Example 11 with DomainData
use of com.yahoo.athenz.zms.DomainData in project athenz by yahoo.
the class ZTSImplTest method signedBootstrapTenantDomain.
private SignedDomain signedBootstrapTenantDomain(String provider, String domainName, String serviceName, String awsAccount) {
SignedDomain signedDomain = new SignedDomain();
List<Role> roles = new ArrayList<>();
Role role = new Role();
role.setName(generateRoleName(domainName, "providers"));
List<RoleMember> members = new ArrayList<>();
members.add(new RoleMember().setMemberName(provider));
role.setRoleMembers(members);
roles.add(role);
List<com.yahoo.athenz.zms.Policy> policies = new ArrayList<>();
com.yahoo.athenz.zms.Policy policy = new com.yahoo.athenz.zms.Policy();
com.yahoo.athenz.zms.Assertion assertion = new com.yahoo.athenz.zms.Assertion();
assertion.setResource(domainName + ":service." + serviceName);
assertion.setAction("launch");
assertion.setRole(generateRoleName(domainName, "providers"));
List<com.yahoo.athenz.zms.Assertion> assertions = new ArrayList<>();
assertions.add(assertion);
policy.setAssertions(assertions);
policy.setName(generatePolicyName(domainName, "providers"));
policies.add(policy);
com.yahoo.athenz.zms.DomainPolicies domainPolicies = new com.yahoo.athenz.zms.DomainPolicies();
domainPolicies.setDomain(domainName);
domainPolicies.setPolicies(policies);
com.yahoo.athenz.zms.SignedPolicies signedPolicies = new com.yahoo.athenz.zms.SignedPolicies();
signedPolicies.setContents(domainPolicies);
signedPolicies.setSignature(Crypto.sign(SignUtils.asCanonicalString(domainPolicies), privateKey));
signedPolicies.setKeyId("0");
DomainData domain = new DomainData();
domain.setName(domainName);
domain.setRoles(roles);
domain.setAccount(awsAccount);
domain.setPolicies(signedPolicies);
domain.setModified(Timestamp.fromCurrentTime());
signedDomain.setDomain(domain);
signedDomain.setSignature(Crypto.sign(SignUtils.asCanonicalString(domain), privateKey));
signedDomain.setKeyId("0");
return signedDomain;
}
Also used :
Policy(com.yahoo.athenz.zms.Policy)
Policy(com.yahoo.athenz.zms.Policy)
ArrayList(java.util.ArrayList)
Assertion(com.yahoo.athenz.zms.Assertion)
DomainData(com.yahoo.athenz.zms.DomainData)
Assertion(com.yahoo.athenz.zms.Assertion)
Role(com.yahoo.athenz.zms.Role)
SignedDomain(com.yahoo.athenz.zms.SignedDomain)
RoleMember(com.yahoo.athenz.zms.RoleMember)
Example 12 with DomainData
use of com.yahoo.athenz.zms.DomainData in project athenz by yahoo.
the class ZTSImplTest method testEvaluateAccessNoAssertions.
@Test
public void testEvaluateAccessNoAssertions() {
DataCache domain = new DataCache();
DomainData domainData = new DomainData();
domainData.setName("coretech");
domain.setDomainData(domainData);
domainData.setRoles(new ArrayList<Role>());
Role role = new Role().setName("coretech:role.role1");
domainData.getRoles().add(role);
Policy policy = new Policy().setName("coretech:policy.policy1");
domainData.setPolicies(new com.yahoo.athenz.zms.SignedPolicies());
domainData.getPolicies().setContents(new com.yahoo.athenz.zms.DomainPolicies());
domainData.getPolicies().getContents().setPolicies(new ArrayList<Policy>());
domainData.getPolicies().getContents().getPolicies().add(policy);
assertEquals(authorizer.evaluateAccess(domain, null, null, null, null), AccessStatus.DENIED);
}
Also used :
Role(com.yahoo.athenz.zms.Role)
Policy(com.yahoo.athenz.zms.Policy)
DomainData(com.yahoo.athenz.zms.DomainData)
DataCache(com.yahoo.athenz.zts.cache.DataCache)
Test(org.testng.annotations.Test)
Example 13 with DomainData
use of com.yahoo.athenz.zms.DomainData in project athenz by yahoo.
the class ZTSImplTest method testEvaluateAccessAssertionDeny.
