Search in sources :

Example 11 with DomainData

use of com.yahoo.athenz.zms.DomainData in project athenz by yahoo.

the class ZTSImplTest method signedBootstrapTenantDomain.

private SignedDomain signedBootstrapTenantDomain(String provider, String domainName, String serviceName, String awsAccount) {
    SignedDomain signedDomain = new SignedDomain();
    List<Role> roles = new ArrayList<>();
    Role role = new Role();
    role.setName(generateRoleName(domainName, "providers"));
    List<RoleMember> members = new ArrayList<>();
    members.add(new RoleMember().setMemberName(provider));
    role.setRoleMembers(members);
    roles.add(role);
    List<com.yahoo.athenz.zms.Policy> policies = new ArrayList<>();
    com.yahoo.athenz.zms.Policy policy = new com.yahoo.athenz.zms.Policy();
    com.yahoo.athenz.zms.Assertion assertion = new com.yahoo.athenz.zms.Assertion();
    assertion.setResource(domainName + ":service." + serviceName);
    assertion.setAction("launch");
    assertion.setRole(generateRoleName(domainName, "providers"));
    List<com.yahoo.athenz.zms.Assertion> assertions = new ArrayList<>();
    assertions.add(assertion);
    policy.setAssertions(assertions);
    policy.setName(generatePolicyName(domainName, "providers"));
    policies.add(policy);
    com.yahoo.athenz.zms.DomainPolicies domainPolicies = new com.yahoo.athenz.zms.DomainPolicies();
    domainPolicies.setDomain(domainName);
    domainPolicies.setPolicies(policies);
    com.yahoo.athenz.zms.SignedPolicies signedPolicies = new com.yahoo.athenz.zms.SignedPolicies();
    signedPolicies.setContents(domainPolicies);
    signedPolicies.setSignature(Crypto.sign(SignUtils.asCanonicalString(domainPolicies), privateKey));
    signedPolicies.setKeyId("0");
    DomainData domain = new DomainData();
    domain.setName(domainName);
    domain.setRoles(roles);
    domain.setAccount(awsAccount);
    domain.setPolicies(signedPolicies);
    domain.setModified(Timestamp.fromCurrentTime());
    signedDomain.setDomain(domain);
    signedDomain.setSignature(Crypto.sign(SignUtils.asCanonicalString(domain), privateKey));
    signedDomain.setKeyId("0");
    return signedDomain;
}
Also used : Policy(com.yahoo.athenz.zms.Policy) Policy(com.yahoo.athenz.zms.Policy) ArrayList(java.util.ArrayList) Assertion(com.yahoo.athenz.zms.Assertion) DomainData(com.yahoo.athenz.zms.DomainData) Assertion(com.yahoo.athenz.zms.Assertion) Role(com.yahoo.athenz.zms.Role) SignedDomain(com.yahoo.athenz.zms.SignedDomain) RoleMember(com.yahoo.athenz.zms.RoleMember)

Example 12 with DomainData

use of com.yahoo.athenz.zms.DomainData in project athenz by yahoo.

the class ZTSImplTest method testEvaluateAccessNoAssertions.

@Test
public void testEvaluateAccessNoAssertions() {
    DataCache domain = new DataCache();
    DomainData domainData = new DomainData();
    domainData.setName("coretech");
    domain.setDomainData(domainData);
    domainData.setRoles(new ArrayList<Role>());
    Role role = new Role().setName("coretech:role.role1");
    domainData.getRoles().add(role);
    Policy policy = new Policy().setName("coretech:policy.policy1");
    domainData.setPolicies(new com.yahoo.athenz.zms.SignedPolicies());
    domainData.getPolicies().setContents(new com.yahoo.athenz.zms.DomainPolicies());
    domainData.getPolicies().getContents().setPolicies(new ArrayList<Policy>());
    domainData.getPolicies().getContents().getPolicies().add(policy);
    assertEquals(authorizer.evaluateAccess(domain, null, null, null, null), AccessStatus.DENIED);
}
Also used : Role(com.yahoo.athenz.zms.Role) Policy(com.yahoo.athenz.zms.Policy) DomainData(com.yahoo.athenz.zms.DomainData) DataCache(com.yahoo.athenz.zts.cache.DataCache) Test(org.testng.annotations.Test)

Example 13 with DomainData

use of com.yahoo.athenz.zms.DomainData in project athenz by yahoo.

the class ZTSImplTest method testEvaluateAccessAssertionDeny.

