use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class ZMSImplTest method testPutPolicyChanges.
@Test
public void testPutPolicyChanges() {
String domain = "PutPolicyChanges";
String policyName = "Jobs";
TopLevelDomain dom1 = createTopLevelDomainObject(domain, "Test Domain1", "testOrg", adminUser);
zms.postTopLevelDomain(mockDomRsrcCtx, auditRef, dom1);
Policy policy1 = createPolicyObject(domain, policyName);
List<Assertion> origAsserts = policy1.getAssertions();
String userId = "hank";
Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
String unsignedCreds = "v=U1;d=user;n=" + userId;
Principal principal = SimplePrincipal.create("user", userId, unsignedCreds + ";s=signature", 0, principalAuthority);
((SimplePrincipal) principal).setUnsignedCreds(unsignedCreds);
ResourceContext rsrcCtx1 = createResourceContext(principal);
zms.putPolicy(rsrcCtx1, domain, policyName, auditRef, policy1);
Policy policyRes1A = zms.getPolicy(mockDomRsrcCtx, domain, policyName);
List<Assertion> resAsserts = policyRes1A.getAssertions();
// check assertions are the same - should only be 1
assertEquals(origAsserts.size(), resAsserts.size());
// now replace the old assertion with a new ones
//
Assertion assertionA = new Assertion();
assertionA.setResource(domain + ":books");
assertionA.setAction("READ");
assertionA.setRole(domain + ":role.librarian");
assertionA.setEffect(AssertionEffect.ALLOW);
Assertion assertionB = new Assertion();
assertionB.setResource(domain + ":jupiter");
assertionB.setAction("TRAVEL");
assertionB.setRole(domain + ":role.astronaut");
assertionB.setEffect(AssertionEffect.ALLOW);
List<Assertion> newAssertions = new ArrayList<Assertion>();
newAssertions.add(assertionA);
newAssertions.add(assertionB);
policyRes1A.setAssertions(newAssertions);
zms.putPolicy(mockDomRsrcCtx, domain, policyName, auditRef, policyRes1A);
Policy policyRes1B = zms.getPolicy(mockDomRsrcCtx, domain, policyName);
List<Assertion> resAssertsB = policyRes1B.getAssertions();
// check assertions are the same - should be 2
assertEquals(newAssertions.size(), resAssertsB.size());
zms.deleteTopLevelDomain(mockDomRsrcCtx, domain, auditRef);
}
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class ZMSImplTest method testDeleteTenancyResourceGroupNull.
@Test
public void testDeleteTenancyResourceGroupNull() {
Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
Principal principal1 = principalAuthority.authenticate("v=U1;d=user;n=user1;s=signature", "10.11.12.13", "GET", null);
ResourceContext rsrcCtx1 = createResourceContext(principal1);
try {
zms.deleteTenancyResourceGroup(rsrcCtx1, null, null, null, null);
} catch (Exception ex) {
assertTrue(true);
}
}
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class ZMSImplTest method testRetrieveAccessDomainVirtualValid.
@Test
public void testRetrieveAccessDomainVirtualValid() {
System.setProperty(ZMSConsts.ZMS_PROP_VIRTUAL_DOMAIN, "true");
ZMSImpl zmsTest = zmsInit();
Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
Principal principal = SimplePrincipal.create("user", "user1", "v=U1;d=user;n=user1;s=signature", 0, principalAuthority);
AthenzDomain athenzDomain = zmsTest.retrieveAccessDomain("user.user1", principal);
assertNotNull(athenzDomain);
assertEquals(athenzDomain.getName(), "user.user1");
System.clearProperty(ZMSConsts.ZMS_PROP_VIRTUAL_DOMAIN);
}
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class ZMSImplTest method testPutTenancyWithAuthorizedServiceMismatch.
@Test
public void testPutTenancyWithAuthorizedServiceMismatch() {
TestAuditLogger alogger = new TestAuditLogger();
String storeFile = ZMS_DATA_STORE_FILE + "_puttenancywithauthsvcmism";
ZMSImpl zmsImpl = getZmsImpl(storeFile, alogger);
String tenantDomain = "puttenancyauthorizedservicemismatch";
String providerService = "storage";
String providerDomain = "coretech-test";
String provider = providerDomain + "." + providerService;
setupTenantDomainProviderService(zmsImpl, tenantDomain, providerDomain, providerService, null);
// tenant is setup so let's setup up policy to authorize access to tenants
// without this role/policy we won't be authorized to add tenant roles
// to the provider domain even with authorized service details
Role role = createRoleObject(providerDomain, "self_serve", null, providerDomain + "." + providerService, null);
zmsImpl.putRole(mockDomRsrcCtx, providerDomain, "self_serve", auditRef, role);
Policy policy = createPolicyObject(providerDomain, "self_serve", "self_serve", "update", providerDomain + ":tenant.*", AssertionEffect.ALLOW);
zmsImpl.putPolicy(mockDomRsrcCtx, providerDomain, "self_serve", auditRef, policy);
// we are going to create a principal object with authorized service
// set to coretech.storage
Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
String userId = "user1";
String unsignedCreds = "v=U1;d=user;u=" + userId;
Principal principal = SimplePrincipal.create("user", userId, unsignedCreds + ";s=signature", 0, principalAuthority);
((SimplePrincipal) principal).setUnsignedCreds(unsignedCreds);
// make provider mismatch
((SimplePrincipal) principal).setAuthorizedService("coretech.storage");
ResourceContext ctx = createResourceContext(principal);
// this should fail since the authorized service name does not
// match to the provider and there is no endpoint specified for the provider
Tenancy tenant = createTenantObject(tenantDomain, provider);
try {
zmsImpl.putTenancy(ctx, tenantDomain, provider, auditRef, tenant);
fail();
} catch (ResourceException ex) {
assertEquals(400, ex.getCode());
}
// clean up our domains
zmsImpl.deleteTopLevelDomain(mockDomRsrcCtx, tenantDomain, auditRef);
zmsImpl.deleteTopLevelDomain(mockDomRsrcCtx, providerDomain, auditRef);
FileConnection.deleteDirectory(new File("/tmp/zms_core_unit_tests/" + storeFile));
}
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class ZMSImplTest method testGetAuditLogMsgBuilderTokenSigMissing.
@Test
public void testGetAuditLogMsgBuilderTokenSigMissing() {
Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
String userId = "user1";
String unsignedCreds = "v=U1;d=user;n=user1";
Principal principal = SimplePrincipal.create("user", userId, unsignedCreds, 0, principalAuthority);
ResourceContext ctx = createResourceContext(principal);
AuditLogMsgBuilder msgBldr = ZMSUtils.getAuditLogMsgBuilder(ctx, auditLogger, "mydomain", auditRef, "myapi", "PUT");
assertNotNull(msgBldr);
String who = msgBldr.who();
assertNotNull(who);
assertTrue(who.contains(userId));
}
Aggregations