use of com.sequenceiq.freeipa.service.freeipa.user.model.UmsUsersState in project cloudbreak by hortonworks.
the class UserSyncServiceTest method testFullSyncRetrievesFullIpaState.
@Test
void testFullSyncRetrievesFullIpaState() throws Exception {
UmsUsersState umsUsersState = mock(UmsUsersState.class);
underTest.getIpaUserState(freeIpaClient, umsUsersState, true);
verify(freeIpaUsersStateProvider).getUsersState(any());
}
use of com.sequenceiq.freeipa.service.freeipa.user.model.UmsUsersState in project cloudbreak by hortonworks.
the class UserSyncStateApplierTest method testApplyDifferenceWithPasswordHashSupport.
@Test
public void testApplyDifferenceWithPasswordHashSupport() throws FreeIpaClientException, TimeoutException {
UsersState usersState = UsersState.newBuilder().addUserMetadata("userToUpdate1", new UserMetadata("userToUpdate1Crn", 1L)).addUserMetadata("userToUpdate2", new UserMetadata("userToUpdate2Crn", 2L)).build();
WorkloadCredential workloadCredential1 = mock(WorkloadCredential.class);
WorkloadCredential workloadCredential2 = mock(WorkloadCredential.class);
UmsUsersState umsUsersState = UmsUsersState.newBuilder().setUsersState(usersState).addWorkloadCredentials("userToUpdate1", workloadCredential1).addWorkloadCredentials("userToUpdate2", workloadCredential2).build();
UserSyncOptions userSyncOptions = mock(UserSyncOptions.class);
UsersStateDifference usersStateDifference = createStateDiff();
Multimap<String, String> warnings = ArrayListMultimap.create();
when(userSyncOptions.isFmsToFreeIpaBatchCallEnabled()).thenReturn(Boolean.TRUE);
Config config = new Config();
config.setIpauserobjectclasses(Set.of("cdpUserAttr"));
when(freeIpaClient.getConfig()).thenReturn(config);
underTest.applyDifference(umsUsersState, ENV_CRN, warnings, usersStateDifference, userSyncOptions, freeIpaClient);
ArgumentCaptor<Set<WorkloadCredentialUpdate>> credentialUpdateCaptor = ArgumentCaptor.forClass(Set.class);
verify(workloadCredentialService).setWorkloadCredentials(eq(userSyncOptions), eq(freeIpaClient), credentialUpdateCaptor.capture(), any());
Set<WorkloadCredentialUpdate> workloadCredentialUpdates = credentialUpdateCaptor.getValue();
assertThat(workloadCredentialUpdates, allOf(hasItem(allOf(hasProperty("username", is("userToUpdate1")), hasProperty("userCrn", is("userToUpdate1Crn")), hasProperty("workloadCredential", is(workloadCredential1)))), hasItem(allOf(hasProperty("username", is("userToUpdate2")), hasProperty("userCrn", is("userToUpdate2Crn")), hasProperty("workloadCredential", is(workloadCredential2))))));
}
use of com.sequenceiq.freeipa.service.freeipa.user.model.UmsUsersState in project cloudbreak by hortonworks.
the class UsersStateDifferenceCalculatorTest method testCalculateUsersWithCredentialsToUpdate.
private void testCalculateUsersWithCredentialsToUpdate(boolean updatedOptimizationEnabled) {
UmsUsersState.Builder umsUsersStateBuilder = UmsUsersState.newBuilder();
UsersState.Builder usersStateBuilderForUms = UsersState.newBuilder();
UsersState.Builder usersStateBuilderForIpa = UsersState.newBuilder();
FmsUser userUms = addUmsUser("userUms", 1L, umsUsersStateBuilder, usersStateBuilderForUms);
FmsUser userWithNoIpaMetadata = addUmsUser("userWithNoIpaMetadata", 0L, umsUsersStateBuilder, usersStateBuilderForUms);
addIpaUser(userWithNoIpaMetadata.getName(), Optional.empty(), usersStateBuilderForIpa);
FmsUser userWithStaleIpaCredentials = addUmsUser("userWithStaleIpaCredentials", 2L, umsUsersStateBuilder, usersStateBuilderForUms);
addIpaUser(userWithStaleIpaCredentials.getName(), Optional.of(1L), usersStateBuilderForIpa);
FmsUser userWithUpToDateIpaCredentials = addUmsUser("userWithUpToDateIpaCredentials", 5L, umsUsersStateBuilder, usersStateBuilderForUms);
addIpaUser(userWithUpToDateIpaCredentials.getName(), Optional.of(5L), usersStateBuilderForIpa);
FmsUser userProtected = addUmsUser(FreeIpaChecks.IPA_PROTECTED_USERS.get(0), 0L, umsUsersStateBuilder, usersStateBuilderForUms);
addIpaUser(userProtected.getName(), Optional.empty(), usersStateBuilderForIpa);
UmsUsersState umsUsersState = umsUsersStateBuilder.setUsersState(usersStateBuilderForUms.build()).build();
UsersState ipaUsersState = usersStateBuilderForIpa.build();
ImmutableSet<String> usersWithCredentialsToUpdate = new UserStateDifferenceCalculator().calculateUsersWithCredentialsToUpdate(umsUsersState, ipaUsersState, updatedOptimizationEnabled);
// User that exists only in UMS requires credentials update
assertTrue(usersWithCredentialsToUpdate.contains(userUms.getName()));
// User whose IPA credentials version is unknown requires credentials update
assertTrue(usersWithCredentialsToUpdate.contains(userWithNoIpaMetadata.getName()));
// User with stale IPA credentials requires credentials update
assertTrue(usersWithCredentialsToUpdate.contains(userWithStaleIpaCredentials.getName()));
// User with up-to-date IPA credentials requires credentials update if update optimization is disabled
assertEquals(!updatedOptimizationEnabled, usersWithCredentialsToUpdate.contains(userWithUpToDateIpaCredentials.getName()));
// We never update credentials for protected users
assertFalse(usersWithCredentialsToUpdate.contains(userProtected.getName()));
}
use of com.sequenceiq.freeipa.service.freeipa.user.model.UmsUsersState in project cloudbreak by hortonworks.
the class UsersStateDifferenceCalculatorTest method testCalculateGroupsToAdd.
@Test
void testCalculateGroupsToAdd() {
FmsGroup groupUms = new FmsGroup().withName("groupUms");
FmsGroup groupWag = new FmsGroup().withName("groupWag");
FmsGroup groupBoth = new FmsGroup().withName("groupBoth");
FmsGroup groupIPA = new FmsGroup().withName("groupIPA");
FmsGroup groupProtected = new FmsGroup().withName(FreeIpaChecks.IPA_PROTECTED_GROUPS.get(0));
UmsUsersState umsUsersState = new UmsUsersState.Builder().setUsersState(new UsersState.Builder().addGroup(groupUms).addGroup(groupBoth).addGroup(groupProtected).build()).setWorkloadAdministrationGroups(Set.of(groupWag)).build();
UsersState ipaUsersState = new UsersState.Builder().addGroup(groupBoth).addGroup(groupIPA).build();
ImmutableSet<FmsGroup> groupsToAdd = new UserStateDifferenceCalculator().calculateGroupsToAdd(umsUsersState, ipaUsersState);
// group that exists only in UMS will be added
assertTrue(groupsToAdd.contains(groupUms));
// protected groups will be ignored
assertFalse(groupsToAdd.contains(groupProtected));
// extra wags will not be added
assertFalse(groupsToAdd.contains(groupWag));
// groups that exist in both or only ipa will not be added
assertFalse(groupsToAdd.contains(groupBoth));
assertFalse(groupsToAdd.contains(groupIPA));
}
use of com.sequenceiq.freeipa.service.freeipa.user.model.UmsUsersState in project cloudbreak by hortonworks.
the class UsersStateDifferenceCalculatorTest method testCalculateGroupMembershipsToAdd.
@Test
void testCalculateGroupMembershipsToAdd() {
String group = "group";
String unmanagedGroup = FreeIpaChecks.IPA_UNMANAGED_GROUPS.get(0);
String userUms = "userUms";
String userBoth = "userBoth";
String userIPA = "userIPA";
UmsUsersState umsUsersState = new UmsUsersState.Builder().setUsersState(new UsersState.Builder().addMemberToGroup(group, userUms).addMemberToGroup(group, userBoth).addMemberToGroup(unmanagedGroup, userUms).build()).build();
UsersState ipaUsersState = new UsersState.Builder().addMemberToGroup(group, userBoth).addMemberToGroup(group, userIPA).build();
ImmutableMultimap<String, String> groupMembershipsToAdd = new UserStateDifferenceCalculator().calculateGroupMembershipToAdd(umsUsersState, ipaUsersState);
// group that exists only in UMS will be added
assertTrue(groupMembershipsToAdd.get(group).contains(userUms));
// unmanaged groups will be ignored
assertFalse(groupMembershipsToAdd.get(unmanagedGroup).contains(userUms));
// groups that exist in both or only ipa will not be added
assertFalse(groupMembershipsToAdd.get(group).contains(userBoth));
assertFalse(groupMembershipsToAdd.get(group).contains(userIPA));
}
Aggregations