Example 56 with Assertion
use of com.yahoo.athenz.zms.Assertion in project athenz by yahoo.
the class JDBCConnection method getAthenzDomainPolicies.
void getAthenzDomainPolicies(String domainName, int domainId, AthenzDomain athenzDomain, String caller) {
Map<String, Policy> policyMap = new HashMap<>();
try (PreparedStatement ps = con.prepareStatement(SQL_GET_DOMAIN_POLICIES)) {
ps.setInt(1, domainId);
try (ResultSet rs = executeQuery(ps, caller)) {
while (rs.next()) {
String policyName = rs.getString(ZMSConsts.DB_COLUMN_NAME);
Policy policy = new Policy().setName(ZMSUtils.policyResourceName(domainName, policyName)).setModified(Timestamp.fromMillis(rs.getTimestamp(ZMSConsts.DB_COLUMN_MODIFIED).getTime()));
policyMap.put(policyName, policy);
}
}
} catch (SQLException ex) {
throw sqlError(ex, caller);
}
try (PreparedStatement ps = con.prepareStatement(SQL_GET_DOMAIN_POLICY_ASSERTIONS)) {
ps.setInt(1, domainId);
try (ResultSet rs = executeQuery(ps, caller)) {
while (rs.next()) {
String policyName = rs.getString(1);
Policy policy = policyMap.get(policyName);
if (policy == null) {
continue;
}
List<Assertion> assertions = policy.getAssertions();
if (assertions == null) {
assertions = new ArrayList<>();
policy.setAssertions(assertions);
}
Assertion assertion = new Assertion();
assertion.setRole(ZMSUtils.roleResourceName(domainName, rs.getString(ZMSConsts.DB_COLUMN_ROLE)));
assertion.setResource(rs.getString(ZMSConsts.DB_COLUMN_RESOURCE));
assertion.setAction(rs.getString(ZMSConsts.DB_COLUMN_ACTION));
assertion.setEffect(AssertionEffect.valueOf(rs.getString(ZMSConsts.DB_COLUMN_EFFECT)));
assertion.setId((long) rs.getInt(ZMSConsts.DB_COLUMN_ASSERT_ID));
assertions.add(assertion);
}
}
} catch (SQLException ex) {
throw sqlError(ex, caller);
}
athenzDomain.getPolicies().addAll(policyMap.values());
}
Also used :
Policy(com.yahoo.athenz.zms.Policy)
HashMap(java.util.HashMap)
SQLException(java.sql.SQLException)
ResultSet(java.sql.ResultSet)
Assertion(com.yahoo.athenz.zms.Assertion)
PreparedStatement(java.sql.PreparedStatement)
Example 57 with Assertion
use of com.yahoo.athenz.zms.Assertion in project athenz by yahoo.
the class SignUtilsTest method testAsStructPolicy.
@Test
public void testAsStructPolicy() {
List<Policy> policies = new ArrayList<Policy>();
Policy mPolicy = Mockito.mock(Policy.class);
policies.add(mPolicy);
List<Assertion> assertions = new ArrayList<Assertion>();
Assertion mAssertion = Mockito.mock(Assertion.class);
assertions.add(mAssertion);
Mockito.when(mockPolicies.getPolicies()).thenReturn(policies);
Mockito.when(mPolicy.getAssertions()).thenReturn(assertions);
String check = SignUtils.asCanonicalString(mockPolicies);
assertNotNull(check);
assertEquals(check, "{\"policies\":[{\"assertions\":[{}]}]}");
Mockito.when(mPolicy.getAssertions()).thenReturn(null);
check = SignUtils.asCanonicalString(mockPolicies);
assertNotNull(check);
assertEquals(check, "{\"policies\":[{}]}");
}Example 58 with Assertion
use of com.yahoo.athenz.zms.Assertion in project athenz by yahoo.
the class ZMSUtilsTest method testAssumeRoleResourceMatchActionNoMatch.
@Test
public void testAssumeRoleResourceMatchActionNoMatch() {
Assertion assertion = new Assertion().setAction("test").setEffect(AssertionEffect.ALLOW).setRole("domain1:role.role1").setResource("domain1:*");
assertFalse(ZMSUtils.assumeRoleResourceMatch("domain1:role.role1", assertion));
assertion = new Assertion().setAction("assume_role1").setEffect(AssertionEffect.ALLOW).setRole("domain1:role.role1").setResource("domain1:*");
assertFalse(ZMSUtils.assumeRoleResourceMatch("domain1:role.role1", assertion));
assertion = new Assertion().setAction("assume_rol").setEffect(AssertionEffect.ALLOW).setRole("domain1:role.role1").setResource("domain1:*");
assertFalse(ZMSUtils.assumeRoleResourceMatch("domain1:role.role1", assertion));
}Example 59 with Assertion
use of com.yahoo.athenz.zms.Assertion in project athenz by yahoo.
the class ZMSUtilsTest method testAssumeRoleResourceMatchRoleNoMatch.
@Test
public void testAssumeRoleResourceMatchRoleNoMatch() {
Assertion assertion = new Assertion().setAction("assume_role").setEffect(AssertionEffect.ALLOW).setRole("domain1:role.role1").setResource("domain1:role.role2");
assertFalse(ZMSUtils.assumeRoleResourceMatch("domain1:role.role1", assertion));
assertion = new Assertion().setAction("assume_role").setEffect(AssertionEffect.ALLOW).setRole("domain1:role.role1").setResource("domain2:role.role1");
assertFalse(ZMSUtils.assumeRoleResourceMatch("domain1:role.role1", assertion));
assertion = new Assertion().setAction("assume_role").setEffect(AssertionEffect.ALLOW).setRole("domain1:role.role1").setResource("domain1:role.reader*");
assertFalse(ZMSUtils.assumeRoleResourceMatch("domain1:role.role1", assertion));
assertion = new Assertion().setAction("assume_role").setEffect(AssertionEffect.ALLOW).setRole("domain1:role.role1").setResource("*:role.role2");
assertFalse(ZMSUtils.assumeRoleResourceMatch("domain1:role.role1", assertion));
}Example 60 with Assertion
use of com.yahoo.athenz.zms.Assertion in project athenz by yahoo.
the class JDBCConnectionTest method testListResourceAccessRegisteredRolePrincipals.
@Test
public void testListResourceAccessRegisteredRolePrincipals() throws SQLException {
JDBCConnection jdbcConn = new JDBCConnection(mockConn, true);
// no role principals
Mockito.when(mockResultSet.next()).thenReturn(// no role principal return
false).thenReturn(// valid principal id
true);
Mockito.doReturn(7).when(mockResultSet).getInt(1);
ResourceAccessList resourceAccessList = jdbcConn.listResourceAccess("user.user1", "update", "user");
// we should get an empty assertion set for the principal
List<ResourceAccess> resources = resourceAccessList.getResources();
assertEquals(1, resources.size());
ResourceAccess rsrcAccess = resources.get(0);
assertEquals("user.user1", rsrcAccess.getPrincipal());
List<Assertion> assertions = rsrcAccess.getAssertions();
assertTrue(assertions.isEmpty());
jdbcConn.close();
}
Also used :
ResourceAccess(com.yahoo.athenz.zms.ResourceAccess)
ResourceAccessList(com.yahoo.athenz.zms.ResourceAccessList)
Assertion(com.yahoo.athenz.zms.Assertion)
JDBCConnection(com.yahoo.athenz.zms.store.jdbc.JDBCConnection)
Test(org.testng.annotations.Test)
Aggregations
Assertion (com.yahoo.athenz.zms.Assertion)61
Test (org.testng.annotations.Test)38
ArrayList (java.util.ArrayList)29
Policy (com.yahoo.athenz.zms.Policy)23
Role (com.yahoo.athenz.zms.Role)19
JDBCConnection (com.yahoo.athenz.zms.store.jdbc.JDBCConnection)16
RoleMember (com.yahoo.athenz.zms.RoleMember)11
DomainData (com.yahoo.athenz.zms.DomainData)10
HashMap (java.util.HashMap)9
SQLException (java.sql.SQLException)8
SignedDomain (com.yahoo.athenz.zms.SignedDomain)7
DataCache (com.yahoo.athenz.zts.cache.DataCache)7
Domain (com.yahoo.athenz.zms.Domain)5
ResourceAccessList (com.yahoo.athenz.zms.ResourceAccessList)5
ResourceAccess (com.yahoo.athenz.zms.ResourceAccess)4
ResourceException (com.yahoo.athenz.zms.ResourceException)4
PreparedStatement (java.sql.PreparedStatement)4
ResultSet (java.sql.ResultSet)4
DomainModifiedList (com.yahoo.athenz.zms.DomainModifiedList)3
ServiceIdentity (com.yahoo.athenz.zms.ServiceIdentity)3
