Examples with Authority com.yahoo.athenz.auth.Authority used on opensource projects

Search in sources :

Example 56 with Authority

use of com.yahoo.athenz.auth.Authority in project athenz by yahoo.

the class ZMSImplTest method testProviderResourceGroupRolesWithAuthorizedServiceNoAccess.

@Test
public void testProviderResourceGroupRolesWithAuthorizedServiceNoAccess() {
    TestAuditLogger alogger = new TestAuditLogger();
    String storeFile = ZMS_DATA_STORE_FILE + "_putprovrsrcdomnoaccess";
    ZMSImpl zmsImpl = getZmsImpl(storeFile, alogger);
    String tenantDomain = "provrscgrprolesauthorizedservicenoaccess";
    String providerService = "index";
    String providerDomain = "coretech";
    String resourceGroup = "hockey";
    setupTenantDomainProviderService(zmsImpl, tenantDomain, providerDomain, providerService, "http://localhost:8090/tableprovider");
    // tenant is setup so let's setup up policy to authorize access to tenants
    // without this role/policy we won't be authorized to add tenant roles
    // to the provider domain even with authorized service details
    Role role = createRoleObject(providerDomain, "self_serve", null, providerDomain + "." + providerService, null);
    zmsImpl.putRole(mockDomRsrcCtx, providerDomain, "self_serve", auditRef, role);
    Policy policy = createPolicyObject(providerDomain, "self_serve", "self_serve", "update", providerDomain + ":tenant.*", AssertionEffect.ALLOW);
    zmsImpl.putPolicy(mockDomRsrcCtx, providerDomain, "self_serve", auditRef, policy);
    // now we're going to setup our provider role call
    List<TenantRoleAction> roleActions = new ArrayList<TenantRoleAction>();
    for (Struct.Field f : RESOURCE_PROVIDER_ROLE_ACTIONS) {
        roleActions.add(new TenantRoleAction().setRole(f.name()).setAction((String) f.value()));
    }
    ProviderResourceGroupRoles providerRoles = new ProviderResourceGroupRoles().setDomain(providerDomain).setService(providerService).setTenant(tenantDomain).setRoles(roleActions).setResourceGroup(resourceGroup);
    // we are going to create a principal object with authorized service
    // set to coretech.index
    String userId = "user1";
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    String unsignedCreds = "v=U1;d=user;n=" + userId;
    Principal principal = SimplePrincipal.create("user", userId, unsignedCreds + ";s=signature", 0, principalAuthority);
    ((SimplePrincipal) principal).setUnsignedCreds(unsignedCreds);
    ((SimplePrincipal) principal).setUnsignedCreds(unsignedCreds);
    ((SimplePrincipal) principal).setAuthorizedService("coretech.index");
    ResourceContext ctx = createResourceContext(principal);
    try {
        zmsImpl.putProviderResourceGroupRoles(ctx, tenantDomain, providerDomain, providerService, resourceGroup, auditRef, providerRoles);
        fail();
    } catch (ResourceException ex) {
        assertEquals(403, ex.getCode());
    }
    // clean up our domains
    zmsImpl.deleteTopLevelDomain(mockDomRsrcCtx, tenantDomain, auditRef);
    zmsImpl.deleteTopLevelDomain(mockDomRsrcCtx, providerDomain, auditRef);
    FileConnection.deleteDirectory(new File("/tmp/zms_core_unit_tests/" + storeFile));
}
Also used : Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) ArrayList(java.util.ArrayList) Struct(com.yahoo.rdl.Struct) File(java.io.File) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)

Example 57 with Authority

use of com.yahoo.athenz.auth.Authority in project athenz by yahoo.

the class ZMSImplTest method testDeleteProviderResourceGroupRolesNull.

@Test
public void testDeleteProviderResourceGroupRolesNull() {
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    Principal principal1 = principalAuthority.authenticate("v=U1;d=user;n=user1;s=signature", "10.11.12.13", "GET", null);
    ResourceContext rsrcCtx1 = createResourceContext(principal1);
    try {
        zms.deleteProviderResourceGroupRoles(rsrcCtx1, null, null, null, null, null);
    } catch (Exception ex) {
        assertTrue(true);
    }
}
Also used : Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) WebApplicationException(javax.ws.rs.WebApplicationException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) IOException(java.io.IOException)

Example 58 with Authority

use of com.yahoo.athenz.auth.Authority in project athenz by yahoo.

the class ZMSImplTest method testDeleteDomainTemplateNull.

@Test
public void testDeleteDomainTemplateNull() {
    Authority userAuthority = new com.yahoo.athenz.common.server.debug.DebugUserAuthority();
    String userId = "user1";
    Principal principal = SimplePrincipal.create("user", userId, userId + ":password", 0, userAuthority);
    ((SimplePrincipal) principal).setUnsignedCreds(userId);
    ResourceContext rsrcCtx1 = createResourceContext(principal);
    try {
        zms.deleteDomainTemplate(rsrcCtx1, "dom1", null, "zms");
        fail();
    } catch (ResourceException ex) {
        assertTrue(true);
    }
}
Also used : Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)

Example 59 with Authority

use of com.yahoo.athenz.auth.Authority in project athenz by yahoo.

the class ZMSImplTest method testGetAccessCrossDomain.

@Test
public void testGetAccessCrossDomain() {
    setupTenantDomainProviderService("CrossDomainAccessDom1", "coretech", "storage", "http://localhost:8090/provider");
    Tenancy tenant = createTenantObject("CrossDomainAccessDom1", "coretech.storage");
    ProviderMockClient.setReturnTenantRoles(true);
    zms.putTenancy(mockDomRsrcCtx, "CrossDomainAccessDom1", "coretech.storage", auditRef, tenant);
    List<TenantRoleAction> roleActions = new ArrayList<TenantRoleAction>();
    for (Struct.Field f : TABLE_PROVIDER_ROLE_ACTIONS) {
        roleActions.add(new TenantRoleAction().setRole(f.name()).setAction((String) f.value()));
    }
    TenantRoles tenantRoles = new TenantRoles().setDomain("coretech").setService("storage").setTenant("CrossDomainAccessDom1").setRoles(roleActions);
    zms.putTenantRoles(mockDomRsrcCtx, "coretech", "storage", "CrossDomainAccessDom1", auditRef, tenantRoles);
    Tenancy tenant1 = zms.getTenancy(mockDomRsrcCtx, "CrossDomainAccessDom1", "coretech.storage");
    assertNotNull(tenant1);
    // reset roles in the CrossDomainAccessDom1 domain with unique values
    Role role = createRoleObject("CrossDomainAccessDom1", "reader", null, "user.joe", "user.jane");
    zms.putRole(mockDomRsrcCtx, "CrossDomainAccessDom1", "reader", auditRef, role);
    role = createRoleObject("CrossDomainAccessDom1", "writer", null, "user.john", "user.jane");
    zms.putRole(mockDomRsrcCtx, "CrossDomainAccessDom1", "writer", auditRef, role);
    Policy policy = createPolicyObject("CrossDomainAccessDom1", "tenancy.coretech.storage.writer", "writer", "ASSUME_ROLE", "coretech:role.storage.tenant.CrossDomainAccessDom1.writer", AssertionEffect.ALLOW);
    zms.putPolicy(mockDomRsrcCtx, "CrossDomainAccessDom1", "tenancy.coretech.storage.writer", auditRef, policy);
    policy = createPolicyObject("CrossDomainAccessDom1", "tenancy.coretech.storage.reader", "reader", "ASSUME_ROLE", "coretech:role.storage.tenant.CrossDomainAccessDom1.reader", AssertionEffect.ALLOW);
    zms.putPolicy(mockDomRsrcCtx, "CrossDomainAccessDom1", "tenancy.coretech.storage.reader", auditRef, policy);
    // verify the ASSUME_ROLE check - with trust domain specified it should work and
    // without trust domain it will not work since the resource is pointing to the
    // provider's domain and not to the tenant's domain
    Access access = zms.getAccess(mockDomRsrcCtx, "ASSUME_ROLE", "coretech:role.storage.tenant.CrossDomainAccessDom1.reader", null, "user.jane");
    assertFalse(access.getGranted());
    access = zms.getAccess(mockDomRsrcCtx, "ASSUME_ROLE", "coretech:role.storage.tenant.CrossDomainAccessDom1.reader", "CrossDomainAccessDom1", "user.jane");
    assertTrue(access.getGranted());
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    Principal pJane = principalAuthority.authenticate("v=U1;d=user;n=jane;s=signature", "10.11.12.13", "GET", null);
    ResourceContext rsrcCtxJane = createResourceContext(pJane);
    Principal pJohn = principalAuthority.authenticate("v=U1;d=user;n=john;s=signature", "10.11.12.13", "GET", null);
    ResourceContext rsrcCtxJohn = createResourceContext(pJohn);
    Principal pJoe = principalAuthority.authenticate("v=U1;d=user;n=joe;s=signature", "10.11.12.13", "GET", null);
    ResourceContext rsrcCtxJoe = createResourceContext(pJoe);
    access = zms.getAccess(rsrcCtxJoe, "READ", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", "CrossDomainAccessDom1", null);
    assertTrue(access.getGranted());
    access = zms.getAccess(rsrcCtxJane, "READ", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", "CrossDomainAccessDom1", null);
    assertTrue(access.getGranted());
    access = zms.getAccess(rsrcCtxJohn, "READ", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", "CrossDomainAccessDom1", null);
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtxJoe, "WRITE", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", "CrossDomainAccessDom1", null);
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtxJane, "WRITE", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", "CrossDomainAccessDom1", null);
    assertTrue(access.getGranted());
    access = zms.getAccess(rsrcCtxJohn, "WRITE", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", "CrossDomainAccessDom1", null);
    assertTrue(access.getGranted());
    // unknown action should always fail
    access = zms.getAccess(rsrcCtxJoe, "UPDATE", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", "CrossDomainAccessDom1", null);
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtxJane, "UPDATE", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", "CrossDomainAccessDom1", null);
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtxJohn, "UPDATE", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", "CrossDomainAccessDom1", null);
    assertFalse(access.getGranted());
    // same set as above without trust domain field
    access = zms.getAccess(rsrcCtxJoe, "READ", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", null, null);
    assertTrue(access.getGranted());
    access = zms.getAccess(rsrcCtxJane, "READ", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", null, null);
    assertTrue(access.getGranted());
    access = zms.getAccess(rsrcCtxJohn, "READ", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", null, null);
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtxJoe, "WRITE", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", null, null);
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtxJane, "WRITE", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", null, null);
    assertTrue(access.getGranted());
    access = zms.getAccess(rsrcCtxJohn, "WRITE", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", null, null);
    assertTrue(access.getGranted());
    // failure with different domain name
    access = zms.getAccess(rsrcCtxJoe, "READ", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", "CrossDomainAccessDom2", null);
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtxJane, "READ", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", "CrossDomainAccessDom2", null);
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtxJohn, "READ", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", "CrossDomainAccessDom2", null);
    assertFalse(access.getGranted());
    zms.deleteTenancy(mockDomRsrcCtx, "CrossDomainAccessDom1", "coretech.storage", auditRef);
    zms.deleteTopLevelDomain(mockDomRsrcCtx, "CrossDomainAccessDom1", auditRef);
    zms.deleteTopLevelDomain(mockDomRsrcCtx, "coretech", auditRef);
}
Also used : Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) ArrayList(java.util.ArrayList) Struct(com.yahoo.rdl.Struct) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal)

Example 60 with Authority

use of com.yahoo.athenz.auth.Authority in project athenz by yahoo.

the class ZMSImplTest method testRetrieveAccessDomainValid.

@Test
public void testRetrieveAccessDomainValid() {
    TopLevelDomain dom1 = createTopLevelDomainObject("AccessDomain", "Test Domain1", "testOrg", adminUser);
    zms.postTopLevelDomain(mockDomRsrcCtx, auditRef, dom1);
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    Principal pJane = principalAuthority.authenticate("v=U1;d=user;n=jane;s=signature", "10.11.12.13", "GET", null);
    AthenzDomain athenzDomain = zms.retrieveAccessDomain("accessdomain", pJane);
    assertNotNull(athenzDomain);
    zms.deleteTopLevelDomain(mockDomRsrcCtx, "AccessDomain", auditRef);
}
Also used : AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain) Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal)

Aggregations

Authority (com.yahoo.athenz.auth.Authority)78 Principal (com.yahoo.athenz.auth.Principal)66 SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)61 PrincipalAuthority (com.yahoo.athenz.auth.impl.PrincipalAuthority)49 Test (org.testng.annotations.Test)18 IOException (java.io.IOException)9 UnsupportedEncodingException (java.io.UnsupportedEncodingException)9 WebApplicationException (javax.ws.rs.WebApplicationException)9 CertificateAuthority (com.yahoo.athenz.auth.impl.CertificateAuthority)7 AthenzDomain (com.yahoo.athenz.zms.store.AthenzDomain)7 ArrayList (java.util.ArrayList)5 UserAuthority (com.yahoo.athenz.auth.impl.UserAuthority)4 AuthorityList (com.yahoo.athenz.common.server.rest.Http.AuthorityList)4 File (java.io.File)4 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 AuditLogMsgBuilder (com.yahoo.athenz.common.server.log.AuditLogMsgBuilder)3 Struct (com.yahoo.rdl.Struct)3 X509Certificate (java.security.cert.X509Certificate)3 Authorizer (com.yahoo.athenz.auth.Authorizer)2 PrincipalToken (com.yahoo.athenz.auth.token.PrincipalToken)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial