use of com.sequenceiq.cloudbreak.auth.altus.GrpcUmsClient in project cloudbreak by hortonworks.
the class UtilAuthorizationServiceTest method testCheckResourceRight.
@Test
public void testCheckResourceRight() {
AuthorizationProto.RightCheck dhStartRightCheck = AuthorizationProto.RightCheck.newBuilder().setRight(RightV4.DH_START.getAction().getRight()).setResource("dhCrn").build();
AuthorizationProto.RightCheck dhStartEnvRightCheck = AuthorizationProto.RightCheck.newBuilder().setRight(RightV4.DH_START.getAction().getRight()).setResource("envCrn").build();
AuthorizationProto.RightCheck dhStopRightCheck = AuthorizationProto.RightCheck.newBuilder().setRight(RightV4.DH_STOP.getAction().getRight()).setResource("dhCrn").build();
AuthorizationProto.RightCheck dhStopEnvRightCheck = AuthorizationProto.RightCheck.newBuilder().setRight(RightV4.DH_STOP.getAction().getRight()).setResource("envCrn").build();
AuthorizationProto.RightCheck dlRepairRightCheck = AuthorizationProto.RightCheck.newBuilder().setRight(RightV4.SDX_REPAIR.getAction().getRight()).setResource("dlCrn").build();
AuthorizationProto.RightCheck dlRepairEnvRightCheck = AuthorizationProto.RightCheck.newBuilder().setRight(RightV4.SDX_REPAIR.getAction().getRight()).setResource("env2crn").build();
AuthorizationProto.RightCheck dlUpgradeRightCheck = AuthorizationProto.RightCheck.newBuilder().setRight(RightV4.SDX_UPGRADE.getAction().getRight()).setResource("dlCrn").build();
AuthorizationProto.RightCheck dlUpgradeEnvRightCheck = AuthorizationProto.RightCheck.newBuilder().setRight(RightV4.SDX_UPGRADE.getAction().getRight()).setResource("env2crn").build();
AuthorizationProto.RightCheck dlRecoveryRightCheck = AuthorizationProto.RightCheck.newBuilder().setRight(RightV4.SDX_RECOVER.getAction().getRight()).setResource("dlCrn").build();
AuthorizationProto.RightCheck dlRecoveryEnvRightCheck = AuthorizationProto.RightCheck.newBuilder().setRight(RightV4.SDX_RECOVER.getAction().getRight()).setResource("env2crn").build();
when(grpcUmsClient.hasRights(anyString(), eq(Arrays.asList(dhStartRightCheck, dhStartEnvRightCheck, dhStopRightCheck, dhStopEnvRightCheck, dlRepairRightCheck, dlRepairEnvRightCheck, dlUpgradeRightCheck, dlUpgradeEnvRightCheck, dlRecoveryRightCheck, dlRecoveryEnvRightCheck)), any(), any())).thenReturn(Lists.newArrayList(Boolean.FALSE, Boolean.FALSE, Boolean.TRUE, Boolean.TRUE, Boolean.FALSE, Boolean.TRUE, Boolean.TRUE, Boolean.FALSE, Boolean.TRUE, Boolean.FALSE));
when(resourceCrnAthorizationFactory.calcAuthorization(eq("dhCrn"), eq(RightV4.DH_START.getAction()))).thenReturn(Optional.of(new HasRightOnAny(RightV4.DH_START.getAction(), Arrays.asList("dhCrn", "envCrn"))));
when(resourceCrnAthorizationFactory.calcAuthorization(eq("dhCrn"), eq(RightV4.DH_STOP.getAction()))).thenReturn(Optional.of(new HasRightOnAny(RightV4.DH_STOP.getAction(), Arrays.asList("dhCrn", "envCrn"))));
when(resourceCrnAthorizationFactory.calcAuthorization(eq("dlCrn"), eq(RightV4.SDX_REPAIR.getAction()))).thenReturn(Optional.of(new HasRightOnAny(RightV4.SDX_REPAIR.getAction(), Arrays.asList("dlCrn", "env2crn"))));
when(resourceCrnAthorizationFactory.calcAuthorization(eq("dlCrn"), eq(RightV4.SDX_UPGRADE.getAction()))).thenReturn(Optional.of(new HasRightOnAny(RightV4.SDX_UPGRADE.getAction(), Arrays.asList("dlCrn", "env2crn"))));
when(resourceCrnAthorizationFactory.calcAuthorization(eq("dlCrn"), eq(RightV4.SDX_RECOVER.getAction()))).thenReturn(Optional.of(new HasRightOnAny(RightV4.SDX_RECOVER.getAction(), Arrays.asList("dlCrn", "env2crn"))));
CheckResourceRightsV4Request rightReq = new CheckResourceRightsV4Request();
rightReq.setResourceRights(Lists.newArrayList(createResourceRightV4("dhCrn", RightV4.DH_START, RightV4.DH_STOP), createResourceRightV4("dlCrn", RightV4.SDX_REPAIR, RightV4.SDX_UPGRADE, RightV4.SDX_RECOVER)));
CheckResourceRightsV4Response rightResult = ThreadBasedUserCrnProvider.doAs(USER_CRN, () -> underTest.checkRightsOnResources(rightReq));
rightResult.getResponses().forEach(checkResourceRightV4SingleResponse -> checkResourceRightV4SingleResponse.getRights().forEach(checkRightV4SingleResponse -> {
if (checkRightV4SingleResponse.getRight().equals(RightV4.DH_START)) {
assertFalse(checkRightV4SingleResponse.getResult());
}
if (checkRightV4SingleResponse.getRight().equals(RightV4.DH_STOP)) {
assertTrue(checkRightV4SingleResponse.getResult());
}
if (checkRightV4SingleResponse.getRight().equals(RightV4.SDX_REPAIR)) {
assertTrue(checkRightV4SingleResponse.getResult());
}
if (checkRightV4SingleResponse.getRight().equals(RightV4.SDX_UPGRADE)) {
assertTrue(checkRightV4SingleResponse.getResult());
}
if (checkRightV4SingleResponse.getRight().equals(RightV4.SDX_RECOVER)) {
assertTrue(checkRightV4SingleResponse.getResult());
}
}));
verify(grpcUmsClient, times(1)).hasRights(anyString(), any(), any(), any());
}
use of com.sequenceiq.cloudbreak.auth.altus.GrpcUmsClient in project cloudbreak by hortonworks.