@Test
public void testEvaluateAccessAssertionDeny() {
DataCache domain = new DataCache();
DomainData domainData = new DomainData();
domainData.setName("coretech");
domain.setDomainData(domainData);
domainData.setRoles(new ArrayList<Role>());
Role role = createRoleObject("coretech", "role1", null, "user_domain.user1", null);
domainData.getRoles().add(role);
Policy policy = new Policy().setName("coretech:policy.policy1");
Assertion assertion = new Assertion();
assertion.setAction("read");
assertion.setEffect(AssertionEffect.DENY);
assertion.setResource("coretech:*");
assertion.setRole("coretech:role.role1");
policy.setAssertions(new ArrayList<Assertion>());
policy.getAssertions().add(assertion);
domainData.setPolicies(new com.yahoo.athenz.zms.SignedPolicies());
domainData.getPolicies().setContents(new com.yahoo.athenz.zms.DomainPolicies());
domainData.getPolicies().getContents().setPolicies(new ArrayList<Policy>());
domainData.getPolicies().getContents().getPolicies().add(policy);
assertEquals(authorizer.evaluateAccess(domain, "user_domain.user1", "read", "coretech:resource1", null), AccessStatus.DENIED);
}Example 14 with DomainData
use of com.yahoo.athenz.zms.DomainData in project athenz by yahoo.
the class DataCacheTest method testDomainSetGet.
@Test
public void testDomainSetGet() {
DomainData domain = new DomainData();
domain.setName("testDomain");
DataCache cache = new DataCache();
cache.setDomainData(domain);
DomainData dom = cache.getDomainData();
assertNotNull(dom);
assertEquals(dom.getName(), "testDomain");
}
Also used :
DomainData(com.yahoo.athenz.zms.DomainData)
DataCache(com.yahoo.athenz.zts.cache.DataCache)
Test(org.testng.annotations.Test)
Example 15 with DomainData
use of com.yahoo.athenz.zms.DomainData in project athenz by yahoo.
the class ZTSImplTest method testLookupServiceIdentityNoMatch.
@Test
public void testLookupServiceIdentityNoMatch() {
List<ServiceIdentity> services = new ArrayList<>();
ServiceIdentity service = new ServiceIdentity();
service.setName(generateServiceIdentityName("coretech", "storage"));
setServicePublicKey(service, "0", ZTS_Y64_CERT0);
services.add(service);
service = new ServiceIdentity();
service.setName(generateServiceIdentityName("coretech", "backup"));
setServicePublicKey(service, "0", ZTS_Y64_CERT0);
services.add(service);
DomainData domain = new DomainData();
domain.setName("coretech");
domain.setServices(services);
com.yahoo.athenz.zts.ServiceIdentity svc = zts.lookupServiceIdentity(domain, "coretech.sync");
assertNull(svc);
}
Also used :
ServiceIdentity(com.yahoo.athenz.zms.ServiceIdentity)
ArrayList(java.util.ArrayList)
DomainData(com.yahoo.athenz.zms.DomainData)
Test(org.testng.annotations.Test)
Aggregations
DomainData (com.yahoo.athenz.zms.DomainData)64
ArrayList (java.util.ArrayList)44
Test (org.testng.annotations.Test)43
Role (com.yahoo.athenz.zms.Role)32
DataCache (com.yahoo.athenz.zts.cache.DataCache)32
RoleMember (com.yahoo.athenz.zms.RoleMember)25
SignedDomain (com.yahoo.athenz.zms.SignedDomain)25
ZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)25
MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)24
ServiceIdentity (com.yahoo.athenz.zms.ServiceIdentity)21
Policy (com.yahoo.athenz.zms.Policy)18
MemberRole (com.yahoo.athenz.zts.cache.MemberRole)15
Assertion (com.yahoo.athenz.zms.Assertion)11
HostServices (com.yahoo.athenz.zts.HostServices)6
S3Object (com.amazonaws.services.s3.model.S3Object)4
S3ObjectInputStream (com.amazonaws.services.s3.model.S3ObjectInputStream)4
FileInputStream (java.io.FileInputStream)4
InputStream (java.io.InputStream)4
Principal (com.yahoo.athenz.auth.Principal)3
SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)3
