusPrincipal;
}
Aggregations