Search in sources :

Example 11 with RoleRequest

use of com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.RoleRequest in project cloudbreak by hortonworks.

the class KerberosMgmtRoleComponentV1Test method testAddRoleAndPrivilegesForHostWithRole.

@Test
public void testAddRoleAndPrivilegesForHostWithRole() throws Exception {
    Host host = new Host();
    host.setFqdn(HOST);
    RoleRequest roleRequest = new RoleRequest();
    roleRequest.setRoleName(ROLE);
    Set<String> privileges = new HashSet<>();
    privileges.add(PRIVILEGE1);
    privileges.add(PRIVILEGE2);
    roleRequest.setPrivileges(privileges);
    Role role = new Role();
    role.setCn(ROLE);
    Mockito.when(mockIpaClient.addRole(anyString())).thenReturn(role);
    Privilege privilege = new Privilege();
    Set<String> hosts = new HashSet<>();
    hosts.add(HOST);
    Set<String> noServices = new HashSet<>();
    Mockito.when(mockIpaClient.showRole(roleRequest.getRoleName())).thenThrow(new FreeIpaClientException("notfound", new JsonRpcClientException(NOT_FOUND, "notfound", null))).thenReturn(role);
    Mockito.when(mockIpaClient.showPrivilege(any())).thenReturn(privilege);
    Mockito.when(mockIpaClient.addRolePrivileges(any(), any())).thenReturn(role);
    Mockito.when(mockIpaClient.addRoleMember(any(), any(), any(), any(), any(), any())).thenReturn(role);
    underTest.addRoleAndPrivileges(Optional.empty(), Optional.of(host), roleRequest, mockIpaClient);
    Mockito.verify(mockIpaClient).addRole(ROLE);
    Mockito.verify(mockIpaClient).addRolePrivileges(ROLE, privileges);
    Mockito.verify(mockIpaClient).addRoleMember(ROLE, null, null, hosts, null, noServices);
}
Also used : Role(com.sequenceiq.freeipa.client.model.Role) JsonRpcClientException(com.googlecode.jsonrpc4j.JsonRpcClientException) FreeIpaClientException(com.sequenceiq.freeipa.client.FreeIpaClientException) Host(com.sequenceiq.freeipa.client.model.Host) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Privilege(com.sequenceiq.freeipa.client.model.Privilege) RoleRequest(com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.RoleRequest) HashSet(java.util.HashSet) Test(org.junit.jupiter.api.Test)

Example 12 with RoleRequest

use of com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.RoleRequest in project cloudbreak by hortonworks.

the class KerberosMgmtRoleComponentV1Test method testAddRoleAndPrivilegesForHostWithException.

@Test
public void testAddRoleAndPrivilegesForHostWithException() throws Exception {
    Host host = new Host();
    host.setFqdn(HOST);
    RoleRequest roleRequest = new RoleRequest();
    roleRequest.setRoleName(ROLE);
    Set<String> privileges = new HashSet<>();
    privileges.add(PRIVILEGE1);
    privileges.add(PRIVILEGE2);
    roleRequest.setPrivileges(privileges);
    Role role = new Role();
    role.setCn(ROLE);
    Mockito.when(mockIpaClient.addRole(anyString())).thenThrow(new FreeIpaClientException("expected"));
    Mockito.when(mockIpaClient.showRole(roleRequest.getRoleName())).thenThrow(new FreeIpaClientException("notfound", new JsonRpcClientException(NOT_FOUND, "notfound", null))).thenReturn(role);
    assertThrows(FreeIpaClientException.class, () -> underTest.addRoleAndPrivileges(Optional.empty(), Optional.of(host), roleRequest, mockIpaClient));
}
Also used : Role(com.sequenceiq.freeipa.client.model.Role) JsonRpcClientException(com.googlecode.jsonrpc4j.JsonRpcClientException) FreeIpaClientException(com.sequenceiq.freeipa.client.FreeIpaClientException) Host(com.sequenceiq.freeipa.client.model.Host) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) RoleRequest(com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.RoleRequest) HashSet(java.util.HashSet) Test(org.junit.jupiter.api.Test)

Example 13 with RoleRequest

use of com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.RoleRequest in project cloudbreak by hortonworks.

the class HostKeytabServiceTest method testGenerateHostKeytabPrivilegeDoesntExist.

@Test
public void testGenerateHostKeytabPrivilegeDoesntExist() throws FreeIpaClientException {
    HostKeytabRequest request = new HostKeytabRequest();
    request.setEnvironmentCrn(ENVIRONMENT_CRN);
    request.setRoleRequest(new RoleRequest());
    Stack stack = new Stack();
    when(keytabCommonService.getFreeIpaStackWithMdcContext(request.getEnvironmentCrn(), ACCOUNT_ID)).thenReturn(stack);
    FreeIpaClient freeIpaClient = mock(FreeIpaClient.class);
    when(freeIpaClientFactory.getFreeIpaClientForStack(stack)).thenReturn(freeIpaClient);
    when(roleComponent.privilegesExist(request.getRoleRequest(), freeIpaClient)).thenReturn(Boolean.FALSE);
    assertThrows(BadRequestException.class, () -> underTest.generateHostKeytab(request, ACCOUNT_ID));
}
Also used : HostKeytabRequest(com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.HostKeytabRequest) FreeIpaClient(com.sequenceiq.freeipa.client.FreeIpaClient) RoleRequest(com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.RoleRequest) Stack(com.sequenceiq.freeipa.entity.Stack) Test(org.junit.jupiter.api.Test)

Example 14 with RoleRequest

use of com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.RoleRequest in project cloudbreak by hortonworks.

the class HostKeytabServiceTest method testGetExistingHostKeytabRoleRequestSet.

@Test
public void testGetExistingHostKeytabRoleRequestSet() {
    HostKeytabRequest request = new HostKeytabRequest();
    request.setEnvironmentCrn(ENVIRONMENT_CRN);
    request.setRoleRequest(new RoleRequest());
    assertThrows(BadRequestException.class, () -> underTest.getExistingHostKeytab(request, ACCOUNT_ID));
}
Also used : HostKeytabRequest(com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.HostKeytabRequest) RoleRequest(com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.RoleRequest) Test(org.junit.jupiter.api.Test)

Example 15 with RoleRequest

use of com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.RoleRequest in project cloudbreak by hortonworks.

the class HostKeytabServiceTest method testGenerateHostKeytabHostDontHaveKeytab.

@Test
public void testGenerateHostKeytabHostDontHaveKeytab() throws FreeIpaClientException {
    HostKeytabRequest request = new HostKeytabRequest();
    request.setEnvironmentCrn(ENVIRONMENT_CRN);
    request.setRoleRequest(new RoleRequest());
    request.setDoNotRecreateKeytab(Boolean.TRUE);
    request.setServerHostName("asdf");
    Stack stack = new Stack();
    when(keytabCommonService.getFreeIpaStackWithMdcContext(request.getEnvironmentCrn(), ACCOUNT_ID)).thenReturn(stack);
    FreeIpaClient freeIpaClient = mock(FreeIpaClient.class);
    when(freeIpaClientFactory.getFreeIpaClientForStack(stack)).thenReturn(freeIpaClient);
    when(roleComponent.privilegesExist(request.getRoleRequest(), freeIpaClient)).thenReturn(Boolean.TRUE);
    Host host = new Host();
    host.setHasKeytab(Boolean.FALSE);
    host.setKrbprincipalname("dfdf");
    when(keytabCommonService.addHost(request.getServerHostName(), request.getRoleRequest(), freeIpaClient)).thenReturn(host);
    KeytabCache keytabCache = mock(KeytabCache.class);
    Secret keytabSecret = new Secret("keytab", "keytabSecret");
    Secret principalSecret = new Secret("principal", "principalSecret");
    when(keytabCache.getKeytab()).thenReturn(keytabSecret);
    when(keytabCache.getPrincipal()).thenReturn(principalSecret);
    when(keytabCommonService.getKeytab(request.getEnvironmentCrn(), host.getKrbprincipalname(), request.getServerHostName(), freeIpaClient)).thenReturn(keytabCache);
    SecretResponse keytabResponse = new SecretResponse();
    keytabResponse.setSecretPath("keytabPath");
    when(secretResponseConverter.convert(keytabCache.getKeytab().getSecret())).thenReturn(keytabResponse);
    SecretResponse principalResponse = new SecretResponse();
    principalResponse.setSecretPath("principalPath");
    when(secretResponseConverter.convert(keytabCache.getPrincipal().getSecret())).thenReturn(principalResponse);
    HostKeytabResponse response = underTest.generateHostKeytab(request, ACCOUNT_ID);
    assertEquals(keytabResponse, response.getKeytab());
    assertEquals(principalResponse, response.getHostPrincipal());
}
Also used : Secret(com.sequenceiq.cloudbreak.service.secret.domain.Secret) SecretResponse(com.sequenceiq.cloudbreak.service.secret.model.SecretResponse) HostKeytabResponse(com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.HostKeytabResponse) KeytabCache(com.sequenceiq.freeipa.entity.KeytabCache) HostKeytabRequest(com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.HostKeytabRequest) FreeIpaClient(com.sequenceiq.freeipa.client.FreeIpaClient) Host(com.sequenceiq.freeipa.client.model.Host) RoleRequest(com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.RoleRequest) Stack(com.sequenceiq.freeipa.entity.Stack) Test(org.junit.jupiter.api.Test)

Aggregations

RoleRequest (com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.RoleRequest)28 Test (org.junit.jupiter.api.Test)26 FreeIpaClient (com.sequenceiq.freeipa.client.FreeIpaClient)17 FreeIpaClientException (com.sequenceiq.freeipa.client.FreeIpaClientException)14 Host (com.sequenceiq.freeipa.client.model.Host)13 JsonRpcClientException (com.googlecode.jsonrpc4j.JsonRpcClientException)10 ServiceKeytabRequest (com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.ServiceKeytabRequest)8 Service (com.sequenceiq.freeipa.client.model.Service)7 HashSet (java.util.HashSet)7 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)7 Privilege (com.sequenceiq.freeipa.client.model.Privilege)6 Role (com.sequenceiq.freeipa.client.model.Role)6 HostKeytabRequest (com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.HostKeytabRequest)5 ServiceKeytabResponse (com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.ServiceKeytabResponse)5 RetryableFreeIpaClientException (com.sequenceiq.freeipa.client.RetryableFreeIpaClientException)5 Stack (com.sequenceiq.freeipa.entity.Stack)4 Optional (java.util.Optional)4 Secret (com.sequenceiq.cloudbreak.service.secret.domain.Secret)3 SecretResponse (com.sequenceiq.cloudbreak.service.secret.model.SecretResponse)3 HostKeytabResponse (com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.HostKeytabResponse)3