Search in sources :

Example 1 with UmsUsersState

use of com.sequenceiq.freeipa.service.freeipa.user.model.UmsUsersState in project cloudbreak by hortonworks.

the class UserSyncServiceTest method testFullSyncRetrievesFullIpaState.

@Test
void testFullSyncRetrievesFullIpaState() throws Exception {
    UmsUsersState umsUsersState = mock(UmsUsersState.class);
    underTest.getIpaUserState(freeIpaClient, umsUsersState, true);
    verify(freeIpaUsersStateProvider).getUsersState(any());
}
Also used : UmsUsersState(com.sequenceiq.freeipa.service.freeipa.user.model.UmsUsersState) Test(org.junit.jupiter.api.Test)

Example 2 with UmsUsersState

use of com.sequenceiq.freeipa.service.freeipa.user.model.UmsUsersState in project cloudbreak by hortonworks.

the class UserSyncStateApplierTest method testApplyDifferenceWithPasswordHashSupport.

@Test
public void testApplyDifferenceWithPasswordHashSupport() throws FreeIpaClientException, TimeoutException {
    UsersState usersState = UsersState.newBuilder().addUserMetadata("userToUpdate1", new UserMetadata("userToUpdate1Crn", 1L)).addUserMetadata("userToUpdate2", new UserMetadata("userToUpdate2Crn", 2L)).build();
    WorkloadCredential workloadCredential1 = mock(WorkloadCredential.class);
    WorkloadCredential workloadCredential2 = mock(WorkloadCredential.class);
    UmsUsersState umsUsersState = UmsUsersState.newBuilder().setUsersState(usersState).addWorkloadCredentials("userToUpdate1", workloadCredential1).addWorkloadCredentials("userToUpdate2", workloadCredential2).build();
    UserSyncOptions userSyncOptions = mock(UserSyncOptions.class);
    UsersStateDifference usersStateDifference = createStateDiff();
    Multimap<String, String> warnings = ArrayListMultimap.create();
    when(userSyncOptions.isFmsToFreeIpaBatchCallEnabled()).thenReturn(Boolean.TRUE);
    Config config = new Config();
    config.setIpauserobjectclasses(Set.of("cdpUserAttr"));
    when(freeIpaClient.getConfig()).thenReturn(config);
    underTest.applyDifference(umsUsersState, ENV_CRN, warnings, usersStateDifference, userSyncOptions, freeIpaClient);
    ArgumentCaptor<Set<WorkloadCredentialUpdate>> credentialUpdateCaptor = ArgumentCaptor.forClass(Set.class);
    verify(workloadCredentialService).setWorkloadCredentials(eq(userSyncOptions), eq(freeIpaClient), credentialUpdateCaptor.capture(), any());
    Set<WorkloadCredentialUpdate> workloadCredentialUpdates = credentialUpdateCaptor.getValue();
    assertThat(workloadCredentialUpdates, allOf(hasItem(allOf(hasProperty("username", is("userToUpdate1")), hasProperty("userCrn", is("userToUpdate1Crn")), hasProperty("workloadCredential", is(workloadCredential1)))), hasItem(allOf(hasProperty("username", is("userToUpdate2")), hasProperty("userCrn", is("userToUpdate2Crn")), hasProperty("workloadCredential", is(workloadCredential2))))));
}
Also used : ImmutableSet(com.google.common.collect.ImmutableSet) Set(java.util.Set) Config(com.sequenceiq.freeipa.client.model.Config) UmsUsersState(com.sequenceiq.freeipa.service.freeipa.user.model.UmsUsersState) UserMetadata(com.sequenceiq.freeipa.service.freeipa.user.model.UserMetadata) UsersState(com.sequenceiq.freeipa.service.freeipa.user.model.UsersState) UmsUsersState(com.sequenceiq.freeipa.service.freeipa.user.model.UmsUsersState) WorkloadCredential(com.sequenceiq.freeipa.service.freeipa.user.model.WorkloadCredential) UserSyncOptions(com.sequenceiq.freeipa.service.freeipa.user.model.UserSyncOptions) WorkloadCredentialUpdate(com.sequenceiq.freeipa.service.freeipa.user.model.WorkloadCredentialUpdate) UsersStateDifference(com.sequenceiq.freeipa.service.freeipa.user.model.UsersStateDifference) Test(org.junit.jupiter.api.Test)

Example 3 with UmsUsersState

use of com.sequenceiq.freeipa.service.freeipa.user.model.UmsUsersState in project cloudbreak by hortonworks.

the class UsersStateDifferenceCalculatorTest method testCalculateUsersWithCredentialsToUpdate.

private void testCalculateUsersWithCredentialsToUpdate(boolean updatedOptimizationEnabled) {
    UmsUsersState.Builder umsUsersStateBuilder = UmsUsersState.newBuilder();
    UsersState.Builder usersStateBuilderForUms = UsersState.newBuilder();
    UsersState.Builder usersStateBuilderForIpa = UsersState.newBuilder();
    FmsUser userUms = addUmsUser("userUms", 1L, umsUsersStateBuilder, usersStateBuilderForUms);
    FmsUser userWithNoIpaMetadata = addUmsUser("userWithNoIpaMetadata", 0L, umsUsersStateBuilder, usersStateBuilderForUms);
    addIpaUser(userWithNoIpaMetadata.getName(), Optional.empty(), usersStateBuilderForIpa);
    FmsUser userWithStaleIpaCredentials = addUmsUser("userWithStaleIpaCredentials", 2L, umsUsersStateBuilder, usersStateBuilderForUms);
    addIpaUser(userWithStaleIpaCredentials.getName(), Optional.of(1L), usersStateBuilderForIpa);
    FmsUser userWithUpToDateIpaCredentials = addUmsUser("userWithUpToDateIpaCredentials", 5L, umsUsersStateBuilder, usersStateBuilderForUms);
    addIpaUser(userWithUpToDateIpaCredentials.getName(), Optional.of(5L), usersStateBuilderForIpa);
    FmsUser userProtected = addUmsUser(FreeIpaChecks.IPA_PROTECTED_USERS.get(0), 0L, umsUsersStateBuilder, usersStateBuilderForUms);
    addIpaUser(userProtected.getName(), Optional.empty(), usersStateBuilderForIpa);
    UmsUsersState umsUsersState = umsUsersStateBuilder.setUsersState(usersStateBuilderForUms.build()).build();
    UsersState ipaUsersState = usersStateBuilderForIpa.build();
    ImmutableSet<String> usersWithCredentialsToUpdate = new UserStateDifferenceCalculator().calculateUsersWithCredentialsToUpdate(umsUsersState, ipaUsersState, updatedOptimizationEnabled);
    // User that exists only in UMS requires credentials update
    assertTrue(usersWithCredentialsToUpdate.contains(userUms.getName()));
    // User whose IPA credentials version is unknown requires credentials update
    assertTrue(usersWithCredentialsToUpdate.contains(userWithNoIpaMetadata.getName()));
    // User with stale IPA credentials requires credentials update
    assertTrue(usersWithCredentialsToUpdate.contains(userWithStaleIpaCredentials.getName()));
    // User with up-to-date IPA credentials requires credentials update if update optimization is disabled
    assertEquals(!updatedOptimizationEnabled, usersWithCredentialsToUpdate.contains(userWithUpToDateIpaCredentials.getName()));
    // We never update credentials for protected users
    assertFalse(usersWithCredentialsToUpdate.contains(userProtected.getName()));
}
Also used : FmsUser(com.sequenceiq.freeipa.service.freeipa.user.model.FmsUser) UmsUsersState(com.sequenceiq.freeipa.service.freeipa.user.model.UmsUsersState) UmsUsersState(com.sequenceiq.freeipa.service.freeipa.user.model.UmsUsersState) UsersState(com.sequenceiq.freeipa.service.freeipa.user.model.UsersState)

Example 4 with UmsUsersState

use of com.sequenceiq.freeipa.service.freeipa.user.model.UmsUsersState in project cloudbreak by hortonworks.

the class UsersStateDifferenceCalculatorTest method testCalculateGroupsToAdd.

