Search in sources :

Example 21 with CerberusPrincipal

use of com.nike.cerberus.security.CerberusPrincipal in project cerberus by Nike-Inc.

the class PermissionValidationServiceTest method testDoesPrincipalHavePermissionForSdbWithPrincipalTypeUserAndCaseSensitive.

@Test
public void testDoesPrincipalHavePermissionForSdbWithPrincipalTypeUserAndCaseSensitive() {
    PermissionValidationService permissionValidationService = createPermissionValidationServiceWithGroupCaseSensitive(true);
    Set<String> userGroups = new HashSet<>();
    userGroups.add("userGroup1");
    CerberusPrincipal cerberusPrincipal = mockCerberusPrincipalWithPrincipalTypeAndUserGroups(PrincipalType.USER, userGroups);
    Mockito.when(permissionsDao.doesUserPrincipalHaveRoleForSdb(Mockito.eq("sdbId"), Mockito.anySet(), Mockito.anySet())).thenReturn(true);
    boolean hasPermission = permissionValidationService.doesPrincipalHavePermissionForSdb(cerberusPrincipal, "sdbId", SecureDataAction.READ);
    Assert.assertTrue(hasPermission);
    Mockito.verify(permissionsDao, Mockito.never()).doesUserHavePermsForRoleAndSdbCaseInsensitive(Mockito.eq("sdbId"), Mockito.anySet(), Mockito.anySet());
    Mockito.verify(permissionsDao).doesUserPrincipalHaveRoleForSdb(Mockito.anyString(), Mockito.anySet(), Mockito.anySet());
}
Also used : CerberusPrincipal(com.nike.cerberus.security.CerberusPrincipal) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 22 with CerberusPrincipal

use of com.nike.cerberus.security.CerberusPrincipal in project cerberus by Nike-Inc.

the class SafeDepositBoxServiceTest method test_that_getAssociatedSafeDepositBoxes_checks_iam_role.

@Test
@SuppressFBWarnings
public void test_that_getAssociatedSafeDepositBoxes_checks_iam_role() {
    String iamRoleArn = "arn:aws:iam::123456789012:role/Accounting-Role";
    String rootArn = "arn:aws:iam::123456789012:root";
    SafeDepositBoxRecord safeDepositBoxRecord1 = new SafeDepositBoxRecord();
    List<SafeDepositBoxRecord> roleArnRecords = Lists.newArrayList(safeDepositBoxRecord1);
    when(safeDepositBoxDao.getIamPrincipalAssociatedSafeDepositBoxes(iamRoleArn, rootArn)).thenReturn(roleArnRecords);
    when(awsIamRoleArnParser.isAssumedRoleArn(iamRoleArn)).thenReturn(false);
    when(awsIamRoleArnParser.convertPrincipalArnToRootArn(iamRoleArn)).thenReturn(rootArn);
    CerberusPrincipal roleArnPrincipal = mock(CerberusPrincipal.class);
    doReturn(PrincipalType.IAM).when(roleArnPrincipal).getPrincipalType();
    doReturn(iamRoleArn).when(roleArnPrincipal).getName();
    List<SafeDepositBoxSummary> roleArnSdbSummaries = safeDepositBoxServiceSpy.getAssociatedSafeDepositBoxes(roleArnPrincipal);
    assertEquals(roleArnRecords.size(), roleArnSdbSummaries.size());
}
Also used : SafeDepositBoxSummary(com.nike.cerberus.domain.SafeDepositBoxSummary) CerberusPrincipal(com.nike.cerberus.security.CerberusPrincipal) SafeDepositBoxRecord(com.nike.cerberus.record.SafeDepositBoxRecord) Test(org.junit.Test) SuppressFBWarnings(edu.umd.cs.findbugs.annotations.SuppressFBWarnings)

Example 23 with CerberusPrincipal

use of com.nike.cerberus.security.CerberusPrincipal in project cerberus by Nike-Inc.

the class AuthenticationServiceTest method tests_that_refreshUserToken_throws_access_denied_when_an_iam_principal_tries_to_call_it.

@Test
public void tests_that_refreshUserToken_throws_access_denied_when_an_iam_principal_tries_to_call_it() {
    CerberusPrincipal principal = mock(CerberusPrincipal.class);
    when(principal.getPrincipalType()).thenReturn(PrincipalType.IAM);
    Exception e = null;
    try {
        authenticationService.refreshUserToken(principal);
    } catch (Exception e2) {
        e = e2;
    }
    IsInstanceOf isInstanceOfException = new IsInstanceOf(ApiException.class);
    assertTrue(isInstanceOfException.matches(e));
    assertTrue(((ApiException) e).getApiErrors().get(0).getErrorCode().equals(DefaultApiError.USER_ONLY_RESOURCE.getErrorCode()));
}
Also used : IsInstanceOf(org.hamcrest.core.IsInstanceOf) CerberusPrincipal(com.nike.cerberus.security.CerberusPrincipal) ApiException(com.nike.backstopper.exception.ApiException) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) ApiException(com.nike.backstopper.exception.ApiException) Test(org.junit.Test)

Example 24 with CerberusPrincipal

use of com.nike.cerberus.security.CerberusPrincipal in project cerberus by Nike-Inc.

the class PermissionValidationServiceTest method mockCerberusPrincipalWithPrincipalTypeAndName.

private CerberusPrincipal mockCerberusPrincipalWithPrincipalTypeAndName(PrincipalType principalType, String name) {
    CerberusPrincipal cerberusPrincipal = Mockito.mock(CerberusPrincipal.class);
    Mockito.when(cerberusPrincipal.getPrincipalType()).thenReturn(principalType);
    Mockito.when(cerberusPrincipal.getName()).thenReturn(name);
    return cerberusPrincipal;
}
Also used : CerberusPrincipal(com.nike.cerberus.security.CerberusPrincipal)

Example 25 with CerberusPrincipal

use of com.nike.cerberus.security.CerberusPrincipal in project cerberus by Nike-Inc.

the class PermissionValidationServiceTest method testDoesPrincipalHaveOwnerPermissionsWithGroupsCaseInSensitiveUserGroupsInUpperCse.

@Test
public void testDoesPrincipalHaveOwnerPermissionsWithGroupsCaseInSensitiveUserGroupsInUpperCse() {
    PermissionValidationService permissionValidationService = createPermissionValidationServiceWithGroupCaseSensitive(false);
    Set<String> userGroups = new HashSet<>();
    userGroups.add("USERGROUP1");
    SafeDepositBoxV2 safeDepositBoxV2 = mockSafeDepositBoxV2WithOwner("userGroup1");
    Mockito.when(safeDepositBoxService.getSafeDepositBoxDangerouslyWithoutPermissionValidation("sdbId")).thenReturn(safeDepositBoxV2);
    CerberusPrincipal cerberusPrincipal = mockCerberusPrincipalWithPrincipalTypeAndUserGroups(PrincipalType.USER, userGroups);
    boolean hasOwnerPermission = permissionValidationService.doesPrincipalHaveOwnerPermissions(cerberusPrincipal, "sdbId");
    Assert.assertTrue(hasOwnerPermission);
}
Also used : SafeDepositBoxV2(com.nike.cerberus.domain.SafeDepositBoxV2) CerberusPrincipal(com.nike.cerberus.security.CerberusPrincipal) HashSet(java.util.HashSet) Test(org.junit.Test)

Aggregations

CerberusPrincipal (com.nike.cerberus.security.CerberusPrincipal)33 Test (org.junit.Test)27 HashSet (java.util.HashSet)11 SafeDepositBoxV2 (com.nike.cerberus.domain.SafeDepositBoxV2)7 ApiException (com.nike.backstopper.exception.ApiException)4 UserGroupPermission (com.nike.cerberus.domain.UserGroupPermission)4 SafeDepositBoxSummary (com.nike.cerberus.domain.SafeDepositBoxSummary)3 RequestAttributes (org.springframework.web.context.request.RequestAttributes)3 ServletRequestAttributes (org.springframework.web.context.request.ServletRequestAttributes)3 JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)2 SafeDepositBoxRecord (com.nike.cerberus.record.SafeDepositBoxRecord)2 SuppressFBWarnings (edu.umd.cs.findbugs.annotations.SuppressFBWarnings)2 OffsetDateTime (java.time.OffsetDateTime)2 IsInstanceOf (org.hamcrest.core.IsInstanceOf)2 PrincipalType (com.nike.cerberus.PrincipalType)1 AuthResponse (com.nike.cerberus.auth.connector.AuthResponse)1 CerberusAuthToken (com.nike.cerberus.domain.CerberusAuthToken)1 PrincipalHasWritePermsForPath (com.nike.cerberus.security.PrincipalHasWritePermsForPath)1 ArrayList (java.util.ArrayList)1 HttpEntity (org.springframework.http.HttpEntity)1