Example 26 with RoleRequest
use of com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.RoleRequest in project cloudbreak by hortonworks.
the class KerberosMgmtRoleComponentV1Test method testPrivilegeExistReturnFalse.
@Test
public void testPrivilegeExistReturnFalse() throws Exception {
RoleRequest roleRequest = new RoleRequest();
roleRequest.setRoleName(ROLE);
Set<String> privileges = new HashSet<>();
privileges.add(PRIVILEGE1);
privileges.add(PRIVILEGE2);
roleRequest.setPrivileges(privileges);
Mockito.when(mockIpaClient.showPrivilege(any())).thenThrow(new FreeIpaClientException(ERROR_MESSAGE, new JsonRpcClientException(NOT_FOUND, ERROR_MESSAGE, null)));
Assertions.assertFalse(underTest.privilegesExist(roleRequest, mockIpaClient));
}
Also used :
JsonRpcClientException(com.googlecode.jsonrpc4j.JsonRpcClientException)
FreeIpaClientException(com.sequenceiq.freeipa.client.FreeIpaClientException)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
RoleRequest(com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.RoleRequest)
HashSet(java.util.HashSet)
Test(org.junit.jupiter.api.Test)
Example 27 with RoleRequest
use of com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.RoleRequest in project cloudbreak by hortonworks.
the class HostKeytabServiceTest method testGenerateHostKeytabDoNotRecreateFalse.
@Test
public void testGenerateHostKeytabDoNotRecreateFalse() throws FreeIpaClientException {
HostKeytabRequest request = new HostKeytabRequest();
request.setEnvironmentCrn(ENVIRONMENT_CRN);
request.setRoleRequest(new RoleRequest());
request.setDoNotRecreateKeytab(Boolean.FALSE);
request.setServerHostName("asdf");
Stack stack = new Stack();
when(keytabCommonService.getFreeIpaStackWithMdcContext(request.getEnvironmentCrn(), ACCOUNT_ID)).thenReturn(stack);
FreeIpaClient freeIpaClient = mock(FreeIpaClient.class);
when(freeIpaClientFactory.getFreeIpaClientForStack(stack)).thenReturn(freeIpaClient);
when(roleComponent.privilegesExist(request.getRoleRequest(), freeIpaClient)).thenReturn(Boolean.TRUE);
Host host = new Host();
host.setHasKeytab(Boolean.TRUE);
host.setKrbprincipalname("dfdf");
when(keytabCommonService.addHost(request.getServerHostName(), request.getRoleRequest(), freeIpaClient)).thenReturn(host);
KeytabCache keytabCache = mock(KeytabCache.class);
Secret keytabSecret = new Secret("keytab", "keytabSecret");
Secret principalSecret = new Secret("principal", "principalSecret");
when(keytabCache.getKeytab()).thenReturn(keytabSecret);
when(keytabCache.getPrincipal()).thenReturn(principalSecret);
when(keytabCommonService.getKeytab(request.getEnvironmentCrn(), host.getKrbprincipalname(), request.getServerHostName(), freeIpaClient)).thenReturn(keytabCache);
SecretResponse keytabResponse = new SecretResponse();
keytabResponse.setSecretPath("keytabPath");
when(secretResponseConverter.convert(keytabCache.getKeytab().getSecret())).thenReturn(keytabResponse);
SecretResponse principalResponse = new SecretResponse();
principalResponse.setSecretPath("principalPath");
when(secretResponseConverter.convert(keytabCache.getPrincipal().getSecret())).thenReturn(principalResponse);
HostKeytabResponse response = underTest.generateHostKeytab(request, ACCOUNT_ID);
assertEquals(keytabResponse, response.getKeytab());
assertEquals(principalResponse, response.getHostPrincipal());
}
Also used :
Secret(com.sequenceiq.cloudbreak.service.secret.domain.Secret)
SecretResponse(com.sequenceiq.cloudbreak.service.secret.model.SecretResponse)
HostKeytabResponse(com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.HostKeytabResponse)
KeytabCache(com.sequenceiq.freeipa.entity.KeytabCache)
HostKeytabRequest(com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.HostKeytabRequest)
FreeIpaClient(com.sequenceiq.freeipa.client.FreeIpaClient)
Host(com.sequenceiq.freeipa.client.model.Host)
RoleRequest(com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.RoleRequest)
Stack(com.sequenceiq.freeipa.entity.Stack)
Test(org.junit.jupiter.api.Test)
Example 28 with RoleRequest
use of com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.RoleRequest in project cloudbreak by hortonworks.
the class KerberosMgmtRoleComponent method addRoleAndPrivileges.
public void addRoleAndPrivileges(Optional<Service> service, Optional<Host> host, RoleRequest roleRequest, FreeIpaClient ipaClient) throws FreeIpaClientException {
if (roleRequest != null && StringUtils.isNotBlank(roleRequest.getRoleName())) {
Role role = fetchOrCreateRole(roleRequest, ipaClient);
addPrivilegesToRole(roleRequest.getPrivileges(), ipaClient, role);
Set<String> servicesToAssignRole = service.stream().filter(s -> s.getMemberOfRole().stream().noneMatch(member -> member.contains(roleRequest.getRoleName()))).map(Service::getKrbcanonicalname).collect(Collectors.toSet());
Set<String> hostsToAssignRole = host.stream().filter(h -> h.getMemberOfRole().stream().noneMatch(member -> member.contains(roleRequest.getRoleName()))).map(Host::getFqdn).collect(Collectors.toSet());
LOGGER.debug("Adding role [{}] to host {} and service {}", role.getCn(), hostsToAssignRole, servicesToAssignRole);
ipaClient.addRoleMember(role.getCn(), null, null, hostsToAssignRole, null, servicesToAssignRole);
} else {
LOGGER.debug("RoleRequest or role name is empty, skipping adding privileges. {}", roleRequest);
}
}
Also used :
Role(com.sequenceiq.freeipa.client.model.Role)
Logger(org.slf4j.Logger)
FreeIpaClientExceptionUtil(com.sequenceiq.freeipa.client.FreeIpaClientExceptionUtil)
Privilege(com.sequenceiq.freeipa.client.model.Privilege)
LoggerFactory(org.slf4j.LoggerFactory)
Set(java.util.Set)
FreeIpaClientException(com.sequenceiq.freeipa.client.FreeIpaClientException)
FreeIpaClient(com.sequenceiq.freeipa.client.FreeIpaClient)
Collectors(java.util.stream.Collectors)
StringUtils(org.apache.commons.lang3.StringUtils)
ArrayList(java.util.ArrayList)
Service(com.sequenceiq.freeipa.client.model.Service)
List(java.util.List)
Component(org.springframework.stereotype.Component)
FreeIpaClientExceptionWrapper(com.sequenceiq.freeipa.client.FreeIpaClientExceptionWrapper)
Host(com.sequenceiq.freeipa.client.model.Host)
Role(com.sequenceiq.freeipa.client.model.Role)
Optional(java.util.Optional)
RoleRequest(com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.RoleRequest)
Aggregations
RoleRequest (com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.RoleRequest)28
Test (org.junit.jupiter.api.Test)26
FreeIpaClient (com.sequenceiq.freeipa.client.FreeIpaClient)17
FreeIpaClientException (com.sequenceiq.freeipa.client.FreeIpaClientException)14
Host (com.sequenceiq.freeipa.client.model.Host)13
JsonRpcClientException (com.googlecode.jsonrpc4j.JsonRpcClientException)10
ServiceKeytabRequest (com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.ServiceKeytabRequest)8
Service (com.sequenceiq.freeipa.client.model.Service)7
HashSet (java.util.HashSet)7
ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)7
Privilege (com.sequenceiq.freeipa.client.model.Privilege)6
Role (com.sequenceiq.freeipa.client.model.Role)6
HostKeytabRequest (com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.HostKeytabRequest)5
ServiceKeytabResponse (com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.ServiceKeytabResponse)5
RetryableFreeIpaClientException (com.sequenceiq.freeipa.client.RetryableFreeIpaClientException)5
Stack (com.sequenceiq.freeipa.entity.Stack)4
Optional (java.util.Optional)4
Secret (com.sequenceiq.cloudbreak.service.secret.domain.Secret)3
SecretResponse (com.sequenceiq.cloudbreak.service.secret.model.SecretResponse)3
HostKeytabResponse (com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.HostKeytabResponse)3
