Examples with HasRightOnAny com.sequenceiq.authorization.service.model.HasRightOnAny used on opensource projects

Search in sources :

Example 1 with HasRightOnAny

use of com.sequenceiq.authorization.service.model.HasRightOnAny in project cloudbreak by hortonworks.

the class UtilAuthorizationServiceTest method testCheckResourceRight.

@Test
public void testCheckResourceRight() {
    AuthorizationProto.RightCheck dhStartRightCheck = AuthorizationProto.RightCheck.newBuilder().setRight(RightV4.DH_START.getAction().getRight()).setResource("dhCrn").build();
    AuthorizationProto.RightCheck dhStartEnvRightCheck = AuthorizationProto.RightCheck.newBuilder().setRight(RightV4.DH_START.getAction().getRight()).setResource("envCrn").build();
    AuthorizationProto.RightCheck dhStopRightCheck = AuthorizationProto.RightCheck.newBuilder().setRight(RightV4.DH_STOP.getAction().getRight()).setResource("dhCrn").build();
    AuthorizationProto.RightCheck dhStopEnvRightCheck = AuthorizationProto.RightCheck.newBuilder().setRight(RightV4.DH_STOP.getAction().getRight()).setResource("envCrn").build();
    AuthorizationProto.RightCheck dlRepairRightCheck = AuthorizationProto.RightCheck.newBuilder().setRight(RightV4.SDX_REPAIR.getAction().getRight()).setResource("dlCrn").build();
    AuthorizationProto.RightCheck dlRepairEnvRightCheck = AuthorizationProto.RightCheck.newBuilder().setRight(RightV4.SDX_REPAIR.getAction().getRight()).setResource("env2crn").build();
    AuthorizationProto.RightCheck dlUpgradeRightCheck = AuthorizationProto.RightCheck.newBuilder().setRight(RightV4.SDX_UPGRADE.getAction().getRight()).setResource("dlCrn").build();
    AuthorizationProto.RightCheck dlUpgradeEnvRightCheck = AuthorizationProto.RightCheck.newBuilder().setRight(RightV4.SDX_UPGRADE.getAction().getRight()).setResource("env2crn").build();
    AuthorizationProto.RightCheck dlRecoveryRightCheck = AuthorizationProto.RightCheck.newBuilder().setRight(RightV4.SDX_RECOVER.getAction().getRight()).setResource("dlCrn").build();
    AuthorizationProto.RightCheck dlRecoveryEnvRightCheck = AuthorizationProto.RightCheck.newBuilder().setRight(RightV4.SDX_RECOVER.getAction().getRight()).setResource("env2crn").build();
    when(grpcUmsClient.hasRights(anyString(), eq(Arrays.asList(dhStartRightCheck, dhStartEnvRightCheck, dhStopRightCheck, dhStopEnvRightCheck, dlRepairRightCheck, dlRepairEnvRightCheck, dlUpgradeRightCheck, dlUpgradeEnvRightCheck, dlRecoveryRightCheck, dlRecoveryEnvRightCheck)), any(), any())).thenReturn(Lists.newArrayList(Boolean.FALSE, Boolean.FALSE, Boolean.TRUE, Boolean.TRUE, Boolean.FALSE, Boolean.TRUE, Boolean.TRUE, Boolean.FALSE, Boolean.TRUE, Boolean.FALSE));
    when(resourceCrnAthorizationFactory.calcAuthorization(eq("dhCrn"), eq(RightV4.DH_START.getAction()))).thenReturn(Optional.of(new HasRightOnAny(RightV4.DH_START.getAction(), Arrays.asList("dhCrn", "envCrn"))));
    when(resourceCrnAthorizationFactory.calcAuthorization(eq("dhCrn"), eq(RightV4.DH_STOP.getAction()))).thenReturn(Optional.of(new HasRightOnAny(RightV4.DH_STOP.getAction(), Arrays.asList("dhCrn", "envCrn"))));
    when(resourceCrnAthorizationFactory.calcAuthorization(eq("dlCrn"), eq(RightV4.SDX_REPAIR.getAction()))).thenReturn(Optional.of(new HasRightOnAny(RightV4.SDX_REPAIR.getAction(), Arrays.asList("dlCrn", "env2crn"))));
    when(resourceCrnAthorizationFactory.calcAuthorization(eq("dlCrn"), eq(RightV4.SDX_UPGRADE.getAction()))).thenReturn(Optional.of(new HasRightOnAny(RightV4.SDX_UPGRADE.getAction(), Arrays.asList("dlCrn", "env2crn"))));
    when(resourceCrnAthorizationFactory.calcAuthorization(eq("dlCrn"), eq(RightV4.SDX_RECOVER.getAction()))).thenReturn(Optional.of(new HasRightOnAny(RightV4.SDX_RECOVER.getAction(), Arrays.asList("dlCrn", "env2crn"))));
    CheckResourceRightsV4Request rightReq = new CheckResourceRightsV4Request();
    rightReq.setResourceRights(Lists.newArrayList(createResourceRightV4("dhCrn", RightV4.DH_START, RightV4.DH_STOP), createResourceRightV4("dlCrn", RightV4.SDX_REPAIR, RightV4.SDX_UPGRADE, RightV4.SDX_RECOVER)));
    CheckResourceRightsV4Response rightResult = ThreadBasedUserCrnProvider.doAs(USER_CRN, () -> underTest.checkRightsOnResources(rightReq));
    rightResult.getResponses().forEach(checkResourceRightV4SingleResponse -> checkResourceRightV4SingleResponse.getRights().forEach(checkRightV4SingleResponse -> {
        if (checkRightV4SingleResponse.getRight().equals(RightV4.DH_START)) {
            assertFalse(checkRightV4SingleResponse.getResult());
        }
        if (checkRightV4SingleResponse.getRight().equals(RightV4.DH_STOP)) {
            assertTrue(checkRightV4SingleResponse.getResult());
        }
        if (checkRightV4SingleResponse.getRight().equals(RightV4.SDX_REPAIR)) {
            assertTrue(checkRightV4SingleResponse.getResult());
        }
        if (checkRightV4SingleResponse.getRight().equals(RightV4.SDX_UPGRADE)) {
            assertTrue(checkRightV4SingleResponse.getResult());
        }
        if (checkRightV4SingleResponse.getRight().equals(RightV4.SDX_RECOVER)) {
            assertTrue(checkRightV4SingleResponse.getResult());
        }
    }));
    verify(grpcUmsClient, times(1)).hasRights(anyString(), any(), any(), any());
}
Also used : CheckResourceRightsV4Request(com.sequenceiq.authorization.info.model.CheckResourceRightsV4Request) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) BeforeEach(org.junit.jupiter.api.BeforeEach) Arrays(java.util.Arrays) CheckRightOnResourcesV4Response(com.sequenceiq.authorization.info.model.CheckRightOnResourcesV4Response) CheckRightV4Request(com.sequenceiq.authorization.info.model.CheckRightV4Request) EntitlementService(com.sequenceiq.cloudbreak.auth.altus.EntitlementService) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) Mock(org.mockito.Mock) Assert.assertThrows(org.junit.Assert.assertThrows) ResourceRightsV4(com.sequenceiq.authorization.info.model.ResourceRightsV4) ResourceFilteringService(com.sequenceiq.authorization.service.list.ResourceFilteringService) Mockito.lenient(org.mockito.Mockito.lenient) Function(java.util.function.Function) RightV4(com.sequenceiq.authorization.info.model.RightV4) ThreadBasedUserCrnProvider(com.sequenceiq.cloudbreak.auth.ThreadBasedUserCrnProvider) Lists(com.google.common.collect.Lists) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) Resource(com.sequenceiq.authorization.service.list.Resource) CheckRightV4Response(com.sequenceiq.authorization.info.model.CheckRightV4Response) Mockito.doAnswer(org.mockito.Mockito.doAnswer) AuthorizationProto(com.cloudera.thunderhead.service.authorization.AuthorizationProto) CheckResourceRightsV4Request(com.sequenceiq.authorization.info.model.CheckResourceRightsV4Request) ResourceListProvider(com.sequenceiq.authorization.service.list.ResourceListProvider) LinkedList(java.util.LinkedList) CheckResourceRightsV4Response(com.sequenceiq.authorization.info.model.CheckResourceRightsV4Response) CheckRightOnResourcesV4Request(com.sequenceiq.authorization.info.model.CheckRightOnResourcesV4Request) InjectMocks(org.mockito.InjectMocks) BadRequestException(com.sequenceiq.cloudbreak.common.exception.BadRequestException) MockitoExtension(org.mockito.junit.jupiter.MockitoExtension) Predicate(java.util.function.Predicate) Assert.assertTrue(org.junit.Assert.assertTrue) ReflectionTestUtils(org.springframework.test.util.ReflectionTestUtils) Mockito.when(org.mockito.Mockito.when) ArgumentMatchers.anyList(org.mockito.ArgumentMatchers.anyList) Collectors(java.util.stream.Collectors) GrpcUmsClient(com.sequenceiq.cloudbreak.auth.altus.GrpcUmsClient) Mockito.verify(org.mockito.Mockito.verify) Test(org.junit.jupiter.api.Test) HasRightOnAny(com.sequenceiq.authorization.service.model.HasRightOnAny) List(java.util.List) Stream(java.util.stream.Stream) CheckResourceRightV4Response(com.sequenceiq.authorization.info.model.CheckResourceRightV4Response) VerificationModeFactory.times(org.mockito.internal.verification.VerificationModeFactory.times) Assert.assertFalse(org.junit.Assert.assertFalse) Optional(java.util.Optional) AuthorizationResourceAction(com.sequenceiq.authorization.resource.AuthorizationResourceAction) Assert.assertEquals(org.junit.Assert.assertEquals) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) AuthorizationProto(com.cloudera.thunderhead.service.authorization.AuthorizationProto) HasRightOnAny(com.sequenceiq.authorization.service.model.HasRightOnAny) CheckResourceRightsV4Response(com.sequenceiq.authorization.info.model.CheckResourceRightsV4Response) Test(org.junit.jupiter.api.Test)

