Example 6 with DynamicConfigBoolean
use of com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigBoolean in project athenz by yahoo.
the class ZMSImplTest method testPutGroupMembership.
@Test
public void testPutGroupMembership() {
final String domainName = "put-group-mbr";
final String groupName = "group1";
when(zmsTestInitializer.getMockDomRsrcCtx().getApiName()).thenReturn("putserviceidentity").thenReturn("posttopleveldomain").thenReturn(// called twice in domain api
"posttopleveldomain").thenReturn("posttopleveldomain").thenReturn(// called twice in domain api
"posttopleveldomain").thenReturn("putserviceidentity").thenReturn("putserviceidentity").thenReturn("putserviceidentity").thenReturn("putserviceidentity").thenReturn("putserviceidentity").thenReturn("postsubdomain").thenReturn(// called twice in domain api
"postsubdomain").thenReturn("putgroup").thenReturn("putgroup").thenReturn("putgroup").thenReturn(// called 4 times in group api
"putgroup").thenReturn("putgroupmembership");
TestAuditLogger alogger = new TestAuditLogger();
ZMSImpl zmsImpl = zmsTestInitializer.getZmsImpl(alogger);
TopLevelDomain dom1 = zmsTestInitializer.createTopLevelDomainObject(domainName, "Test Domain1", "testOrg", "user.user1");
zmsImpl.postTopLevelDomain(zmsTestInitializer.getMockDomRsrcCtx(), zmsTestInitializer.getAuditRef(), dom1);
TopLevelDomain dom2 = zmsTestInitializer.createTopLevelDomainObject("coretech", "Test Domain2", "testOrg", zmsTestInitializer.getAdminUser());
zmsImpl.postTopLevelDomain(zmsTestInitializer.getMockDomRsrcCtx(), zmsTestInitializer.getAuditRef(), dom2);
ServiceIdentity service = zmsTestInitializer.createServiceObject("coretech", "storage", "http://localhost", "/usr/bin/java", "root", "users", "host1");
zmsTestInitializer.getZms().putServiceIdentity(zmsTestInitializer.getMockDomRsrcCtx(), "coretech", "storage", zmsTestInitializer.getAuditRef(), service);
SubDomain subDom2 = zmsTestInitializer.createSubDomainObject("storage", "coretech", "Test Domain2", "testOrg", zmsTestInitializer.getAdminUser());
zmsImpl.postSubDomain(zmsTestInitializer.getMockDomRsrcCtx(), "coretech", zmsTestInitializer.getAuditRef(), subDom2);
Group group1 = zmsTestInitializer.createGroupObject(domainName, groupName, "user.joe", "user.jane");
zmsImpl.putGroup(zmsTestInitializer.getMockDomRsrcCtx(), domainName, groupName, zmsTestInitializer.getAuditRef(), group1);
GroupMembership mbr = zmsTestInitializer.generateGroupMembership(groupName, "user.doe");
zmsImpl.putGroupMembership(zmsTestInitializer.getMockDomRsrcCtx(), domainName, groupName, "user.doe", zmsTestInitializer.getAuditRef(), mbr);
// check audit log msg for putGroup
boolean foundError = false;
List<String> aLogMsgs = alogger.getLogMsgList();
System.err.println("testPutGroupMembership: Number of lines: " + aLogMsgs.size());
for (String msg : aLogMsgs) {
if (!msg.contains("WHAT-api=(putgroupmembership)")) {
continue;
}
int index = msg.indexOf("WHAT-details=(");
assertTrue(index != -1, msg);
int index2 = msg.indexOf("{\"member\": \"user.doe\", \"approved\": true, \"system-disabled\": 0}");
assertTrue(index2 > index, msg);
foundError = true;
break;
}
assertTrue(foundError);
aLogMsgs.clear();
mbr = zmsTestInitializer.generateGroupMembership(groupName, "coretech.storage");
zmsImpl.putGroupMembership(zmsTestInitializer.getMockDomRsrcCtx(), domainName, groupName, "coretech.storage", zmsTestInitializer.getAuditRef(), mbr);
Group group = zmsImpl.getGroup(zmsTestInitializer.getMockDomRsrcCtx(), domainName, groupName, false, false);
assertNotNull(group);
List<GroupMember> members = group.getGroupMembers();
assertNotNull(members);
assertEquals(members.size(), 4);
List<String> checkList = new ArrayList<>();
checkList.add("user.joe");
checkList.add("user.jane");
checkList.add("user.doe");
checkList.add("coretech.storage");
zmsTestInitializer.checkGroupMember(checkList, members);
foundError = false;
