Example 46 with Principal
use of com.yahoo.athenz.auth.Principal in project athenz by yahoo.
the class ZTSClientTest method testGetAWSTemporaryCredentials.
@Test
public void testGetAWSTemporaryCredentials() {
Timestamp currentTime = Timestamp.fromCurrentTime();
ZTSRDLClientMock ztsClientMock = new ZTSRDLClientMock();
ztsClientMock.setAwsCreds(currentTime, "coretech", "role", "sessionToken", "secretAccessKey", "accessKeyId");
Principal principal = SimplePrincipal.create("user_domain", "user", "v=S1;d=user_domain;n=user;s=sig", PRINCIPAL_AUTHORITY);
ZTSClient client = new ZTSClient("http://localhost:4080", principal);
client.setZTSRDLGeneratedClient(ztsClientMock);
AWSTemporaryCredentials awsCreds = client.getAWSTemporaryCredentials("coretech", "role");
assertNotNull(awsCreds);
assertEquals("accessKeyId", awsCreds.getAccessKeyId());
assertEquals("secretAccessKey", awsCreds.getSecretAccessKey());
assertTrue(awsCreds.getSessionToken().startsWith("sessionToken"));
currentTime = awsCreds.getExpiration();
AWSTemporaryCredentials awsCreds2 = client.getAWSTemporaryCredentials("coretech", "role");
assertNotNull(awsCreds2);
assertEquals("accessKeyId", awsCreds2.getAccessKeyId());
assertEquals("secretAccessKey", awsCreds2.getSecretAccessKey());
assertTrue(awsCreds2.getSessionToken().startsWith("sessionToken"));
assertEquals(currentTime.millis() / 1000, awsCreds2.getExpiration().millis() / 1000);
// now let's try with invalid domain/role values;
assertNull(client.getAWSTemporaryCredentials("coretech", "role1"));
assertNull(client.getAWSTemporaryCredentials("coretech1", "role"));
client.close();
}
Also used :
Timestamp(com.yahoo.rdl.Timestamp)
SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)
Principal(com.yahoo.athenz.auth.Principal)
Test(org.testng.annotations.Test)
Example 47 with Principal
use of com.yahoo.athenz.auth.Principal in project athenz by yahoo.
the class ZMSUtils method getAuditLogMsgBuilder.
/**
* Setup a new AuditLogMsgBuilder object with common values.
*/
public static AuditLogMsgBuilder getAuditLogMsgBuilder(ResourceContext ctx, AuditLogger auditLogger, String domainName, String auditRef, String caller, String method) {
AuditLogMsgBuilder msgBldr = auditLogger.getMsgBuilder();
// get the where - which means where this server is running
msgBldr.where(ZMSImpl.serverHostName);
msgBldr.whatDomain(domainName).why(auditRef).whatApi(caller).whatMethod(method);
if (ctx != null) {
Principal princ = ((RsrcCtxWrapper) ctx).principal();
if (princ != null) {
String unsignedCreds = princ.getUnsignedCredentials();
if (unsignedCreds == null) {
StringBuilder sb = new StringBuilder();
sb.append("who-name=").append(princ.getName());
sb.append(",who-domain=").append(princ.getDomain());
sb.append(",who-fullname=").append(princ.getFullName());
List<String> roles = princ.getRoles();
if (roles != null && roles.size() > 0) {
sb.append(",who-roles=").append(roles.toString());
}
unsignedCreds = sb.toString();
}
msgBldr.who(unsignedCreds);
}
// get the client IP
msgBldr.clientIp(ServletRequestUtil.getRemoteAddress(ctx.request()));
}
return msgBldr;
}
Also used :
AuditLogMsgBuilder(com.yahoo.athenz.common.server.log.AuditLogMsgBuilder)
RsrcCtxWrapper(com.yahoo.athenz.zms.RsrcCtxWrapper)
Principal(com.yahoo.athenz.auth.Principal)
Example 48 with Principal
use of com.yahoo.athenz.auth.Principal in project athenz by yahoo.
the class ProviderMockClientTest method testPutTenantResourceGroup.
@Test
public void testPutTenantResourceGroup() {
String systemAdminUser = "user.user_admin";
Authority authority = new com.yahoo.athenz.auth.impl.PrincipalAuthority();
Principal p = SimplePrincipal.create("user", systemAdminUser, "v=U1;d=user;n=" + systemAdminUser + ";s=signature", 0, authority);
ProviderMockClient provider = new ProviderMockClient("localhost:3306/athenz", p);
TenantResourceGroup tenant = new TenantResourceGroup();
tenant.setName("name");
assertNull(provider.putTenantResourceGroup("providerService1", "tenantDom1", "zms", "zms", tenant));
}
Also used :
Authority(com.yahoo.athenz.auth.Authority)
Principal(com.yahoo.athenz.auth.Principal)
SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)
Test(org.testng.annotations.Test)
Example 49 with Principal
use of com.yahoo.athenz.auth.Principal in project athenz by yahoo.
the class ZTSImplTest method testGetRoleTokenInvalidDomainAuditLog.
@Test
public void testGetRoleTokenInvalidDomainAuditLog() {
HttpServletRequest servletRequest = Mockito.mock(HttpServletRequest.class);
Mockito.when(servletRequest.getRemoteAddr()).thenReturn("55.88.77.66");
Mockito.when(servletRequest.isSecure()).thenReturn(true);
final java.util.Set<String> aLogMsgs = new java.util.HashSet<String>();
AuditLogger alogger = new AuditLogger() {
public void log(String logMsg, String msgVersionTag) {
aLogMsgs.add(logMsg);
}
public void log(AuditLogMsgBuilder msgBldr) {
String msg = msgBldr.build();
aLogMsgs.add(msg);
}
@Override
public AuditLogMsgBuilder getMsgBuilder() {
return new DefaultAuditLogMsgBuilder();
}
};
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
DataStore store = new DataStore(structStore, null);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
ztsImpl.auditLogger = alogger;
ZTSImpl.serverHostName = "localhost";
SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", true);
store.processDomain(signedDomain, false);
Principal principal = SimplePrincipal.create("user_domain", "user", "v=U1;d=user_domain;n=user;s=signature", 0, null);
ResourceContext context = createResourceContext(principal, servletRequest);
try {
ztsImpl.getRoleToken(context, "invalidDomain", null, Integer.valueOf(600), Integer.valueOf(1200), null);
fail();
} catch (ResourceException ex) {
assertEquals(ex.getCode(), 404);
}
for (String msg : aLogMsgs) {
assertTrue(msg.contains("ERROR=(No Such Domain)"));
assertTrue(msg.contains("CLIENT-IP=(55.88.77.66)"));
assertTrue(msg.contains("WHO=(who-name=user,who-domain=user_domain,who-fullname=user_domain.user)"));
break;
}
}
Also used :
DefaultAuditLogMsgBuilder(com.yahoo.athenz.common.server.log.impl.DefaultAuditLogMsgBuilder)
DefaultAuditLogger(com.yahoo.athenz.common.server.log.impl.DefaultAuditLogger)
AuditLogger(com.yahoo.athenz.common.server.log.AuditLogger)
DefaultAuditLogMsgBuilder(com.yahoo.athenz.common.server.log.impl.DefaultAuditLogMsgBuilder)
AuditLogMsgBuilder(com.yahoo.athenz.common.server.log.AuditLogMsgBuilder)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ChangeLogStore(com.yahoo.athenz.zts.store.ChangeLogStore)
MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)
ZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)
MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)
ZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)
DataStore(com.yahoo.athenz.zts.store.DataStore)
SignedDomain(com.yahoo.athenz.zms.SignedDomain)
SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)
Principal(com.yahoo.athenz.auth.Principal)
HashSet(java.util.HashSet)
Test(org.testng.annotations.Test)
Example 50 with Principal
use of com.yahoo.athenz.auth.Principal in project athenz by yahoo.
the class ZTSImplTest method testGetAWSTemporaryCredentials.
@Test
public void testGetAWSTemporaryCredentials() {
Principal principal = SimplePrincipal.create("user_domain", "user101", "v=U1;d=user_domain;n=user101;s=signature", 0, null);
CloudStore cloudStore = new MockCloudStore();
((MockCloudStore) cloudStore).setMockFields("1234", "aws_role_name", "user_domain.user101");
store.setCloudStore(cloudStore);
zts.cloudStore = cloudStore;
SignedDomain signedDomain = createAwsSignedDomain("athenz.product", "1234");
store.processDomain(signedDomain, false);
AWSTemporaryCredentials creds = zts.getAWSTemporaryCredentials(createResourceContext(principal), "athenz.product", "aws_role_name");
assertNotNull(creds);
try {
((MockCloudStore) cloudStore).setMockFields("1234", "aws_role2_name", "user_domain.user101");
zts.getAWSTemporaryCredentials(createResourceContext(principal), "athenz.product", "aws_role_name");
fail();
} catch (ResourceException ex) {
assertEquals(ex.getCode(), 400);
}
}
Also used :
MockCloudStore(com.yahoo.athenz.zts.store.MockCloudStore)
CloudStore(com.yahoo.athenz.zts.store.CloudStore)
MockCloudStore(com.yahoo.athenz.zts.store.MockCloudStore)
SignedDomain(com.yahoo.athenz.zms.SignedDomain)
SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)
Principal(com.yahoo.athenz.auth.Principal)
Test(org.testng.annotations.Test)
Aggregations
Principal (com.yahoo.athenz.auth.Principal)259
SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)219
Test (org.testng.annotations.Test)168
Authority (com.yahoo.athenz.auth.Authority)66
PrincipalAuthority (com.yahoo.athenz.auth.impl.PrincipalAuthority)52
ArrayList (java.util.ArrayList)35
SignedDomain (com.yahoo.athenz.zms.SignedDomain)33
BeforeTest (org.testng.annotations.BeforeTest)17
AthenzDomain (com.yahoo.athenz.zms.store.AthenzDomain)14
SimpleServiceIdentityProvider (com.yahoo.athenz.auth.impl.SimpleServiceIdentityProvider)13
PrincipalToken (com.yahoo.athenz.auth.token.PrincipalToken)13
AuditLogMsgBuilder (com.yahoo.athenz.common.server.log.AuditLogMsgBuilder)13
IOException (java.io.IOException)13
HttpServletRequest (javax.servlet.http.HttpServletRequest)12
KeyStore (com.yahoo.athenz.auth.KeyStore)11
UnsupportedEncodingException (java.io.UnsupportedEncodingException)10
WebApplicationException (javax.ws.rs.WebApplicationException)10
X509Certificate (java.security.cert.X509Certificate)9
ServiceIdentityProvider (com.yahoo.athenz.auth.ServiceIdentityProvider)8
CertificateAuthority (com.yahoo.athenz.auth.impl.CertificateAuthority)8