the class UtilAuthorizationServiceTest method testCheckResourceRightFallback.
@Test
public void testCheckResourceRightFallback() {
when(grpcUmsClient.hasRights(anyString(), any(), any(), any())).thenReturn(Lists.newLinkedList(Arrays.asList(Boolean.TRUE, Boolean.FALSE, Boolean.FALSE, Boolean.TRUE)));
CheckResourceRightsV4Request rightReq = new CheckResourceRightsV4Request();
List<ResourceRightsV4> resourceRights = new LinkedList<>();
resourceRights.add(createResourceRightV4("envCrn", RightV4.ENV_STOP, RightV4.ENV_START));
resourceRights.add(createResourceRightV4("dhCrn", RightV4.DH_START, RightV4.DH_STOP));
rightReq.setResourceRights(resourceRights);
CheckResourceRightsV4Response rightResult = ThreadBasedUserCrnProvider.doAs(USER_CRN, () -> underTest.checkRightsOnResources(rightReq));
rightResult.getResponses().forEach(checkResourceRightV4SingleResponse -> checkResourceRightV4SingleResponse.getRights().forEach(checkRightV4SingleResponse -> {
if (checkRightV4SingleResponse.getRight().equals(RightV4.ENV_STOP) || checkRightV4SingleResponse.getRight().equals(RightV4.DH_STOP)) {
assertTrue(checkRightV4SingleResponse.getResult());
}
if (checkRightV4SingleResponse.getRight().equals(RightV4.DH_START) || checkRightV4SingleResponse.getRight().equals(RightV4.ENV_START)) {
assertFalse(checkRightV4SingleResponse.getResult());
}
}));
verify(grpcUmsClient, times(1)).hasRights(anyString(), any(), any(), any());
}
use of com.sequenceiq.cloudbreak.auth.altus.GrpcUmsClient in project cloudbreak by hortonworks.
the class EnvironmentServiceIntegrationTest method setup.
@BeforeEach
public void setup() {
client = new EnvironmentServiceClientBuilder(String.format(SERVICE_ADDRESS, port)).withCertificateValidation(false).withDebug(true).withIgnorePreValidation(true).build().withCrn(TEST_USER_CRN);
credential = new Credential();
credential.setName("credential_test");
credential.setResourceCrn(TEST_RESOURCE_CRN);
credential.setAccountId(TEST_ACCOUNT_ID);
credential.setCloudPlatform("AWS");
credential.setCreator(TEST_USER_CRN);
credential.setDescription("description");
credential.setGovCloud(false);
credential.setArchived(false);
credential.setType(ENVIRONMENT);
credentialRequest = new CredentialRequest();
when(entitlementService.azureEnabled(any())).thenReturn(true);
doNothing().when(grpcUmsClient).assignResourceRole(anyString(), anyString(), anyString(), any(), any());
lenient().when(grpcUmsClient.hasRights(anyString(), anyList(), any(), any())).then(i -> {
List<RightCheck> rightChecks = i.getArgument(1);
return rightChecks.stream().map(r -> Boolean.TRUE).collect(toList());
});
lenient().when(grpcUmsClient.checkAccountRight(anyString(), anyString(), any(), any())).thenReturn(true);
Map<String, Boolean> rightCheckMap = Maps.newHashMap();
rightCheckMap.put(credential.getResourceCrn(), true);
when(umsResourceAuthorizationService.getRightOfUserOnResources(anyString(), any(), anyList())).thenReturn(rightCheckMap);
when(grpcUmsClient.getResourceRoles(any(), any())).thenReturn(Set.of("crn:altus:iam:us-west-1:altus:resourceRole:Owner", "crn:altus:iam:us-west-1:altus:resourceRole:EnvironmentAdmin"));
}
Aggregations