use of com.sequenceiq.freeipa.service.freeipa.user.model.UserSyncOptions in project cloudbreak by hortonworks.
the class UserSyncServiceTest method testSyncUsersWithFilterAndMultipleStack.
@Test
public void testSyncUsersWithFilterAndMultipleStack() {
Stack stack = mock(Stack.class);
Stack stack2 = mock(Stack.class);
when(stack.getEnvironmentCrn()).thenReturn(ENV_CRN);
when(stack2.getEnvironmentCrn()).thenReturn(ENV_CRN_2);
when(stackService.getMultipleByEnvironmentCrnOrChildEnvironmantCrnAndAccountId(Set.of(ENV_CRN, ENV_CRN_2), ACCOUNT_ID)).thenReturn(List.of(stack, stack2));
Operation operation = createRunningOperation();
when(operationService.startOperation(anyString(), any(OperationType.class), anyCollection(), anyCollection())).thenReturn(operation);
doAnswer(inv -> {
Runnable runnable = inv.getArgument(2, Runnable.class);
runnable.run();
return null;
}).when(operationService).tryWithOperationCleanup(eq(operation.getOperationId()), eq(ACCOUNT_ID), any(Runnable.class));
when(regionAwareInternalCrnGenerator.getInternalCrnForServiceAsString()).thenReturn(INTERNAL_ACTOR);
when(regionAwareInternalCrnGeneratorFactory.iam()).thenReturn(regionAwareInternalCrnGenerator);
when(entitlementService.usersyncCredentialsUpdateOptimizationEnabled(ACCOUNT_ID)).thenReturn(Boolean.TRUE);
when(entitlementService.isFmsToFreeipaBatchCallEnabled(ACCOUNT_ID)).thenReturn(Boolean.TRUE);
doAnswer(inv -> {
Runnable runnable = inv.getArgument(0, Runnable.class);
assertEquals(operation.getOperationId(), MDCBuilder.getMdcContextMap().get(LoggerContextKey.OPERATION_ID.toString()));
assertEquals(INTERNAL_ACTOR, ThreadBasedUserCrnProvider.getUserCrn());
runnable.run();
return mock(Future.class);
}).when(asyncTaskExecutor).submit(any(Runnable.class));
Operation result = underTest.synchronizeUsers(ACCOUNT_ID, ACTOR_CRN, Set.of(ENV_CRN, ENV_CRN_2), Set.of("userCrn"), Set.of("machineUserCrn"), WorkloadCredentialsUpdateType.UPDATE_IF_CHANGED);
assertEquals(operation, result);
ArgumentCaptor<UserSyncRequestFilter> requestFilterCaptor = ArgumentCaptor.forClass(UserSyncRequestFilter.class);
verify(userSyncRequestValidator).validateParameters(eq(ACCOUNT_ID), eq(ACTOR_CRN), eq(Set.of(ENV_CRN, ENV_CRN_2)), requestFilterCaptor.capture());
UserSyncRequestFilter requestFilter = requestFilterCaptor.getValue();
assertEquals(requestFilter.getUserCrnFilter(), Set.of("userCrn"));
assertEquals(requestFilter.getMachineUserCrnFilter(), Set.of("machineUserCrn"));
assertTrue(requestFilter.getDeletedWorkloadUser().isEmpty());
verifyNoInteractions(userSyncStatusService);
ArgumentCaptor<UserSyncOptions> syncOptionsCaptor = ArgumentCaptor.forClass(UserSyncOptions.class);
verify(userSyncForEnvService).synchronizeUsers(eq(operation.getOperationId()), eq(ACCOUNT_ID), eq(List.of(stack, stack2)), eq(requestFilter), syncOptionsCaptor.capture(), anyLong());
UserSyncOptions userSyncOptions = syncOptionsCaptor.getValue();
assertFalse(userSyncOptions.isFullSync());
assertTrue(userSyncOptions.isCredentialsUpdateOptimizationEnabled());
assertTrue(userSyncOptions.isFmsToFreeIpaBatchCallEnabled());
}
use of com.sequenceiq.freeipa.service.freeipa.user.model.UserSyncOptions in project cloudbreak by hortonworks.
the class UserSyncServiceTest method testSyncUsersWithCustomPermissionCheck.
@Test
public void testSyncUsersWithCustomPermissionCheck() {
Stack stack = mock(Stack.class);
when(stack.getEnvironmentCrn()).thenReturn(ENV_CRN);
when(stackService.getMultipleByEnvironmentCrnOrChildEnvironmantCrnAndAccountId(Set.of(), ACCOUNT_ID)).thenReturn(List.of(stack));
Operation operation = createRunningOperation();
when(operationService.startOperation(anyString(), any(OperationType.class), anyCollection(), anyCollection())).thenReturn(operation);
doAnswer(inv -> {
Runnable runnable = inv.getArgument(2, Runnable.class);
runnable.run();
return null;
}).when(operationService).tryWithOperationCleanup(eq(operation.getOperationId()), eq(ACCOUNT_ID), any(Runnable.class));
when(regionAwareInternalCrnGenerator.getInternalCrnForServiceAsString()).thenReturn(INTERNAL_ACTOR);
when(regionAwareInternalCrnGeneratorFactory.iam()).thenReturn(regionAwareInternalCrnGenerator);
UserSyncStatus userSyncStatus = new UserSyncStatus();
when(userSyncStatusService.getOrCreateForStack(stack)).thenReturn(userSyncStatus);
when(entitlementService.usersyncCredentialsUpdateOptimizationEnabled(ACCOUNT_ID)).thenReturn(Boolean.TRUE);
when(entitlementService.isFmsToFreeipaBatchCallEnabled(ACCOUNT_ID)).thenReturn(Boolean.TRUE);
doAnswer(inv -> {
Runnable runnable = inv.getArgument(0, Runnable.class);
assertEquals(operation.getOperationId(), MDCBuilder.getMdcContextMap().get(LoggerContextKey.OPERATION_ID.toString()));
assertEquals(INTERNAL_ACTOR, ThreadBasedUserCrnProvider.getUserCrn());
runnable.run();
return mock(Future.class);
}).when(asyncTaskExecutor).submit(any(Runnable.class));
UserSyncRequestFilter userSyncFilter = new UserSyncRequestFilter(Set.of(), Set.of(), Optional.empty());
doAnswer(inv -> {
Runnable runnable = inv.getArgument(1, Runnable.class);
runnable.run();
return null;
}).when(customCheckUtil).run(eq(ACTOR_CRN), any(Runnable.class));
Operation result = underTest.synchronizeUsersWithCustomPermissionCheck(ACCOUNT_ID, ACTOR_CRN, Set.of(), userSyncFilter, WorkloadCredentialsUpdateType.UPDATE_IF_CHANGED, AuthorizationResourceAction.DESCRIBE_ENVIRONMENT);
assertEquals(operation, result);
ArgumentCaptor<UserSyncRequestFilter> requestFilterCaptor = ArgumentCaptor.forClass(UserSyncRequestFilter.class);
verify(userSyncRequestValidator).validateParameters(eq(ACCOUNT_ID), eq(ACTOR_CRN), eq(Set.of()), requestFilterCaptor.capture());
UserSyncRequestFilter requestFilter = requestFilterCaptor.getValue();
assertTrue(requestFilter.getUserCrnFilter().isEmpty());
assertTrue(requestFilter.getMachineUserCrnFilter().isEmpty());
assertTrue(requestFilter.getDeletedWorkloadUser().isEmpty());
assertEquals(operation, userSyncStatus.getLastStartedFullSync());
verify(userSyncStatusService).save(userSyncStatus);
ArgumentCaptor<UserSyncOptions> syncOptionsCaptor = ArgumentCaptor.forClass(UserSyncOptions.class);
verify(userSyncForEnvService).synchronizeUsers(eq(operation.getOperationId()), eq(ACCOUNT_ID), eq(List.of(stack)), eq(requestFilter), syncOptionsCaptor.capture(), anyLong());
UserSyncOptions userSyncOptions = syncOptionsCaptor.getValue();
assertTrue(userSyncOptions.isFullSync());
assertTrue(userSyncOptions.isCredentialsUpdateOptimizationEnabled());
assertTrue(userSyncOptions.isFmsToFreeIpaBatchCallEnabled());
verify(commonPermissionCheckingUtils).checkPermissionForUserOnResources(AuthorizationResourceAction.DESCRIBE_ENVIRONMENT, ACTOR_CRN, List.of(ENV_CRN));
}
use of com.sequenceiq.freeipa.service.freeipa.user.model.UserSyncOptions in project cloudbreak by hortonworks.
the class UserSyncStateApplierTest method testApplyDifferenceWithPasswordHashSupport.
@Test
public void testApplyDifferenceWithPasswordHashSupport() throws FreeIpaClientException, TimeoutException {
UsersState usersState = UsersState.newBuilder().addUserMetadata("userToUpdate1", new UserMetadata("userToUpdate1Crn", 1L)).addUserMetadata("userToUpdate2", new UserMetadata("userToUpdate2Crn", 2L)).build();
WorkloadCredential workloadCredential1 = mock(WorkloadCredential.class);
WorkloadCredential workloadCredential2 = mock(WorkloadCredential.class);
UmsUsersState umsUsersState = UmsUsersState.newBuilder().setUsersState(usersState).addWorkloadCredentials("userToUpdate1", workloadCredential1).addWorkloadCredentials("userToUpdate2", workloadCredential2).build();
UserSyncOptions userSyncOptions = mock(UserSyncOptions.class);
UsersStateDifference usersStateDifference = createStateDiff();
Multimap<String, String> warnings = ArrayListMultimap.create();
when(userSyncOptions.isFmsToFreeIpaBatchCallEnabled()).thenReturn(Boolean.TRUE);
Config config = new Config();
config.setIpauserobjectclasses(Set.of("cdpUserAttr"));
when(freeIpaClient.getConfig()).thenReturn(config);
underTest.applyDifference(umsUsersState, ENV_CRN, warnings, usersStateDifference, userSyncOptions, freeIpaClient);
ArgumentCaptor<Set<WorkloadCredentialUpdate>> credentialUpdateCaptor = ArgumentCaptor.forClass(Set.class);
verify(workloadCredentialService).setWorkloadCredentials(eq(userSyncOptions), eq(freeIpaClient), credentialUpdateCaptor.capture(), any());
Set<WorkloadCredentialUpdate> workloadCredentialUpdates = credentialUpdateCaptor.getValue();
assertThat(workloadCredentialUpdates, allOf(hasItem(allOf(hasProperty("username", is("userToUpdate1")), hasProperty("userCrn", is("userToUpdate1Crn")), hasProperty("workloadCredential", is(workloadCredential1)))), hasItem(allOf(hasProperty("username", is("userToUpdate2")), hasProperty("userCrn", is("userToUpdate2Crn")), hasProperty("workloadCredential", is(workloadCredential2))))));
}
use of com.sequenceiq.freeipa.service.freeipa.user.model.UserSyncOptions in project cloudbreak by hortonworks.
the class UserSyncForEnvServiceTest method testSyncUsers.
@Test
public void testSyncUsers() {
Stack stack1 = mock(Stack.class);
when(stack1.getEnvironmentCrn()).thenReturn(ENV_CRN);
Stack stack2 = mock(Stack.class);
when(stack2.getEnvironmentCrn()).thenReturn(ENV_CRN_2);
UserSyncRequestFilter userSyncFilter = new UserSyncRequestFilter(Set.of(), Set.of(), Optional.empty());
UserSyncOptions options = new UserSyncOptions(true, true, WorkloadCredentialsUpdateType.UPDATE_IF_CHANGED);
doAnswer(inv -> {
inv.getArgument(2, Runnable.class).run();
return null;
}).when(operationService).tryWithOperationCleanup(eq(OPERATION_ID), eq(ACCOUNT_ID), any(Runnable.class));
UmsUsersState umsUsersState1 = mock(UmsUsersState.class);
UmsUsersState umsUsersState2 = mock(UmsUsersState.class);
when(umsUsersStateProviderDispatcher.getEnvToUmsUsersStateMap(eq(ACCOUNT_ID), eq(Set.of(ENV_CRN, ENV_CRN_2)), eq(Set.of()), eq(Set.of()), any())).thenReturn(Map.of(ENV_CRN, umsUsersState1, ENV_CRN_2, umsUsersState2));
when(asyncTaskExecutor.submit(any(Callable.class))).thenAnswer(inv -> {
SyncStatusDetail result = (SyncStatusDetail) inv.getArgument(0, Callable.class).call();
Future future = mock(Future.class);
when(future.get()).thenReturn(result);
return future;
});
when(umsEventGenerationIdsProvider.getEventGenerationIds(eq(ACCOUNT_ID), any(Optional.class))).thenReturn(new UmsEventGenerationIds());
when(userSyncForStackService.synchronizeStack(stack1, umsUsersState1, options)).thenReturn(new SyncStatusDetail(ENV_CRN, SynchronizationStatus.COMPLETED, "", ImmutableMultimap.of()));
when(userSyncForStackService.synchronizeStack(stack2, umsUsersState2, options)).thenReturn(new SyncStatusDetail(ENV_CRN_2, SynchronizationStatus.COMPLETED, "", ImmutableMultimap.of()));
when(userSyncStatusService.getOrCreateForStack(stack1)).thenReturn(new UserSyncStatus());
when(userSyncStatusService.getOrCreateForStack(stack2)).thenReturn(new UserSyncStatus());
underTest.synchronizeUsers(OPERATION_ID, ACCOUNT_ID, List.of(stack1, stack2), userSyncFilter, options, System.currentTimeMillis());
verify(umsVirtualGroupCreateService).createVirtualGroups(ACCOUNT_ID, List.of(stack1, stack2));
verify(userSyncStatusService, times(2)).save(any(UserSyncStatus.class));
ArgumentCaptor<Collection> successCaptor = ArgumentCaptor.forClass(Collection.class);
ArgumentCaptor<Collection> failureCaptor = ArgumentCaptor.forClass(Collection.class);
verify(operationService).completeOperation(eq(ACCOUNT_ID), eq(OPERATION_ID), successCaptor.capture(), failureCaptor.capture());
assertTrue(failureCaptor.getValue().isEmpty());
assertTrue(successCaptor.getValue().contains(new SuccessDetails(ENV_CRN)));
assertTrue(successCaptor.getValue().contains(new SuccessDetails(ENV_CRN_2)));
}
use of com.sequenceiq.freeipa.service.freeipa.user.model.UserSyncOptions in project cloudbreak by hortonworks.
the class UserSyncForEnvServiceTest method testSyncUsersTimesOut.
@Test
public void testSyncUsersTimesOut() {
ReflectionTestUtils.setField(underTest, "operationTimeout", 0L);
Stack stack1 = mock(Stack.class);
when(stack1.getEnvironmentCrn()).thenReturn(ENV_CRN);
UserSyncRequestFilter userSyncFilter = new UserSyncRequestFilter(Set.of(), Set.of(), Optional.empty());
UserSyncOptions options = new UserSyncOptions(true, true, WorkloadCredentialsUpdateType.UPDATE_IF_CHANGED);
doAnswer(inv -> {
inv.getArgument(2, Runnable.class).run();
return null;
}).when(operationService).tryWithOperationCleanup(eq(OPERATION_ID), eq(ACCOUNT_ID), any(Runnable.class));
UmsUsersState umsUsersState1 = mock(UmsUsersState.class);
when(umsUsersStateProviderDispatcher.getEnvToUmsUsersStateMap(eq(ACCOUNT_ID), eq(Set.of(ENV_CRN)), eq(Set.of()), eq(Set.of()), any())).thenReturn(Map.of(ENV_CRN, umsUsersState1));
Future<?> future = mock(Future.class);
when(asyncTaskExecutor.submit(any(Callable.class))).thenAnswer(inv -> {
when(future.get(0L, TimeUnit.MILLISECONDS)).thenThrow(new TimeoutException("timeout"));
return future;
});
when(umsEventGenerationIdsProvider.getEventGenerationIds(eq(ACCOUNT_ID), any(Optional.class))).thenReturn(new UmsEventGenerationIds());
when(entitlementService.isUserSyncThreadTimeoutEnabled(ACCOUNT_ID)).thenReturn(Boolean.TRUE);
underTest.synchronizeUsers(OPERATION_ID, ACCOUNT_ID, List.of(stack1), userSyncFilter, options, System.currentTimeMillis());
verifyNoInteractions(userSyncStatusService);
ArgumentCaptor<Collection> successCaptor = ArgumentCaptor.forClass(Collection.class);
ArgumentCaptor<Collection> failureCaptor = ArgumentCaptor.forClass(Collection.class);
verify(operationService).completeOperation(eq(ACCOUNT_ID), eq(OPERATION_ID), successCaptor.capture(), failureCaptor.capture());
assertTrue(successCaptor.getValue().isEmpty());
verify(future).cancel(true);
List<FailureDetails> failures = (List<FailureDetails>) failureCaptor.getValue();
assertThat(failures, allOf(hasItem(allOf(hasProperty("environment", is(ENV_CRN)), hasProperty("message", is("Timed out")), hasProperty("additionalDetails", anEmptyMap())))));
}
Aggregations