use of com.yahoo.athenz.zms.Policy in project athenz by yahoo.
the class ZTSImplTest method testEvaluateAccessNoAssertions.
@Test
public void testEvaluateAccessNoAssertions() {
DataCache domain = new DataCache();
DomainData domainData = new DomainData();
domainData.setName("coretech");
domain.setDomainData(domainData);
domainData.setRoles(new ArrayList<Role>());
Role role = new Role().setName("coretech:role.role1");
domainData.getRoles().add(role);
Policy policy = new Policy().setName("coretech:policy.policy1");
domainData.setPolicies(new com.yahoo.athenz.zms.SignedPolicies());
domainData.getPolicies().setContents(new com.yahoo.athenz.zms.DomainPolicies());
domainData.getPolicies().getContents().setPolicies(new ArrayList<Policy>());
domainData.getPolicies().getContents().getPolicies().add(policy);
assertEquals(authorizer.evaluateAccess(domain, null, null, null, null), AccessStatus.DENIED);
}
use of com.yahoo.athenz.zms.Policy in project athenz by yahoo.
the class ZTSImplTest method testEvaluateAccessAssertionDeny.
@Test
public void testEvaluateAccessAssertionDeny() {
DataCache domain = new DataCache();
DomainData domainData = new DomainData();
domainData.setName("coretech");
domain.setDomainData(domainData);
domainData.setRoles(new ArrayList<Role>());
Role role = createRoleObject("coretech", "role1", null, "user_domain.user1", null);
domainData.getRoles().add(role);
Policy policy = new Policy().setName("coretech:policy.policy1");
Assertion assertion = new Assertion();
assertion.setAction("read");
assertion.setEffect(AssertionEffect.DENY);
assertion.setResource("coretech:*");
assertion.setRole("coretech:role.role1");
policy.setAssertions(new ArrayList<Assertion>());
policy.getAssertions().add(assertion);
domainData.setPolicies(new com.yahoo.athenz.zms.SignedPolicies());
domainData.getPolicies().setContents(new com.yahoo.athenz.zms.DomainPolicies());
domainData.getPolicies().getContents().setPolicies(new ArrayList<Policy>());
domainData.getPolicies().getContents().getPolicies().add(policy);
assertEquals(authorizer.evaluateAccess(domain, "user_domain.user1", "read", "coretech:resource1", null), AccessStatus.DENIED);
}
use of com.yahoo.athenz.zms.Policy in project athenz by yahoo.
the class DataCacheTest method testPolicyWithInvalidDomainNoRoles.
@Test
public void testPolicyWithInvalidDomainNoRoles() {
Domain domain = new Domain();
domain.setName("testDomain");
Policy policy = new Policy();
policy.setName("testDomain.policy.policy1");
Assertion assertion = new Assertion();
assertion.setAction("assume_role");
assertion.setEffect(AssertionEffect.ALLOW);
assertion.setResource("testDomain.role");
assertion.setRole("testDomain.role.role1");
List<Assertion> assertList = new ArrayList<Assertion>();
assertList.add(assertion);
policy.setAssertions(assertList);
HashMap<String, Role> roleList = new HashMap<>();
DataCache cache = new DataCache();
cache.processPolicy(domain.getName(), policy, roleList);
Set<MemberRole> set1 = cache.getMemberRoleSet("user_domain.user1");
assertNull(set1);
}
use of com.yahoo.athenz.zms.Policy in project athenz by yahoo.
the class SignUtils method asStruct.
private static Object asStruct(PolicyData policyData) {
// all of our fields are in canonical order based
// on their attribute name
Struct struct = new Struct();
appendObject(struct, ATTR_DOMAIN, policyData.getDomain());
List<com.yahoo.athenz.zts.Policy> policies = policyData.getPolicies();
Array policiesArray = new Array();
if (policies != null) {
for (com.yahoo.athenz.zts.Policy policy : policies) {
policiesArray.add(asStruct(policy));
}
}
appendArray(struct, ATTR_POLICIES, policiesArray);
return struct;
}
use of com.yahoo.athenz.zms.Policy in project athenz by yahoo.
the class FileConnectionTest method testUpdatePolicy.
@Test
public void testUpdatePolicy() {
File fileDir = new File("/home/athenz/zms_store");
File quotaDir = new File("/home/athenz/zms_quota");
try (FileConnection fileconnection = new FileConnection(fileDir, quotaDir)) {
Policy policy = new Policy();
try {
fileconnection.updatePolicy("Domain1", policy);
} catch (Exception ex) {
assertTrue(true);
}
}
}
Aggregations