use of com.nike.cerberus.security.CerberusPrincipal in project cerberus by Nike-Inc.
the class PermissionValidationServiceTest method testDoesPrincipalHavePermissionForSdbWithPrincipalTypeUserAndCaseSensitive.
@Test
public void testDoesPrincipalHavePermissionForSdbWithPrincipalTypeUserAndCaseSensitive() {
PermissionValidationService permissionValidationService = createPermissionValidationServiceWithGroupCaseSensitive(true);
Set<String> userGroups = new HashSet<>();
userGroups.add("userGroup1");
CerberusPrincipal cerberusPrincipal = mockCerberusPrincipalWithPrincipalTypeAndUserGroups(PrincipalType.USER, userGroups);
Mockito.when(permissionsDao.doesUserPrincipalHaveRoleForSdb(Mockito.eq("sdbId"), Mockito.anySet(), Mockito.anySet())).thenReturn(true);
boolean hasPermission = permissionValidationService.doesPrincipalHavePermissionForSdb(cerberusPrincipal, "sdbId", SecureDataAction.READ);
Assert.assertTrue(hasPermission);
Mockito.verify(permissionsDao, Mockito.never()).doesUserHavePermsForRoleAndSdbCaseInsensitive(Mockito.eq("sdbId"), Mockito.anySet(), Mockito.anySet());
Mockito.verify(permissionsDao).doesUserPrincipalHaveRoleForSdb(Mockito.anyString(), Mockito.anySet(), Mockito.anySet());
}
use of com.nike.cerberus.security.CerberusPrincipal in project cerberus by Nike-Inc.
the class SafeDepositBoxServiceTest method test_that_getAssociatedSafeDepositBoxes_checks_iam_role.
@Test
@SuppressFBWarnings
public void test_that_getAssociatedSafeDepositBoxes_checks_iam_role() {
String iamRoleArn = "arn:aws:iam::123456789012:role/Accounting-Role";
String rootArn = "arn:aws:iam::123456789012:root";
SafeDepositBoxRecord safeDepositBoxRecord1 = new SafeDepositBoxRecord();
List<SafeDepositBoxRecord> roleArnRecords = Lists.newArrayList(safeDepositBoxRecord1);
when(safeDepositBoxDao.getIamPrincipalAssociatedSafeDepositBoxes(iamRoleArn, rootArn)).thenReturn(roleArnRecords);
when(awsIamRoleArnParser.isAssumedRoleArn(iamRoleArn)).thenReturn(false);
when(awsIamRoleArnParser.convertPrincipalArnToRootArn(iamRoleArn)).thenReturn(rootArn);
CerberusPrincipal roleArnPrincipal = mock(CerberusPrincipal.class);
doReturn(PrincipalType.IAM).when(roleArnPrincipal).getPrincipalType();
doReturn(iamRoleArn).when(roleArnPrincipal).getName();
List<SafeDepositBoxSummary> roleArnSdbSummaries = safeDepositBoxServiceSpy.getAssociatedSafeDepositBoxes(roleArnPrincipal);
assertEquals(roleArnRecords.size(), roleArnSdbSummaries.size());
}
use of com.nike.cerberus.security.CerberusPrincipal in project cerberus by Nike-Inc.
the class AuthenticationServiceTest method tests_that_refreshUserToken_throws_access_denied_when_an_iam_principal_tries_to_call_it.
@Test
public void tests_that_refreshUserToken_throws_access_denied_when_an_iam_principal_tries_to_call_it() {
CerberusPrincipal principal = mock(CerberusPrincipal.class);
when(principal.getPrincipalType()).thenReturn(PrincipalType.IAM);
Exception e = null;
try {
authenticationService.refreshUserToken(principal);
} catch (Exception e2) {
e = e2;
}
IsInstanceOf isInstanceOfException = new IsInstanceOf(ApiException.class);
assertTrue(isInstanceOfException.matches(e));
assertTrue(((ApiException) e).getApiErrors().get(0).getErrorCode().equals(DefaultApiError.USER_ONLY_RESOURCE.getErrorCode()));
}
use of com.nike.cerberus.security.CerberusPrincipal in project cerberus by Nike-Inc.
the class PermissionValidationServiceTest method mockCerberusPrincipalWithPrincipalTypeAndName.
private CerberusPrincipal mockCerberusPrincipalWithPrincipalTypeAndName(PrincipalType principalType, String name) {
CerberusPrincipal cerberusPrincipal = Mockito.mock(CerberusPrincipal.class);
Mockito.when(cerberusPrincipal.getPrincipalType()).thenReturn(principalType);
Mockito.when(cerberusPrincipal.getName()).thenReturn(name);
return cerberusPrincipal;
}
use of com.nike.cerberus.security.CerberusPrincipal in project cerberus by Nike-Inc.
the class PermissionValidationServiceTest method testDoesPrincipalHaveOwnerPermissionsWithGroupsCaseInSensitiveUserGroupsInUpperCse.
@Test
public void testDoesPrincipalHaveOwnerPermissionsWithGroupsCaseInSensitiveUserGroupsInUpperCse() {
PermissionValidationService permissionValidationService = createPermissionValidationServiceWithGroupCaseSensitive(false);
Set<String> userGroups = new HashSet<>();
userGroups.add("USERGROUP1");
SafeDepositBoxV2 safeDepositBoxV2 = mockSafeDepositBoxV2WithOwner("userGroup1");
Mockito.when(safeDepositBoxService.getSafeDepositBoxDangerouslyWithoutPermissionValidation("sdbId")).thenReturn(safeDepositBoxV2);
CerberusPrincipal cerberusPrincipal = mockCerberusPrincipalWithPrincipalTypeAndUserGroups(PrincipalType.USER, userGroups);
boolean hasOwnerPermission = permissionValidationService.doesPrincipalHaveOwnerPermissions(cerberusPrincipal, "sdbId");
Assert.assertTrue(hasOwnerPermission);
}
Aggregations