@Test
void testCalculateGroupsToAdd() {
    FmsGroup groupUms = new FmsGroup().withName("groupUms");
    FmsGroup groupWag = new FmsGroup().withName("groupWag");
    FmsGroup groupBoth = new FmsGroup().withName("groupBoth");
    FmsGroup groupIPA = new FmsGroup().withName("groupIPA");
    FmsGroup groupProtected = new FmsGroup().withName(FreeIpaChecks.IPA_PROTECTED_GROUPS.get(0));
    UmsUsersState umsUsersState = new UmsUsersState.Builder().setUsersState(new UsersState.Builder().addGroup(groupUms).addGroup(groupBoth).addGroup(groupProtected).build()).setWorkloadAdministrationGroups(Set.of(groupWag)).build();
    UsersState ipaUsersState = new UsersState.Builder().addGroup(groupBoth).addGroup(groupIPA).build();
    ImmutableSet<FmsGroup> groupsToAdd = new UserStateDifferenceCalculator().calculateGroupsToAdd(umsUsersState, ipaUsersState);
    // group that exists only in UMS will be added
    assertTrue(groupsToAdd.contains(groupUms));
    // protected groups will be ignored
    assertFalse(groupsToAdd.contains(groupProtected));
    // extra wags will not be added
    assertFalse(groupsToAdd.contains(groupWag));
    // groups that exist in both or only ipa will not be added
    assertFalse(groupsToAdd.contains(groupBoth));
    assertFalse(groupsToAdd.contains(groupIPA));
}
Also used : FmsGroup(com.sequenceiq.freeipa.service.freeipa.user.model.FmsGroup) UmsUsersState(com.sequenceiq.freeipa.service.freeipa.user.model.UmsUsersState) UmsUsersState(com.sequenceiq.freeipa.service.freeipa.user.model.UmsUsersState) UsersState(com.sequenceiq.freeipa.service.freeipa.user.model.UsersState) Test(org.junit.jupiter.api.Test)

Example 5 with UmsUsersState

use of com.sequenceiq.freeipa.service.freeipa.user.model.UmsUsersState in project cloudbreak by hortonworks.

the class UsersStateDifferenceCalculatorTest method testCalculateGroupMembershipsToAdd.

@Test
void testCalculateGroupMembershipsToAdd() {
    String group = "group";
    String unmanagedGroup = FreeIpaChecks.IPA_UNMANAGED_GROUPS.get(0);
    String userUms = "userUms";
    String userBoth = "userBoth";
    String userIPA = "userIPA";
    UmsUsersState umsUsersState = new UmsUsersState.Builder().setUsersState(new UsersState.Builder().addMemberToGroup(group, userUms).addMemberToGroup(group, userBoth).addMemberToGroup(unmanagedGroup, userUms).build()).build();
    UsersState ipaUsersState = new UsersState.Builder().addMemberToGroup(group, userBoth).addMemberToGroup(group, userIPA).build();
    ImmutableMultimap<String, String> groupMembershipsToAdd = new UserStateDifferenceCalculator().calculateGroupMembershipToAdd(umsUsersState, ipaUsersState);
    // group that exists only in UMS will be added
    assertTrue(groupMembershipsToAdd.get(group).contains(userUms));
    // unmanaged groups will be ignored
    assertFalse(groupMembershipsToAdd.get(unmanagedGroup).contains(userUms));
    // groups that exist in both or only ipa will not be added
    assertFalse(groupMembershipsToAdd.get(group).contains(userBoth));
    assertFalse(groupMembershipsToAdd.get(group).contains(userIPA));
}
Also used : UmsUsersState(com.sequenceiq.freeipa.service.freeipa.user.model.UmsUsersState) UmsUsersState(com.sequenceiq.freeipa.service.freeipa.user.model.UmsUsersState) UsersState(com.sequenceiq.freeipa.service.freeipa.user.model.UsersState) Test(org.junit.jupiter.api.Test)

Aggregations

UmsUsersState (com.sequenceiq.freeipa.service.freeipa.user.model.UmsUsersState)30 Test (org.junit.jupiter.api.Test)23 UsersState (com.sequenceiq.freeipa.service.freeipa.user.model.UsersState)19 UserSyncOptions (com.sequenceiq.freeipa.service.freeipa.user.model.UserSyncOptions)14 SyncStatusDetail (com.sequenceiq.freeipa.service.freeipa.user.model.SyncStatusDetail)11 UsersStateDifference (com.sequenceiq.freeipa.service.freeipa.user.model.UsersStateDifference)9 Stack (com.sequenceiq.freeipa.entity.Stack)8 UmsEventGenerationIds (com.sequenceiq.freeipa.service.freeipa.user.model.UmsEventGenerationIds)7 Collection (java.util.Collection)7 FailureDetails (com.sequenceiq.freeipa.api.v1.freeipa.user.model.FailureDetails)5 List (java.util.List)5 Optional (java.util.Optional)5 Callable (java.util.concurrent.Callable)5 Future (java.util.concurrent.Future)5 SuccessDetails (com.sequenceiq.freeipa.api.v1.freeipa.user.model.SuccessDetails)4 FmsGroup (com.sequenceiq.freeipa.service.freeipa.user.model.FmsGroup)4 FmsUser (com.sequenceiq.freeipa.service.freeipa.user.model.FmsUser)4 Set (java.util.Set)4 TimeoutException (java.util.concurrent.TimeoutException)4 FreeIpaClientException (com.sequenceiq.freeipa.client.FreeIpaClientException)3