Examples with DomainData com.yahoo.athenz.zms.DomainData used on opensource projects

Search in sources :

Example 26 with DomainData

use of com.yahoo.athenz.zms.DomainData in project athenz by yahoo.

the class ZTSImplTest method testResourceAccess.

@Test
public void testResourceAccess() {
    final String domainName = "coretechaccess";
    DataCache domain = new DataCache();
    DomainData domainData = new DomainData();
    domainData.setName(domainName);
    domain.setDomainData(domainData);
    domainData.setRoles(new ArrayList<Role>());
    Role role1 = createRoleObject(domainName, "role1", null, "user.user1", "user.user3");
    Role role2 = createRoleObject(domainName, "role2", null, "user.user2", null);
    domainData.getRoles().add(role1);
    domainData.getRoles().add(role2);
    Policy policy = createPolicyObject(domainName, "access", domainName + ":role.role1", false, "update", domainName + ":table1", AssertionEffect.ALLOW);
    domainData.setPolicies(new com.yahoo.athenz.zms.SignedPolicies());
    domainData.getPolicies().setContents(new com.yahoo.athenz.zms.DomainPolicies());
    domainData.getPolicies().getContents().setPolicies(new ArrayList<Policy>());
    domainData.getPolicies().getContents().getPolicies().add(policy);
    store.getCacheStore().put(domainName, domain);
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    Principal principal = SimplePrincipal.create("user", "user1", "v=U1;d=user;n=user1;s=signature", 0, principalAuthority);
    ResourceContext ctx = createResourceContext(principal, null);
    // process
    ResourceAccess access = zts.getResourceAccess(ctx, "update", domainName + ":table1", null, null);
    assertTrue(access.getGranted());
    access = zts.getResourceAccessExt(ctx, "update", domainName + ":table1", null, null);
    assertTrue(access.getGranted());
    access = zts.getResourceAccess(ctx, "update", domainName + ":table2", null, null);
    assertFalse(access.getGranted());
    access = zts.getResourceAccessExt(ctx, "update", domainName + ":table2", null, null);
    assertFalse(access.getGranted());
    access = zts.getResourceAccess(ctx, "delete", domainName + ":table1", null, null);
    assertFalse(access.getGranted());
    access = zts.getResourceAccessExt(ctx, "delete", domainName + ":table1", null, null);
    assertFalse(access.getGranted());
    access = zts.getResourceAccess(ctx, "update", domainName + ":table1", null, "user.user2");
    assertFalse(access.getGranted());
    access = zts.getResourceAccess(ctx, "update", domainName + ":table1", null, "user.user3");
    assertTrue(access.getGranted());
    access = zts.getResourceAccess(ctx, "update", domainName + ":table2", null, "user.user3");
    assertFalse(access.getGranted());
    store.getCacheStore().invalidate(domainName);
}
Also used : Policy(com.yahoo.athenz.zms.Policy) UserAuthority(com.yahoo.athenz.auth.impl.UserAuthority) Authority(com.yahoo.athenz.auth.Authority) CertificateAuthority(com.yahoo.athenz.auth.impl.CertificateAuthority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) DomainData(com.yahoo.athenz.zms.DomainData) DataCache(com.yahoo.athenz.zts.cache.DataCache) Role(com.yahoo.athenz.zms.Role) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Example 27 with DomainData

use of com.yahoo.athenz.zms.DomainData in project athenz by yahoo.

the class ZTSImplTest method createTenantSignedDomainWildCard.

private SignedDomain createTenantSignedDomainWildCard(String domainName, String providerDomain) {
    SignedDomain signedDomain = new SignedDomain();
    List<Role> roles = new ArrayList<>();
    Role role = new Role();
    role.setName(generateRoleName(domainName, "superusers"));
    List<RoleMember> members = new ArrayList<>();
    members.add(new RoleMember().setMemberName("user_domain.siteops_user_1"));
    role.setRoleMembers(members);
    roles.add(role);
    role = new Role();
    role.setName(generateRoleName(domainName, "users"));
    roles.add(role);
    List<com.yahoo.athenz.zms.Policy> policies = new ArrayList<>();
    com.yahoo.athenz.zms.Policy policy = new com.yahoo.athenz.zms.Policy();
    com.yahoo.athenz.zms.Assertion assertion = new com.yahoo.athenz.zms.Assertion();
    assertion.setResource("*:role.netops_superusers");
    assertion.setAction("assume_role");
    assertion.setRole(generateRoleName(domainName, "superusers"));
    List<com.yahoo.athenz.zms.Assertion> assertions = new ArrayList<>();
    assertions.add(assertion);
    policy.setAssertions(assertions);
    policy.setName(generatePolicyName(domainName, "netops_superusers"));
    policies.add(policy);
    policy = new com.yahoo.athenz.zms.Policy();
    assertion = new com.yahoo.athenz.zms.Assertion();
    assertion.setResource(domainName + "netops:node.*");
    assertion.setAction("node_user");
    assertion.setRole(generateRoleName(domainName, "users"));
    assertions = new ArrayList<>();
    assertions.add(assertion);
    policy.setAssertions(assertions);
    policy.setName(generatePolicyName(domainName, "users"));
    policies.add(policy);
    policy = new com.yahoo.athenz.zms.Policy();
    assertion = new com.yahoo.athenz.zms.Assertion();
    assertion.setResource(domainName + "netops:node.*");
    assertion.setAction("node_sudo");
    assertion.setRole(generateRoleName(domainName, "superusers"));
    assertions = new ArrayList<>();
    assertions.add(assertion);
    policy.setAssertions(assertions);
    policy.setName(generatePolicyName(domainName, "superusers"));
    policies.add(policy);
    com.yahoo.athenz.zms.DomainPolicies domainPolicies = new com.yahoo.athenz.zms.DomainPolicies();
    domainPolicies.setDomain(domainName);
    domainPolicies.setPolicies(policies);
    com.yahoo.athenz.zms.SignedPolicies signedPolicies = new com.yahoo.athenz.zms.SignedPolicies();
    signedPolicies.setContents(domainPolicies);
    signedPolicies.setSignature(Crypto.sign(SignUtils.asCanonicalString(domainPolicies), privateKey));
    signedPolicies.setKeyId("0");
    DomainData domain = new DomainData();
    domain.setName(domainName);
    domain.setRoles(roles);
    domain.setPolicies(signedPolicies);
    signedDomain.setDomain(domain);
    signedDomain.setSignature(Crypto.sign(SignUtils.asCanonicalString(domain), privateKey));
    signedDomain.setKeyId("0");
    return signedDomain;
}
Also used : Policy(com.yahoo.athenz.zms.Policy) Policy(com.yahoo.athenz.zms.Policy) ArrayList(java.util.ArrayList) Assertion(com.yahoo.athenz.zms.Assertion) DomainData(com.yahoo.athenz.zms.DomainData) Assertion(com.yahoo.athenz.zms.Assertion) Role(com.yahoo.athenz.zms.Role) SignedDomain(com.yahoo.athenz.zms.SignedDomain) RoleMember(com.yahoo.athenz.zms.RoleMember)

Example 28 with DomainData

use of com.yahoo.athenz.zms.DomainData in project athenz by yahoo.

the class ZTSImplTest method testAccessDelegatedTrust.

@Test
public void testAccessDelegatedTrust() {
    DataCache domain = new DataCache();
    DomainData domainData = new DomainData();
    domainData.setName("coretechtrust");
    domain.setDomainData(domainData);
    domainData.setRoles(new ArrayList<Role>());
    Role role1 = createRoleObject("coretechtrust", "role1", null, "user_domain.user1", null);
    Role role2 = createRoleObject("coretechtrust", "role2", null, "user_domain.user2", null);
    domainData.getRoles().add(role1);
    domainData.getRoles().add(role2);
    Policy policy = createPolicyObject("coretechtrust", "trust", "coretechtrust:role.role1", false, "ASSUME_ROLE", "weather:role.role1", AssertionEffect.ALLOW);
    domainData.setPolicies(new com.yahoo.athenz.zms.SignedPolicies());
    domainData.getPolicies().setContents(new com.yahoo.athenz.zms.DomainPolicies());
    domainData.getPolicies().getContents().setPolicies(new ArrayList<Policy>());
    domainData.getPolicies().getContents().getPolicies().add(policy);
    store.getCacheStore().put("coretechtrust", domain);
    domain = new DataCache();
    domainData = new DomainData();
    domainData.setName("weather");
    domain.setDomainData(domainData);
    domainData.setRoles(new ArrayList<Role>());
    role1 = createRoleObject("weather", "role1", "coretechtrust");
    domainData.getRoles().add(role1);
    policy = createPolicyObject("weather", "access", "weather:role.role1", false, "update", "weather:table1", AssertionEffect.ALLOW);
    domainData.setPolicies(new com.yahoo.athenz.zms.SignedPolicies());
    domainData.getPolicies().setContents(new com.yahoo.athenz.zms.DomainPolicies());
    domainData.getPolicies().getContents().setPolicies(new ArrayList<Policy>());
    domainData.getPolicies().getContents().getPolicies().add(policy);
    store.getCacheStore().put("weather", domain);
    Principal principal1 = SimplePrincipal.create("user_domain", "user1", "v=U1;d=user_domain;n=user1;s=signature", 0, null);
    assertTrue(authorizer.access("update", "weather:table1", principal1, null));
    assertTrue(authorizer.access("update", "weather:table1", principal1, "coretechtrust"));
    assertFalse(authorizer.access("update", "weather:table1", principal1, "unknowntrust"));
    assertFalse(authorizer.access("update", "weather:table2", principal1, null));
    assertFalse(authorizer.access("delete", "weather:table1", principal1, null));
    Principal principal2 = SimplePrincipal.create("user_domain", "user2", "v=U1;d=user_domain;n=user2;s=signature", 0, null);
    assertFalse(authorizer.access("update", "weather:table1", principal2, null));
    Principal principal3 = SimplePrincipal.create("user_domain", "user3", "v=U1;d=user_domain;n=user3;s=signature", 0, null);
    assertFalse(authorizer.access("update", "weather:table1", principal3, null));
    store.getCacheStore().invalidate("coretechtrust");
    store.getCacheStore().invalidate("weather");
}
Also used : Role(com.yahoo.athenz.zms.Role) Policy(com.yahoo.athenz.zms.Policy) DomainData(com.yahoo.athenz.zms.DomainData) DataCache(com.yahoo.athenz.zts.cache.DataCache) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Example 29 with DomainData

use of com.yahoo.athenz.zms.DomainData in project athenz by yahoo.

the class ZTSImplTest method createMultipleSignedDomains.

private SignedDomain createMultipleSignedDomains(String domainName, String tenantDomain1, String tenantDomain2, String serviceName, boolean includeServices) {
    SignedDomain signedDomain = new SignedDomain();
    List<Role> roles = new ArrayList<>();
    Role role = new Role();
    role.setName(generateRoleName(domainName, "admin"));
    List<RoleMember> members = new ArrayList<>();
    members.add(new RoleMember().setMemberName("user_domain.adminuser"));
    role.setRoleMembers(members);
    roles.add(role);
    role = new Role();
    role.setName(generateRoleName(domainName, serviceName + ".tenant." + tenantDomain1 + ".admin"));
    role.setTrust(tenantDomain1);
    roles.add(role);
    role = new Role();
    role.setName(generateRoleName(domainName, serviceName + ".tenant." + tenantDomain2 + ".admin"));
    role.setTrust(tenantDomain2);
    roles.add(role);
    List<ServiceIdentity> services = new ArrayList<>();
    if (includeServices) {
        ServiceIdentity service = new ServiceIdentity();
        service.setName(generateServiceIdentityName(domainName, serviceName));
        setServicePublicKey(service, "0", ZTS_Y64_CERT0);
        List<String> hosts = new ArrayList<>();
        hosts.add("host1");
        hosts.add("host2");
        service.setHosts(hosts);
        services.add(service);
    }
    List<com.yahoo.athenz.zms.Policy> policies = new ArrayList<>();
    // tenant admin domain
    com.yahoo.athenz.zms.Policy policy = new com.yahoo.athenz.zms.Policy();
    com.yahoo.athenz.zms.Assertion assertion = new com.yahoo.athenz.zms.Assertion();
    assertion.setResource(domainName + ":service." + serviceName + ".tenant." + tenantDomain1 + ".*");
    assertion.setAction("read");
    assertion.setRole(generateRoleName(domainName, serviceName + ".tenant." + tenantDomain1 + ".admin"));
    List<com.yahoo.athenz.zms.Assertion> assertions = new ArrayList<>();
    assertions.add(assertion);
    policy.setAssertions(assertions);
    policy.setName(generatePolicyName(domainName, serviceName + ".tenant." + tenantDomain1 + ".admin"));
    policies.add(policy);
    policy = new com.yahoo.athenz.zms.Policy();
    assertion = new com.yahoo.athenz.zms.Assertion();
    assertion.setResource(domainName + ":service." + serviceName + ".tenant." + tenantDomain2 + ".*");
    assertion.setAction("read");
    assertion.setRole(generateRoleName(domainName, serviceName + ".tenant." + tenantDomain2 + ".admin"));
    assertions = new ArrayList<>();
    assertions.add(assertion);
    policy.setAssertions(assertions);
    policy.setName(generatePolicyName(domainName, serviceName + ".tenant." + tenantDomain2 + ".admin"));
    policies.add(policy);
    com.yahoo.athenz.zms.DomainPolicies domainPolicies = new com.yahoo.athenz.zms.DomainPolicies();
    domainPolicies.setDomain(domainName);
    domainPolicies.setPolicies(policies);
    com.yahoo.athenz.zms.SignedPolicies signedPolicies = new com.yahoo.athenz.zms.SignedPolicies();
    signedPolicies.setContents(domainPolicies);
    signedPolicies.setSignature(Crypto.sign(SignUtils.asCanonicalString(domainPolicies), privateKey));
    signedPolicies.setKeyId("0");
    DomainData domain = new DomainData();
    domain.setName(domainName);
    domain.setRoles(roles);
    domain.setServices(services);
    domain.setPolicies(signedPolicies);
    domain.setModified(Timestamp.fromCurrentTime());
    signedDomain.setDomain(domain);
    signedDomain.setSignature(Crypto.sign(SignUtils.asCanonicalString(domain), privateKey));
    signedDomain.setKeyId("0");
    return signedDomain;
}
Also used : Policy(com.yahoo.athenz.zms.Policy) ArrayList(java.util.ArrayList) DomainData(com.yahoo.athenz.zms.DomainData) Assertion(com.yahoo.athenz.zms.Assertion) SignedDomain(com.yahoo.athenz.zms.SignedDomain) Policy(com.yahoo.athenz.zms.Policy) ServiceIdentity(com.yahoo.athenz.zms.ServiceIdentity) Assertion(com.yahoo.athenz.zms.Assertion) Role(com.yahoo.athenz.zms.Role) RoleMember(com.yahoo.athenz.zms.RoleMember)

Example 30 with DomainData

use of com.yahoo.athenz.zms.DomainData in project athenz by yahoo.

the class ZTSImplTest method testEvaluateAccessAssertionAllow.

@Test
public void testEvaluateAccessAssertionAllow() {
    DataCache domain = new DataCache();
    DomainData domainData = new DomainData();
    domainData.setName("coretech");
    domain.setDomainData(domainData);
    domainData.setRoles(new ArrayList<Role>());
    Role role = createRoleObject("coretech", "role1", null, "user_domain.user1", null);
    domainData.getRoles().add(role);
    Policy policy = new Policy().setName("coretech:policy.policy1");
    Assertion assertion1 = new Assertion();
    assertion1.setAction("read");
    assertion1.setEffect(AssertionEffect.ALLOW);
    assertion1.setResource("coretech:*");
    assertion1.setRole("coretech:role.role1");
    Assertion assertion2 = new Assertion();
    assertion2.setAction("read");
    assertion2.setEffect(AssertionEffect.ALLOW);
    assertion2.setResource("coretech:resource1");
    assertion2.setRole("coretech:role.role1");
    policy.setAssertions(new ArrayList<Assertion>());
    policy.getAssertions().add(assertion1);
    policy.getAssertions().add(assertion2);
    domainData.setPolicies(new com.yahoo.athenz.zms.SignedPolicies());
    domainData.getPolicies().setContents(new com.yahoo.athenz.zms.DomainPolicies());
    domainData.getPolicies().getContents().setPolicies(new ArrayList<Policy>());
    domainData.getPolicies().getContents().getPolicies().add(policy);
    assertEquals(authorizer.evaluateAccess(domain, "user_domain.user1", "read", "coretech:resource1", null), AccessStatus.ALLOWED);
}
Also used : Role(com.yahoo.athenz.zms.Role) Policy(com.yahoo.athenz.zms.Policy) DomainData(com.yahoo.athenz.zms.DomainData) Assertion(com.yahoo.athenz.zms.Assertion) DataCache(com.yahoo.athenz.zts.cache.DataCache) Test(org.testng.annotations.Test)

Aggregations

DomainData (com.yahoo.athenz.zms.DomainData)64 ArrayList (java.util.ArrayList)44 Test (org.testng.annotations.Test)43 Role (com.yahoo.athenz.zms.Role)32 DataCache (com.yahoo.athenz.zts.cache.DataCache)32 RoleMember (com.yahoo.athenz.zms.RoleMember)25 SignedDomain (com.yahoo.athenz.zms.SignedDomain)25 ZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)25 MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)24 ServiceIdentity (com.yahoo.athenz.zms.ServiceIdentity)21 Policy (com.yahoo.athenz.zms.Policy)18 MemberRole (com.yahoo.athenz.zts.cache.MemberRole)15 Assertion (com.yahoo.athenz.zms.Assertion)11 HostServices (com.yahoo.athenz.zts.HostServices)6 S3Object (com.amazonaws.services.s3.model.S3Object)4 S3ObjectInputStream (com.amazonaws.services.s3.model.S3ObjectInputStream)4 FileInputStream (java.io.FileInputStream)4 InputStream (java.io.InputStream)4 Principal (com.yahoo.athenz.auth.Principal)3 SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial