Search in sources :

Example 1 with UserSyncOptions

use of com.sequenceiq.freeipa.service.freeipa.user.model.UserSyncOptions in project cloudbreak by hortonworks.

the class UserSyncServiceTest method testSyncUsersWithFilterAndMultipleStack.

@Test
public void testSyncUsersWithFilterAndMultipleStack() {
    Stack stack = mock(Stack.class);
    Stack stack2 = mock(Stack.class);
    when(stack.getEnvironmentCrn()).thenReturn(ENV_CRN);
    when(stack2.getEnvironmentCrn()).thenReturn(ENV_CRN_2);
    when(stackService.getMultipleByEnvironmentCrnOrChildEnvironmantCrnAndAccountId(Set.of(ENV_CRN, ENV_CRN_2), ACCOUNT_ID)).thenReturn(List.of(stack, stack2));
    Operation operation = createRunningOperation();
    when(operationService.startOperation(anyString(), any(OperationType.class), anyCollection(), anyCollection())).thenReturn(operation);
    doAnswer(inv -> {
        Runnable runnable = inv.getArgument(2, Runnable.class);
        runnable.run();
        return null;
    }).when(operationService).tryWithOperationCleanup(eq(operation.getOperationId()), eq(ACCOUNT_ID), any(Runnable.class));
    when(regionAwareInternalCrnGenerator.getInternalCrnForServiceAsString()).thenReturn(INTERNAL_ACTOR);
    when(regionAwareInternalCrnGeneratorFactory.iam()).thenReturn(regionAwareInternalCrnGenerator);
    when(entitlementService.usersyncCredentialsUpdateOptimizationEnabled(ACCOUNT_ID)).thenReturn(Boolean.TRUE);
    when(entitlementService.isFmsToFreeipaBatchCallEnabled(ACCOUNT_ID)).thenReturn(Boolean.TRUE);
    doAnswer(inv -> {
        Runnable runnable = inv.getArgument(0, Runnable.class);
        assertEquals(operation.getOperationId(), MDCBuilder.getMdcContextMap().get(LoggerContextKey.OPERATION_ID.toString()));
        assertEquals(INTERNAL_ACTOR, ThreadBasedUserCrnProvider.getUserCrn());
        runnable.run();
        return mock(Future.class);
    }).when(asyncTaskExecutor).submit(any(Runnable.class));
    Operation result = underTest.synchronizeUsers(ACCOUNT_ID, ACTOR_CRN, Set.of(ENV_CRN, ENV_CRN_2), Set.of("userCrn"), Set.of("machineUserCrn"), WorkloadCredentialsUpdateType.UPDATE_IF_CHANGED);
    assertEquals(operation, result);
    ArgumentCaptor<UserSyncRequestFilter> requestFilterCaptor = ArgumentCaptor.forClass(UserSyncRequestFilter.class);
    verify(userSyncRequestValidator).validateParameters(eq(ACCOUNT_ID), eq(ACTOR_CRN), eq(Set.of(ENV_CRN, ENV_CRN_2)), requestFilterCaptor.capture());
    UserSyncRequestFilter requestFilter = requestFilterCaptor.getValue();
    assertEquals(requestFilter.getUserCrnFilter(), Set.of("userCrn"));
    assertEquals(requestFilter.getMachineUserCrnFilter(), Set.of("machineUserCrn"));
    assertTrue(requestFilter.getDeletedWorkloadUser().isEmpty());
    verifyNoInteractions(userSyncStatusService);
    ArgumentCaptor<UserSyncOptions> syncOptionsCaptor = ArgumentCaptor.forClass(UserSyncOptions.class);
    verify(userSyncForEnvService).synchronizeUsers(eq(operation.getOperationId()), eq(ACCOUNT_ID), eq(List.of(stack, stack2)), eq(requestFilter), syncOptionsCaptor.capture(), anyLong());
    UserSyncOptions userSyncOptions = syncOptionsCaptor.getValue();
    assertFalse(userSyncOptions.isFullSync());
    assertTrue(userSyncOptions.isCredentialsUpdateOptimizationEnabled());
    assertTrue(userSyncOptions.isFmsToFreeIpaBatchCallEnabled());
}
Also used : UserSyncOptions(com.sequenceiq.freeipa.service.freeipa.user.model.UserSyncOptions) Operation(com.sequenceiq.freeipa.entity.Operation) OperationType(com.sequenceiq.freeipa.api.v1.operation.model.OperationType) Stack(com.sequenceiq.freeipa.entity.Stack) Test(org.junit.jupiter.api.Test)

Example 2 with UserSyncOptions

use of com.sequenceiq.freeipa.service.freeipa.user.model.UserSyncOptions in project cloudbreak by hortonworks.

the class UserSyncServiceTest method testSyncUsersWithCustomPermissionCheck.

@Test
public void testSyncUsersWithCustomPermissionCheck() {
    Stack stack = mock(Stack.class);
    when(stack.getEnvironmentCrn()).thenReturn(ENV_CRN);
    when(stackService.getMultipleByEnvironmentCrnOrChildEnvironmantCrnAndAccountId(Set.of(), ACCOUNT_ID)).thenReturn(List.of(stack));
    Operation operation = createRunningOperation();
    when(operationService.startOperation(anyString(), any(OperationType.class), anyCollection(), anyCollection())).thenReturn(operation);
    doAnswer(inv -> {
        Runnable runnable = inv.getArgument(2, Runnable.class);
        runnable.run();
        return null;
    }).when(operationService).tryWithOperationCleanup(eq(operation.getOperationId()), eq(ACCOUNT_ID), any(Runnable.class));
    when(regionAwareInternalCrnGenerator.getInternalCrnForServiceAsString()).thenReturn(INTERNAL_ACTOR);
    when(regionAwareInternalCrnGeneratorFactory.iam()).thenReturn(regionAwareInternalCrnGenerator);
    UserSyncStatus userSyncStatus = new UserSyncStatus();
    when(userSyncStatusService.getOrCreateForStack(stack)).thenReturn(userSyncStatus);
    when(entitlementService.usersyncCredentialsUpdateOptimizationEnabled(ACCOUNT_ID)).thenReturn(Boolean.TRUE);
    when(entitlementService.isFmsToFreeipaBatchCallEnabled(ACCOUNT_ID)).thenReturn(Boolean.TRUE);
    doAnswer(inv -> {
        Runnable runnable = inv.getArgument(0, Runnable.class);
        assertEquals(operation.getOperationId(), MDCBuilder.getMdcContextMap().get(LoggerContextKey.OPERATION_ID.toString()));
        assertEquals(INTERNAL_ACTOR, ThreadBasedUserCrnProvider.getUserCrn());
        runnable.run();
        return mock(Future.class);
    }).when(asyncTaskExecutor).submit(any(Runnable.class));
    UserSyncRequestFilter userSyncFilter = new UserSyncRequestFilter(Set.of(), Set.of(), Optional.empty());
    doAnswer(inv -> {
        Runnable runnable = inv.getArgument(1, Runnable.class);
        runnable.run();
        return null;
    }).when(customCheckUtil).run(eq(ACTOR_CRN), any(Runnable.class));
    Operation result = underTest.synchronizeUsersWithCustomPermissionCheck(ACCOUNT_ID, ACTOR_CRN, Set.of(), userSyncFilter, WorkloadCredentialsUpdateType.UPDATE_IF_CHANGED, AuthorizationResourceAction.DESCRIBE_ENVIRONMENT);
    assertEquals(operation, result);
    ArgumentCaptor<UserSyncRequestFilter> requestFilterCaptor = ArgumentCaptor.forClass(UserSyncRequestFilter.class);
    verify(userSyncRequestValidator).validateParameters(eq(ACCOUNT_ID), eq(ACTOR_CRN), eq(Set.of()), requestFilterCaptor.capture());
    UserSyncRequestFilter requestFilter = requestFilterCaptor.getValue();
    assertTrue(requestFilter.getUserCrnFilter().isEmpty());
    assertTrue(requestFilter.getMachineUserCrnFilter().isEmpty());
    assertTrue(requestFilter.getDeletedWorkloadUser().isEmpty());
    assertEquals(operation, userSyncStatus.getLastStartedFullSync());
    verify(userSyncStatusService).save(userSyncStatus);
    ArgumentCaptor<UserSyncOptions> syncOptionsCaptor = ArgumentCaptor.forClass(UserSyncOptions.class);
    verify(userSyncForEnvService).synchronizeUsers(eq(operation.getOperationId()), eq(ACCOUNT_ID), eq(List.of(stack)), eq(requestFilter), syncOptionsCaptor.capture(), anyLong());
    UserSyncOptions userSyncOptions = syncOptionsCaptor.getValue();
    assertTrue(userSyncOptions.isFullSync());
    assertTrue(userSyncOptions.isCredentialsUpdateOptimizationEnabled());
    assertTrue(userSyncOptions.isFmsToFreeIpaBatchCallEnabled());
    verify(commonPermissionCheckingUtils).checkPermissionForUserOnResources(AuthorizationResourceAction.DESCRIBE_ENVIRONMENT, ACTOR_CRN, List.of(ENV_CRN));
}
Also used : UserSyncOptions(com.sequenceiq.freeipa.service.freeipa.user.model.UserSyncOptions) UserSyncStatus(com.sequenceiq.freeipa.entity.UserSyncStatus) Operation(com.sequenceiq.freeipa.entity.Operation) OperationType(com.sequenceiq.freeipa.api.v1.operation.model.OperationType) Stack(com.sequenceiq.freeipa.entity.Stack) Test(org.junit.jupiter.api.Test)

Example 3 with UserSyncOptions

use of com.sequenceiq.freeipa.service.freeipa.user.model.UserSyncOptions in project cloudbreak by hortonworks.

the class UserSyncStateApplierTest method testApplyDifferenceWithPasswordHashSupport.

@Test
public void testApplyDifferenceWithPasswordHashSupport() throws FreeIpaClientException, TimeoutException {
    UsersState usersState = UsersState.newBuilder().addUserMetadata("userToUpdate1", new UserMetadata("userToUpdate1Crn", 1L)).addUserMetadata("userToUpdate2", new UserMetadata("userToUpdate2Crn", 2L)).build();
    WorkloadCredential workloadCredential1 = mock(WorkloadCredential.class);
    WorkloadCredential workloadCredential2 = mock(WorkloadCredential.class);
    UmsUsersState umsUsersState = UmsUsersState.newBuilder().setUsersState(usersState).addWorkloadCredentials("userToUpdate1", workloadCredential1).addWorkloadCredentials("userToUpdate2", workloadCredential2).build();
    UserSyncOptions userSyncOptions = mock(UserSyncOptions.class);
    UsersStateDifference usersStateDifference = createStateDiff();
    Multimap<String, String> warnings = ArrayListMultimap.create();
    when(userSyncOptions.isFmsToFreeIpaBatchCallEnabled()).thenReturn(Boolean.TRUE);
    Config config = new Config();
    config.setIpauserobjectclasses(Set.of("cdpUserAttr"));
    when(freeIpaClient.getConfig()).thenReturn(config);
    underTest.applyDifference(umsUsersState, ENV_CRN, warnings, usersStateDifference, userSyncOptions, freeIpaClient);
    ArgumentCaptor<Set<WorkloadCredentialUpdate>> credentialUpdateCaptor = ArgumentCaptor.forClass(Set.class);
    verify(workloadCredentialService).setWorkloadCredentials(eq(userSyncOptions), eq(freeIpaClient), credentialUpdateCaptor.capture(), any());
    Set<WorkloadCredentialUpdate> workloadCredentialUpdates = credentialUpdateCaptor.getValue();
    assertThat(workloadCredentialUpdates, allOf(hasItem(allOf(hasProperty("username", is("userToUpdate1")), hasProperty("userCrn", is("userToUpdate1Crn")), hasProperty("workloadCredential", is(workloadCredential1)))), hasItem(allOf(hasProperty("username", is("userToUpdate2")), hasProperty("userCrn", is("userToUpdate2Crn")), hasProperty("workloadCredential", is(workloadCredential2))))));
}
Also used : ImmutableSet(com.google.common.collect.ImmutableSet) Set(java.util.Set) Config(com.sequenceiq.freeipa.client.model.Config) UmsUsersState(com.sequenceiq.freeipa.service.freeipa.user.model.UmsUsersState) UserMetadata(com.sequenceiq.freeipa.service.freeipa.user.model.UserMetadata) UsersState(com.sequenceiq.freeipa.service.freeipa.user.model.UsersState) UmsUsersState(com.sequenceiq.freeipa.service.freeipa.user.model.UmsUsersState) WorkloadCredential(com.sequenceiq.freeipa.service.freeipa.user.model.WorkloadCredential) UserSyncOptions(com.sequenceiq.freeipa.service.freeipa.user.model.UserSyncOptions) WorkloadCredentialUpdate(com.sequenceiq.freeipa.service.freeipa.user.model.WorkloadCredentialUpdate) UsersStateDifference(com.sequenceiq.freeipa.service.freeipa.user.model.UsersStateDifference) Test(org.junit.jupiter.api.Test)

Example 4 with UserSyncOptions

use of com.sequenceiq.freeipa.service.freeipa.user.model.UserSyncOptions in project cloudbreak by hortonworks.

the class UserSyncForEnvServiceTest method testSyncUsers.

@Test
public void testSyncUsers() {
    Stack stack1 = mock(Stack.class);
    when(stack1.getEnvironmentCrn()).thenReturn(ENV_CRN);
    Stack stack2 = mock(Stack.class);
    when(stack2.getEnvironmentCrn()).thenReturn(ENV_CRN_2);
    UserSyncRequestFilter userSyncFilter = new UserSyncRequestFilter(Set.of(), Set.of(), Optional.empty());
    UserSyncOptions options = new UserSyncOptions(true, true, WorkloadCredentialsUpdateType.UPDATE_IF_CHANGED);
    doAnswer(inv -> {
        inv.getArgument(2, Runnable.class).run();
        return null;
    }).when(operationService).tryWithOperationCleanup(eq(OPERATION_ID), eq(ACCOUNT_ID), any(Runnable.class));
    UmsUsersState umsUsersState1 = mock(UmsUsersState.class);
    UmsUsersState umsUsersState2 = mock(UmsUsersState.class);
    when(umsUsersStateProviderDispatcher.getEnvToUmsUsersStateMap(eq(ACCOUNT_ID), eq(Set.of(ENV_CRN, ENV_CRN_2)), eq(Set.of()), eq(Set.of()), any())).thenReturn(Map.of(ENV_CRN, umsUsersState1, ENV_CRN_2, umsUsersState2));
    when(asyncTaskExecutor.submit(any(Callable.class))).thenAnswer(inv -> {
        SyncStatusDetail result = (SyncStatusDetail) inv.getArgument(0, Callable.class).call();
        Future future = mock(Future.class);
        when(future.get()).thenReturn(result);
        return future;
    });
    when(umsEventGenerationIdsProvider.getEventGenerationIds(eq(ACCOUNT_ID), any(Optional.class))).thenReturn(new UmsEventGenerationIds());
    when(userSyncForStackService.synchronizeStack(stack1, umsUsersState1, options)).thenReturn(new SyncStatusDetail(ENV_CRN, SynchronizationStatus.COMPLETED, "", ImmutableMultimap.of()));
    when(userSyncForStackService.synchronizeStack(stack2, umsUsersState2, options)).thenReturn(new SyncStatusDetail(ENV_CRN_2, SynchronizationStatus.COMPLETED, "", ImmutableMultimap.of()));
    when(userSyncStatusService.getOrCreateForStack(stack1)).thenReturn(new UserSyncStatus());
    when(userSyncStatusService.getOrCreateForStack(stack2)).thenReturn(new UserSyncStatus());
    underTest.synchronizeUsers(OPERATION_ID, ACCOUNT_ID, List.of(stack1, stack2), userSyncFilter, options, System.currentTimeMillis());
    verify(umsVirtualGroupCreateService).createVirtualGroups(ACCOUNT_ID, List.of(stack1, stack2));
    verify(userSyncStatusService, times(2)).save(any(UserSyncStatus.class));
    ArgumentCaptor<Collection> successCaptor = ArgumentCaptor.forClass(Collection.class);
    ArgumentCaptor<Collection> failureCaptor = ArgumentCaptor.forClass(Collection.class);
    verify(operationService).completeOperation(eq(ACCOUNT_ID), eq(OPERATION_ID), successCaptor.capture(), failureCaptor.capture());
    assertTrue(failureCaptor.getValue().isEmpty());
    assertTrue(successCaptor.getValue().contains(new SuccessDetails(ENV_CRN)));
    assertTrue(successCaptor.getValue().contains(new SuccessDetails(ENV_CRN_2)));
}
Also used : SuccessDetails(com.sequenceiq.freeipa.api.v1.freeipa.user.model.SuccessDetails) Optional(java.util.Optional) UmsUsersState(com.sequenceiq.freeipa.service.freeipa.user.model.UmsUsersState) UserSyncStatus(com.sequenceiq.freeipa.entity.UserSyncStatus) Callable(java.util.concurrent.Callable) Stack(com.sequenceiq.freeipa.entity.Stack) UmsEventGenerationIds(com.sequenceiq.freeipa.service.freeipa.user.model.UmsEventGenerationIds) SyncStatusDetail(com.sequenceiq.freeipa.service.freeipa.user.model.SyncStatusDetail) UserSyncOptions(com.sequenceiq.freeipa.service.freeipa.user.model.UserSyncOptions) Future(java.util.concurrent.Future) Collection(java.util.Collection) Test(org.junit.jupiter.api.Test)

Example 5 with UserSyncOptions

use of com.sequenceiq.freeipa.service.freeipa.user.model.UserSyncOptions in project cloudbreak by hortonworks.

the class UserSyncForEnvServiceTest method testSyncUsersTimesOut.

@Test
public void testSyncUsersTimesOut() {
    ReflectionTestUtils.setField(underTest, "operationTimeout", 0L);
    Stack stack1 = mock(Stack.class);
    when(stack1.getEnvironmentCrn()).thenReturn(ENV_CRN);
    UserSyncRequestFilter userSyncFilter = new UserSyncRequestFilter(Set.of(), Set.of(), Optional.empty());
    UserSyncOptions options = new UserSyncOptions(true, true, WorkloadCredentialsUpdateType.UPDATE_IF_CHANGED);
    doAnswer(inv -> {
        inv.getArgument(2, Runnable.class).run();
        return null;
    }).when(operationService).tryWithOperationCleanup(eq(OPERATION_ID), eq(ACCOUNT_ID), any(Runnable.class));
    UmsUsersState umsUsersState1 = mock(UmsUsersState.class);
    when(umsUsersStateProviderDispatcher.getEnvToUmsUsersStateMap(eq(ACCOUNT_ID), eq(Set.of(ENV_CRN)), eq(Set.of()), eq(Set.of()), any())).thenReturn(Map.of(ENV_CRN, umsUsersState1));
    Future<?> future = mock(Future.class);
    when(asyncTaskExecutor.submit(any(Callable.class))).thenAnswer(inv -> {
        when(future.get(0L, TimeUnit.MILLISECONDS)).thenThrow(new TimeoutException("timeout"));
        return future;
    });
    when(umsEventGenerationIdsProvider.getEventGenerationIds(eq(ACCOUNT_ID), any(Optional.class))).thenReturn(new UmsEventGenerationIds());
    when(entitlementService.isUserSyncThreadTimeoutEnabled(ACCOUNT_ID)).thenReturn(Boolean.TRUE);
    underTest.synchronizeUsers(OPERATION_ID, ACCOUNT_ID, List.of(stack1), userSyncFilter, options, System.currentTimeMillis());
    verifyNoInteractions(userSyncStatusService);
    ArgumentCaptor<Collection> successCaptor = ArgumentCaptor.forClass(Collection.class);
    ArgumentCaptor<Collection> failureCaptor = ArgumentCaptor.forClass(Collection.class);
    verify(operationService).completeOperation(eq(ACCOUNT_ID), eq(OPERATION_ID), successCaptor.capture(), failureCaptor.capture());
    assertTrue(successCaptor.getValue().isEmpty());
    verify(future).cancel(true);
    List<FailureDetails> failures = (List<FailureDetails>) failureCaptor.getValue();
    assertThat(failures, allOf(hasItem(allOf(hasProperty("environment", is(ENV_CRN)), hasProperty("message", is("Timed out")), hasProperty("additionalDetails", anEmptyMap())))));
}
Also used : Optional(java.util.Optional) UmsUsersState(com.sequenceiq.freeipa.service.freeipa.user.model.UmsUsersState) FailureDetails(com.sequenceiq.freeipa.api.v1.freeipa.user.model.FailureDetails) Callable(java.util.concurrent.Callable) Stack(com.sequenceiq.freeipa.entity.Stack) UmsEventGenerationIds(com.sequenceiq.freeipa.service.freeipa.user.model.UmsEventGenerationIds) UserSyncOptions(com.sequenceiq.freeipa.service.freeipa.user.model.UserSyncOptions) Collection(java.util.Collection) List(java.util.List) TimeoutException(java.util.concurrent.TimeoutException) Test(org.junit.jupiter.api.Test)

Aggregations

UserSyncOptions (com.sequenceiq.freeipa.service.freeipa.user.model.UserSyncOptions)25 Test (org.junit.jupiter.api.Test)20 Stack (com.sequenceiq.freeipa.entity.Stack)16 UmsUsersState (com.sequenceiq.freeipa.service.freeipa.user.model.UmsUsersState)14 SyncStatusDetail (com.sequenceiq.freeipa.service.freeipa.user.model.SyncStatusDetail)11 UserSyncStatus (com.sequenceiq.freeipa.entity.UserSyncStatus)8 Collection (java.util.Collection)8 UsersStateDifference (com.sequenceiq.freeipa.service.freeipa.user.model.UsersStateDifference)7 Optional (java.util.Optional)7 OperationType (com.sequenceiq.freeipa.api.v1.operation.model.OperationType)6 Operation (com.sequenceiq.freeipa.entity.Operation)6 UmsEventGenerationIds (com.sequenceiq.freeipa.service.freeipa.user.model.UmsEventGenerationIds)6 UsersState (com.sequenceiq.freeipa.service.freeipa.user.model.UsersState)6 List (java.util.List)6 Callable (java.util.concurrent.Callable)6 Future (java.util.concurrent.Future)6 Set (java.util.Set)5 TimeoutException (java.util.concurrent.TimeoutException)5 WorkloadCredentialsUpdateType (com.sequenceiq.freeipa.api.v1.freeipa.user.model.WorkloadCredentialsUpdateType)4 FreeIpaClientException (com.sequenceiq.freeipa.client.FreeIpaClientException)4