Examples with PrincipalAuthority com.yahoo.athenz.auth.impl.PrincipalAuthority used on opensource projects

Search in sources :

Example 31 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class ZMSImplTest method testGetAccessExt.

@Test
public void testGetAccessExt() {
    final String testDomainName = "AccessDomExt1";
    TopLevelDomain dom1 = createTopLevelDomainObject(testDomainName, "Test Domain1", "testOrg", adminUser);
    zms.postTopLevelDomain(mockDomRsrcCtx, auditRef, dom1);
    Role role1 = createRoleObject(testDomainName, "Role1", null, "user.user1", "user.user3");
    zms.putRole(mockDomRsrcCtx, testDomainName, "Role1", auditRef, role1);
    Role role2 = createRoleObject(testDomainName, "Role2", null, "user.user2", "user.user3");
    zms.putRole(mockDomRsrcCtx, testDomainName, "Role2", auditRef, role2);
    Policy policy1 = createPolicyObject(testDomainName, "Policy1", "Role1", "UPDATE", testDomainName + ":resource1/resource2", AssertionEffect.ALLOW);
    zms.putPolicy(mockDomRsrcCtx, testDomainName, "Policy1", auditRef, policy1);
    Policy policy2 = createPolicyObject(testDomainName, "Policy2", "Role2", "CREATE", testDomainName + ":resource2(resource3)", AssertionEffect.ALLOW);
    zms.putPolicy(mockDomRsrcCtx, testDomainName, "Policy2", auditRef, policy2);
    Policy policy3 = createPolicyObject(testDomainName, "Policy3", "Role2", "*", testDomainName + ":resource3/*", AssertionEffect.ALLOW);
    zms.putPolicy(mockDomRsrcCtx, testDomainName, "Policy3", auditRef, policy3);
    Policy policy4 = createPolicyObject(testDomainName, "Policy4", "Role1", "READ", testDomainName + ":resource4[*]/data1", AssertionEffect.ALLOW);
    zms.putPolicy(mockDomRsrcCtx, testDomainName, "Policy4", auditRef, policy4);
    Policy policy5 = createPolicyObject(testDomainName, "Policy5", "Role2", "access", testDomainName + ":https://*.athenz.com/*", AssertionEffect.ALLOW);
    zms.putPolicy(mockDomRsrcCtx, testDomainName, "Policy5", auditRef, policy5);
    // user1 and user3 have access to UPDATE/resource1
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    Principal principal1 = principalAuthority.authenticate("v=U1;d=user;n=user1;s=signature", "10.11.12.13", "GET", null);
    ResourceContext rsrcCtx1 = createResourceContext(principal1);
    Principal principal2 = principalAuthority.authenticate("v=U1;d=user;n=user2;s=signature", "10.11.12.13", "GET", null);
    ResourceContext rsrcCtx2 = createResourceContext(principal2);
    Principal principal3 = principalAuthority.authenticate("v=U1;d=user;n=user3;s=signature", "10.11.12.13", "GET", null);
    ResourceContext rsrcCtx3 = createResourceContext(principal3);
    // user1 and user3 have update access to resource1/resource2
    Access access = zms.getAccessExt(rsrcCtx1, "UPDATE", testDomainName + ":resource1/resource2", testDomainName, null);
    assertTrue(access.getGranted());
    access = zms.getAccessExt(rsrcCtx1, "UPDATE", testDomainName + ":resource1/resource3", testDomainName, null);
    assertFalse(access.getGranted());
    access = zms.getAccessExt(rsrcCtx2, "UPDATE", testDomainName + ":resource1/resource2", testDomainName, null);
    assertFalse(access.getGranted());
    access = zms.getAccessExt(rsrcCtx3, "UPDATE", testDomainName + ":resource1/resource2", testDomainName, null);
    assertTrue(access.getGranted());
    // all three have no access to CREATE action on resource1/resource2
    access = zms.getAccessExt(rsrcCtx1, "CREATE", testDomainName + ":resource1/resource2", testDomainName, null);
    assertFalse(access.getGranted());
    access = zms.getAccessExt(rsrcCtx2, "CREATE", testDomainName + ":resource1/resource2", testDomainName, null);
    assertFalse(access.getGranted());
    access = zms.getAccessExt(rsrcCtx3, "CREATE", testDomainName + ":resource1/resource2", testDomainName, null);
    assertFalse(access.getGranted());
    // user2 and user3 have create access to resource2(resource3)
    access = zms.getAccessExt(rsrcCtx1, "CREATE", testDomainName + ":resource2(resource3)", testDomainName, null);
    assertFalse(access.getGranted());
    access = zms.getAccessExt(rsrcCtx2, "CREATE", testDomainName + ":resource2(resource3)", testDomainName, null);
    assertTrue(access.getGranted());
    access = zms.getAccessExt(rsrcCtx3, "CREATE", testDomainName + ":resource2(resource3)", testDomainName, null);
    assertTrue(access.getGranted());
    // user2 and user3 have access to CREATE(*)/resource3/*
    access = zms.getAccessExt(rsrcCtx1, "CREATE", testDomainName + ":resource3", testDomainName, null);
    assertFalse(access.getGranted());
    access = zms.getAccessExt(rsrcCtx2, "CREATE", testDomainName + ":resource3/test1", testDomainName, null);
    assertTrue(access.getGranted());
    access = zms.getAccessExt(rsrcCtx3, "CREATE", testDomainName + ":resource3/anothertest", testDomainName, null);
    assertTrue(access.getGranted());
    // user2 and user3 have access to UPDATE(*)/resource3/*
    access = zms.getAccessExt(rsrcCtx1, "UPDATE", testDomainName + ":resource3", testDomainName, null);
    assertFalse(access.getGranted());
    access = zms.getAccessExt(rsrcCtx2, "UPDATE", testDomainName + ":resource3/(another value)", testDomainName, null);
    assertTrue(access.getGranted());
    access = zms.getAccessExt(rsrcCtx3, "UPDATE", testDomainName + ":resource3/a", testDomainName, null);
    assertTrue(access.getGranted());
    // user1 and user3 have access to READ/resource6[*]/data1
    access = zms.getAccessExt(rsrcCtx1, "read", testDomainName + ":resource4[test1]/data1", testDomainName, null);
    assertTrue(access.getGranted());
    access = zms.getAccessExt(rsrcCtx2, "read", testDomainName + ":resource4[test1]/data1", testDomainName, null);
    assertFalse(access.getGranted());
    access = zms.getAccessExt(rsrcCtx3, "read", testDomainName + ":resource4[test another]/data1", testDomainName, null);
    assertTrue(access.getGranted());
    // user2 and user3 have access to access/https://*.athenz.com/*
    access = zms.getAccessExt(rsrcCtx1, "access", testDomainName + ":https://web.athenz.com/data", testDomainName, null);
    assertFalse(access.getGranted());
    access = zms.getAccessExt(rsrcCtx2, "access", testDomainName + ":https://web.athenz.com/data", testDomainName, null);
    assertTrue(access.getGranted());
    access = zms.getAccessExt(rsrcCtx2, "access", testDomainName + ":https://web.athenz.org/data", testDomainName, null);
    assertFalse(access.getGranted());
    access = zms.getAccessExt(rsrcCtx3, "access", testDomainName + ":https://web-store.athenz.com/data/path", testDomainName, null);
    assertTrue(access.getGranted());
    zms.deleteTopLevelDomain(mockDomRsrcCtx, testDomainName, auditRef);
}
Also used : Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal)

Example 32 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class ZMSImplTest method testRetrieveAccessDomainVirtualDomainDisabled.

@Test
public void testRetrieveAccessDomainVirtualDomainDisabled() {
    System.setProperty(ZMSConsts.ZMS_PROP_VIRTUAL_DOMAIN, "false");
    ZMSImpl zmsTest = zmsInit();
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    Principal principal = SimplePrincipal.create("user", "user1", "v=U1;d=user;n=user1;s=signature", 0, principalAuthority);
    AthenzDomain athenzDomain = zmsTest.retrieveAccessDomain("user.user1", principal);
    assertNull(athenzDomain);
    System.clearProperty(ZMSConsts.ZMS_PROP_VIRTUAL_DOMAIN);
}
Also used : AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain) Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal)

Example 33 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class ZMSImplTest method testGetAccessHomeDomainDisabled.

@Test
public void testGetAccessHomeDomainDisabled() {
    System.setProperty(ZMSConsts.ZMS_PROP_VIRTUAL_DOMAIN, "false");
    ZMSImpl zmsTest = zmsInit();
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    Principal pJane = principalAuthority.authenticate("v=U1;d=user;n=jane;s=signature", "10.11.12.13", "GET", null);
    ResourceContext rsrcCtxJane = createResourceContext(pJane);
    try {
        zmsTest.getAccess(rsrcCtxJane, "READ", "user.jane:Resource1", null, null);
        fail();
    } catch (ResourceException ex) {
        assertEquals(404, ex.getCode());
    }
    try {
        zmsTest.getAccess(rsrcCtxJane, "WRITE", "user.jane:Resource1", null, null);
        fail();
    } catch (ResourceException ex) {
        assertEquals(404, ex.getCode());
    }
    try {
        zmsTest.getAccess(rsrcCtxJane, "UPDATE", "user.jane:Resource1", null, null);
        fail();
    } catch (ResourceException ex) {
        assertEquals(404, ex.getCode());
    }
    System.clearProperty(ZMSConsts.ZMS_PROP_VIRTUAL_DOMAIN);
}
Also used : Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal)

Example 34 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class ZMSImplTest method testDeleteDomainTemplate.

@Test
public void testDeleteDomainTemplate() {
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    Principal principal1 = principalAuthority.authenticate("v=U1;d=user;n=user1;s=signature", "10.11.12.13", "GET", null);
    ResourceContext rsrcCtx1 = createResourceContext(principal1);
    try {
        zms.deleteDomainTemplate(rsrcCtx1, null, null, null);
    } catch (Exception ex) {
        assertTrue(true);
    }
}
Also used : Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) WebApplicationException(javax.ws.rs.WebApplicationException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) IOException(java.io.IOException)

Example 35 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class ZMSImplTest method testGetAccessCrossDomainWildCardResources.

@Test
public void testGetAccessCrossDomainWildCardResources() {
    // create the netops domain
    TopLevelDomain dom = createTopLevelDomainObject("netops", "Test Netops", "testOrg", adminUser);
    zms.postTopLevelDomain(mockDomRsrcCtx, auditRef, dom);
    Role role = createRoleObject("netops", "users", null, null, null);
    zms.putRole(mockDomRsrcCtx, "netops", "users", auditRef, role);
    role = createRoleObject("netops", "superusers", null, "user.siteops_user_1", "user.siteops_user_2");
    zms.putRole(mockDomRsrcCtx, "netops", "superusers", auditRef, role);
    Policy policy = createPolicyObject("netops", "users", "users", "NODE_USER", "netops:node.", AssertionEffect.ALLOW);
    zms.putPolicy(mockDomRsrcCtx, "netops", "users", auditRef, policy);
    policy = createPolicyObject("netops", "superusers", "superusers", "NODE_SUDO", "netops:node.", AssertionEffect.ALLOW);
    zms.putPolicy(mockDomRsrcCtx, "netops", "superusers", auditRef, policy);
    policy = createPolicyObject("netops", "netops_superusers", "netops:role.superusers", false, "ASSUME_ROLE", "*:role.netops_superusers", AssertionEffect.ALLOW);
    zms.putPolicy(mockDomRsrcCtx, "netops", "netops_superusers", auditRef, policy);
    // create the weather domain
    dom = createTopLevelDomainObject("weather", "Test weather", "testOrg", adminUser);
    zms.postTopLevelDomain(mockDomRsrcCtx, auditRef, dom);
    role = createRoleObject("weather", "users", null, null, null);
    zms.putRole(mockDomRsrcCtx, "weather", "users", auditRef, role);
    role = createRoleObject("weather", "superusers", null, "user.weather_admin_user", null);
    zms.putRole(mockDomRsrcCtx, "weather", "superusers", auditRef, role);
    role = createRoleObject("weather", "netops_superusers", "netops");
    zms.putRole(mockDomRsrcCtx, "weather", "netops_superusers", auditRef, role);
    policy = createPolicyObject("weather", "users", "users", "NODE_USER", "weather:node.", AssertionEffect.ALLOW);
    zms.putPolicy(mockDomRsrcCtx, "weather", "users", auditRef, policy);
    policy = createPolicyObject("weather", "superusers", "superusers", "NODE_SUDO", "weather:node.*", AssertionEffect.ALLOW);
    zms.putPolicy(mockDomRsrcCtx, "weather", "superusers", auditRef, policy);
    policy = createPolicyObject("weather", "netops_superusers", "netops_superusers", "NODE_SUDO", "weather:node.*", AssertionEffect.ALLOW);
    zms.putPolicy(mockDomRsrcCtx, "weather", "netops_superusers", auditRef, policy);
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    Principal pWeather = principalAuthority.authenticate("v=U1;d=user;n=weather_admin_user;s=signature", "10.11.12.13", "GET", null);
    ResourceContext rsrcCtxWeather = createResourceContext(pWeather);
    Access access = zms.getAccess(rsrcCtxWeather, "NODE_SUDO", "weather:node.x", null, null);
    assertTrue(access.getGranted());
    Principal pSiteOps = principalAuthority.authenticate("v=U1;d=user;n=siteops_user_1;s=signature", "10.11.12.13", "GET", null);
    ResourceContext rsrcCtxSiteOps = createResourceContext(pSiteOps);
    access = zms.getAccess(rsrcCtxSiteOps, "NODE_SUDO", "weather:node.x", null, null);
    assertTrue(access.getGranted());
    Principal pRandom = principalAuthority.authenticate("v=U1;d=user;n=random_user;s=signature", "10.11.12.13", "GET", null);
    ResourceContext rsrcCtxRandom = createResourceContext(pRandom);
    access = zms.getAccess(rsrcCtxRandom, "NODE_SUDO", "weather:node.x", null, null);
    assertFalse(access.getGranted());
    zms.deleteTopLevelDomain(mockDomRsrcCtx, "weather", auditRef);
    zms.deleteTopLevelDomain(mockDomRsrcCtx, "netops", auditRef);
}
Also used : Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal)

Aggregations

PrincipalAuthority (com.yahoo.athenz.auth.impl.PrincipalAuthority)101 SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)74 Test (org.testng.annotations.Test)62 Principal (com.yahoo.athenz.auth.Principal)44 Authority (com.yahoo.athenz.auth.Authority)40 BeforeTest (org.testng.annotations.BeforeTest)26 KeyStore (com.yahoo.athenz.auth.KeyStore)16 SignedDomain (com.yahoo.athenz.zms.SignedDomain)16 IOException (java.io.IOException)16 WebApplicationException (javax.ws.rs.WebApplicationException)16 PrincipalToken (com.yahoo.athenz.auth.token.PrincipalToken)13 Path (java.nio.file.Path)13 ArrayList (java.util.ArrayList)12 ChangeLogStore (com.yahoo.athenz.zts.store.ChangeLogStore)11 DataStore (com.yahoo.athenz.zts.store.DataStore)11 MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)11 ZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)11 HttpServletRequest (javax.servlet.http.HttpServletRequest)10 UnsupportedEncodingException (java.io.UnsupportedEncodingException)9 AthenzDomain (com.yahoo.athenz.zms.store.AthenzDomain)7
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial