Examples with RoleRequest com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.RoleRequest used on opensource projects

Search in sources :

Example 21 with RoleRequest

use of com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.RoleRequest in project cloudbreak by hortonworks.

the class ServiceKeytabServiceTest method testGenerateNotCachedDoNotRecreateFalsePrivilegeMissing.

@Test
public void testGenerateNotCachedDoNotRecreateFalsePrivilegeMissing() throws FreeIpaClientException {
    ServiceKeytabRequest request = new ServiceKeytabRequest();
    request.setEnvironmentCrn(ENVIRONMENT_CRN);
    request.setServiceName(SERVICE_NAME);
    request.setServerHostName(HOST);
    request.setDoNotRecreateKeytab(Boolean.FALSE);
    request.setServerHostNameAlias(ALIAS);
    RoleRequest roleRequest = new RoleRequest();
    request.setRoleRequest(roleRequest);
    when(keytabCacheService.findByEnvironmentCrnAndPrincipal(ENVIRONMENT_CRN, PRINCIPAL)).thenReturn(Optional.of(keytabCache));
    FreeIpaClient ipaClient = mock(FreeIpaClient.class);
    when(freeIpaClientFactory.getFreeIpaClientForStack(stack)).thenReturn(ipaClient);
    when(roleComponent.privilegesExist(roleRequest, ipaClient)).thenReturn(Boolean.FALSE);
    assertThrows(KeytabCreationException.class, () -> underTest.generateServiceKeytab(request, ACCOUNT_ID));
    verify(keytabCommonService, times(0)).addHost(eq(HOST), isNull(), eq(ipaClient));
}
Also used : ServiceKeytabRequest(com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.ServiceKeytabRequest) FreeIpaClient(com.sequenceiq.freeipa.client.FreeIpaClient) RoleRequest(com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.RoleRequest) Test(org.junit.jupiter.api.Test)

Example 22 with RoleRequest

use of com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.RoleRequest in project cloudbreak by hortonworks.

the class ServiceKeytabServiceTest method testGenerateExistingNotCachedServiceMissing.

@Test
public void testGenerateExistingNotCachedServiceMissing() throws FreeIpaClientException {
    ServiceKeytabRequest request = new ServiceKeytabRequest();
    request.setEnvironmentCrn(ENVIRONMENT_CRN);
    request.setServiceName(SERVICE_NAME);
    request.setServerHostName(HOST);
    request.setDoNotRecreateKeytab(Boolean.TRUE);
    request.setServerHostNameAlias(ALIAS);
    RoleRequest roleRequest = new RoleRequest();
    request.setRoleRequest(roleRequest);
    when(keytabCacheService.findByEnvironmentCrnAndPrincipal(ENVIRONMENT_CRN, PRINCIPAL)).thenReturn(Optional.empty());
    FreeIpaClient ipaClient = mock(FreeIpaClient.class);
    when(freeIpaClientFactory.getFreeIpaClientForStack(stack)).thenReturn(ipaClient);
    when(roleComponent.privilegesExist(roleRequest, ipaClient)).thenReturn(Boolean.TRUE);
    Service service = new Service();
    service.setKrbcanonicalname(PRINCIPAL);
    service.setHasKeytab(Boolean.TRUE);
    when(ipaClient.showService(PRINCIPAL)).thenThrow(new FreeIpaClientException("notfound", new JsonRpcClientException(NOT_FOUND.getValue(), "notfound", null)));
    when(ipaClient.addService(PRINCIPAL)).thenReturn(service);
    when(keytabCommonService.constructPrincipal(SERVICE_NAME, ALIAS, REALM)).thenReturn(ALIAS_PRINCIPAL);
    when(keytabCommonService.getExistingKeytab(ENVIRONMENT_CRN, PRINCIPAL, HOST, ipaClient)).thenReturn(keytabCache);
    ServiceKeytabResponse result = underTest.generateServiceKeytab(request, ACCOUNT_ID);
    verify(ipaClient).addServiceAlias(PRINCIPAL, ALIAS_PRINCIPAL);
    verify(roleComponent).addRoleAndPrivileges(Optional.of(service), Optional.empty(), roleRequest, ipaClient);
    assertEquals(keytabResponse, result.getKeytab());
    assertEquals(principalResponse, result.getServicePrincipal());
}
Also used : ServiceKeytabRequest(com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.ServiceKeytabRequest) JsonRpcClientException(com.googlecode.jsonrpc4j.JsonRpcClientException) FreeIpaClient(com.sequenceiq.freeipa.client.FreeIpaClient) Service(com.sequenceiq.freeipa.client.model.Service) FreeIpaClientException(com.sequenceiq.freeipa.client.FreeIpaClientException) ServiceKeytabResponse(com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.ServiceKeytabResponse) RoleRequest(com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.RoleRequest) Test(org.junit.jupiter.api.Test)

