Example 41 with FmsUser
use of com.sequenceiq.freeipa.service.freeipa.user.model.FmsUser in project cloudbreak by hortonworks.
the class ActorHandler method handleActor.
public void handleActor(EnvironmentAccessRights environmentAccessRights, FmsUser fmsUser, String actorCrn, Supplier<Collection<String>> groupCrnMembershipSupplier, Supplier<Collection<String>> wagMembershipSupplier, Supplier<WorkloadCredential> workloadCredentialSupplier, List<UserManagementProto.CloudIdentity> cloudIdentityList) {
if (environmentAccessRights.hasEnvironmentAccessRight()) {
String workloadUsername = fmsUser.getName();
// Retrieve all information from UMS before modifying to the UmsUsersState or UsersState. This is so that
// we don't partially modify the state if the member has been deleted after we started the sync
Collection<String> groupCrnsForMember = groupCrnMembershipSupplier.get();
Collection<String> workloadAdministrationGroupsForMember = wagMembershipSupplier.get();
WorkloadCredential workloadCredential = workloadCredentialSupplier.get();
groupCrnsForMember.forEach(gcrn -> {
FmsGroup group = crnToFmsGroup.get(gcrn);
// the group and group membership will be updated on the next sync
if (group != null) {
usersStateBuilder.addMemberToGroup(group.getName(), workloadUsername);
} else {
LOGGER.warn("{} is a member of unexpected group {}. Group must have been added after UMS state calculation started", workloadUsername, gcrn);
}
});
workloadAdministrationGroupsForMember.stream().filter(wagName -> !wagNamesForOtherEnvironments.contains(wagName)).forEach(wagName -> {
usersStateBuilder.addGroup(fmsGroupConverter.nameToGroup(wagName));
usersStateBuilder.addMemberToGroup(wagName, workloadUsername);
});
addMemberToInternalTrackingGroup(usersStateBuilder, workloadUsername);
if (environmentAccessRights.hasAdminFreeIpaRight()) {
usersStateBuilder.addMemberToGroup(UserSyncConstants.ADMINS_GROUP, workloadUsername);
}
umsUsersStateBuilder.addWorkloadCredentials(workloadUsername, workloadCredential);
umsUsersStateBuilder.addUserCloudIdentities(workloadUsername, cloudIdentityList);
usersStateBuilder.addUserMetadata(workloadUsername, new UserMetadata(actorCrn, workloadCredential.getVersion()));
usersStateBuilder.addUser(fmsUser);
}
}
Also used :
FmsGroup(com.sequenceiq.freeipa.service.freeipa.user.model.FmsGroup)
UmsUsersState(com.sequenceiq.freeipa.service.freeipa.user.model.UmsUsersState)
Logger(org.slf4j.Logger)
Collection(java.util.Collection)
WorkloadCredential(com.sequenceiq.freeipa.service.freeipa.user.model.WorkloadCredential)
LoggerFactory(org.slf4j.LoggerFactory)
Set(java.util.Set)
FmsGroupConverter(com.sequenceiq.freeipa.service.freeipa.user.conversion.FmsGroupConverter)
FmsUser(com.sequenceiq.freeipa.service.freeipa.user.model.FmsUser)
Supplier(java.util.function.Supplier)
List(java.util.List)
UserManagementProto(com.cloudera.thunderhead.service.usermanagement.UserManagementProto)
Map(java.util.Map)
Objects.requireNonNull(java.util.Objects.requireNonNull)
UsersState(com.sequenceiq.freeipa.service.freeipa.user.model.UsersState)
UserMetadata(com.sequenceiq.freeipa.service.freeipa.user.model.UserMetadata)
EnvironmentAccessRights(com.sequenceiq.freeipa.service.freeipa.user.model.EnvironmentAccessRights)
UserSyncConstants(com.sequenceiq.freeipa.service.freeipa.user.UserSyncConstants)
FmsGroup(com.sequenceiq.freeipa.service.freeipa.user.model.FmsGroup)
UserMetadata(com.sequenceiq.freeipa.service.freeipa.user.model.UserMetadata)
WorkloadCredential(com.sequenceiq.freeipa.service.freeipa.user.model.WorkloadCredential)
Example 42 with FmsUser
use of com.sequenceiq.freeipa.service.freeipa.user.model.FmsUser in project cloudbreak by hortonworks.
the class UserSyncServiceTest method testApplyStateDifferenceToIpa.
@Test
void testApplyStateDifferenceToIpa() throws FreeIpaClientException {
FmsGroup groupToAdd1 = new FmsGroup().withName("groupToAdd1");
FmsGroup groupToAdd2 = new FmsGroup().withName("groupToAdd2");
FmsGroup groupToRemove1 = new FmsGroup().withName("groupToRemove1");
FmsGroup groupToRemove2 = new FmsGroup().withName("groupToRemove2");
FmsUser userToAdd1 = new FmsUser().withName("userToAdd1").withFirstName("clark").withLastName("kent");
FmsUser userToAdd2 = new FmsUser().withName("userToAdd2").withFirstName("peter").withLastName("parker");
String userToRemove1 = "userToRemove1";
String userToRemove2 = "userToRemove2";
String userToDisable1 = "userToDisable1";
String userToDisable2 = "userToDisable2";
String userToEnable1 = "userToEnable1";
String userToEnable2 = "userToEnable2";
Multimap<String, String> warnings = ArrayListMultimap.create();
doNothing().when(freeIpaClient).callBatch(any(), any(), any(), any());
UsersStateDifference usersStateDifference = new UsersStateDifference(ImmutableSet.of(groupToAdd1, groupToAdd2), ImmutableSet.of(groupToRemove1, groupToRemove2), ImmutableSet.of(userToAdd1, userToAdd2), ImmutableSet.of(), ImmutableSet.of(userToRemove1, userToRemove2), ImmutableMultimap.<String, String>builder().put(groupToAdd1.getName(), userToAdd1.getName()).put(groupToAdd2.getName(), userToAdd2.getName()).build(), ImmutableMultimap.<String, String>builder().put(groupToRemove1.getName(), userToRemove1).put(groupToRemove2.getName(), userToRemove2).build(), ImmutableSet.of(userToDisable1, userToDisable2), ImmutableSet.of(userToEnable1, userToEnable2));
underTest.applyStateDifferenceToIpa(ENV_CRN, freeIpaClient, usersStateDifference, warnings::put, true);
// 9 times instead of 8 because non-posix groups are added in a separate batch
verify(freeIpaClient, times(9)).callBatch(any(), any(), any(), any());
verifyNoMoreInteractions(freeIpaClient);
}
Also used :
FmsUser(com.sequenceiq.freeipa.service.freeipa.user.model.FmsUser)
FmsGroup(com.sequenceiq.freeipa.service.freeipa.user.model.FmsGroup)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
UsersStateDifference(com.sequenceiq.freeipa.service.freeipa.user.model.UsersStateDifference)
Test(org.junit.jupiter.api.Test)
Aggregations
FmsUser (com.sequenceiq.freeipa.service.freeipa.user.model.FmsUser)42
Test (org.junit.jupiter.api.Test)33
UserManagementProto (com.cloudera.thunderhead.service.usermanagement.UserManagementProto)23
UsersState (com.sequenceiq.freeipa.service.freeipa.user.model.UsersState)8
FmsGroup (com.sequenceiq.freeipa.service.freeipa.user.model.FmsGroup)6
UmsUsersState (com.sequenceiq.freeipa.service.freeipa.user.model.UmsUsersState)5
List (java.util.List)5
Map (java.util.Map)5
UserMetadata (com.sequenceiq.freeipa.service.freeipa.user.model.UserMetadata)4
UsersStateDifference (com.sequenceiq.freeipa.service.freeipa.user.model.UsersStateDifference)3
Collection (java.util.Collection)3
Set (java.util.Set)3
Maps (com.google.common.collect.Maps)2
Sets (com.google.common.collect.Sets)2
JsonRpcClientException (com.googlecode.jsonrpc4j.JsonRpcClientException)2
IPA_PROTECTED_USERS (com.sequenceiq.freeipa.client.FreeIpaChecks.IPA_PROTECTED_USERS)2
IPA_UNMANAGED_GROUPS (com.sequenceiq.freeipa.client.FreeIpaChecks.IPA_UNMANAGED_GROUPS)2
FreeIpaClient (com.sequenceiq.freeipa.client.FreeIpaClient)2
FreeIpaClientException (com.sequenceiq.freeipa.client.FreeIpaClientException)2
FreeIpaErrorCodes (com.sequenceiq.freeipa.client.FreeIpaErrorCodes)2