@Test
public void testEvaluateAccessAssertionDeny() {
    DataCache domain = new DataCache();
    DomainData domainData = new DomainData();
    domainData.setName("coretech");
    domain.setDomainData(domainData);
    domainData.setRoles(new ArrayList<Role>());
    Role role = createRoleObject("coretech", "role1", null, "user_domain.user1", null);
    domainData.getRoles().add(role);
    Policy policy = new Policy().setName("coretech:policy.policy1");
    Assertion assertion = new Assertion();
    assertion.setAction("read");
    assertion.setEffect(AssertionEffect.DENY);
    assertion.setResource("coretech:*");
    assertion.setRole("coretech:role.role1");
    policy.setAssertions(new ArrayList<Assertion>());
    policy.getAssertions().add(assertion);
    domainData.setPolicies(new com.yahoo.athenz.zms.SignedPolicies());
    domainData.getPolicies().setContents(new com.yahoo.athenz.zms.DomainPolicies());
    domainData.getPolicies().getContents().setPolicies(new ArrayList<Policy>());
    domainData.getPolicies().getContents().getPolicies().add(policy);
    assertEquals(authorizer.evaluateAccess(domain, "user_domain.user1", "read", "coretech:resource1", null), AccessStatus.DENIED);
}
Also used : Role(com.yahoo.athenz.zms.Role) Policy(com.yahoo.athenz.zms.Policy) DomainData(com.yahoo.athenz.zms.DomainData) Assertion(com.yahoo.athenz.zms.Assertion) DataCache(com.yahoo.athenz.zts.cache.DataCache) Test(org.testng.annotations.Test)

Example 14 with DomainData

use of com.yahoo.athenz.zms.DomainData in project athenz by yahoo.

the class DataCacheTest method testDomainSetGet.

@Test
public void testDomainSetGet() {
    DomainData domain = new DomainData();
    domain.setName("testDomain");
    DataCache cache = new DataCache();
    cache.setDomainData(domain);
    DomainData dom = cache.getDomainData();
    assertNotNull(dom);
    assertEquals(dom.getName(), "testDomain");
}
Also used : DomainData(com.yahoo.athenz.zms.DomainData) DataCache(com.yahoo.athenz.zts.cache.DataCache) Test(org.testng.annotations.Test)

Example 15 with DomainData

use of com.yahoo.athenz.zms.DomainData in project athenz by yahoo.

the class ZTSImplTest method testLookupServiceIdentityNoMatch.

@Test
public void testLookupServiceIdentityNoMatch() {
    List<ServiceIdentity> services = new ArrayList<>();
    ServiceIdentity service = new ServiceIdentity();
    service.setName(generateServiceIdentityName("coretech", "storage"));
    setServicePublicKey(service, "0", ZTS_Y64_CERT0);
    services.add(service);
    service = new ServiceIdentity();
    service.setName(generateServiceIdentityName("coretech", "backup"));
    setServicePublicKey(service, "0", ZTS_Y64_CERT0);
    services.add(service);
    DomainData domain = new DomainData();
    domain.setName("coretech");
    domain.setServices(services);
    com.yahoo.athenz.zts.ServiceIdentity svc = zts.lookupServiceIdentity(domain, "coretech.sync");
    assertNull(svc);
}
Also used : ServiceIdentity(com.yahoo.athenz.zms.ServiceIdentity) ArrayList(java.util.ArrayList) DomainData(com.yahoo.athenz.zms.DomainData) Test(org.testng.annotations.Test)

Aggregations

DomainData (com.yahoo.athenz.zms.DomainData)64 ArrayList (java.util.ArrayList)44 Test (org.testng.annotations.Test)43 Role (com.yahoo.athenz.zms.Role)32 DataCache (com.yahoo.athenz.zts.cache.DataCache)32 RoleMember (com.yahoo.athenz.zms.RoleMember)25 SignedDomain (com.yahoo.athenz.zms.SignedDomain)25 ZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)25 MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)24 ServiceIdentity (com.yahoo.athenz.zms.ServiceIdentity)21 Policy (com.yahoo.athenz.zms.Policy)18 MemberRole (com.yahoo.athenz.zts.cache.MemberRole)15 Assertion (com.yahoo.athenz.zms.Assertion)11 HostServices (com.yahoo.athenz.zts.HostServices)6 S3Object (com.amazonaws.services.s3.model.S3Object)4 S3ObjectInputStream (com.amazonaws.services.s3.model.S3ObjectInputStream)4 FileInputStream (java.io.FileInputStream)4 InputStream (java.io.InputStream)4 Principal (com.yahoo.athenz.auth.Principal)3 SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)3