Examples with Assertion com.yahoo.athenz.zms.Assertion used on opensource projects

Example 41 with Assertion

use of com.yahoo.athenz.zms.Assertion in project athenz by yahoo.

the class ZTSImplTest method createTenantSignedDomain.

private SignedDomain createTenantSignedDomain(String domainName, String providerDomain, String providerService) {
    SignedDomain signedDomain = new SignedDomain();
    List<Role> roles = new ArrayList<>();
    Role role = new Role();
    role.setName(generateRoleName(domainName, "admin"));
    List<RoleMember> members = new ArrayList<>();
    members.add(new RoleMember().setMemberName("user_domain.user"));
    role.setRoleMembers(members);
    roles.add(role);
    role = new Role();
    role.setName(generateRoleName(domainName, "tenancy." + providerDomain + "." + providerService + ".admin"));
    members = new ArrayList<>();
    members.add(new RoleMember().setMemberName("user_domain.user100"));
    members.add(new RoleMember().setMemberName("user_domain.user101"));
    role.setRoleMembers(members);
    roles.add(role);
    role = new Role();
    role.setName(generateRoleName(domainName, "readers"));
    members = new ArrayList<>();
    members.add(new RoleMember().setMemberName("user_domain.user100"));
    members.add(new RoleMember().setMemberName("user_domain.user101"));
    role.setRoleMembers(members);
    roles.add(role);
    ServiceIdentity service = new ServiceIdentity();
    service.setName(domainName + ".storage");
    setServicePublicKey(service, "0", ZTS_Y64_CERT0);
    List<String> hosts = new ArrayList<>();
    hosts.add("host1");
    hosts.add("host2");
    service.setHosts(hosts);
    List<ServiceIdentity> services = new ArrayList<>();
    services.add(service);
    List<com.yahoo.athenz.zms.Policy> policies = new ArrayList<>();
    com.yahoo.athenz.zms.Policy policy = new com.yahoo.athenz.zms.Policy();
    com.yahoo.athenz.zms.Assertion assertion = new com.yahoo.athenz.zms.Assertion();
    assertion.setResource(generateRoleName(providerDomain, "tenant.readers"));
    assertion.setAction("assume_role");
    assertion.setRole(generateRoleName(domainName, "readers"));
    List<com.yahoo.athenz.zms.Assertion> assertions = new ArrayList<>();
    assertions.add(assertion);
    policy.setAssertions(assertions);
    policy.setName(generatePolicyName(domainName, "tenancy.readers"));
    policies.add(policy);
    policy = new com.yahoo.athenz.zms.Policy();
    assertion = new com.yahoo.athenz.zms.Assertion();
    assertion.setResource(generateRoleName(providerDomain, providerService + ".tenant." + domainName + ".admin"));
    assertion.setAction("assume_role");
    assertion.setRole(generateRoleName(domainName, "tenancy." + providerDomain + "." + providerService + ".admin"));
    assertions = new ArrayList<>();
    assertions.add(assertion);
    policy.setAssertions(assertions);
    policy.setName(generatePolicyName(domainName, "tenancy." + providerDomain + "." + providerService + ".admin"));
    policies.add(policy);
    com.yahoo.athenz.zms.DomainPolicies domainPolicies = new com.yahoo.athenz.zms.DomainPolicies();
    domainPolicies.setDomain(domainName);
    domainPolicies.setPolicies(policies);
    com.yahoo.athenz.zms.SignedPolicies signedPolicies = new com.yahoo.athenz.zms.SignedPolicies();
    signedPolicies.setContents(domainPolicies);
    signedPolicies.setSignature(Crypto.sign(SignUtils.asCanonicalString(domainPolicies), privateKey));
    signedPolicies.setKeyId("0");
    DomainData domain = new DomainData();
    domain.setName(domainName);
    domain.setRoles(roles);
    domain.setServices(services);
    domain.setPolicies(signedPolicies);
    signedDomain.setDomain(domain);
    signedDomain.setSignature(Crypto.sign(SignUtils.asCanonicalString(domain), privateKey));
    signedDomain.setKeyId("0");
    return signedDomain;
}

Example 42 with Assertion

use of com.yahoo.athenz.zms.Assertion in project athenz by yahoo.

the class ZTSImplTest method createAwsSignedDomain.

private SignedDomain createAwsSignedDomain(String domainName, String account) {
    SignedDomain signedDomain = new SignedDomain();
    List<Role> roles = new ArrayList<>();
    Role role = new Role();
    role.setName(generateRoleName(domainName, "admin"));
    List<RoleMember> members = new ArrayList<>();
    members.add(new RoleMember().setMemberName("user_domain.user"));
    role.setRoleMembers(members);
    roles.add(role);
    role = new Role();
    role.setName(generateRoleName(domainName, "aws_role"));
    members = new ArrayList<>();
    members.add(new RoleMember().setMemberName("user_domain.user100"));
    members.add(new RoleMember().setMemberName("user_domain.user101"));
    role.setRoleMembers(members);
    roles.add(role);
    List<com.yahoo.athenz.zms.Policy> policies = new ArrayList<>();
    com.yahoo.athenz.zms.Policy policy = new com.yahoo.athenz.zms.Policy();
    com.yahoo.athenz.zms.Assertion assertion = new com.yahoo.athenz.zms.Assertion();
    assertion.setResource(domainName + ":aws_role_name");
    assertion.setAction("assume_aws_role");
    assertion.setRole(generateRoleName(domainName, "aws_role"));
    List<com.yahoo.athenz.zms.Assertion> assertions = new ArrayList<>();
    assertions.add(assertion);
    policy.setAssertions(assertions);
    policy.setName(generatePolicyName(domainName, "aws_policy"));
    policies.add(policy);
    com.yahoo.athenz.zms.DomainPolicies domainPolicies = new com.yahoo.athenz.zms.DomainPolicies();
    domainPolicies.setDomain(domainName);
    domainPolicies.setPolicies(policies);
    com.yahoo.athenz.zms.SignedPolicies signedPolicies = new com.yahoo.athenz.zms.SignedPolicies();
    signedPolicies.setContents(domainPolicies);
    signedPolicies.setSignature(Crypto.sign(SignUtils.asCanonicalString(domainPolicies), privateKey));
    signedPolicies.setKeyId("0");
    DomainData domain = new DomainData();
    domain.setName(domainName);
    domain.setAccount(account);
    domain.setRoles(roles);
    domain.setPolicies(signedPolicies);
    signedDomain.setDomain(domain);
    signedDomain.setSignature(Crypto.sign(SignUtils.asCanonicalString(domain), privateKey));
    signedDomain.setKeyId("0");
    return signedDomain;
}

Example 43 with Assertion

use of com.yahoo.athenz.zms.Assertion in project athenz by yahoo.

the class ZTSImplTest method testGetPolicyList.

@Test
public void testGetPolicyList() {
    List<com.yahoo.athenz.zms.Policy> policies = new ArrayList<>();
    List<com.yahoo.athenz.zms.Assertion> assertions = new ArrayList<>();
    com.yahoo.athenz.zms.Policy policy = new com.yahoo.athenz.zms.Policy();
    com.yahoo.athenz.zms.Assertion assertion = new com.yahoo.athenz.zms.Assertion();
    assertion.setResource("coretech:tenant.weather.*");
    assertion.setAction("read");
    assertion.setRole("coretech:role.readers");
    assertions.add(assertion);
    policy.setAssertions(assertions);
    policy.setName("coretech:policy.reader");
    policies.add(policy);
    policy = new com.yahoo.athenz.zms.Policy();
    assertion = new com.yahoo.athenz.zms.Assertion();
    assertion.setResource("coretech:tenant.weather.*");
    assertion.setAction("write");
    assertion.setRole("coretech:role.writers");
    assertions.add(assertion);
    policy.setAssertions(assertions);
    policy.setName("coretech:policy.writer");
    policies.add(policy);
    com.yahoo.athenz.zms.DomainPolicies domainPolicies = new com.yahoo.athenz.zms.DomainPolicies();
    domainPolicies.setDomain("coretech");
    domainPolicies.setPolicies(policies);
    com.yahoo.athenz.zms.SignedPolicies signedPolicies = new com.yahoo.athenz.zms.SignedPolicies();
    signedPolicies.setContents(domainPolicies);
    signedPolicies.setSignature(Crypto.sign(SignUtils.asCanonicalString(domainPolicies), privateKey));
    signedPolicies.setKeyId("0");
    DomainData domain = new DomainData();
    domain.setName("coretech");
    domain.setPolicies(signedPolicies);
    domain.setModified(Timestamp.fromCurrentTime());
    List<com.yahoo.athenz.zts.Policy> policyList = zts.getPolicyList(domain);
    assertEquals(policyList.size(), 2);
    assertEquals(policyList.get(0).getName(), "coretech:policy.reader");
    assertEquals(policyList.get(1).getName(), "coretech:policy.writer");
}

Example 44 with Assertion

use of com.yahoo.athenz.zms.Assertion in project athenz by yahoo.

the class ZTSImplTest method testMatchDelegatedTrustAssertionNoRoleMatchWithOutPattern.

@Test
public void testMatchDelegatedTrustAssertionNoRoleMatchWithOutPattern() {
    Assertion assertion = new Assertion();
    assertion.setAction("ASSUME_ROLE");
    assertion.setEffect(AssertionEffect.ALLOW);
    assertion.setResource("*:role.Role");
    assertion.setRole("weather:role.Role");
    Role role = null;
    List<Role> roles = new ArrayList<>();
    role = createRoleObject("coretech", "Role1", null);
    roles.add(role);
    role = createRoleObject("coretech", "Role2", null);
    roles.add(role);
    assertFalse(authorizer.matchDelegatedTrustAssertion(assertion, "weather:role.Role1", null, roles));
    assertFalse(authorizer.matchDelegatedTrustAssertion(assertion, "coretech:role.Role", null, roles));
}

Example 45 with Assertion

use of com.yahoo.athenz.zms.Assertion in project athenz by yahoo.

the class ZTSImplTest method createPolicyObject.

private Policy createPolicyObject(String domainName, String policyName, String roleName, boolean generateRoleName, String action, String resource, AssertionEffect effect) {
    Policy policy = new Policy();
    policy.setName(domainName + ":policy." + policyName);
    Assertion assertion = new Assertion();
    assertion.setAction(action);
    assertion.setEffect(effect);
    assertion.setResource(resource);
    if (generateRoleName) {
        assertion.setRole(domainName + ":role." + roleName);
    } else {
        assertion.setRole(roleName);
    }
    List<Assertion> assertList = new ArrayList<Assertion>();
    assertList.add(assertion);
    policy.setAssertions(assertList);
    return policy;
}