Example 23 with RoleRequest

use of com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.RoleRequest in project cloudbreak by hortonworks.

the class ServiceKeytabServiceTest method testGenerateExistingNotCachedDoNotRecreateTrueAliasExists.

@Test
public void testGenerateExistingNotCachedDoNotRecreateTrueAliasExists() throws FreeIpaClientException {
    ServiceKeytabRequest request = new ServiceKeytabRequest();
    request.setEnvironmentCrn(ENVIRONMENT_CRN);
    request.setServiceName(SERVICE_NAME);
    request.setServerHostName(HOST);
    request.setDoNotRecreateKeytab(Boolean.TRUE);
    request.setServerHostNameAlias(ALIAS);
    RoleRequest roleRequest = new RoleRequest();
    request.setRoleRequest(roleRequest);
    when(keytabCacheService.findByEnvironmentCrnAndPrincipal(ENVIRONMENT_CRN, PRINCIPAL)).thenReturn(Optional.empty());
    FreeIpaClient ipaClient = mock(FreeIpaClient.class);
    when(freeIpaClientFactory.getFreeIpaClientForStack(stack)).thenReturn(ipaClient);
    when(roleComponent.privilegesExist(roleRequest, ipaClient)).thenReturn(Boolean.TRUE);
    Service service = new Service();
    service.setKrbcanonicalname(PRINCIPAL);
    service.setHasKeytab(Boolean.TRUE);
    when(ipaClient.showService(PRINCIPAL)).thenReturn(service);
    when(keytabCommonService.constructPrincipal(SERVICE_NAME, ALIAS, REALM)).thenReturn(ALIAS_PRINCIPAL);
    when(keytabCommonService.getExistingKeytab(ENVIRONMENT_CRN, PRINCIPAL, HOST, ipaClient)).thenReturn(keytabCache);
    doThrow(new FreeIpaClientException("notfound", new JsonRpcClientException(EXECUTION_ERROR.getValue(), "notfound", null))).when(ipaClient).addServiceAlias(PRINCIPAL, ALIAS_PRINCIPAL);
    ServiceKeytabResponse result = underTest.generateServiceKeytab(request, ACCOUNT_ID);
    verify(roleComponent).addRoleAndPrivileges(Optional.of(service), Optional.empty(), roleRequest, ipaClient);
    assertEquals(keytabResponse, result.getKeytab());
    assertEquals(principalResponse, result.getServicePrincipal());
}
Also used : ServiceKeytabRequest(com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.ServiceKeytabRequest) JsonRpcClientException(com.googlecode.jsonrpc4j.JsonRpcClientException) FreeIpaClient(com.sequenceiq.freeipa.client.FreeIpaClient) Service(com.sequenceiq.freeipa.client.model.Service) FreeIpaClientException(com.sequenceiq.freeipa.client.FreeIpaClientException) ServiceKeytabResponse(com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.ServiceKeytabResponse) RoleRequest(com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.RoleRequest) Test(org.junit.jupiter.api.Test)

Example 24 with RoleRequest

use of com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.RoleRequest in project cloudbreak by hortonworks.

the class KerberosMgmtRoleComponentV1Test method testAddRoleAndPrivilegesForServiceWithRole.

