Example 16 with Assertion
use of com.yahoo.athenz.zms.Assertion in project athenz by yahoo.
the class ZTSImplTest method signedBootstrapTenantDomain.
private SignedDomain signedBootstrapTenantDomain(String provider, String domainName, String serviceName, String awsAccount) {
SignedDomain signedDomain = new SignedDomain();
List<Role> roles = new ArrayList<>();
Role role = new Role();
role.setName(generateRoleName(domainName, "providers"));
List<RoleMember> members = new ArrayList<>();
members.add(new RoleMember().setMemberName(provider));
role.setRoleMembers(members);
roles.add(role);
List<com.yahoo.athenz.zms.Policy> policies = new ArrayList<>();
com.yahoo.athenz.zms.Policy policy = new com.yahoo.athenz.zms.Policy();
com.yahoo.athenz.zms.Assertion assertion = new com.yahoo.athenz.zms.Assertion();
assertion.setResource(domainName + ":service." + serviceName);
assertion.setAction("launch");
assertion.setRole(generateRoleName(domainName, "providers"));
List<com.yahoo.athenz.zms.Assertion> assertions = new ArrayList<>();
assertions.add(assertion);
policy.setAssertions(assertions);
policy.setName(generatePolicyName(domainName, "providers"));
policies.add(policy);
com.yahoo.athenz.zms.DomainPolicies domainPolicies = new com.yahoo.athenz.zms.DomainPolicies();
domainPolicies.setDomain(domainName);
domainPolicies.setPolicies(policies);
com.yahoo.athenz.zms.SignedPolicies signedPolicies = new com.yahoo.athenz.zms.SignedPolicies();
signedPolicies.setContents(domainPolicies);
signedPolicies.setSignature(Crypto.sign(SignUtils.asCanonicalString(domainPolicies), privateKey));
signedPolicies.setKeyId("0");
DomainData domain = new DomainData();
domain.setName(domainName);
domain.setRoles(roles);
domain.setAccount(awsAccount);
domain.setPolicies(signedPolicies);
domain.setModified(Timestamp.fromCurrentTime());
signedDomain.setDomain(domain);
signedDomain.setSignature(Crypto.sign(SignUtils.asCanonicalString(domain), privateKey));
signedDomain.setKeyId("0");
return signedDomain;
}
Also used :
Policy(com.yahoo.athenz.zms.Policy)
Policy(com.yahoo.athenz.zms.Policy)
ArrayList(java.util.ArrayList)
Assertion(com.yahoo.athenz.zms.Assertion)
DomainData(com.yahoo.athenz.zms.DomainData)
Assertion(com.yahoo.athenz.zms.Assertion)
Role(com.yahoo.athenz.zms.Role)
SignedDomain(com.yahoo.athenz.zms.SignedDomain)
RoleMember(com.yahoo.athenz.zms.RoleMember)
Example 17 with Assertion
use of com.yahoo.athenz.zms.Assertion in project athenz by yahoo.
the class ZTSImplTest method testEvaluateAccessAssertionDeny.
@Test
public void testEvaluateAccessAssertionDeny() {
DataCache domain = new DataCache();
DomainData domainData = new DomainData();
domainData.setName("coretech");
domain.setDomainData(domainData);
domainData.setRoles(new ArrayList<Role>());
Role role = createRoleObject("coretech", "role1", null, "user_domain.user1", null);
domainData.getRoles().add(role);
Policy policy = new Policy().setName("coretech:policy.policy1");
Assertion assertion = new Assertion();
assertion.setAction("read");
assertion.setEffect(AssertionEffect.DENY);
assertion.setResource("coretech:*");
assertion.setRole("coretech:role.role1");
policy.setAssertions(new ArrayList<Assertion>());
policy.getAssertions().add(assertion);
domainData.setPolicies(new com.yahoo.athenz.zms.SignedPolicies());
domainData.getPolicies().setContents(new com.yahoo.athenz.zms.DomainPolicies());
domainData.getPolicies().getContents().setPolicies(new ArrayList<Policy>());
domainData.getPolicies().getContents().getPolicies().add(policy);
assertEquals(authorizer.evaluateAccess(domain, "user_domain.user1", "read", "coretech:resource1", null), AccessStatus.DENIED);
}Example 18 with Assertion
use of com.yahoo.athenz.zms.Assertion in project athenz by yahoo.
the class DataCacheTest method testPolicyWithInvalidDomainNoRoles.
@Test
public void testPolicyWithInvalidDomainNoRoles() {
Domain domain = new Domain();
domain.setName("testDomain");
Policy policy = new Policy();
policy.setName("testDomain.policy.policy1");
Assertion assertion = new Assertion();
assertion.setAction("assume_role");
assertion.setEffect(AssertionEffect.ALLOW);
assertion.setResource("testDomain.role");
assertion.setRole("testDomain.role.role1");
List<Assertion> assertList = new ArrayList<Assertion>();
assertList.add(assertion);
policy.setAssertions(assertList);
HashMap<String, Role> roleList = new HashMap<>();
DataCache cache = new DataCache();
cache.processPolicy(domain.getName(), policy, roleList);
Set<MemberRole> set1 = cache.getMemberRoleSet("user_domain.user1");
assertNull(set1);
}Example 19 with Assertion
use of com.yahoo.athenz.zms.Assertion in project athenz by yahoo.
the class ZTSImplTest method testMatchDelegatedTrustAssertionNoMemberMatch.
@Test
public void testMatchDelegatedTrustAssertionNoMemberMatch() {
Assertion assertion = new Assertion();
assertion.setAction("ASSUME_ROLE");
assertion.setEffect(AssertionEffect.ALLOW);
assertion.setResource("*:role.Role");
assertion.setRole("weather:role.Role");
Role role = null;
List<Role> roles = new ArrayList<>();
role = createRoleObject("weather", "Role1", null, "user_domain.user1", null);
roles.add(role);
role = createRoleObject("weather", "Role", null, "user_domain.user2", null);
roles.add(role);
assertFalse(authorizer.matchDelegatedTrustAssertion(assertion, "weather:role.Role", "user_domain.user1", roles));
}Example 20 with Assertion
use of com.yahoo.athenz.zms.Assertion in project athenz by yahoo.
the class SignUtils method asStruct.
private static Struct asStruct(Policy policy) {
// all of our fields are in canonical order based
// on their attribute name
Struct struct = new Struct();
List<Assertion> assertions = policy.getAssertions();
if (assertions != null && !assertions.isEmpty()) {
Array assertionsArray = new Array();
for (Assertion assertion : assertions) {
Struct structAssertion = new Struct();
appendObject(structAssertion, ATTR_ACTION, assertion.getAction());
appendObject(structAssertion, ATTR_EFFECT, assertion.getEffect());
appendObject(structAssertion, ATTR_RESOURCE, assertion.getResource());
appendObject(structAssertion, ATTR_ROLE, assertion.getRole());
assertionsArray.add(structAssertion);
}
appendArray(struct, ATTR_ASSERTIONS, assertionsArray);
}
appendObject(struct, ATTR_MODIFIED, policy.getModified());
appendObject(struct, ATTR_NAME, policy.getName());
return struct;
}Aggregations
Assertion (com.yahoo.athenz.zms.Assertion)61
Test (org.testng.annotations.Test)38
ArrayList (java.util.ArrayList)29
Policy (com.yahoo.athenz.zms.Policy)23
Role (com.yahoo.athenz.zms.Role)19
JDBCConnection (com.yahoo.athenz.zms.store.jdbc.JDBCConnection)16
RoleMember (com.yahoo.athenz.zms.RoleMember)11
DomainData (com.yahoo.athenz.zms.DomainData)10
HashMap (java.util.HashMap)9
SQLException (java.sql.SQLException)8
SignedDomain (com.yahoo.athenz.zms.SignedDomain)7
DataCache (com.yahoo.athenz.zts.cache.DataCache)7
Domain (com.yahoo.athenz.zms.Domain)5
ResourceAccessList (com.yahoo.athenz.zms.ResourceAccessList)5
ResourceAccess (com.yahoo.athenz.zms.ResourceAccess)4
ResourceException (com.yahoo.athenz.zms.ResourceException)4
PreparedStatement (java.sql.PreparedStatement)4
ResultSet (java.sql.ResultSet)4
DomainModifiedList (com.yahoo.athenz.zms.DomainModifiedList)3
ServiceIdentity (com.yahoo.athenz.zms.ServiceIdentity)3
