Examples with EnvironmentAccessRights com.sequenceiq.freeipa.service.freeipa.user.model.EnvironmentAccessRights used on opensource projects

Search in sources :

Example 1 with EnvironmentAccessRights

use of com.sequenceiq.freeipa.service.freeipa.user.model.EnvironmentAccessRights in project cloudbreak by hortonworks.

the class BulkUmsUsersStateProvider method addActorsToUmsUsersStateBuilder.

private void addActorsToUmsUsersStateBuilder(int environmentIndex, UserManagementProto.GetUserSyncStateModelResponse userSyncStateModel, ActorHandler actorHandler) {
    // process actors - users and machine users are combined in the actor list
    userSyncStateModel.getActorList().forEach(actor -> {
        UserManagementProto.RightsCheckResult rightsCheckResult = actor.getRightsCheckResult(environmentIndex);
        EnvironmentAccessRights environmentAccessRights = new EnvironmentAccessRights(rightsCheckResult.getHasRight(0), rightsCheckResult.getHasRight(1));
        Supplier<Collection<String>> groupMembershipSupplier = () -> actor.getGroupIndexList().stream().map(groupIndex -> userSyncStateModel.getGroupList().get(groupIndex).getCrn()).collect(Collectors.toList());
        Supplier<Collection<String>> wagMembershipSupplier = () -> actor.getWorkloadAdministrationGroupIndexList().stream().map(wagIndex -> userSyncStateModel.getWorkloadAdministrationGroupList().get(wagIndex).getWorkloadAdministrationGroupName()).collect(Collectors.toList());
        Supplier<WorkloadCredential> workloadCredentialSupplier = () -> workloadCredentialConverter.toWorkloadCredential(actor.getCredentials());
        actorHandler.handleActor(environmentAccessRights, fmsUserConverter.toFmsUser(actor.getActorDetails()), actor.getActorDetails().getCrn(), groupMembershipSupplier, wagMembershipSupplier, workloadCredentialSupplier, actor.getActorDetails().getCloudIdentityList());
    });
}
Also used : IntStream(java.util.stream.IntStream) FmsGroup(com.sequenceiq.freeipa.service.freeipa.user.model.FmsGroup) UmsUsersState(com.sequenceiq.freeipa.service.freeipa.user.model.UmsUsersState) Collection(java.util.Collection) WorkloadCredential(com.sequenceiq.freeipa.service.freeipa.user.model.WorkloadCredential) Set(java.util.Set) FmsUserConverter(com.sequenceiq.freeipa.service.freeipa.user.conversion.FmsUserConverter) Supplier(java.util.function.Supplier) Collectors(java.util.stream.Collectors) Maps(com.google.common.collect.Maps) GrpcUmsClient(com.sequenceiq.cloudbreak.auth.altus.GrpcUmsClient) Inject(javax.inject.Inject) List(java.util.List) Component(org.springframework.stereotype.Component) UserManagementProto(com.cloudera.thunderhead.service.usermanagement.UserManagementProto) Map(java.util.Map) UsersState(com.sequenceiq.freeipa.service.freeipa.user.model.UsersState) Optional(java.util.Optional) WorkloadCredentialConverter(com.sequenceiq.freeipa.service.freeipa.user.conversion.WorkloadCredentialConverter) EnvironmentAccessRights(com.sequenceiq.freeipa.service.freeipa.user.model.EnvironmentAccessRights) EnvironmentAccessRights(com.sequenceiq.freeipa.service.freeipa.user.model.EnvironmentAccessRights) UserManagementProto(com.cloudera.thunderhead.service.usermanagement.UserManagementProto) Collection(java.util.Collection) WorkloadCredential(com.sequenceiq.freeipa.service.freeipa.user.model.WorkloadCredential)

Example 2 with EnvironmentAccessRights

use of com.sequenceiq.freeipa.service.freeipa.user.model.EnvironmentAccessRights in project cloudbreak by hortonworks.

the class EnvironmentAccessCheckerTest method testEnvironmentAccessCheckerCreatesRightEnvironmentAccessRights.

@Test
void testEnvironmentAccessCheckerCreatesRightEnvironmentAccessRights() {
    EnvironmentAccessChecker underTest = environmentAccessCheckerFactory.create(ENV_CRN);
    for (boolean hasAccess : new boolean[] { false, true }) {
        for (boolean ipaAdmin : new boolean[] { false, true }) {
            when(grpcUmsClient.hasRightsNoCache(eq(MEMBER_CRN), anyList(), any(Optional.class), any())).thenReturn(List.of(hasAccess, ipaAdmin));
            EnvironmentAccessRights environmentAccessRights = underTest.hasAccess(MEMBER_CRN, Optional.empty());
            assertEquals(hasAccess, environmentAccessRights.hasEnvironmentAccessRight());
            assertEquals(ipaAdmin, environmentAccessRights.hasAdminFreeIpaRight());
        }
    }
}
Also used : Optional(java.util.Optional) EnvironmentAccessRights(com.sequenceiq.freeipa.service.freeipa.user.model.EnvironmentAccessRights) Test(org.junit.jupiter.api.Test)

Example 3 with EnvironmentAccessRights

use of com.sequenceiq.freeipa.service.freeipa.user.model.EnvironmentAccessRights in project cloudbreak by hortonworks.

the class EnvironmentAccessChecker method hasAccess.

public EnvironmentAccessRights hasAccess(String memberCrn, Optional<String> requestId) {
    requireNonNull(memberCrn, "memberCrn is null");
    requireNonNull(requestId, "requestId is null");
    try {
        List<Boolean> hasRights = grpcUmsClient.hasRightsNoCache(memberCrn, rightChecks, requestId, regionAwareInternalCrnGeneratorFactory);
        return new EnvironmentAccessRights(hasRights.get(0), hasRights.get(1));
    } catch (StatusRuntimeException e) {
        // they do not have the right to access this environment and belong to no groups.
        if (e.getStatus().getCode() == Code.NOT_FOUND) {
            LOGGER.warn("Member CRN {} not found in UMS. Treating as if member has no rights to environment {}: {}", memberCrn, environmentCrn, e.getLocalizedMessage());
            return new EnvironmentAccessRights(false, false);
        } else {
            throw e;
        }
    }
}
Also used : EnvironmentAccessRights(com.sequenceiq.freeipa.service.freeipa.user.model.EnvironmentAccessRights) StatusRuntimeException(io.grpc.StatusRuntimeException)

Example 4 with EnvironmentAccessRights

use of com.sequenceiq.freeipa.service.freeipa.user.model.EnvironmentAccessRights in project cloudbreak by hortonworks.

the class BulkUmsUsersStateProvider method addActorsToUmsUsersStateBuilder.

private void addActorsToUmsUsersStateBuilder(int environmentIndex, UserManagementProto.GetUserSyncStateModelResponse userSyncStateModel, ActorHandler actorHandler, Optional<String> requestIdOptional) {
    // process actors - users and machine users are combined in the actor list
    userSyncStateModel.getActorList().forEach(actor -> {
        UserManagementProto.RightsCheckResult rightsCheckResult = actor.getRightsCheckResult(environmentIndex);
        EnvironmentAccessRights environmentAccessRights = new EnvironmentAccessRights(rightsCheckResult.getHasRight(0), rightsCheckResult.getHasRight(1));
        Supplier<Collection<String>> groupMembershipSupplier = () -> actor.getGroupIndexList().stream().map(groupIndex -> userSyncStateModel.getGroupList().get(groupIndex).getCrn()).collect(Collectors.toList());
        Supplier<Collection<String>> wagMembershipSupplier = () -> actor.getWorkloadAdministrationGroupIndexList().stream().map(wagIndex -> userSyncStateModel.getWorkloadAdministrationGroupList().get(wagIndex).getWorkloadAdministrationGroupName()).collect(Collectors.toList());
        Supplier<WorkloadCredential> workloadCredentialSupplier = () -> umsCredentialProvider.getCredentials(actor.getActorDetails().getCrn(), requestIdOptional);
        try {
            actorHandler.handleActor(environmentAccessRights, fmsUserConverter.toFmsUser(actor.getActorDetails()), actor.getActorDetails().getCrn(), groupMembershipSupplier, wagMembershipSupplier, workloadCredentialSupplier, actor.getActorDetails().getCloudIdentityList());
        } catch (StatusRuntimeException e) {
            if (e.getStatus().getCode() == Status.Code.NOT_FOUND) {
                LOGGER.warn("Member CRN {} not found in UMS. NOT_FOUND errors indicate that a user/machineUser " + "has been deleted after we have retrieved the list of users/machineUsers from " + "the UMS. Member will not be added to the UMS Users State. {}", actor.getActorDetails().getCrn(), e.getLocalizedMessage());
            } else {
                throw e;
            }
        }
    });
}
Also used : IntStream(java.util.stream.IntStream) FmsGroup(com.sequenceiq.freeipa.service.freeipa.user.model.FmsGroup) Logger(org.slf4j.Logger) UmsUsersState(com.sequenceiq.freeipa.service.freeipa.user.model.UmsUsersState) Collection(java.util.Collection) LoggerFactory(org.slf4j.LoggerFactory) WorkloadCredential(com.sequenceiq.freeipa.service.freeipa.user.model.WorkloadCredential) Set(java.util.Set) FmsUserConverter(com.sequenceiq.freeipa.service.freeipa.user.conversion.FmsUserConverter) Supplier(java.util.function.Supplier) Collectors(java.util.stream.Collectors) Maps(com.google.common.collect.Maps) GrpcUmsClient(com.sequenceiq.cloudbreak.auth.altus.GrpcUmsClient) RegionAwareInternalCrnGeneratorFactory(com.sequenceiq.cloudbreak.auth.crn.RegionAwareInternalCrnGeneratorFactory) Inject(javax.inject.Inject) StatusRuntimeException(io.grpc.StatusRuntimeException) List(java.util.List) Component(org.springframework.stereotype.Component) UserManagementProto(com.cloudera.thunderhead.service.usermanagement.UserManagementProto) Map(java.util.Map) UsersState(com.sequenceiq.freeipa.service.freeipa.user.model.UsersState) Optional(java.util.Optional) EnvironmentAccessRights(com.sequenceiq.freeipa.service.freeipa.user.model.EnvironmentAccessRights) Status(io.grpc.Status) EnvironmentAccessRights(com.sequenceiq.freeipa.service.freeipa.user.model.EnvironmentAccessRights) UserManagementProto(com.cloudera.thunderhead.service.usermanagement.UserManagementProto) StatusRuntimeException(io.grpc.StatusRuntimeException) Collection(java.util.Collection) WorkloadCredential(com.sequenceiq.freeipa.service.freeipa.user.model.WorkloadCredential)

Example 5 with EnvironmentAccessRights

use of com.sequenceiq.freeipa.service.freeipa.user.model.EnvironmentAccessRights in project cloudbreak by hortonworks.

the class EnvironmentAccessCheckerTest method testEnvironmentAccessCheckerNoAccessIfMemberNotFound.

@Test
void testEnvironmentAccessCheckerNoAccessIfMemberNotFound() {
    EnvironmentAccessChecker underTest = environmentAccessCheckerFactory.create(ENV_CRN);
    Throwable ex = new StatusRuntimeException(Status.Code.NOT_FOUND.toStatus());
    when(grpcUmsClient.hasRightsNoCache(eq(MEMBER_CRN), anyList(), any(Optional.class), any())).thenThrow(ex);
    EnvironmentAccessRights environmentAccessRights = underTest.hasAccess(MEMBER_CRN, Optional.empty());
    assertFalse(environmentAccessRights.hasEnvironmentAccessRight());
    assertFalse(environmentAccessRights.hasAdminFreeIpaRight());
}
Also used : Optional(java.util.Optional) EnvironmentAccessRights(com.sequenceiq.freeipa.service.freeipa.user.model.EnvironmentAccessRights) StatusRuntimeException(io.grpc.StatusRuntimeException) Test(org.junit.jupiter.api.Test)

Aggregations

EnvironmentAccessRights (com.sequenceiq.freeipa.service.freeipa.user.model.EnvironmentAccessRights)6 Optional (java.util.Optional)4 UserManagementProto (com.cloudera.thunderhead.service.usermanagement.UserManagementProto)3 FmsGroup (com.sequenceiq.freeipa.service.freeipa.user.model.FmsGroup)3 UmsUsersState (com.sequenceiq.freeipa.service.freeipa.user.model.UmsUsersState)3 UsersState (com.sequenceiq.freeipa.service.freeipa.user.model.UsersState)3 WorkloadCredential (com.sequenceiq.freeipa.service.freeipa.user.model.WorkloadCredential)3 StatusRuntimeException (io.grpc.StatusRuntimeException)3 Collection (java.util.Collection)3 List (java.util.List)3 Map (java.util.Map)3 Set (java.util.Set)3 Supplier (java.util.function.Supplier)3 Maps (com.google.common.collect.Maps)2 GrpcUmsClient (com.sequenceiq.cloudbreak.auth.altus.GrpcUmsClient)2 FmsUserConverter (com.sequenceiq.freeipa.service.freeipa.user.conversion.FmsUserConverter)2 Collectors (java.util.stream.Collectors)2 IntStream (java.util.stream.IntStream)2 Inject (javax.inject.Inject)2 Test (org.junit.jupiter.api.Test)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial