Search in sources :

Example 81 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class ZMSImplTest method testPutPolicyChanges.

@Test
public void testPutPolicyChanges() {
    String domain = "PutPolicyChanges";
    String policyName = "Jobs";
    TopLevelDomain dom1 = createTopLevelDomainObject(domain, "Test Domain1", "testOrg", adminUser);
    zms.postTopLevelDomain(mockDomRsrcCtx, auditRef, dom1);
    Policy policy1 = createPolicyObject(domain, policyName);
    List<Assertion> origAsserts = policy1.getAssertions();
    String userId = "hank";
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    String unsignedCreds = "v=U1;d=user;n=" + userId;
    Principal principal = SimplePrincipal.create("user", userId, unsignedCreds + ";s=signature", 0, principalAuthority);
    ((SimplePrincipal) principal).setUnsignedCreds(unsignedCreds);
    ResourceContext rsrcCtx1 = createResourceContext(principal);
    zms.putPolicy(rsrcCtx1, domain, policyName, auditRef, policy1);
    Policy policyRes1A = zms.getPolicy(mockDomRsrcCtx, domain, policyName);
    List<Assertion> resAsserts = policyRes1A.getAssertions();
    // check assertions are the same - should only be 1
    assertEquals(origAsserts.size(), resAsserts.size());
    // now replace the old assertion with a new ones
    // 
    Assertion assertionA = new Assertion();
    assertionA.setResource(domain + ":books");
    assertionA.setAction("READ");
    assertionA.setRole(domain + ":role.librarian");
    assertionA.setEffect(AssertionEffect.ALLOW);
    Assertion assertionB = new Assertion();
    assertionB.setResource(domain + ":jupiter");
    assertionB.setAction("TRAVEL");
    assertionB.setRole(domain + ":role.astronaut");
    assertionB.setEffect(AssertionEffect.ALLOW);
    List<Assertion> newAssertions = new ArrayList<Assertion>();
    newAssertions.add(assertionA);
    newAssertions.add(assertionB);
    policyRes1A.setAssertions(newAssertions);
    zms.putPolicy(mockDomRsrcCtx, domain, policyName, auditRef, policyRes1A);
    Policy policyRes1B = zms.getPolicy(mockDomRsrcCtx, domain, policyName);
    List<Assertion> resAssertsB = policyRes1B.getAssertions();
    // check assertions are the same - should be 2
    assertEquals(newAssertions.size(), resAssertsB.size());
    zms.deleteTopLevelDomain(mockDomRsrcCtx, domain, auditRef);
}
Also used : Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) ArrayList(java.util.ArrayList) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)

Example 82 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class ZMSImplTest method testDeleteTenancyResourceGroupNull.

@Test
public void testDeleteTenancyResourceGroupNull() {
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    Principal principal1 = principalAuthority.authenticate("v=U1;d=user;n=user1;s=signature", "10.11.12.13", "GET", null);
    ResourceContext rsrcCtx1 = createResourceContext(principal1);
    try {
        zms.deleteTenancyResourceGroup(rsrcCtx1, null, null, null, null);
    } catch (Exception ex) {
        assertTrue(true);
    }
}
Also used : Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) WebApplicationException(javax.ws.rs.WebApplicationException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) IOException(java.io.IOException)

Example 83 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class ZMSImplTest method testRetrieveAccessDomainVirtualValid.

@Test
public void testRetrieveAccessDomainVirtualValid() {
    System.setProperty(ZMSConsts.ZMS_PROP_VIRTUAL_DOMAIN, "true");
    ZMSImpl zmsTest = zmsInit();
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    Principal principal = SimplePrincipal.create("user", "user1", "v=U1;d=user;n=user1;s=signature", 0, principalAuthority);
    AthenzDomain athenzDomain = zmsTest.retrieveAccessDomain("user.user1", principal);
    assertNotNull(athenzDomain);
    assertEquals(athenzDomain.getName(), "user.user1");
    System.clearProperty(ZMSConsts.ZMS_PROP_VIRTUAL_DOMAIN);
}
Also used : AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain) Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal)

Example 84 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class ZMSImplTest method testPutTenancyWithAuthorizedServiceMismatch.

@Test
public void testPutTenancyWithAuthorizedServiceMismatch() {
    TestAuditLogger alogger = new TestAuditLogger();
    String storeFile = ZMS_DATA_STORE_FILE + "_puttenancywithauthsvcmism";
    ZMSImpl zmsImpl = getZmsImpl(storeFile, alogger);
    String tenantDomain = "puttenancyauthorizedservicemismatch";
    String providerService = "storage";
    String providerDomain = "coretech-test";
    String provider = providerDomain + "." + providerService;
    setupTenantDomainProviderService(zmsImpl, tenantDomain, providerDomain, providerService, null);
    // tenant is setup so let's setup up policy to authorize access to tenants
    // without this role/policy we won't be authorized to add tenant roles
    // to the provider domain even with authorized service details
    Role role = createRoleObject(providerDomain, "self_serve", null, providerDomain + "." + providerService, null);
    zmsImpl.putRole(mockDomRsrcCtx, providerDomain, "self_serve", auditRef, role);
    Policy policy = createPolicyObject(providerDomain, "self_serve", "self_serve", "update", providerDomain + ":tenant.*", AssertionEffect.ALLOW);
    zmsImpl.putPolicy(mockDomRsrcCtx, providerDomain, "self_serve", auditRef, policy);
    // we are going to create a principal object with authorized service
    // set to coretech.storage
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    String userId = "user1";
    String unsignedCreds = "v=U1;d=user;u=" + userId;
    Principal principal = SimplePrincipal.create("user", userId, unsignedCreds + ";s=signature", 0, principalAuthority);
    ((SimplePrincipal) principal).setUnsignedCreds(unsignedCreds);
    // make provider mismatch
    ((SimplePrincipal) principal).setAuthorizedService("coretech.storage");
    ResourceContext ctx = createResourceContext(principal);
    // this should fail since the authorized service name does not
    // match to the provider and there is no endpoint specified for the provider
    Tenancy tenant = createTenantObject(tenantDomain, provider);
    try {
        zmsImpl.putTenancy(ctx, tenantDomain, provider, auditRef, tenant);
        fail();
    } catch (ResourceException ex) {
        assertEquals(400, ex.getCode());
    }
    // clean up our domains
    zmsImpl.deleteTopLevelDomain(mockDomRsrcCtx, tenantDomain, auditRef);
    zmsImpl.deleteTopLevelDomain(mockDomRsrcCtx, providerDomain, auditRef);
    FileConnection.deleteDirectory(new File("/tmp/zms_core_unit_tests/" + storeFile));
}
Also used : Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) File(java.io.File) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)

Example 85 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class ZMSImplTest method testGetAuditLogMsgBuilderTokenSigMissing.

@Test
public void testGetAuditLogMsgBuilderTokenSigMissing() {
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    String userId = "user1";
    String unsignedCreds = "v=U1;d=user;n=user1";
    Principal principal = SimplePrincipal.create("user", userId, unsignedCreds, 0, principalAuthority);
    ResourceContext ctx = createResourceContext(principal);
    AuditLogMsgBuilder msgBldr = ZMSUtils.getAuditLogMsgBuilder(ctx, auditLogger, "mydomain", auditRef, "myapi", "PUT");
    assertNotNull(msgBldr);
    String who = msgBldr.who();
    assertNotNull(who);
    assertTrue(who.contains(userId));
}
Also used : DefaultAuditLogMsgBuilder(com.yahoo.athenz.common.server.log.impl.DefaultAuditLogMsgBuilder) AuditLogMsgBuilder(com.yahoo.athenz.common.server.log.AuditLogMsgBuilder) Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal)

Aggregations

PrincipalAuthority (com.yahoo.athenz.auth.impl.PrincipalAuthority)101 SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)74 Test (org.testng.annotations.Test)62 Principal (com.yahoo.athenz.auth.Principal)44 Authority (com.yahoo.athenz.auth.Authority)40 BeforeTest (org.testng.annotations.BeforeTest)26 KeyStore (com.yahoo.athenz.auth.KeyStore)16 SignedDomain (com.yahoo.athenz.zms.SignedDomain)16 IOException (java.io.IOException)16 WebApplicationException (javax.ws.rs.WebApplicationException)16 PrincipalToken (com.yahoo.athenz.auth.token.PrincipalToken)13 Path (java.nio.file.Path)13 ArrayList (java.util.ArrayList)12 ChangeLogStore (com.yahoo.athenz.zts.store.ChangeLogStore)11 DataStore (com.yahoo.athenz.zts.store.DataStore)11 MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)11 ZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)11 HttpServletRequest (javax.servlet.http.HttpServletRequest)10 UnsupportedEncodingException (java.io.UnsupportedEncodingException)9 AthenzDomain (com.yahoo.athenz.zms.store.AthenzDomain)7