Example 2 with HasRightOnAny

use of com.sequenceiq.authorization.service.model.HasRightOnAny in project cloudbreak by hortonworks.

the class EnvironmentBasedAuthorizationProvider method getAuthorizations.

public Optional<AuthorizationRule> getAuthorizations(String resourceCrn, AuthorizationResourceAction action) {
    if (action.getAuthorizationResourceType().isHierarchicalAuthorizationNeeded()) {
        AuthorizationEnvironmentCrnProvider environmentCrnProvider = environmentCrnProviderMap.get(action.getAuthorizationResourceType());
        if (environmentCrnProvider == null) {
            LOGGER.error("There is no resource based crn provider implemented for action {} against resource type {}, " + "thus authorization is failing automatically.", action, Crn.safeFromString(resourceCrn).getResourceType().name());
            throw new AccessDeniedException(String.format("Action %s is not supported over resource %s, thus access is denied", action.getRight(), resourceCrn));
        }
        Optional<String> environmentCrnByResourceCrn = environmentCrnProvider.getEnvironmentCrnByResourceCrn(resourceCrn);
        if (environmentCrnByResourceCrn.isPresent()) {
            return Optional.of(new HasRightOnAny(action, List.of(environmentCrnByResourceCrn.get(), resourceCrn)));
        } else {
            return Optional.of(new HasRight(action, resourceCrn));
        }
    } else {
        return Optional.of(new HasRight(action, resourceCrn));
    }
}
Also used : HasRight(com.sequenceiq.authorization.service.model.HasRight) AccessDeniedException(org.springframework.security.access.AccessDeniedException) HasRightOnAny(com.sequenceiq.authorization.service.model.HasRightOnAny)

Example 3 with HasRightOnAny

use of com.sequenceiq.authorization.service.model.HasRightOnAny in project cloudbreak by hortonworks.

the class ResourceCrnAthorizationProviderTest method testAuthorizationWhenEnvCrnIsPresent.

@Test
public void testAuthorizationWhenEnvCrnIsPresent() {
    Optional<AuthorizationRule> expected = Optional.of(new HasRightOnAny(ACTION, List.of(ENV_CRN, RESOURCE_CRN)));
    when(environmentBasedAuthorizationProvider.getAuthorizations(RESOURCE_CRN, ACTION)).thenReturn(expected);
    Optional<AuthorizationRule> authorization = underTest.getAuthorization(getAnnotation(), USER_CRN, null, null);
    assertEquals(expected, authorization);
}
Also used : HasRightOnAny(com.sequenceiq.authorization.service.model.HasRightOnAny) AuthorizationRule(com.sequenceiq.authorization.service.model.AuthorizationRule) Test(org.junit.Test)

Aggregations

HasRightOnAny (com.sequenceiq.authorization.service.model.HasRightOnAny)3 AuthorizationProto (com.cloudera.thunderhead.service.authorization.AuthorizationProto)1 Lists (com.google.common.collect.Lists)1 CheckResourceRightV4Response (com.sequenceiq.authorization.info.model.CheckResourceRightV4Response)1 CheckResourceRightsV4Request (com.sequenceiq.authorization.info.model.CheckResourceRightsV4Request)1 CheckResourceRightsV4Response (com.sequenceiq.authorization.info.model.CheckResourceRightsV4Response)1 CheckRightOnResourcesV4Request (com.sequenceiq.authorization.info.model.CheckRightOnResourcesV4Request)1 CheckRightOnResourcesV4Response (com.sequenceiq.authorization.info.model.CheckRightOnResourcesV4Response)1 CheckRightV4Request (com.sequenceiq.authorization.info.model.CheckRightV4Request)1 CheckRightV4Response (com.sequenceiq.authorization.info.model.CheckRightV4Response)1 ResourceRightsV4 (com.sequenceiq.authorization.info.model.ResourceRightsV4)1 RightV4 (com.sequenceiq.authorization.info.model.RightV4)1 AuthorizationResourceAction (com.sequenceiq.authorization.resource.AuthorizationResourceAction)1 Resource (com.sequenceiq.authorization.service.list.Resource)1 ResourceFilteringService (com.sequenceiq.authorization.service.list.ResourceFilteringService)1 ResourceListProvider (com.sequenceiq.authorization.service.list.ResourceListProvider)1 AuthorizationRule (com.sequenceiq.authorization.service.model.AuthorizationRule)1 HasRight (com.sequenceiq.authorization.service.model.HasRight)1 ThreadBasedUserCrnProvider (com.sequenceiq.cloudbreak.auth.ThreadBasedUserCrnProvider)1 EntitlementService (com.sequenceiq.cloudbreak.auth.altus.EntitlementService)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial