Example 81 with Authority
use of com.yahoo.athenz.auth.Authority in project athenz by yahoo.
the class DBServiceTest method testUpdateDomainMembersUserAuthorityFilterFailure.
@Test
public void testUpdateDomainMembersUserAuthorityFilterFailure() {
final String domainName = "domain-meta-user-authority-filter";
Domain domain = new Domain().setName(domainName).setUserAuthorityFilter("contractor").setModified(Timestamp.fromCurrentTime());
Domain updateDomain = new Domain().setName(domainName).setUserAuthorityFilter("employee");
ObjectStoreConnection mockConn = Mockito.mock(ObjectStoreConnection.class);
// we're going to make sure to throw an exception here
// since this should never be called
Mockito.when(mockConn.getAthenzDomain(domainName)).thenThrow(new ResourceException(400));
Authority savedAuthority = zms.dbService.zmsConfig.getUserAuthority();
Authority authority = Mockito.mock(Authority.class);
zms.dbService.zmsConfig.setUserAuthority(authority);
zms.dbService.updateDomainMembersUserAuthorityFilter(mockDomRsrcCtx, mockConn, domain, updateDomain, auditRef, "testUpdateDomainMembersUserAuthorityFilterFailure");
zms.dbService.zmsConfig.setUserAuthority(savedAuthority);
}
Also used :
Authority(com.yahoo.athenz.auth.Authority)
ObjectStoreConnection(com.yahoo.athenz.zms.store.ObjectStoreConnection)
AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)
Test(org.testng.annotations.Test)
Example 82 with Authority
use of com.yahoo.athenz.auth.Authority in project athenz by yahoo.
the class DBServiceTest method testUpdateUserAuthorityFilter.
@Test
public void testUpdateUserAuthorityFilter() {
Authority savedAuthority = zms.dbService.zmsConfig.getUserAuthority();
Authority authority = Mockito.mock(Authority.class);
Mockito.when(authority.isAttributeSet("user.john", "employee")).thenReturn(true);
Mockito.when(authority.isAttributeSet("user.jane", "employee")).thenReturn(false);
Mockito.when(authority.isAttributeSet("user.joe", "employee")).thenReturn(true);
zms.dbService.zmsConfig.setUserAuthority(authority);
RoleMember roleMemberJohn = new RoleMember().setMemberName("user.john").setSystemDisabled(null);
assertFalse(zms.dbService.updateUserAuthorityFilter(roleMemberJohn, "employee"));
roleMemberJohn.setSystemDisabled(0);
assertFalse(zms.dbService.updateUserAuthorityFilter(roleMemberJohn, "employee"));
roleMemberJohn.setSystemDisabled(1);
assertTrue(zms.dbService.updateUserAuthorityFilter(roleMemberJohn, "employee"));
assertEquals(roleMemberJohn.getSystemDisabled(), Integer.valueOf(0));
RoleMember roleMemberJane = new RoleMember().setMemberName("user.jane").setSystemDisabled(null);
assertTrue(zms.dbService.updateUserAuthorityFilter(roleMemberJane, "employee"));
assertEquals(roleMemberJane.getSystemDisabled(), Integer.valueOf(1));
assertFalse(zms.dbService.updateUserAuthorityFilter(roleMemberJane, "employee"));
assertEquals(roleMemberJane.getSystemDisabled(), Integer.valueOf(1));
// reset authority to its original value
zms.dbService.zmsConfig.setUserAuthority(savedAuthority);
}Example 83 with Authority
use of com.yahoo.athenz.auth.Authority in project athenz by yahoo.
the class AuthzHelperTest method testCheckKerberosAuthorityAuthorization.
@Test
public void testCheckKerberosAuthorityAuthorization() {
Authority authority = new com.yahoo.athenz.auth.impl.KerberosAuthority();
Principal principal = SimplePrincipal.create("krb", "user1", "v=U1;d=user;n=user1;s=signature", 0, authority);
assertNotNull(principal);
assertTrue(AuthzHelper.authorityAuthorizationAllowed(principal));
}
Also used :
Authority(com.yahoo.athenz.auth.Authority)
SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)
Principal(com.yahoo.athenz.auth.Principal)
Test(org.testng.annotations.Test)
Example 84 with Authority
use of com.yahoo.athenz.auth.Authority in project athenz by yahoo.
the class ZMSClientTest method testUpdatePrincipal.
@Test
public void testUpdatePrincipal() {
String zmsUrl = getZMSUrl();
ZMSClient client = new ZMSClient(zmsUrl);
ZMSRDLGeneratedClient c = Mockito.mock(ZMSRDLGeneratedClient.class);
Domain domain = new Domain().setName("domain");
Mockito.when(c.getDomain("domain")).thenReturn(domain);
UserToken userToken = new UserToken().setHeader("Header").setToken("Token");
Mockito.when(c.getUserToken("joe", null, true)).thenReturn(userToken);
client.setZMSRDLGeneratedClient(c);
assertNotNull(client);
// add credentials
Authority authority = new com.yahoo.athenz.auth.impl.UserAuthority();
Principal p = SimplePrincipal.create("user", "joe", "v=U1;d=user;n=joe;s=signature", 0, authority);
client.addCredentials(p);
assertNotNull(client.getDomain("domain"));
assertNotNull(client.getDomain("domain"));
}
Also used :
Authority(com.yahoo.athenz.auth.Authority)
PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)
Principal(com.yahoo.athenz.auth.Principal)
Test(org.testng.annotations.Test)
Example 85 with Authority
use of com.yahoo.athenz.auth.Authority in project athenz by yahoo.
the class NotificationToEmailConverterCommonTest method testGetFullyQualifiedEmailAddressesUserAuthority.
@Test
public void testGetFullyQualifiedEmailAddressesUserAuthority() {
System.clearProperty("athenz.user_domain");
System.setProperty("athenz.user_domain", "entuser");
System.setProperty("athenz.notification_email_domain_from", "from.example.com");
System.setProperty("athenz.notification_email_domain_to", "example.com");
Set<String> recipients = new HashSet<>(Arrays.asList("entuser.user1", "entuser.user2", "entuser.user3", "unknown.user"));
Authority notificationAuthorityForTest = new NotificationAuthorityForTest();
NotificationToEmailConverterCommon notificationToEmailConverterCommon = new NotificationToEmailConverterCommon(notificationAuthorityForTest);
Set<String> recipientsResp = notificationToEmailConverterCommon.getFullyQualifiedEmailAddresses(recipients);
assertNotNull(recipientsResp);
assertEquals(recipientsResp.size(), 4);
assertTrue(recipientsResp.contains("entuser.user1@mail.from.authority.com"));
assertTrue(recipientsResp.contains("entuser.user2@mail.from.authority.com"));
assertTrue(recipientsResp.contains("entuser.user3@mail.from.authority.com"));
assertTrue(recipientsResp.contains("unknown.user@example.com"));
System.clearProperty("athenz.notification_email_domain_from");
System.clearProperty("athenz.notification_email_domain_to");
System.clearProperty("athenz.user_domain");
}
Also used :
Authority(com.yahoo.athenz.auth.Authority)
DebugUserAuthority(com.yahoo.athenz.common.server.debug.DebugUserAuthority)
NotificationAuthorityForTest(com.yahoo.athenz.common.server.notification.impl.NotificationAuthorityForTest)
HashSet(java.util.HashSet)
Test(org.testng.annotations.Test)
NotificationAuthorityForTest(com.yahoo.athenz.common.server.notification.impl.NotificationAuthorityForTest)
Aggregations
Authority (com.yahoo.athenz.auth.Authority)193
Principal (com.yahoo.athenz.auth.Principal)124
Test (org.testng.annotations.Test)72
PrincipalAuthority (com.yahoo.athenz.auth.impl.PrincipalAuthority)32
SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)30
HttpServletRequest (javax.servlet.http.HttpServletRequest)24
AthenzDomain (com.yahoo.athenz.zms.store.AthenzDomain)21
HttpServletResponse (javax.servlet.http.HttpServletResponse)20
ObjectStoreConnection (com.yahoo.athenz.zms.store.ObjectStoreConnection)19
Authorizer (com.yahoo.athenz.auth.Authorizer)15
AuthorityList (com.yahoo.athenz.common.server.rest.Http.AuthorityList)13
ObjectStore (com.yahoo.athenz.zms.store.ObjectStore)11
ServerPrivateKey (com.yahoo.athenz.auth.ServerPrivateKey)9
Timestamp (com.yahoo.rdl.Timestamp)9
Metric (com.yahoo.athenz.common.metrics.Metric)8
IOException (java.io.IOException)8
Response (javax.ws.rs.core.Response)6
Struct (com.yahoo.rdl.Struct)5
UnsupportedEncodingException (java.io.UnsupportedEncodingException)5
WebApplicationException (javax.ws.rs.WebApplicationException)5
