Search in sources :

Example 6 with CerberusPrincipal

use of com.nike.cerberus.security.CerberusPrincipal in project cerberus by Nike-Inc.

the class PermissionValidationServiceTest method testDoesPrincipalHaveSdbPermissionsForActionWhenRequestAttributesWhenServletPathIsSecuredAndVerifySdbidPresent.

private void testDoesPrincipalHaveSdbPermissionsForActionWhenRequestAttributesWhenServletPathIsSecuredAndVerifySdbidPresent() {
    PermissionValidationService permissionValidationService = Mockito.spy(createPermissionValidationServiceWithGroupCaseSensitive(false));
    RequestAttributes requestAttributes = mockServletRequestAttributesWithRequestWithServletPath("/v1/secret/1/2/3/4");
    Mockito.when(permissionValidationService.getRequestAttributesFromContext()).thenReturn(requestAttributes);
    Mockito.when(sdbAccessRequest.getCategory()).thenReturn("category");
    Mockito.when(sdbAccessRequest.getSdbSlug()).thenReturn("slug");
    CerberusPrincipal cerberusPrincipal = mockCerberusPrincipalWithPrincipalTypeAndName(PrincipalType.USER, "name");
    Mockito.when(permissionValidationService.getCerberusPrincipalFromContext()).thenReturn(cerberusPrincipal);
    Mockito.when(safeDepositBoxService.getSafeDepositBoxIdByPath("category/slug/")).thenReturn(Optional.of("sdbId"));
    String exceptionMessage = "";
    try {
        permissionValidationService.doesPrincipalHaveSdbPermissionsForAction("READ");
    } catch (ApiException apiException) {
        exceptionMessage = apiException.getMessage();
    }
    Assert.assertEquals("Permission was not granted for principal: name for path: category/slug/", exceptionMessage);
}
Also used : ServletRequestAttributes(org.springframework.web.context.request.ServletRequestAttributes) RequestAttributes(org.springframework.web.context.request.RequestAttributes) CerberusPrincipal(com.nike.cerberus.security.CerberusPrincipal) ApiException(com.nike.backstopper.exception.ApiException)

Example 7 with CerberusPrincipal

use of com.nike.cerberus.security.CerberusPrincipal in project cerberus by Nike-Inc.

the class PermissionValidationServiceTest method testDoesPrincipalHaveReadPermissionWithPrincipalTypeAndGroupsCaseInSensitiveHavingUserGroupsInUpperCase.

@Test
public void testDoesPrincipalHaveReadPermissionWithPrincipalTypeAndGroupsCaseInSensitiveHavingUserGroupsInUpperCase() {
    PermissionValidationService permissionValidationService = createPermissionValidationServiceWithGroupCaseSensitive(false);
    Set<String> userGroups = new HashSet<>();
    userGroups.add("USERGROUP1");
    CerberusPrincipal cerberusPrincipal = mockCerberusPrincipalWithPrincipalTypeAndUserGroups(PrincipalType.USER, userGroups);
    Set<UserGroupPermission> userGroupPermissions = mockUserGroupPermissionWithName();
    Mockito.when(userGroupPermissionService.getUserGroupPermissions("sdbId")).thenReturn(userGroupPermissions);
    boolean hasPermission = permissionValidationService.doesPrincipalHaveReadPermission(cerberusPrincipal, "sdbId");
    Assert.assertTrue(hasPermission);
}
Also used : UserGroupPermission(com.nike.cerberus.domain.UserGroupPermission) CerberusPrincipal(com.nike.cerberus.security.CerberusPrincipal) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 8 with CerberusPrincipal

use of com.nike.cerberus.security.CerberusPrincipal in project cerberus by Nike-Inc.

the class PermissionValidationServiceTest method testDoesPrincipalHaveSdbPermissionsForActionWhenRequestAttributesWhenServletPathIsSecuredAndVerifyPathIsValid.

private void testDoesPrincipalHaveSdbPermissionsForActionWhenRequestAttributesWhenServletPathIsSecuredAndVerifyPathIsValid() {
    PermissionValidationService permissionValidationService = Mockito.spy(createPermissionValidationServiceWithGroupCaseSensitive(false));
    RequestAttributes requestAttributes = mockServletRequestAttributesWithRequestWithServletPath("/v1/secret/1/2/3/4");
    Mockito.when(permissionValidationService.getRequestAttributesFromContext()).thenReturn(requestAttributes);
    Mockito.when(sdbAccessRequest.getCategory()).thenReturn("category");
    Mockito.when(sdbAccessRequest.getSdbSlug()).thenReturn("slug");
    CerberusPrincipal cerberusPrincipal = mockCerberusPrincipalWithPrincipalTypeAndName(PrincipalType.USER, "name");
    Mockito.when(permissionValidationService.getCerberusPrincipalFromContext()).thenReturn(cerberusPrincipal);
    Mockito.when(safeDepositBoxService.getSafeDepositBoxIdByPath("category/slug/")).thenReturn(Optional.empty());
    String exceptionMessage = "";
    try {
        permissionValidationService.doesPrincipalHaveSdbPermissionsForAction("READ");
    } catch (ApiException apiException) {
        exceptionMessage = apiException.getMessage();
    }
    Assert.assertTrue("The SDB for the path: category/slug/ was not found.".equals(exceptionMessage));
}
Also used : ServletRequestAttributes(org.springframework.web.context.request.ServletRequestAttributes) RequestAttributes(org.springframework.web.context.request.RequestAttributes) CerberusPrincipal(com.nike.cerberus.security.CerberusPrincipal) ApiException(com.nike.backstopper.exception.ApiException)

Example 9 with CerberusPrincipal

use of com.nike.cerberus.security.CerberusPrincipal in project cerberus by Nike-Inc.

the class PermissionValidationServiceTest method testDoesPrincipalHavePermissionForSdbWithPrincipalTypeIAMAndRoleIsNotAssumed.

@Test
public void testDoesPrincipalHavePermissionForSdbWithPrincipalTypeIAMAndRoleIsNotAssumed() {
    PermissionValidationService permissionValidationService = createPermissionValidationServiceWithGroupCaseSensitive(true);
    CerberusPrincipal cerberusPrincipal = mockCerberusPrincipalWithPrincipalTypeAndName(PrincipalType.IAM, IAM_PRINCIPAL_ARN);
    String iamRootArn = "iamRootArn";
    Mockito.when(awsIamRoleArnParser.convertPrincipalArnToRootArn(IAM_PRINCIPAL_ARN)).thenReturn(iamRootArn);
    Mockito.when(awsIamRoleArnParser.isAssumedRoleArn(IAM_PRINCIPAL_ARN)).thenReturn(false);
    String iamRoleArn = "iamRoleArn";
    Mockito.when(awsIamRoleArnParser.convertPrincipalArnToRoleArn(IAM_PRINCIPAL_ARN)).thenReturn(iamRoleArn);
    Mockito.when(permissionsDao.doesIamPrincipalHaveRoleForSdb(Mockito.eq("sdbId"), Mockito.eq(IAM_PRINCIPAL_ARN), Mockito.eq(iamRootArn), Mockito.anySet())).thenReturn(true);
    boolean hasPermission = permissionValidationService.doesPrincipalHavePermissionForSdb(cerberusPrincipal, "sdbId", SecureDataAction.READ);
    Assert.assertTrue(hasPermission);
    Mockito.verify(permissionsDao, Mockito.never()).doesUserHavePermsForRoleAndSdbCaseInsensitive(Mockito.eq("sdbId"), Mockito.anySet(), Mockito.anySet());
    Mockito.verify(permissionsDao).doesIamPrincipalHaveRoleForSdb(Mockito.anyString(), Mockito.anyString(), Mockito.anyString(), Mockito.anySet());
}
Also used : CerberusPrincipal(com.nike.cerberus.security.CerberusPrincipal) Test(org.junit.Test)

Example 10 with CerberusPrincipal

use of com.nike.cerberus.security.CerberusPrincipal in project cerberus by Nike-Inc.

the class PermissionValidationServiceTest method mockCerberusPrincipalWithPrincipalTypeAndUserGroups.

private CerberusPrincipal mockCerberusPrincipalWithPrincipalTypeAndUserGroups(PrincipalType principalType, Set<String> userGroups) {
    CerberusPrincipal cerberusPrincipal = Mockito.mock(CerberusPrincipal.class);
    Mockito.when(cerberusPrincipal.getPrincipalType()).thenReturn(principalType);
    Mockito.when(cerberusPrincipal.getUserGroups()).thenReturn(userGroups);
    return cerberusPrincipal;
}
Also used : CerberusPrincipal(com.nike.cerberus.security.CerberusPrincipal)

Aggregations

CerberusPrincipal (com.nike.cerberus.security.CerberusPrincipal)33 Test (org.junit.Test)27 HashSet (java.util.HashSet)11 SafeDepositBoxV2 (com.nike.cerberus.domain.SafeDepositBoxV2)7 ApiException (com.nike.backstopper.exception.ApiException)4 UserGroupPermission (com.nike.cerberus.domain.UserGroupPermission)4 SafeDepositBoxSummary (com.nike.cerberus.domain.SafeDepositBoxSummary)3 RequestAttributes (org.springframework.web.context.request.RequestAttributes)3 ServletRequestAttributes (org.springframework.web.context.request.ServletRequestAttributes)3 JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)2 SafeDepositBoxRecord (com.nike.cerberus.record.SafeDepositBoxRecord)2 SuppressFBWarnings (edu.umd.cs.findbugs.annotations.SuppressFBWarnings)2 OffsetDateTime (java.time.OffsetDateTime)2 IsInstanceOf (org.hamcrest.core.IsInstanceOf)2 PrincipalType (com.nike.cerberus.PrincipalType)1 AuthResponse (com.nike.cerberus.auth.connector.AuthResponse)1 CerberusAuthToken (com.nike.cerberus.domain.CerberusAuthToken)1 PrincipalHasWritePermsForPath (com.nike.cerberus.security.PrincipalHasWritePermsForPath)1 ArrayList (java.util.ArrayList)1 HttpEntity (org.springframework.http.HttpEntity)1