use of com.yahoo.athenz.zms.Role in project athenz by yahoo.
the class ZMSUtilsTest method getRoles.
@DataProvider(name = "roles")
public static Object[][] getRoles() {
String domainName = "test_domain";
Role role1 = new Role();
String memberName = "member";
RoleMember roleMember = new RoleMember().setMemberName(memberName);
Role role2 = new Role();
role2.setMembers(Arrays.asList(memberName));
role2.setRoleMembers(Arrays.asList(roleMember));
Role role3 = new Role();
role3.setRoleMembers(Arrays.asList(roleMember));
Role role4 = new Role();
role4.setRoleMembers(Arrays.asList(roleMember));
role4.setTrust("trust");
Role role5 = new Role();
role5.setMembers(Arrays.asList(memberName));
role5.setTrust("trust");
Role role6 = new Role();
role6.setTrust("trust");
return new Object[][] { { domainName, role1, false }, { domainName, role2, true }, { domainName, role3, false }, { domainName, role4, true }, { domainName, role5, true }, { "trust", role6, true }, { "test_domain", role6, false } };
}
use of com.yahoo.athenz.zms.Role in project athenz by yahoo.
the class JDBCConnectionTest method testInsertRoleInvalidDomain.
@Test
public void testInsertRoleInvalidDomain() throws Exception {
JDBCConnection jdbcConn = new JDBCConnection(mockConn, true);
Role role = new Role().setName("my-domain:role.role1");
// domain id failure
Mockito.when(mockResultSet.next()).thenReturn(false);
try {
jdbcConn.insertRole("my-domain", role);
fail();
} catch (Exception ex) {
assertTrue(true);
}
jdbcConn.close();
}
use of com.yahoo.athenz.zms.Role in project athenz by yahoo.
the class JDBCConnectionTest method testInsertRoleInvalidRoleDomain.
@Test
public void testInsertRoleInvalidRoleDomain() throws Exception {
JDBCConnection jdbcConn = new JDBCConnection(mockConn, true);
Role role = new Role().setName("my-domain2:role.role1");
try {
jdbcConn.insertRole("my-domain", role);
fail();
} catch (Exception ex) {
assertTrue(true);
}
jdbcConn.close();
}
use of com.yahoo.athenz.zms.Role in project athenz by yahoo.
the class DataStoreTest method testValidateSignedDomainMissingRole.
@Test
public void testValidateSignedDomainMissingRole() {
ChangeLogStore clogStore = new MockZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", pkey, "0");
DataStore store = new DataStore(clogStore, null);
store.loadZMSPublicKeys();
SignedDomain signedDomain = new SignedDomain();
List<Role> roles = new ArrayList<>();
Role role = new Role();
role.setName("coretech:role.admin");
List<RoleMember> members = new ArrayList<>();
members.add(new RoleMember().setMemberName("user_domain.user"));
role.setRoleMembers(members);
roles.add(role);
DomainData domain = new DomainData();
domain.setRoles(roles);
signedDomain.setDomain(domain);
signedDomain.setSignature(Crypto.sign(SignUtils.asCanonicalString(domain), pkey));
signedDomain.setKeyId("0");
domain.setRoles(null);
signedDomain.setDomain(domain);
assertFalse(store.validateSignedDomain(signedDomain));
}
use of com.yahoo.athenz.zms.Role in project athenz by yahoo.
the class DataStoreTest method testProcessDomainPolicies.
@Test
public void testProcessDomainPolicies() {
ChangeLogStore clogStore = new MockZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", pkey, "0");
DataStore store = new DataStore(clogStore, null);
List<com.yahoo.athenz.zms.Policy> policies = new ArrayList<>();
com.yahoo.athenz.zms.Policy policy = new com.yahoo.athenz.zms.Policy();
com.yahoo.athenz.zms.Assertion assertion = new com.yahoo.athenz.zms.Assertion();
assertion.setResource("sports:role.readers");
assertion.setAction("assume_role");
assertion.setRole("coretech:role.readers");
List<com.yahoo.athenz.zms.Assertion> assertions = new ArrayList<>();
assertions.add(assertion);
policy.setAssertions(assertions);
policies.add(policy);
List<Role> roles = new ArrayList<>();
Role role = new Role();
role.setName("coretech:role.admin");
List<RoleMember> members = new ArrayList<>();
members.add(new RoleMember().setMemberName("user_domain.user"));
role.setRoleMembers(members);
roles.add(role);
role = new Role();
role.setName("coretech:role.readers");
members = new ArrayList<>();
members.add(new RoleMember().setMemberName("user_domain.user"));
role.setRoleMembers(members);
roles.add(role);
com.yahoo.athenz.zms.DomainPolicies domainPolicies = new com.yahoo.athenz.zms.DomainPolicies();
domainPolicies.setDomain("coretech");
domainPolicies.setPolicies(policies);
com.yahoo.athenz.zms.SignedPolicies signedPolicies = new com.yahoo.athenz.zms.SignedPolicies();
signedPolicies.setContents(domainPolicies);
signedPolicies.setSignature(Crypto.sign(SignUtils.asCanonicalString(domainPolicies), pkey));
signedPolicies.setKeyId("0");
DomainData domainData = new DomainData();
domainData.setName("coretech");
domainData.setPolicies(signedPolicies);
domainData.setRoles(roles);
DataCache dataCache = new DataCache();
dataCache.setDomainData(domainData);
store.processDomainRoles(domainData, dataCache);
assertEquals(dataCache.getMemberRoleSet("user_domain.user").size(), 2);
assertTrue(dataCache.getMemberRoleSet("user_domain.user").contains(new MemberRole("coretech:role.admin", 0)));
assertTrue(dataCache.getMemberRoleSet("user_domain.user").contains(new MemberRole("coretech:role.readers", 0)));
}
Aggregations