System.err.println("testGroupPutMembership: now Number of lines: " + aLogMsgs.size());
for (String msg : aLogMsgs) {
if (!msg.contains("WHAT-api=(putgroupmembership)")) {
continue;
}
int index = msg.indexOf("WHAT-details=(");
assertTrue(index != -1, msg);
int index2 = msg.indexOf("{\"member\": \"coretech.storage\", \"approved\": true, \"system-disabled\": 0}");
assertTrue(index2 > index, msg);
foundError = true;
break;
}
assertTrue(foundError);
// enable user validation for the test
zmsImpl.userAuthority = new TestUserPrincipalAuthority();
DynamicConfigBoolean dynamicConfigBoolean = Mockito.mock(DynamicConfigBoolean.class);
when(dynamicConfigBoolean.get()).thenReturn(true);
zmsImpl.validateUserRoleMembers = dynamicConfigBoolean;
// valid users no exception
mbr = zmsTestInitializer.generateGroupMembership(groupName, "user.joe");
zmsImpl.putGroupMembership(zmsTestInitializer.getMockDomRsrcCtx(), domainName, groupName, "user.joe", zmsTestInitializer.getAuditRef(), mbr);
// invalid user with exception
mbr = zmsTestInitializer.generateGroupMembership("group1", "user.john");
try {
zmsImpl.putGroupMembership(zmsTestInitializer.getMockDomRsrcCtx(), domainName, groupName, "user.john", zmsTestInitializer.getAuditRef(), mbr);
fail();
} catch (ResourceException ex) {
assertEquals(ex.getCode(), ResourceException.BAD_REQUEST);
}
zmsImpl.deleteSubDomain(zmsTestInitializer.getMockDomRsrcCtx(), "coretech", "storage", zmsTestInitializer.getAuditRef());
zmsImpl.deleteTopLevelDomain(zmsTestInitializer.getMockDomRsrcCtx(), "coretech", zmsTestInitializer.getAuditRef());
zmsImpl.deleteTopLevelDomain(zmsTestInitializer.getMockDomRsrcCtx(), domainName, zmsTestInitializer.getAuditRef());
}
Also used :
DynamicConfigBoolean(com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigBoolean)
Example 7 with DynamicConfigBoolean
use of com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigBoolean in project athenz by yahoo.
the class ZMSImplTest method testValidateRoleNotAssociatedToPolicy.
@Test
public void testValidateRoleNotAssociatedToPolicy() {
final String relatedRole = "role1";
final String domainName = "dom1";
final String caller = "testValidateRoleNotAssociatedToPolicy";
Policy policy = zmsTestInitializer.createPolicyObject(domainName, "policy1", relatedRole, "", "", AssertionEffect.ALLOW);
List<Policy> policies = Collections.singletonList(policy);
try {
zmsTestInitializer.getZms().validateRoleNotAssociatedToPolicy(policies, relatedRole, domainName, caller);
fail("should be fail");
} catch (ResourceException ex) {
assertEquals(400, ex.getCode());
assertTrue(ex.getMessage().contains("it cannot be deleted"));
}
// we're going to retry our first example with feature turned off
// save our existing value so we can restore after the test
DynamicConfigBoolean currentValue = zmsTestInitializer.getZms().validatePolicyAssertionRoles;
zmsTestInitializer.getZms().validatePolicyAssertionRoles = new DynamicConfigBoolean(false);
zmsTestInitializer.getZms().validateRoleNotAssociatedToPolicy(policies, relatedRole, domainName, caller);
zmsTestInitializer.getZms().validatePolicyAssertionRoles = currentValue;
// make sure some non-existent role is passed as ok
zmsTestInitializer.getZms().validateRoleNotAssociatedToPolicy(policies, "not_related_role", domainName, caller);
// policy with no assertions should be supported as ok
policy = new Policy().setName(ResourceUtils.policyResourceName(domainName, "policy1"));
policies = Collections.singletonList(policy);
zmsTestInitializer.getZms().validateRoleNotAssociatedToPolicy(policies, relatedRole, domainName, caller);
}
Also used :
DynamicConfigBoolean(com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigBoolean)
Example 8 with DynamicConfigBoolean
use of com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigBoolean in project athenz by yahoo.
the class ZMSImplTest method testValidateRoleMemberPrincipalUser.
@Test
public void testValidateRoleMemberPrincipalUser() {
Authority savedAuthority = zmsTestInitializer.getZms().userAuthority;
zmsTestInitializer.getZms().userAuthority = new TestUserPrincipalAuthority();
DynamicConfigBoolean dynamicConfigBoolean = Mockito.mock(DynamicConfigBoolean.class);
when(dynamicConfigBoolean.get()).thenReturn(true);
zmsTestInitializer.getZms().validateUserRoleMembers = dynamicConfigBoolean;
// valid users no exception
zmsTestInitializer.getZms().validateRoleMemberPrincipal("user.joe", Principal.Type.USER.getValue(), null, null, null, false, "unittest");
zmsTestInitializer.getZms().validateRoleMemberPrincipal("user.jane", Principal.Type.USER.getValue(), null, null, null, false, "unittest");
try {
zmsTestInitializer.getZms().validateRoleMemberPrincipal("user.john", Principal.Type.USER.getValue(), null, null, null, false, "unittest");
fail();
} catch (ResourceException ex) {
assertEquals(ex.getCode(), ResourceException.BAD_REQUEST);
}
// non - user principals by default are accepted
zmsTestInitializer.getZms().validateRoleMemberPrincipal("coretech.api", Principal.Type.SERVICE.getValue(), null, null, null, false, "unittest");
// valid employee and contractor users
zmsTestInitializer.getZms().validateRoleMemberPrincipal("user.joe", Principal.Type.USER.getValue(), "employee", null, null, false, "unittest");
zmsTestInitializer.getZms().validateRoleMemberPrincipal("user.jane", Principal.Type.USER.getValue(), "employee", null, null, false, "unittest");
zmsTestInitializer.getZms().validateRoleMemberPrincipal("user.jack", Principal.Type.USER.getValue(), "contractor", null, null, false, "unittest");
// valid multiple attribute users
zmsTestInitializer.getZms().validateRoleMemberPrincipal("user.joe", Principal.Type.USER.getValue(), "employee,local", null, null, false, "unittest");
zmsTestInitializer.getZms().validateRoleMemberPrincipal("user.jane", Principal.Type.USER.getValue(), "employee,local", null, null, false, "unittest");
zmsTestInitializer.getZms().validateRoleMemberPrincipal("user.jack", Principal.Type.USER.getValue(), "contractor,local", null, null, false, "unittest");
try {
zmsTestInitializer.getZms().validateRoleMemberPrincipal("user.jack", Principal.Type.USER.getValue(), "employee", null, null, false, "unittest");
fail();
} catch (ResourceException ex) {
assertEquals(ex.getCode(), ResourceException.BAD_REQUEST);
}
try {
zmsTestInitializer.getZms().validateRoleMemberPrincipal("user.jack", Principal.Type.USER.getValue(), "local,employee", null, null, false, "unittest");
fail();
} catch (ResourceException ex) {
assertEquals(ex.getCode(), ResourceException.BAD_REQUEST);
}
zmsTestInitializer.getZms().userAuthority = savedAuthority;
}
Also used :
Authority(com.yahoo.athenz.auth.Authority)
DynamicConfigBoolean(com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigBoolean)
Example 9 with DynamicConfigBoolean
use of com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigBoolean in project athenz by yahoo.
the class ZTSImplTest method getTransportRulesROTest.
@Test
public void getTransportRulesROTest() {
DynamicConfigBoolean dynamicConfigBoolean = Mockito.mock(DynamicConfigBoolean.class);
when(dynamicConfigBoolean.get()).thenReturn(true).thenReturn(false);
zts.readOnlyMode = dynamicConfigBoolean;
try {
Principal principal = SimplePrincipal.create("user_domain", "user1", "v=U1;d=user_domain;n=user;s=signature", 0, null);
ResourceContext context = createResourceContext(principal);
zts.getTransportRules(context, "transportrules", "api");
fail();
} catch (ResourceException re) {
assertEquals(ResourceException.BAD_REQUEST, re.getCode());
}
zts.readOnlyMode = dynamicConfigBoolean;
}
Also used :
Principal(com.yahoo.athenz.auth.Principal)
DynamicConfigBoolean(com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigBoolean)
Test(org.testng.annotations.Test)
Example 10 with DynamicConfigBoolean
use of com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigBoolean in project athenz by yahoo.
the class ZTSImplTest method testValidateInstanceServiceIdentity.
@Test
public void testValidateInstanceServiceIdentity() {
DomainData domainData = new DomainData();
zts.validateInstanceServiceIdentity = new DynamicConfigBoolean(true);
try {
zts.validateInstanceServiceIdentity(domainData, "athenz.api", "unit-test");
fail();
} catch (ResourceException ex) {
assertEquals(ex.getCode(), ResourceException.BAD_REQUEST);
}
try {
zts.validateInstanceServiceIdentity(domainData, "athenz.backend", "unit-test");
fail();
} catch (ResourceException ex) {
assertEquals(ex.getCode(), ResourceException.BAD_REQUEST);
}
List<com.yahoo.athenz.zms.ServiceIdentity> services = new ArrayList<>();
com.yahoo.athenz.zms.ServiceIdentity serviceBackend = new com.yahoo.athenz.zms.ServiceIdentity().setName("athenz.backend");
com.yahoo.athenz.zms.ServiceIdentity serviceApi = new com.yahoo.athenz.zms.ServiceIdentity().setName("athenz.api");
services.add(serviceBackend);
services.add(serviceApi);
domainData.setServices(services);
// known services should work as expected
zts.validateInstanceServiceIdentity(domainData, "athenz.api", "unit-test");
zts.validateInstanceServiceIdentity(domainData, "athenz.backend", "unit-test");
try {
zts.validateInstanceServiceIdentity(domainData, "athenz.frontend", "unit-test");
fail();
} catch (ResourceException ex) {
assertEquals(ex.getCode(), ResourceException.BAD_REQUEST);
}
try {
zts.validateInstanceServiceIdentity(domainData, "athenz.api2", "unit-test");
fail();
} catch (ResourceException ex) {
assertEquals(ex.getCode(), ResourceException.BAD_REQUEST);
}
// screwdriver services are excluded from the check since they're dynamic
// screwdriver is configured as service skip domain
domainData = new DomainData().setName("screwdriver");
zts.validateInstanceServiceIdentity(domainData, "screwdriver.project1", "unit-test");
zts.validateInstanceServiceIdentity(domainData, "screwdriver.project2", "unit-test");
zts.validateInstanceServiceIdentity = new DynamicConfigBoolean(false);
}
Also used :
com.yahoo.athenz.zms(com.yahoo.athenz.zms)
ServiceIdentity(com.yahoo.athenz.zms.ServiceIdentity)
ServiceIdentity(com.yahoo.athenz.zms.ServiceIdentity)
DynamicConfigBoolean(com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigBoolean)
Test(org.testng.annotations.Test)
Aggregations
DynamicConfigBoolean (com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigBoolean)24
Test (org.testng.annotations.Test)6
Principal (com.yahoo.athenz.auth.Principal)5
HttpServletResponse (javax.servlet.http.HttpServletResponse)4
Response (javax.ws.rs.core.Response)4
JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)3
JOSEException (com.nimbusds.jose.JOSEException)3
Authority (com.yahoo.athenz.auth.Authority)3
ConfigProviderFile (com.yahoo.athenz.common.server.util.config.providers.ConfigProviderFile)3
MockStatusCheckerNoException (com.yahoo.athenz.zms.status.MockStatusCheckerNoException)3
MockStatusCheckerThrowException (com.yahoo.athenz.zms.status.MockStatusCheckerThrowException)3
File (java.io.File)3
IOException (java.io.IOException)3
ParseException (java.text.ParseException)3
DynamicConfigLong (com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigLong)2
ChangeLogStore (com.yahoo.athenz.common.server.store.ChangeLogStore)1
ZMSFileChangeLogStore (com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore)1
DynamicConfigCsv (com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigCsv)1
DynamicConfigDouble (com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigDouble)1
DynamicConfigDuration (com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigDuration)1
