Example 21 with Principal
use of com.yahoo.athenz.auth.Principal in project athenz by yahoo.
the class ZTSClientTest method testGetRoleTokenWithSiaProvider.
@Test
public void testGetRoleTokenWithSiaProvider() {
Principal principal = SimplePrincipal.create("user_domain", "user", "auth_creds", PRINCIPAL_AUTHORITY);
ZTSRDLClientMock ztsClientMock = new ZTSRDLClientMock();
ztsClientMock.setRoleName("role1");
ZTSClient client = new ZTSClient("http://localhost:4080", principal);
client.setZTSRDLGeneratedClient(ztsClientMock);
RoleToken roleToken = client.getRoleToken("coretech");
assertNotNull(roleToken);
com.yahoo.athenz.auth.token.RoleToken token = new com.yahoo.athenz.auth.token.RoleToken(roleToken.getToken());
assertEquals(token.getDomain(), "coretech");
assertEquals(1, token.getRoles().size());
assertTrue(token.getRoles().contains("role1"));
// now we're going to get a token again and this time we should get back
// from our cache thus the same exact one but we're going to use
// the sia provider instead of principal given
SimpleServiceIdentityProvider siaProvider = Mockito.mock(SimpleServiceIdentityProvider.class);
Mockito.when(siaProvider.getIdentity("user_domain", "user")).thenReturn(principal);
ZTSClient client2 = new ZTSClient("http://localhost:4080", "user_domain", "user", siaProvider);
client2.setZTSRDLGeneratedClient(ztsClientMock);
RoleToken roleToken2 = client2.getRoleToken("coretech");
assertTrue(roleToken2.getToken().equals(roleToken.getToken()));
// now we're going to use the full API to request the token with ignoring from the cache
// and we should get back a new token
roleToken2 = client2.getRoleToken("coretech", null, null, null, true, null);
assertFalse(roleToken2.getToken().equals(roleToken.getToken()));
// close our clients
client.close();
client2.close();
}
Also used :
SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)
Principal(com.yahoo.athenz.auth.Principal)
SimpleServiceIdentityProvider(com.yahoo.athenz.auth.impl.SimpleServiceIdentityProvider)
Test(org.testng.annotations.Test)
Example 22 with Principal
use of com.yahoo.athenz.auth.Principal in project athenz by yahoo.
the class ZTSClientTest method testPrefetchRoleTokenShouldNotCallServer.
@Test
public void testPrefetchRoleTokenShouldNotCallServer() throws Exception {
ZTSRDLClientMock ztsClientMock = new ZTSRDLClientMock();
ztsClientMock.setRoleName("role1");
long intervalSecs = Integer.parseInt(System.getProperty(ZTSClient.ZTS_CLIENT_PROP_PREFETCH_SLEEP_INTERVAL, "5"));
ztsClientMock.setTestSleepInterval(intervalSecs);
final Principal principal = SimplePrincipal.create("user_domain", "user", "auth_creds", PRINCIPAL_AUTHORITY);
ServiceIdentityProvider siaProvider = Mockito.mock(ServiceIdentityProvider.class);
Mockito.when(siaProvider.getIdentity(Mockito.<String>any(), Mockito.<String>any())).thenReturn(principal);
ZTSClient client = new ZTSClient("http://localhost:4080/", "user_domain", "user", siaProvider);
client.setZTSRDLGeneratedClient(ztsClientMock);
String domain1 = "coretech";
String domain2 = "providerdomain";
// initially, roleToken was never fetched.
assertTrue(ztsClientMock.getLastRoleTokenFetchedTime(domain1, null, null) < 0);
// initialize the prefetch token process.
client.prefetchRoleToken(domain1, null, null, null, null);
int scheduledItemsSize = client.getScheduledItemsSize();
// make sure only unique items are in the queue
client.prefetchRoleToken(domain1, null, null, null, null);
int scheduledItemsSize2 = client.getScheduledItemsSize();
assertEquals(scheduledItemsSize, scheduledItemsSize2);
RoleToken roleToken1 = client.getRoleToken(domain1);
assertTrue(roleToken1 != null);
long rt1Expiry = roleToken1.getExpiryTime();
client.prefetchRoleToken(domain2, null, null, null, null);
assertEquals(client.getScheduledItemsSize(), scheduledItemsSize + 1);
RoleToken roleToken2 = client.getRoleToken(domain2);
assertTrue(roleToken2 != null);
long rt2Expiry = roleToken2.getExpiryTime();
System.out.println("testPrefetchRoleTokenShouldNotCallServer: roleToken2:domain=" + domain2 + " expires at " + rt2Expiry + " curtime_secs=" + (System.currentTimeMillis() / 1000));
System.out.println("testPrefetchRoleTokenShouldNotCallServer: sleep Secs=" + (2 * intervalSecs) + "+0.1");
Thread.sleep((2 * intervalSecs * 1000) + 100);
System.out.println("testPrefetchRoleTokenShouldNotCallServer: nap over so what happened");
assertEquals(client.getScheduledItemsSize(), scheduledItemsSize + 1);
long lastTimerTriggered1 = ZTSClient.FETCHER_LAST_RUN_AT.get();
long lastTokenFetchedTime1 = ztsClientMock.getLastRoleTokenFetchedTime(domain1, null, null);
assertTrue(lastTokenFetchedTime1 > 0);
roleToken2 = client.getRoleToken(domain2);
long rt2Expiry2 = roleToken2.getExpiryTime();
System.out.println("testPrefetchRoleTokenShouldNotCallServer: roleToken2:domain=" + domain2 + " expires at " + rt2Expiry2 + " curtime_secs=" + (System.currentTimeMillis() / 1000));
// this token was refreshed
assertTrue(rt2Expiry2 > rt2Expiry);
// wait a few seconds, and see subsequent fetch happened.
System.out.println("testPrefetchRoleTokenShouldNotCallServer: again sleep Secs=" + (2 * intervalSecs) + "+0.1");
Thread.sleep((2 * intervalSecs * 1000) + 100);
System.out.println("testPrefetchRoleTokenShouldNotCallServer: again nap over so what happened");
RoleToken roleToken3 = client.getRoleToken(domain2);
long rt2Expiry3 = roleToken3.getExpiryTime();
System.out.println("testPrefetchRoleTokenShouldNotCallServer: roleToken3:domain=" + domain2 + " expires at " + rt2Expiry3);
// this token was refreshed
assertTrue(rt2Expiry3 > rt2Expiry2);
long lastTokenFetchedTime2 = ztsClientMock.getLastRoleTokenFetchedTime(domain1, null, null);
long lastTokenFetchedTime3 = ztsClientMock.getLastRoleTokenFetchedTime(domain1, null, null);
long lastTimerTriggered2 = ZTSClient.FETCHER_LAST_RUN_AT.get();
// Since token should be good for 2 hrs, lastTokenFetchedTime1 & 2 & 3 all should be the same
// because token is not expired yet.
assertEquals(lastTokenFetchedTime1, lastTokenFetchedTime2);
assertEquals(lastTokenFetchedTime3, lastTokenFetchedTime2);
// token should be identical since didnt get refreshed
RoleToken roleToken1b = client.getRoleToken(domain1);
long rt1bExpiry = roleToken1b.getExpiryTime();
assertEquals(rt1Expiry, rt1bExpiry);
assertEquals(roleToken1.getToken(), roleToken1b.getToken());
// But, make sure the Timer actually triggered.
assertTrue(lastTimerTriggered1 > 0);
assertTrue(lastTimerTriggered2 > 0);
assertNotEquals(lastTimerTriggered1, lastTimerTriggered2);
assertTrue(lastTimerTriggered2 > lastTimerTriggered1);
client.removePrefetcher();
client.close();
}
Also used :
SimpleServiceIdentityProvider(com.yahoo.athenz.auth.impl.SimpleServiceIdentityProvider)
ServiceIdentityProvider(com.yahoo.athenz.auth.ServiceIdentityProvider)
SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)
Principal(com.yahoo.athenz.auth.Principal)
Test(org.testng.annotations.Test)
Example 23 with Principal
use of com.yahoo.athenz.auth.Principal in project athenz by yahoo.
the class ZTSClientTest method testPostDomainMetricsBadRequest.
@Test
public void testPostDomainMetricsBadRequest() {
Principal principal = SimplePrincipal.create("user_domain", "user", "auth_creds", PRINCIPAL_AUTHORITY);
ZTSRDLClientMock ztsClientMock = new ZTSRDLClientMock();
ZTSClient client = new ZTSClient("http://localhost:4080", principal);
client.setZTSRDLGeneratedClient(ztsClientMock);
List<DomainMetric> metricList = new ArrayList<>();
metricList.add(new DomainMetric().setMetricType(DomainMetricType.ACCESS_ALLOWED_DENY_NO_MATCH).setMetricVal(99));
DomainMetrics req = new DomainMetrics().setDomainName("coretech").setMetricList(metricList);
try {
client.postDomainMetrics("exc", req);
fail();
} catch (ZTSClientException ex) {
assertEquals(ex.getCode(), 400);
}
client.close();
}
Also used :
ArrayList(java.util.ArrayList)
SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)
Principal(com.yahoo.athenz.auth.Principal)
Test(org.testng.annotations.Test)
Example 24 with Principal
use of com.yahoo.athenz.auth.Principal in project athenz by yahoo.
the class ZTSClientTest method testGetRoleToken.
@Test
public void testGetRoleToken() {
Principal principal = SimplePrincipal.create("user_domain", "user", "auth_creds", PRINCIPAL_AUTHORITY);
ZTSRDLClientMock ztsClientMock = new ZTSRDLClientMock();
ztsClientMock.setRoleName("role1");
ZTSClient client = new ZTSClient("http://localhost:4080", principal);
client.setZTSRDLGeneratedClient(ztsClientMock);
RoleToken roleToken = client.getRoleToken("coretech");
assertNotNull(roleToken);
com.yahoo.athenz.auth.token.RoleToken token = new com.yahoo.athenz.auth.token.RoleToken(roleToken.getToken());
assertEquals(token.getDomain(), "coretech");
assertEquals(1, token.getRoles().size());
assertTrue(token.getRoles().contains("role1"));
// now we're going to get a token again and this time we should get back
// from our cache thus the same exact one
RoleToken roleToken2 = client.getRoleToken("coretech");
assertTrue(roleToken2.getToken().equals(roleToken.getToken()));
// now we're going to use the full API to request the token with ignoring from the cache
// and we should get back a new token
roleToken2 = client.getRoleToken("coretech", null, null, null, true, null);
assertFalse(roleToken2.getToken().equals(roleToken.getToken()));
client.close();
}
Also used :
SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)
Principal(com.yahoo.athenz.auth.Principal)
Test(org.testng.annotations.Test)
Example 25 with Principal
use of com.yahoo.athenz.auth.Principal in project athenz by yahoo.
the class ZTSClientTest method testIsExpiredTokenAtLeastBothLimitsNullSmallerThanMin.
@Test
public void testIsExpiredTokenAtLeastBothLimitsNullSmallerThanMin() {
System.setProperty(ZTSClient.ZTS_CLIENT_PROP_TOKEN_MIN_EXPIRY_TIME, "600");
ZTSClient.initConfigValues();
Principal principal = SimplePrincipal.create("user_domain", "user", "v=S1;d=user_domain;n=user;s=sig", PRINCIPAL_AUTHORITY);
ZTSClient client = new ZTSClient("http://localhost:4080/", principal);
assertTrue(client.isExpiredToken(500, null, null));
client.close();
}
Also used :
SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)
Principal(com.yahoo.athenz.auth.Principal)
Test(org.testng.annotations.Test)
Aggregations
Principal (com.yahoo.athenz.auth.Principal)258
SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)218
Test (org.testng.annotations.Test)168
Authority (com.yahoo.athenz.auth.Authority)66
PrincipalAuthority (com.yahoo.athenz.auth.impl.PrincipalAuthority)52
ArrayList (java.util.ArrayList)35
SignedDomain (com.yahoo.athenz.zms.SignedDomain)33
BeforeTest (org.testng.annotations.BeforeTest)17
AthenzDomain (com.yahoo.athenz.zms.store.AthenzDomain)14
SimpleServiceIdentityProvider (com.yahoo.athenz.auth.impl.SimpleServiceIdentityProvider)13
AuditLogMsgBuilder (com.yahoo.athenz.common.server.log.AuditLogMsgBuilder)13
IOException (java.io.IOException)13
PrincipalToken (com.yahoo.athenz.auth.token.PrincipalToken)12
HttpServletRequest (javax.servlet.http.HttpServletRequest)12
KeyStore (com.yahoo.athenz.auth.KeyStore)11
UnsupportedEncodingException (java.io.UnsupportedEncodingException)10
WebApplicationException (javax.ws.rs.WebApplicationException)10
X509Certificate (java.security.cert.X509Certificate)9
ServiceIdentityProvider (com.yahoo.athenz.auth.ServiceIdentityProvider)8
CertificateAuthority (com.yahoo.athenz.auth.impl.CertificateAuthority)8
