Example 51 with Assertion
use of com.yahoo.athenz.zms.Assertion in project athenz by yahoo.
the class JDBCConnectionTest method testInsertAssertionInvalidRoleName.
@Test
public void testInsertAssertionInvalidRoleName() throws Exception {
JDBCConnection jdbcConn = new JDBCConnection(mockConn, true);
Assertion assertion = new Assertion().setAction("read").setEffect(AssertionEffect.ALLOW).setResource("my-domain:*").setRole("invalid_role");
try {
jdbcConn.insertAssertion("my-domain", "policy1", assertion);
fail();
} catch (Exception ex) {
assertTrue(true);
}
jdbcConn.close();
}
Also used :
Assertion(com.yahoo.athenz.zms.Assertion)
JDBCConnection(com.yahoo.athenz.zms.store.jdbc.JDBCConnection)
ResourceException(com.yahoo.athenz.zms.ResourceException)
SQLException(java.sql.SQLException)
Test(org.testng.annotations.Test)
Example 52 with Assertion
use of com.yahoo.athenz.zms.Assertion in project athenz by yahoo.
the class JDBCConnectionTest method testInsertAssertionInvalidDomain.
@Test
public void testInsertAssertionInvalidDomain() throws Exception {
JDBCConnection jdbcConn = new JDBCConnection(mockConn, true);
Assertion assertion = new Assertion().setAction("read").setEffect(AssertionEffect.ALLOW).setResource("my-domain:*").setRole("my-domain:role.role1");
Mockito.when(mockResultSet.next()).thenReturn(// this one is for domain id
false);
Mockito.doReturn(1).when(mockPrepStmt).executeUpdate();
try {
jdbcConn.insertAssertion("my-domain", "policy1", assertion);
fail();
} catch (Exception ex) {
assertTrue(true);
}
jdbcConn.close();
}
Also used :
Assertion(com.yahoo.athenz.zms.Assertion)
JDBCConnection(com.yahoo.athenz.zms.store.jdbc.JDBCConnection)
ResourceException(com.yahoo.athenz.zms.ResourceException)
SQLException(java.sql.SQLException)
Test(org.testng.annotations.Test)
Example 53 with Assertion
use of com.yahoo.athenz.zms.Assertion in project athenz by yahoo.
the class JDBCConnection method getAssertion.
@Override
public Assertion getAssertion(String domainName, String policyName, Long assertionId) {
final String caller = "getAssertion";
Assertion assertion = null;
try (PreparedStatement ps = con.prepareStatement(SQL_GET_ASSERTION)) {
ps.setInt(1, assertionId.intValue());
ps.setString(2, domainName);
ps.setString(3, policyName);
try (ResultSet rs = executeQuery(ps, caller)) {
if (rs.next()) {
assertion = new Assertion();
assertion.setRole(ZMSUtils.roleResourceName(domainName, rs.getString(ZMSConsts.DB_COLUMN_ROLE)));
assertion.setResource(rs.getString(ZMSConsts.DB_COLUMN_RESOURCE));
assertion.setAction(rs.getString(ZMSConsts.DB_COLUMN_ACTION));
assertion.setEffect(AssertionEffect.valueOf(rs.getString(ZMSConsts.DB_COLUMN_EFFECT)));
assertion.setId((long) rs.getInt(ZMSConsts.DB_COLUMN_ASSERT_ID));
}
}
} catch (SQLException ex) {
throw sqlError(ex, caller);
}
return assertion;
}
Also used :
SQLException(java.sql.SQLException)
Assertion(com.yahoo.athenz.zms.Assertion)
ResultSet(java.sql.ResultSet)
PreparedStatement(java.sql.PreparedStatement)
Example 54 with Assertion
use of com.yahoo.athenz.zms.Assertion in project athenz by yahoo.
the class JDBCConnection method addRoleAssertions.
void addRoleAssertions(List<Assertion> principalAssertions, List<Assertion> roleAssertions, Map<String, String> awsDomains) {
if (roleAssertions == null || roleAssertions.isEmpty()) {
if (LOG.isDebugEnabled()) {
LOG.debug("addRoleAssertions: role assertion list is empty");
}
return;
}
if (awsDomains == null || awsDomains.isEmpty()) {
principalAssertions.addAll(roleAssertions);
return;
}
for (Assertion assertion : roleAssertions) {
final String resource = assertion.getResource();
if (LOG.isDebugEnabled()) {
LOG.debug("addRoleAssertions: processing assertion: {}", resource);
}
if (resource.startsWith(AWS_ARN_PREFIX)) {
principalAssertions.add(assertion);
continue;
}
// otherwise we're going to look for the domain component
int idx = resource.indexOf(':');
if (idx == -1) {
if (LOG.isDebugEnabled()) {
LOG.debug("addRoleAssertions: resource without domain component: {}", resource);
}
continue;
}
final String resourceDomain = resource.substring(0, idx);
String awsDomain = awsDomains.get(resourceDomain);
if (awsDomain == null) {
if (LOG.isDebugEnabled()) {
LOG.debug("addRoleAssertions: resource without aws domain: {}", resourceDomain);
}
continue;
}
StringBuilder awsRole = new StringBuilder(512);
awsRole.append(AWS_ARN_PREFIX).append(awsDomain).append(":role/").append(resource.substring(idx + 1));
assertion.setResource(awsRole.toString());
principalAssertions.add(assertion);
}
}
Also used :
Assertion(com.yahoo.athenz.zms.Assertion)
Example 55 with Assertion
use of com.yahoo.athenz.zms.Assertion in project athenz by yahoo.
the class JDBCConnection method getRoleAssertions.
Map<String, List<Assertion>> getRoleAssertions(String action, String caller) {
Map<String, List<Assertion>> roleAssertions = new HashMap<>();
try (PreparedStatement ps = prepareRoleAssertionsStatement(action)) {
try (ResultSet rs = executeQuery(ps, caller)) {
while (rs.next()) {
Assertion assertion = new Assertion();
String domainName = rs.getString(ZMSConsts.DB_COLUMN_NAME);
String roleName = rs.getString(ZMSConsts.DB_COLUMN_ROLE);
assertion.setRole(ZMSUtils.roleResourceName(domainName, roleName));
assertion.setResource(rs.getString(ZMSConsts.DB_COLUMN_RESOURCE));
assertion.setAction(rs.getString(ZMSConsts.DB_COLUMN_ACTION));
assertion.setEffect(AssertionEffect.valueOf(rs.getString(ZMSConsts.DB_COLUMN_EFFECT)));
assertion.setId((long) rs.getInt(ZMSConsts.DB_COLUMN_ASSERT_ID));
String index = roleIndex(rs.getString(ZMSConsts.DB_COLUMN_DOMAIN_ID), roleName);
List<Assertion> assertions = roleAssertions.get(index);
if (assertions == null) {
assertions = new ArrayList<>();
roleAssertions.put(index, assertions);
}
if (LOG.isDebugEnabled()) {
LOG.debug(caller + ": adding assertion " + assertion + " for " + index);
}
assertions.add(assertion);
}
}
} catch (SQLException ex) {
throw sqlError(ex, caller);
}
return roleAssertions;
}
Also used :
HashMap(java.util.HashMap)
SQLException(java.sql.SQLException)
ResultSet(java.sql.ResultSet)
Assertion(com.yahoo.athenz.zms.Assertion)
ArrayList(java.util.ArrayList)
DomainModifiedList(com.yahoo.athenz.zms.DomainModifiedList)
ResourceAccessList(com.yahoo.athenz.zms.ResourceAccessList)
List(java.util.List)
PreparedStatement(java.sql.PreparedStatement)
Aggregations
Assertion (com.yahoo.athenz.zms.Assertion)61
Test (org.testng.annotations.Test)38
ArrayList (java.util.ArrayList)29
Policy (com.yahoo.athenz.zms.Policy)23
Role (com.yahoo.athenz.zms.Role)19
JDBCConnection (com.yahoo.athenz.zms.store.jdbc.JDBCConnection)16
RoleMember (com.yahoo.athenz.zms.RoleMember)11
DomainData (com.yahoo.athenz.zms.DomainData)10
HashMap (java.util.HashMap)9
SQLException (java.sql.SQLException)8
SignedDomain (com.yahoo.athenz.zms.SignedDomain)7
DataCache (com.yahoo.athenz.zts.cache.DataCache)7
Domain (com.yahoo.athenz.zms.Domain)5
ResourceAccessList (com.yahoo.athenz.zms.ResourceAccessList)5
ResourceAccess (com.yahoo.athenz.zms.ResourceAccess)4
ResourceException (com.yahoo.athenz.zms.ResourceException)4
PreparedStatement (java.sql.PreparedStatement)4
ResultSet (java.sql.ResultSet)4
DomainModifiedList (com.yahoo.athenz.zms.DomainModifiedList)3
ServiceIdentity (com.yahoo.athenz.zms.ServiceIdentity)3
