Example 11 with Policy
use of com.yahoo.athenz.zms.Policy in project athenz by yahoo.
the class ZTSImplTest method testEvaluateAccessNoAssertions.
@Test
public void testEvaluateAccessNoAssertions() {
DataCache domain = new DataCache();
DomainData domainData = new DomainData();
domainData.setName("coretech");
domain.setDomainData(domainData);
domainData.setRoles(new ArrayList<Role>());
Role role = new Role().setName("coretech:role.role1");
domainData.getRoles().add(role);
Policy policy = new Policy().setName("coretech:policy.policy1");
domainData.setPolicies(new com.yahoo.athenz.zms.SignedPolicies());
domainData.getPolicies().setContents(new com.yahoo.athenz.zms.DomainPolicies());
domainData.getPolicies().getContents().setPolicies(new ArrayList<Policy>());
domainData.getPolicies().getContents().getPolicies().add(policy);
assertEquals(authorizer.evaluateAccess(domain, null, null, null, null), AccessStatus.DENIED);
}
Also used :
Role(com.yahoo.athenz.zms.Role)
Policy(com.yahoo.athenz.zms.Policy)
DomainData(com.yahoo.athenz.zms.DomainData)
DataCache(com.yahoo.athenz.zts.cache.DataCache)
Test(org.testng.annotations.Test)
Example 12 with Policy
use of com.yahoo.athenz.zms.Policy in project athenz by yahoo.
the class ZTSImplTest method testEvaluateAccessAssertionDeny.
@Test
public void testEvaluateAccessAssertionDeny() {
DataCache domain = new DataCache();
DomainData domainData = new DomainData();
domainData.setName("coretech");
domain.setDomainData(domainData);
domainData.setRoles(new ArrayList<Role>());
Role role = createRoleObject("coretech", "role1", null, "user_domain.user1", null);
domainData.getRoles().add(role);
Policy policy = new Policy().setName("coretech:policy.policy1");
Assertion assertion = new Assertion();
assertion.setAction("read");
assertion.setEffect(AssertionEffect.DENY);
assertion.setResource("coretech:*");
assertion.setRole("coretech:role.role1");
policy.setAssertions(new ArrayList<Assertion>());
policy.getAssertions().add(assertion);
domainData.setPolicies(new com.yahoo.athenz.zms.SignedPolicies());
domainData.getPolicies().setContents(new com.yahoo.athenz.zms.DomainPolicies());
domainData.getPolicies().getContents().setPolicies(new ArrayList<Policy>());
domainData.getPolicies().getContents().getPolicies().add(policy);
assertEquals(authorizer.evaluateAccess(domain, "user_domain.user1", "read", "coretech:resource1", null), AccessStatus.DENIED);
}Example 13 with Policy
use of com.yahoo.athenz.zms.Policy in project athenz by yahoo.
the class DataCacheTest method testPolicyWithInvalidDomainNoRoles.
@Test
public void testPolicyWithInvalidDomainNoRoles() {
Domain domain = new Domain();
domain.setName("testDomain");
Policy policy = new Policy();
policy.setName("testDomain.policy.policy1");
Assertion assertion = new Assertion();
assertion.setAction("assume_role");
assertion.setEffect(AssertionEffect.ALLOW);
assertion.setResource("testDomain.role");
assertion.setRole("testDomain.role.role1");
List<Assertion> assertList = new ArrayList<Assertion>();
assertList.add(assertion);
policy.setAssertions(assertList);
HashMap<String, Role> roleList = new HashMap<>();
DataCache cache = new DataCache();
cache.processPolicy(domain.getName(), policy, roleList);
Set<MemberRole> set1 = cache.getMemberRoleSet("user_domain.user1");
assertNull(set1);
}Example 14 with Policy
use of com.yahoo.athenz.zms.Policy in project athenz by yahoo.
the class SignUtils method asStruct.
private static Object asStruct(PolicyData policyData) {
// all of our fields are in canonical order based
// on their attribute name
Struct struct = new Struct();
appendObject(struct, ATTR_DOMAIN, policyData.getDomain());
List<com.yahoo.athenz.zts.Policy> policies = policyData.getPolicies();
Array policiesArray = new Array();
if (policies != null) {
for (com.yahoo.athenz.zts.Policy policy : policies) {
policiesArray.add(asStruct(policy));
}
}
appendArray(struct, ATTR_POLICIES, policiesArray);
return struct;
}Example 15 with Policy
use of com.yahoo.athenz.zms.Policy in project athenz by yahoo.
the class FileConnectionTest method testUpdatePolicy.
@Test
public void testUpdatePolicy() {
File fileDir = new File("/home/athenz/zms_store");
File quotaDir = new File("/home/athenz/zms_quota");
try (FileConnection fileconnection = new FileConnection(fileDir, quotaDir)) {
Policy policy = new Policy();
try {
fileconnection.updatePolicy("Domain1", policy);
} catch (Exception ex) {
assertTrue(true);
}
}
}Aggregations
Policy (com.yahoo.athenz.zms.Policy)46
Assertion (com.yahoo.athenz.zms.Assertion)24
Test (org.testng.annotations.Test)24
Role (com.yahoo.athenz.zms.Role)22
ArrayList (java.util.ArrayList)18
DomainData (com.yahoo.athenz.zms.DomainData)16
RoleMember (com.yahoo.athenz.zms.RoleMember)13
DataCache (com.yahoo.athenz.zts.cache.DataCache)13
SignedDomain (com.yahoo.athenz.zms.SignedDomain)8
JDBCConnection (com.yahoo.athenz.zms.store.jdbc.JDBCConnection)7
HashMap (java.util.HashMap)7
Domain (com.yahoo.athenz.zms.Domain)6
ResourceException (com.yahoo.athenz.zms.ResourceException)4
ServiceIdentity (com.yahoo.athenz.zms.ServiceIdentity)4
SQLException (java.sql.SQLException)4
Principal (com.yahoo.athenz.auth.Principal)3
SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)3
Array (com.yahoo.rdl.Array)2
Struct (com.yahoo.rdl.Struct)2
PreparedStatement (java.sql.PreparedStatement)2
