use of com.nike.cerberus.security.CerberusPrincipal in project cerberus by Nike-Inc.
the class PermissionValidationServiceTest method testDoesPrincipalHavePermissionForSdbWithPrincipalTypeUserAndCaseInsensitive.
@Test
public void testDoesPrincipalHavePermissionForSdbWithPrincipalTypeUserAndCaseInsensitive() {
PermissionValidationService permissionValidationService = createPermissionValidationServiceWithGroupCaseSensitive(false);
Set<String> userGroups = new HashSet<>();
userGroups.add("userGroup1");
CerberusPrincipal cerberusPrincipal = mockCerberusPrincipalWithPrincipalTypeAndUserGroups(PrincipalType.USER, userGroups);
Mockito.when(permissionsDao.doesUserHavePermsForRoleAndSdbCaseInsensitive(Mockito.eq("sdbId"), Mockito.anySet(), Mockito.anySet())).thenReturn(true);
boolean hasPermission = permissionValidationService.doesPrincipalHavePermissionForSdb(cerberusPrincipal, "sdbId", SecureDataAction.READ);
Assert.assertTrue(hasPermission);
Mockito.verify(permissionsDao).doesUserHavePermsForRoleAndSdbCaseInsensitive(Mockito.eq("sdbId"), Mockito.anySet(), Mockito.anySet());
Mockito.verify(permissionsDao, Mockito.never()).doesUserPrincipalHaveRoleForSdb(Mockito.anyString(), Mockito.anySet(), Mockito.anySet());
}
use of com.nike.cerberus.security.CerberusPrincipal in project cerberus by Nike-Inc.
the class AuthenticationServiceTest method tests_that_refreshUserToken_refreshes_token_when_count_is_less_than_limit.
@Test
public void tests_that_refreshUserToken_refreshes_token_when_count_is_less_than_limit() {
Integer curCount = MAX_LIMIT - 1;
CerberusAuthToken authToken = CerberusAuthToken.Builder.create().withPrincipalType(PrincipalType.USER).withPrincipal("principal").withGroups("group1,group2").withRefreshCount(curCount).withToken(UUID.randomUUID().toString()).build();
CerberusPrincipal principal = new CerberusPrincipal(authToken);
OffsetDateTime now = OffsetDateTime.now();
when(authTokenService.generateToken(anyString(), any(PrincipalType.class), anyBoolean(), anyString(), anyInt(), anyInt())).thenReturn(CerberusAuthToken.Builder.create().withPrincipalType(PrincipalType.USER).withPrincipal("principal").withGroups("group1,group2").withRefreshCount(curCount + 1).withToken(UUID.randomUUID().toString()).withCreated(now).withExpires(now.plusHours(1)).build());
AuthResponse response = authenticationService.refreshUserToken(principal);
assertEquals(curCount + 1, Integer.parseInt(response.getData().getClientToken().getMetadata().get(CerberusPrincipal.METADATA_KEY_TOKEN_REFRESH_COUNT)));
}
use of com.nike.cerberus.security.CerberusPrincipal in project cerberus by Nike-Inc.
the class PermissionValidationServiceTest method testDoesPrincipalHaveOwnerPermissionsWithGroupsCaseSensitive.
@Test
public void testDoesPrincipalHaveOwnerPermissionsWithGroupsCaseSensitive() {
PermissionValidationService permissionValidationService = createPermissionValidationServiceWithGroupCaseSensitive(true);
Set<String> userGroups = new HashSet<>();
userGroups.add("userGroup1");
SafeDepositBoxV2 safeDepositBoxV2 = mockSafeDepositBoxV2WithOwner("userGroup1");
Mockito.when(safeDepositBoxService.getSafeDepositBoxDangerouslyWithoutPermissionValidation("sdbId")).thenReturn(safeDepositBoxV2);
CerberusPrincipal cerberusPrincipal = mockCerberusPrincipalWithPrincipalTypeAndUserGroups(PrincipalType.USER, userGroups);
boolean hasOwnerPermission = permissionValidationService.doesPrincipalHaveOwnerPermissions(cerberusPrincipal, "sdbId");
Assert.assertTrue(hasOwnerPermission);
}
use of com.nike.cerberus.security.CerberusPrincipal in project cerberus by Nike-Inc.
the class PermissionValidationServiceTest method testDoesPrincipalHaveOwnerPermissionsWithGroupsCaseInSensitiveUserGroupsInLowerCse.
@Test
public void testDoesPrincipalHaveOwnerPermissionsWithGroupsCaseInSensitiveUserGroupsInLowerCse() {
PermissionValidationService permissionValidationService = createPermissionValidationServiceWithGroupCaseSensitive(false);
Set<String> userGroups = new HashSet<>();
userGroups.add("usergroup1");
SafeDepositBoxV2 safeDepositBoxV2 = mockSafeDepositBoxV2WithOwner("userGroup1");
Mockito.when(safeDepositBoxService.getSafeDepositBoxDangerouslyWithoutPermissionValidation("sdbId")).thenReturn(safeDepositBoxV2);
CerberusPrincipal cerberusPrincipal = mockCerberusPrincipalWithPrincipalTypeAndUserGroups(PrincipalType.USER, userGroups);
boolean hasOwnerPermission = permissionValidationService.doesPrincipalHaveOwnerPermissions(cerberusPrincipal, "sdbId");
Assert.assertTrue(hasOwnerPermission);
}
use of com.nike.cerberus.security.CerberusPrincipal in project cerberus by Nike-Inc.
the class SafeDepositBoxServiceTest method test_that_getAssociatedSafeDepositBoxes_checks_assumed_role_and_its_base_iam_role.
@Test
@SuppressFBWarnings
public void test_that_getAssociatedSafeDepositBoxes_checks_assumed_role_and_its_base_iam_role() {
String assumedRoleArn = "arn:aws:sts::123456789012:assumed-role/Accounting-Role/Mary";
String iamRoleArn = "arn:aws:iam::123456789012:role/Accounting-Role";
String rootArn = "arn:aws:iam::123456789012:root";
CerberusPrincipal AssumedRoleArnPrincipal = mock(CerberusPrincipal.class);
doReturn(PrincipalType.IAM).when(AssumedRoleArnPrincipal).getPrincipalType();
doReturn(assumedRoleArn).when(AssumedRoleArnPrincipal).getName();
when(awsIamRoleArnParser.isAssumedRoleArn(assumedRoleArn)).thenReturn(true);
when(awsIamRoleArnParser.convertPrincipalArnToRoleArn(assumedRoleArn)).thenReturn(iamRoleArn);
when(awsIamRoleArnParser.convertPrincipalArnToRootArn(assumedRoleArn)).thenReturn(rootArn);
SafeDepositBoxRecord safeDepositBoxRecord1 = new SafeDepositBoxRecord();
SafeDepositBoxRecord safeDepositBoxRecord2 = new SafeDepositBoxRecord();
List<SafeDepositBoxRecord> assumedRoleArnRecords = Lists.newArrayList(safeDepositBoxRecord1, safeDepositBoxRecord2);
when(safeDepositBoxDao.getAssumedRoleAssociatedSafeDepositBoxes(assumedRoleArn, iamRoleArn, rootArn)).thenReturn(assumedRoleArnRecords);
List<SafeDepositBoxSummary> sdbSummaries = safeDepositBoxServiceSpy.getAssociatedSafeDepositBoxes(AssumedRoleArnPrincipal);
assertEquals(assumedRoleArnRecords.size(), sdbSummaries.size());
}
Aggregations