Search in sources :

Example 11 with CredentialRequest

use of com.sequenceiq.environment.api.v1.credential.model.request.CredentialRequest in project cloudbreak by hortonworks.

the class CredentialValidatorTest method testValidateAwsCredentialRequestNotAWS.

@Test
void testValidateAwsCredentialRequestNotAWS() {
    CredentialRequest request = new CredentialRequest();
    request.setCloudPlatform("AZURE");
    ValidationResult result = underTest.validateAwsCredentialRequest(request);
    assertTrue(result.hasError());
    assertEquals("Credential request is not for AWS.", result.getErrors().get(0));
}
Also used : CredentialRequest(com.sequenceiq.environment.api.v1.credential.model.request.CredentialRequest) ValidationResult(com.sequenceiq.cloudbreak.validation.ValidationResult) Test(org.junit.jupiter.api.Test) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 12 with CredentialRequest

use of com.sequenceiq.environment.api.v1.credential.model.request.CredentialRequest in project cloudbreak by hortonworks.

the class CredentialValidatorTest method testValidateAwsCredentialRequestValid.

@Test
void testValidateAwsCredentialRequestValid() {
    CredentialRequest request = new CredentialRequest();
    request.setCloudPlatform("AWS");
    AwsCredentialParameters aws = new AwsCredentialParameters();
    RoleBasedParameters roleBased = new RoleBasedParameters();
    roleBased.setRoleArn("arn");
    aws.setRoleBased(roleBased);
    request.setAws(aws);
    ValidationResult result = underTest.validateAwsCredentialRequest(request);
    assertFalse(result.hasError());
}
Also used : CredentialRequest(com.sequenceiq.environment.api.v1.credential.model.request.CredentialRequest) RoleBasedParameters(com.sequenceiq.environment.api.v1.credential.model.parameters.aws.RoleBasedParameters) ValidationResult(com.sequenceiq.cloudbreak.validation.ValidationResult) AwsCredentialParameters(com.sequenceiq.environment.api.v1.credential.model.parameters.aws.AwsCredentialParameters) Test(org.junit.jupiter.api.Test) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 13 with CredentialRequest

use of com.sequenceiq.environment.api.v1.credential.model.request.CredentialRequest in project cloudbreak by hortonworks.

the class CredentialValidatorTest method testValidateAwsCredentialRequestNoArn.

@Test
void testValidateAwsCredentialRequestNoArn() {
    CredentialRequest request = new CredentialRequest();
    request.setCloudPlatform("AWS");
    AwsCredentialParameters aws = new AwsCredentialParameters();
    aws.setRoleBased(new RoleBasedParameters());
    request.setAws(aws);
    ValidationResult result = underTest.validateAwsCredentialRequest(request);
    assertTrue(result.hasError());
    assertEquals("Role ARN is not found in credential request.", result.getErrors().get(0));
}
Also used : CredentialRequest(com.sequenceiq.environment.api.v1.credential.model.request.CredentialRequest) RoleBasedParameters(com.sequenceiq.environment.api.v1.credential.model.parameters.aws.RoleBasedParameters) ValidationResult(com.sequenceiq.cloudbreak.validation.ValidationResult) AwsCredentialParameters(com.sequenceiq.environment.api.v1.credential.model.parameters.aws.AwsCredentialParameters) Test(org.junit.jupiter.api.Test) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 14 with CredentialRequest

use of com.sequenceiq.environment.api.v1.credential.model.request.CredentialRequest in project cloudbreak by hortonworks.

the class EnvironmentServiceIntegrationTest method setup.

@BeforeEach
public void setup() {
    client = new EnvironmentServiceClientBuilder(String.format(SERVICE_ADDRESS, port)).withCertificateValidation(false).withDebug(true).withIgnorePreValidation(true).build().withCrn(TEST_USER_CRN);
    credential = new Credential();
    credential.setName("credential_test");
    credential.setResourceCrn(TEST_RESOURCE_CRN);
    credential.setAccountId(TEST_ACCOUNT_ID);
    credential.setCloudPlatform("AWS");
    credential.setCreator(TEST_USER_CRN);
    credential.setDescription("description");
    credential.setGovCloud(false);
    credential.setArchived(false);
    credential.setType(ENVIRONMENT);
    credentialRequest = new CredentialRequest();
    when(entitlementService.azureEnabled(any())).thenReturn(true);
    doNothing().when(grpcUmsClient).assignResourceRole(anyString(), anyString(), anyString(), any(), any());
    lenient().when(grpcUmsClient.hasRights(anyString(), anyList(), any(), any())).then(i -> {
        List<RightCheck> rightChecks = i.getArgument(1);
        return rightChecks.stream().map(r -> Boolean.TRUE).collect(toList());
    });
    lenient().when(grpcUmsClient.checkAccountRight(anyString(), anyString(), any(), any())).thenReturn(true);
    Map<String, Boolean> rightCheckMap = Maps.newHashMap();
    rightCheckMap.put(credential.getResourceCrn(), true);
    when(umsResourceAuthorizationService.getRightOfUserOnResources(anyString(), any(), anyList())).thenReturn(rightCheckMap);
    when(grpcUmsClient.getResourceRoles(any(), any())).thenReturn(Set.of("crn:altus:iam:us-west-1:altus:resourceRole:Owner", "crn:altus:iam:us-west-1:altus:resourceRole:EnvironmentAdmin"));
}
Also used : RightCheck(com.cloudera.thunderhead.service.authorization.AuthorizationProto.RightCheck) BeforeEach(org.junit.jupiter.api.BeforeEach) CloudContext(com.sequenceiq.cloudbreak.cloud.context.CloudContext) EntitlementService(com.sequenceiq.cloudbreak.auth.altus.EntitlementService) CredentialVerificationRequest(com.sequenceiq.cloudbreak.cloud.event.credential.CredentialVerificationRequest) ResourceDefinitionResult(com.sequenceiq.cloudbreak.cloud.event.platform.ResourceDefinitionResult) SecretService(com.sequenceiq.cloudbreak.service.secret.service.SecretService) ActiveProfiles(org.springframework.test.context.ActiveProfiles) CredentialResponse(com.sequenceiq.environment.api.v1.credential.model.response.CredentialResponse) NetworkService(com.sequenceiq.environment.network.NetworkService) Map(java.util.Map) ENVIRONMENT(com.sequenceiq.common.model.CredentialType.ENVIRONMENT) AzureCredentialRequestParameters(com.sequenceiq.environment.api.v1.credential.model.parameters.azure.AzureCredentialRequestParameters) BadRequestException(javax.ws.rs.BadRequestException) RoleBasedRequest(com.sequenceiq.environment.api.v1.credential.model.parameters.azure.RoleBasedRequest) AwsDefaultRegionSelectionFailed(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsDefaultRegionSelectionFailed) InteractiveLoginRequest(com.sequenceiq.cloudbreak.cloud.event.credential.InteractiveLoginRequest) MockBean(org.springframework.boot.test.mock.mockito.MockBean) UmsResourceAuthorizationService(com.sequenceiq.authorization.service.UmsResourceAuthorizationService) AwsCredentialParameters(com.sequenceiq.environment.api.v1.credential.model.parameters.aws.AwsCredentialParameters) Set(java.util.Set) Mockito.doNothing(org.mockito.Mockito.doNothing) ArgumentMatchers.anyList(org.mockito.ArgumentMatchers.anyList) CredentialStatus(com.sequenceiq.cloudbreak.cloud.model.CredentialStatus) NotFoundException(javax.ws.rs.NotFoundException) Test(org.junit.jupiter.api.Test) ProxyResponses(com.sequenceiq.environment.api.v1.proxy.model.response.ProxyResponses) List(java.util.List) SpringBootTest(org.springframework.boot.test.context.SpringBootTest) CloudCredentialStatus(com.sequenceiq.cloudbreak.cloud.model.CloudCredentialStatus) Assertions.assertTrue(org.junit.jupiter.api.Assertions.assertTrue) Optional(java.util.Optional) ProxyTestSource.getProxyConfig(com.sequenceiq.environment.proxy.v1.ProxyTestSource.getProxyConfig) ProxyConfigRepository(com.sequenceiq.environment.proxy.repository.ProxyConfigRepository) InitCodeGrantFlowRequest(com.sequenceiq.cloudbreak.cloud.event.credential.InitCodeGrantFlowRequest) UmsAccountAuthorizationService(com.sequenceiq.authorization.service.UmsAccountAuthorizationService) Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) Mock(org.mockito.Mock) Credential(com.sequenceiq.environment.credential.domain.Credential) ProxyRequest(com.sequenceiq.environment.api.v1.proxy.model.request.ProxyRequest) ArgumentMatchers.anyBoolean(org.mockito.ArgumentMatchers.anyBoolean) Mockito.lenient(org.mockito.Mockito.lenient) CredentialRepository(com.sequenceiq.environment.credential.repository.CredentialRepository) TestConfigurationForServiceIntegration(com.sequenceiq.environment.service.integration.testconfiguration.TestConfigurationForServiceIntegration) Inject(javax.inject.Inject) ProxyResponse(com.sequenceiq.environment.api.v1.proxy.model.response.ProxyResponse) CredentialRequest(com.sequenceiq.environment.api.v1.credential.model.request.CredentialRequest) FileReaderUtils(com.sequenceiq.cloudbreak.util.FileReaderUtils) Assertions.assertEquals(org.junit.jupiter.api.Assertions.assertEquals) RightCheck(com.cloudera.thunderhead.service.authorization.AuthorizationProto.RightCheck) EnvironmentServiceClientBuilder(com.sequenceiq.environment.client.EnvironmentServiceClientBuilder) ForbiddenException(javax.ws.rs.ForbiddenException) QuartzJobInitializer(com.sequenceiq.cloudbreak.quartz.configuration.QuartzJobInitializer) CredentialVerificationResult(com.sequenceiq.cloudbreak.cloud.event.credential.CredentialVerificationResult) ResourceDefinitionRequest(com.sequenceiq.cloudbreak.cloud.event.platform.ResourceDefinitionRequest) Mockito.when(org.mockito.Mockito.when) CloudCredential(com.sequenceiq.cloudbreak.cloud.model.CloudCredential) Maps(com.google.common.collect.Maps) GrpcUmsClient(com.sequenceiq.cloudbreak.auth.altus.GrpcUmsClient) KeyBasedParameters(com.sequenceiq.environment.api.v1.credential.model.parameters.aws.KeyBasedParameters) LocalServerPort(org.springframework.boot.web.server.LocalServerPort) EnvironmentServiceCrnEndpoints(com.sequenceiq.environment.client.EnvironmentServiceCrnEndpoints) Collectors.toList(java.util.stream.Collectors.toList) AfterEach(org.junit.jupiter.api.AfterEach) ProxyTestSource.getProxyRequest(com.sequenceiq.environment.proxy.v1.ProxyTestSource.getProxyRequest) Assertions(org.junit.jupiter.api.Assertions) InteractiveCredentialResponse(com.sequenceiq.environment.api.v1.credential.model.response.InteractiveCredentialResponse) RequestProvider(com.sequenceiq.environment.credential.service.RequestProvider) InteractiveLoginResult(com.sequenceiq.cloudbreak.cloud.event.credential.InteractiveLoginResult) ProxyConfig(com.sequenceiq.environment.proxy.domain.ProxyConfig) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) CredentialResponses(com.sequenceiq.environment.api.v1.credential.model.response.CredentialResponses) CredentialRequest(com.sequenceiq.environment.api.v1.credential.model.request.CredentialRequest) Credential(com.sequenceiq.environment.credential.domain.Credential) CloudCredential(com.sequenceiq.cloudbreak.cloud.model.CloudCredential) EnvironmentServiceClientBuilder(com.sequenceiq.environment.client.EnvironmentServiceClientBuilder) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) ArgumentMatchers.anyBoolean(org.mockito.ArgumentMatchers.anyBoolean) BeforeEach(org.junit.jupiter.api.BeforeEach)

Example 15 with CredentialRequest

use of com.sequenceiq.environment.api.v1.credential.model.request.CredentialRequest in project cloudbreak by hortonworks.

the class CredentialValidator method validateAwsCredentialRequest.

public ValidationResult validateAwsCredentialRequest(CredentialRequest credentialRequest) {
    ValidationResultBuilder resultBuilder = new ValidationResultBuilder();
    resultBuilder.ifError(() -> !CloudPlatform.AWS.name().equalsIgnoreCase(credentialRequest.getCloudPlatform()), "Credential request is not for AWS.");
    resultBuilder.ifError(() -> StringUtils.isBlank(Optional.ofNullable(credentialRequest.getAws()).map(AwsCredentialParameters::getRoleBased).map(RoleBasedParameters::getRoleArn).orElse(null)), "Role ARN is not found in credential request.");
    return resultBuilder.build();
}
Also used : ValidationResultBuilder(com.sequenceiq.cloudbreak.validation.ValidationResult.ValidationResultBuilder) AwsCredentialParameters(com.sequenceiq.environment.api.v1.credential.model.parameters.aws.AwsCredentialParameters)

Aggregations

CredentialRequest (com.sequenceiq.environment.api.v1.credential.model.request.CredentialRequest)10 Test (org.junit.jupiter.api.Test)8 ValidationResult (com.sequenceiq.cloudbreak.validation.ValidationResult)5 AwsCredentialParameters (com.sequenceiq.environment.api.v1.credential.model.parameters.aws.AwsCredentialParameters)5 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)5 EditCredentialRequest (com.sequenceiq.environment.api.v1.credential.model.request.EditCredentialRequest)4 InteractiveCredentialResponse (com.sequenceiq.environment.api.v1.credential.model.response.InteractiveCredentialResponse)4 CredentialResponse (com.sequenceiq.environment.api.v1.credential.model.response.CredentialResponse)3 CheckPermissionByAccount (com.sequenceiq.authorization.annotation.CheckPermissionByAccount)2 InteractiveLoginResult (com.sequenceiq.cloudbreak.cloud.event.credential.InteractiveLoginResult)2 ResourceDefinitionResult (com.sequenceiq.cloudbreak.cloud.event.platform.ResourceDefinitionResult)2 RoleBasedParameters (com.sequenceiq.environment.api.v1.credential.model.parameters.aws.RoleBasedParameters)2 AzureCredentialRequestParameters (com.sequenceiq.environment.api.v1.credential.model.parameters.azure.AzureCredentialRequestParameters)2 RoleBasedRequest (com.sequenceiq.environment.api.v1.credential.model.parameters.azure.RoleBasedRequest)2 CredentialResponses (com.sequenceiq.environment.api.v1.credential.model.response.CredentialResponses)2 Credential (com.sequenceiq.environment.credential.domain.Credential)2 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)2 RightCheck (com.cloudera.thunderhead.service.authorization.AuthorizationProto.RightCheck)1 Maps (com.google.common.collect.Maps)1 AuthorizationResourceAction (com.sequenceiq.authorization.resource.AuthorizationResourceAction)1