@Test
public void testAddRoleAndPrivilegesForServiceWithRole() throws Exception {
    Service service = new Service();
    service.setKrbprincipalname(List.of(SERVICE));
    service.setKrbcanonicalname(SERVICE);
    RoleRequest roleRequest = new RoleRequest();
    roleRequest.setRoleName(ROLE);
    Set<String> privileges = new HashSet<>();
    privileges.add(PRIVILEGE1);
    privileges.add(PRIVILEGE2);
    roleRequest.setPrivileges(privileges);
    Role role = new Role();
    role.setCn(ROLE);
    Mockito.when(mockIpaClient.addRole(anyString())).thenReturn(role);
    Privilege privilege = new Privilege();
    Set<String> noHosts = new HashSet<>();
    Set<String> services = new HashSet<>();
    services.add(SERVICE);
    Mockito.when(mockIpaClient.showRole(roleRequest.getRoleName())).thenThrow(new FreeIpaClientException("notfound", new JsonRpcClientException(NOT_FOUND, "notfound", null))).thenReturn(role);
    Mockito.when(mockIpaClient.showPrivilege(any())).thenReturn(privilege);
    Mockito.when(mockIpaClient.addRolePrivileges(any(), any())).thenReturn(role);
    Mockito.when(mockIpaClient.addRoleMember(any(), any(), any(), any(), any(), any())).thenReturn(role);
    underTest.addRoleAndPrivileges(Optional.of(service), Optional.empty(), roleRequest, mockIpaClient);
    Mockito.verify(mockIpaClient).addRole(ROLE);
    Mockito.verify(mockIpaClient).addRolePrivileges(ROLE, privileges);
    Mockito.verify(mockIpaClient).addRoleMember(ROLE, null, null, noHosts, null, services);
}
Also used : Role(com.sequenceiq.freeipa.client.model.Role) JsonRpcClientException(com.googlecode.jsonrpc4j.JsonRpcClientException) Service(com.sequenceiq.freeipa.client.model.Service) FreeIpaClientException(com.sequenceiq.freeipa.client.FreeIpaClientException) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Privilege(com.sequenceiq.freeipa.client.model.Privilege) RoleRequest(com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.RoleRequest) HashSet(java.util.HashSet) Test(org.junit.jupiter.api.Test)

Example 25 with RoleRequest

use of com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.RoleRequest in project cloudbreak by hortonworks.

the class KerberosMgmtRoleComponentV1Test method testPrivilegeExistReturnTrue.

@Test
public void testPrivilegeExistReturnTrue() throws Exception {
    RoleRequest roleRequest = new RoleRequest();
    roleRequest.setRoleName(ROLE);
    Set<String> privileges = new HashSet<>();
    privileges.add(PRIVILEGE1);
    privileges.add(PRIVILEGE2);
    roleRequest.setPrivileges(privileges);
    Privilege privilege = new Privilege();
    Mockito.when(mockIpaClient.showPrivilege(any())).thenReturn(privilege);
    Assertions.assertTrue(underTest.privilegesExist(roleRequest, mockIpaClient));
}
Also used : ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Privilege(com.sequenceiq.freeipa.client.model.Privilege) RoleRequest(com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.RoleRequest) HashSet(java.util.HashSet) Test(org.junit.jupiter.api.Test)

Aggregations

RoleRequest (com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.RoleRequest)28 Test (org.junit.jupiter.api.Test)26 FreeIpaClient (com.sequenceiq.freeipa.client.FreeIpaClient)17 FreeIpaClientException (com.sequenceiq.freeipa.client.FreeIpaClientException)14 Host (com.sequenceiq.freeipa.client.model.Host)13 JsonRpcClientException (com.googlecode.jsonrpc4j.JsonRpcClientException)10 ServiceKeytabRequest (com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.ServiceKeytabRequest)8 Service (com.sequenceiq.freeipa.client.model.Service)7 HashSet (java.util.HashSet)7 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)7 Privilege (com.sequenceiq.freeipa.client.model.Privilege)6 Role (com.sequenceiq.freeipa.client.model.Role)6 HostKeytabRequest (com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.HostKeytabRequest)5 ServiceKeytabResponse (com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.ServiceKeytabResponse)5 RetryableFreeIpaClientException (com.sequenceiq.freeipa.client.RetryableFreeIpaClientException)5 Stack (com.sequenceiq.freeipa.entity.Stack)4 Optional (java.util.Optional)4 Secret (com.sequenceiq.cloudbreak.service.secret.domain.Secret)3 SecretResponse (com.sequenceiq.cloudbreak.service.secret.model.SecretResponse)3 HostKeytabResponse (com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.HostKeytabResponse)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial