Search in sources :

Example 86 with SimplePrincipal

use of com.yahoo.athenz.auth.impl.SimplePrincipal in project athenz by yahoo.

the class ZMSImplTest method testPutPolicyChanges.

@Test
public void testPutPolicyChanges() {
    String domain = "PutPolicyChanges";
    String policyName = "Jobs";
    TopLevelDomain dom1 = createTopLevelDomainObject(domain, "Test Domain1", "testOrg", adminUser);
    zms.postTopLevelDomain(mockDomRsrcCtx, auditRef, dom1);
    Policy policy1 = createPolicyObject(domain, policyName);
    List<Assertion> origAsserts = policy1.getAssertions();
    String userId = "hank";
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    String unsignedCreds = "v=U1;d=user;n=" + userId;
    Principal principal = SimplePrincipal.create("user", userId, unsignedCreds + ";s=signature", 0, principalAuthority);
    ((SimplePrincipal) principal).setUnsignedCreds(unsignedCreds);
    ResourceContext rsrcCtx1 = createResourceContext(principal);
    zms.putPolicy(rsrcCtx1, domain, policyName, auditRef, policy1);
    Policy policyRes1A = zms.getPolicy(mockDomRsrcCtx, domain, policyName);
    List<Assertion> resAsserts = policyRes1A.getAssertions();
    // check assertions are the same - should only be 1
    assertEquals(origAsserts.size(), resAsserts.size());
    // now replace the old assertion with a new ones
    // 
    Assertion assertionA = new Assertion();
    assertionA.setResource(domain + ":books");
    assertionA.setAction("READ");
    assertionA.setRole(domain + ":role.librarian");
    assertionA.setEffect(AssertionEffect.ALLOW);
    Assertion assertionB = new Assertion();
    assertionB.setResource(domain + ":jupiter");
    assertionB.setAction("TRAVEL");
    assertionB.setRole(domain + ":role.astronaut");
    assertionB.setEffect(AssertionEffect.ALLOW);
    List<Assertion> newAssertions = new ArrayList<Assertion>();
    newAssertions.add(assertionA);
    newAssertions.add(assertionB);
    policyRes1A.setAssertions(newAssertions);
    zms.putPolicy(mockDomRsrcCtx, domain, policyName, auditRef, policyRes1A);
    Policy policyRes1B = zms.getPolicy(mockDomRsrcCtx, domain, policyName);
    List<Assertion> resAssertsB = policyRes1B.getAssertions();
    // check assertions are the same - should be 2
    assertEquals(newAssertions.size(), resAssertsB.size());
    zms.deleteTopLevelDomain(mockDomRsrcCtx, domain, auditRef);
}
Also used : Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) ArrayList(java.util.ArrayList) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)

Example 87 with SimplePrincipal

use of com.yahoo.athenz.auth.impl.SimplePrincipal in project athenz by yahoo.

the class ZMSImplTest method testPutTenancyWithAuthorizedServiceMismatch.

@Test
public void testPutTenancyWithAuthorizedServiceMismatch() {
    TestAuditLogger alogger = new TestAuditLogger();
    String storeFile = ZMS_DATA_STORE_FILE + "_puttenancywithauthsvcmism";
    ZMSImpl zmsImpl = getZmsImpl(storeFile, alogger);
    String tenantDomain = "puttenancyauthorizedservicemismatch";
    String providerService = "storage";
    String providerDomain = "coretech-test";
    String provider = providerDomain + "." + providerService;
    setupTenantDomainProviderService(zmsImpl, tenantDomain, providerDomain, providerService, null);
    // tenant is setup so let's setup up policy to authorize access to tenants
    // without this role/policy we won't be authorized to add tenant roles
    // to the provider domain even with authorized service details
    Role role = createRoleObject(providerDomain, "self_serve", null, providerDomain + "." + providerService, null);
    zmsImpl.putRole(mockDomRsrcCtx, providerDomain, "self_serve", auditRef, role);
    Policy policy = createPolicyObject(providerDomain, "self_serve", "self_serve", "update", providerDomain + ":tenant.*", AssertionEffect.ALLOW);
    zmsImpl.putPolicy(mockDomRsrcCtx, providerDomain, "self_serve", auditRef, policy);
    // we are going to create a principal object with authorized service
    // set to coretech.storage
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    String userId = "user1";
    String unsignedCreds = "v=U1;d=user;u=" + userId;
    Principal principal = SimplePrincipal.create("user", userId, unsignedCreds + ";s=signature", 0, principalAuthority);
    ((SimplePrincipal) principal).setUnsignedCreds(unsignedCreds);
    // make provider mismatch
    ((SimplePrincipal) principal).setAuthorizedService("coretech.storage");
    ResourceContext ctx = createResourceContext(principal);
    // this should fail since the authorized service name does not
    // match to the provider and there is no endpoint specified for the provider
    Tenancy tenant = createTenantObject(tenantDomain, provider);
    try {
        zmsImpl.putTenancy(ctx, tenantDomain, provider, auditRef, tenant);
        fail();
    } catch (ResourceException ex) {
        assertEquals(400, ex.getCode());
    }
    // clean up our domains
    zmsImpl.deleteTopLevelDomain(mockDomRsrcCtx, tenantDomain, auditRef);
    zmsImpl.deleteTopLevelDomain(mockDomRsrcCtx, providerDomain, auditRef);
    FileConnection.deleteDirectory(new File("/tmp/zms_core_unit_tests/" + storeFile));
}
Also used : Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) File(java.io.File) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)

Example 88 with SimplePrincipal

use of com.yahoo.athenz.auth.impl.SimplePrincipal in project athenz by yahoo.

the class ZMSImplTest method testDeleteUserDomainNull.

@Test
public void testDeleteUserDomainNull() {
    Authority userAuthority = new com.yahoo.athenz.common.server.debug.DebugUserAuthority();
    String userId = "user1";
    Principal principal = SimplePrincipal.create("user", userId, userId + ":password", 0, userAuthority);
    ((SimplePrincipal) principal).setUnsignedCreds(userId);
    ResourceContext rsrcCtx1 = createResourceContext(principal);
    try {
        zms.deleteUserDomain(rsrcCtx1, null, null);
        fail();
    } catch (ResourceException ex) {
        assertTrue(true);
    }
}
Also used : Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)

Example 89 with SimplePrincipal

use of com.yahoo.athenz.auth.impl.SimplePrincipal in project athenz by yahoo.

the class ZMSImplTest method testGetDomainListNotNull.

@Test
public void testGetDomainListNotNull() {
    Authority userAuthority = new com.yahoo.athenz.common.server.debug.DebugUserAuthority();
    String userId = "user1";
    Principal principal = SimplePrincipal.create("user", userId, userId + ":password", 0, userAuthority);
    ((SimplePrincipal) principal).setUnsignedCreds(userId);
    ResourceContext rsrcCtx1 = createResourceContext(principal);
    zms.getDomainList(rsrcCtx1, 100, null, null, 100, "account", 224, "roleMem1", "role1", null);
}
Also used : Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)

Example 90 with SimplePrincipal

use of com.yahoo.athenz.auth.impl.SimplePrincipal in project athenz by yahoo.

the class SimplePrincipalTest method testSimplePrincipalEmptyRole.

@Test
public void testSimplePrincipalEmptyRole() {
    List<String> roles = new ArrayList<>();
    UserAuthority userAuthority = new UserAuthority();
    userAuthority.initialize();
    assertNull(SimplePrincipal.create("user", fakeCreds, roles, userAuthority));
    roles.add("newrole");
    SimplePrincipal p = (SimplePrincipal) SimplePrincipal.create("user", fakeCreds, roles, userAuthority);
    assertEquals(p.getRoles().size(), 1);
    assertTrue(p.getRoles().contains("newrole"));
}
Also used : ArrayList(java.util.ArrayList) UserAuthority(com.yahoo.athenz.auth.impl.UserAuthority) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Test(org.testng.annotations.Test)

Aggregations

SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)91 Test (org.testng.annotations.Test)73 PrincipalAuthority (com.yahoo.athenz.auth.impl.PrincipalAuthority)50 Path (java.nio.file.Path)45 SignedDomain (com.yahoo.athenz.zms.SignedDomain)37 ChangeLogStore (com.yahoo.athenz.zts.store.ChangeLogStore)37 DataStore (com.yahoo.athenz.zts.store.DataStore)37 MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)37 ZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)37 CertificateAuthority (com.yahoo.athenz.auth.impl.CertificateAuthority)31 X509Certificate (java.security.cert.X509Certificate)30 X509CertRecord (com.yahoo.athenz.zts.cert.X509CertRecord)22 InstanceCertManager (com.yahoo.athenz.zts.cert.InstanceCertManager)19 Authority (com.yahoo.athenz.auth.Authority)18 HttpServletRequest (javax.servlet.http.HttpServletRequest)18 Principal (com.yahoo.athenz.auth.Principal)16 InstanceProvider (com.yahoo.athenz.instance.provider.InstanceProvider)14 InstanceConfirmation (com.yahoo.athenz.instance.provider.InstanceConfirmation)12 IOException (java.io.IOException)7 WebApplicationException (javax.ws.rs.WebApplicationException)7