Examples with Assertion com.yahoo.athenz.zms.Assertion used on opensource projects

Example 11 with Assertion

use of com.yahoo.athenz.zms.Assertion in project athenz by yahoo.

the class JDBCConnectionTest method testAddRoleAssertionsAwsDomainListEmpty.

@Test
public void testAddRoleAssertionsAwsDomainListEmpty() throws SQLException {
    JDBCConnection jdbcConn = new JDBCConnection(mockConn, true);
    List<Assertion> principalAssertions = new ArrayList<>();
    List<Assertion> roleAssertions = new ArrayList<>();
    Assertion assertion = new Assertion().setAction("update").setResource("dom1:resource").setRole("role");
    roleAssertions.add(assertion);
    jdbcConn.addRoleAssertions(principalAssertions, roleAssertions, null);
    assertEquals(1, principalAssertions.size());
    principalAssertions.clear();
    jdbcConn.addRoleAssertions(principalAssertions, roleAssertions, new HashMap<String, String>());
    assertEquals(1, principalAssertions.size());
    jdbcConn.close();
}

Example 12 with Assertion

use of com.yahoo.athenz.zms.Assertion in project athenz by yahoo.

the class JDBCConnectionTest method testInsertAssertionDuplicate.

@Test
public void testInsertAssertionDuplicate() throws Exception {
    JDBCConnection jdbcConn = new JDBCConnection(mockConn, true);
    Assertion assertion = new Assertion().setAction("read").setEffect(AssertionEffect.ALLOW).setResource("my-domain:*").setRole("my-domain:role.role1");
    Mockito.when(mockResultSet.getInt(1)).thenReturn(// domain id
    5).thenReturn(// policy id
    7);
    Mockito.when(mockResultSet.next()).thenReturn(// this one is for domain id
    true).thenReturn(// this one is for policy id
    true).thenReturn(// insertion is found
    true);
    Mockito.doReturn(1).when(mockPrepStmt).executeUpdate();
    boolean requestSuccess = jdbcConn.insertAssertion("my-domain", "policy1", assertion);
    assertTrue(requestSuccess);
    // getting domain and policy ids
    Mockito.verify(mockPrepStmt, times(1)).setString(1, "my-domain");
    Mockito.verify(mockPrepStmt, times(1)).setInt(1, 5);
    Mockito.verify(mockPrepStmt, times(1)).setString(2, "policy1");
    // assertion statement
    Mockito.verify(mockPrepStmt, times(1)).setInt(1, 7);
    Mockito.verify(mockPrepStmt, times(1)).setString(2, "role1");
    Mockito.verify(mockPrepStmt, times(1)).setString(3, "my-domain:*");
    Mockito.verify(mockPrepStmt, times(1)).setString(4, "read");
    Mockito.verify(mockPrepStmt, times(1)).setString(5, "ALLOW");
    jdbcConn.close();
}

Example 13 with Assertion

use of com.yahoo.athenz.zms.Assertion in project athenz by yahoo.

the class JDBCConnectionTest method testListResourceAccessEmptyRoleAssertions.

@Test
public void testListResourceAccessEmptyRoleAssertions() throws SQLException {
    JDBCConnection jdbcConn = new JDBCConnection(mockConn, true);
    Mockito.when(mockResultSet.next()).thenReturn(true).thenReturn(true).thenReturn(true).thenReturn(// upto here is role principals
    false).thenReturn(// we have no role assertions
    false);
    Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_NAME)).thenReturn("user.user1").thenReturn("user.user2").thenReturn("user.user3");
    Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_DOMAIN_ID)).thenReturn("101").thenReturn("101").thenReturn("102");
    Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ROLE_NAME)).thenReturn("role1").thenReturn("role1").thenReturn("role3");
    ResourceAccessList resourceAccessList = jdbcConn.listResourceAccess("user.user1", "update", "user");
    // we should get an empty assertion set for the principal
    List<ResourceAccess> resources = resourceAccessList.getResources();
    assertEquals(1, resources.size());
    ResourceAccess rsrcAccess = resources.get(0);
    assertEquals("user.user1", rsrcAccess.getPrincipal());
    List<Assertion> assertions = rsrcAccess.getAssertions();
    assertTrue(assertions.isEmpty());
    jdbcConn.close();
}

Example 14 with Assertion

use of com.yahoo.athenz.zms.Assertion in project athenz by yahoo.

the class JDBCConnectionTest method testAddRoleAssertions.

@Test
public void testAddRoleAssertions() throws SQLException {
    JDBCConnection jdbcConn = new JDBCConnection(mockConn, true);
    List<Assertion> principalAssertions = new ArrayList<>();
    List<Assertion> roleAssertions = new ArrayList<>();
    Assertion assertion = new Assertion().setAction("update").setResource("dom1:resource").setRole("role");
    roleAssertions.add(assertion);
    assertion = new Assertion().setAction("update").setResource("dom2:resource1").setRole("role");
    roleAssertions.add(assertion);
    assertion = new Assertion().setAction("update").setResource("resource3").setRole("role");
    roleAssertions.add(assertion);
    Map<String, String> awsDomains = new HashMap<>();
    awsDomains.put("dom1", "12345");
    // we're going to skip 2 invalid assertions - no aws domains
    jdbcConn.addRoleAssertions(principalAssertions, roleAssertions, awsDomains);
    assertEquals(1, principalAssertions.size());
    assertEquals("arn:aws:iam::12345:role/resource", principalAssertions.get(0).getResource());
    jdbcConn.close();
}

Example 15 with Assertion

use of com.yahoo.athenz.zms.Assertion in project athenz by yahoo.

the class JDBCConnectionTest method testInsertAssertionInvalidPolicy.

@Test
public void testInsertAssertionInvalidPolicy() throws Exception {
    JDBCConnection jdbcConn = new JDBCConnection(mockConn, true);
    Assertion assertion = new Assertion().setAction("read").setEffect(AssertionEffect.ALLOW).setResource("my-domain:*").setRole("my-domain:role.role1");
    Mockito.when(mockResultSet.getInt(1)).thenReturn(// domain id
    5);
    Mockito.when(mockResultSet.next()).thenReturn(// this one is for domain id
    true).thenReturn(// this one is for policy id
    false);
    try {
        jdbcConn.insertAssertion("my-domain", "policy1", assertion);
        fail();
    } catch (Exception ex) {
        assertTrue(true);
    }
    jdbcConn.close();
}