use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class RoleAuthorityTest method testIsWriteOperation.
@Test
public void testIsWriteOperation() {
PrincipalAuthority serviceAuthority = new PrincipalAuthority();
assertTrue(serviceAuthority.isWriteOperation("PUT"));
assertTrue(serviceAuthority.isWriteOperation("put"));
assertTrue(serviceAuthority.isWriteOperation("Post"));
assertTrue(serviceAuthority.isWriteOperation("POST"));
assertTrue(serviceAuthority.isWriteOperation("DeLete"));
assertTrue(serviceAuthority.isWriteOperation("DELETE"));
assertFalse(serviceAuthority.isWriteOperation("GET"));
assertFalse(serviceAuthority.isWriteOperation("Get"));
assertFalse(serviceAuthority.isWriteOperation("HEAD"));
assertFalse(serviceAuthority.isWriteOperation(null));
assertFalse(serviceAuthority.isWriteOperation("Unknown"));
assertFalse(serviceAuthority.isWriteOperation(""));
}
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class PrincipalAuthorityTest method testRemoteIpCheckWrite.
@Test
public void testRemoteIpCheckWrite() {
PrincipalAuthority serviceAuthority = new PrincipalAuthority();
serviceAuthority.ipCheckMode = IpCheckMode.OPS_WRITE;
PrincipalToken serviceToken = new PrincipalToken("v=S1;d=user;n=user1;i=10.11.12.23;s=sig");
// first let's verify read operation with and without matches
assertTrue(serviceAuthority.remoteIpCheck("10.11.12.23", false, serviceToken, null));
assertTrue(serviceAuthority.remoteIpCheck("10.11.12.22", false, serviceToken, null));
// now let's try write operations without authorized service
assertTrue(serviceAuthority.remoteIpCheck("10.11.12.23", true, serviceToken, null));
assertFalse(serviceAuthority.remoteIpCheck("10.11.12.22", true, serviceToken, null));
// finally mismatch operation with authorized service
assertTrue(serviceAuthority.remoteIpCheck("10.11.12.22", true, serviceToken, "authz_service"));
}
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class PrincipalAuthorityTest method testGetAuthorizedServiceNameSingleServices.
@Test
public void testGetAuthorizedServiceNameSingleServices() {
PrincipalAuthority serviceAuthority = new PrincipalAuthority();
List<String> authorizedServices = new ArrayList<>();
authorizedServices.add("coretech.storage");
assertEquals(serviceAuthority.getAuthorizedServiceName(authorizedServices, null), "coretech.storage");
assertEquals(serviceAuthority.getAuthorizedServiceName(authorizedServices, "sports.storage"), null);
assertEquals(serviceAuthority.getAuthorizedServiceName(authorizedServices, "coretech.storage"), "coretech.storage");
}
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class PrincipalAuthorityTest method testInitialize.
@Test
public void testInitialize() throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
Class<PrincipalAuthority> c = PrincipalAuthority.class;
PrincipalAuthority principalAuthority = new PrincipalAuthority();
System.setProperty(PrincipalAuthority.ATHENZ_PROP_TOKEN_OFFSET, "-1");
principalAuthority.initialize();
Field f1 = c.getDeclaredField("allowedOffset");
f1.setAccessible(true);
int m = (Integer) f1.get(principalAuthority);
assertEquals(m, 300);
assertEquals(principalAuthority.userDomain, "user");
}
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class PrincipalAuthorityTest method testRemoteIpCheckAll.
@Test
public void testRemoteIpCheckAll() {
PrincipalAuthority serviceAuthority = new PrincipalAuthority();
serviceAuthority.ipCheckMode = IpCheckMode.OPS_ALL;
PrincipalToken serviceToken = new PrincipalToken("v=S1;d=domain;n=service;i=10.11.12.23;s=sig");
assertTrue(serviceAuthority.remoteIpCheck("10.11.12.23", false, serviceToken, null));
assertTrue(serviceAuthority.remoteIpCheck("10.11.12.23", true, serviceToken, null));
assertFalse(serviceAuthority.remoteIpCheck("10.11.12.22", false, serviceToken, null));
assertFalse(serviceAuthority.remoteIpCheck("10.11.12.22", true, serviceToken, null));
}
Aggregations