Examples with Role com.yahoo.athenz.zms.Role used on opensource projects

Example 86 with Role

use of com.yahoo.athenz.zms.Role in project athenz by yahoo.

the class ZMSUtilsTest method getRoles.

@DataProvider(name = "roles")
public static Object[][] getRoles() {
    String domainName = "test_domain";
    Role role1 = new Role();
    String memberName = "member";
    RoleMember roleMember = new RoleMember().setMemberName(memberName);
    Role role2 = new Role();
    role2.setMembers(Arrays.asList(memberName));
    role2.setRoleMembers(Arrays.asList(roleMember));
    Role role3 = new Role();
    role3.setRoleMembers(Arrays.asList(roleMember));
    Role role4 = new Role();
    role4.setRoleMembers(Arrays.asList(roleMember));
    role4.setTrust("trust");
    Role role5 = new Role();
    role5.setMembers(Arrays.asList(memberName));
    role5.setTrust("trust");
    Role role6 = new Role();
    role6.setTrust("trust");
    return new Object[][] { { domainName, role1, false }, { domainName, role2, true }, { domainName, role3, false }, { domainName, role4, true }, { domainName, role5, true }, { "trust", role6, true }, { "test_domain", role6, false } };
}

Example 87 with Role

use of com.yahoo.athenz.zms.Role in project athenz by yahoo.

the class JDBCConnectionTest method testInsertRoleInvalidDomain.

@Test
public void testInsertRoleInvalidDomain() throws Exception {
    JDBCConnection jdbcConn = new JDBCConnection(mockConn, true);
    Role role = new Role().setName("my-domain:role.role1");
    // domain id failure
    Mockito.when(mockResultSet.next()).thenReturn(false);
    try {
        jdbcConn.insertRole("my-domain", role);
        fail();
    } catch (Exception ex) {
        assertTrue(true);
    }
    jdbcConn.close();
}

Example 88 with Role

use of com.yahoo.athenz.zms.Role in project athenz by yahoo.

the class JDBCConnectionTest method testInsertRoleInvalidRoleDomain.

@Test
public void testInsertRoleInvalidRoleDomain() throws Exception {
    JDBCConnection jdbcConn = new JDBCConnection(mockConn, true);
    Role role = new Role().setName("my-domain2:role.role1");
    try {
        jdbcConn.insertRole("my-domain", role);
        fail();
    } catch (Exception ex) {
        assertTrue(true);
    }
    jdbcConn.close();
}

Example 89 with Role

use of com.yahoo.athenz.zms.Role in project athenz by yahoo.

the class DataStoreTest method testValidateSignedDomainMissingRole.

@Test
public void testValidateSignedDomainMissingRole() {
    ChangeLogStore clogStore = new MockZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", pkey, "0");
    DataStore store = new DataStore(clogStore, null);
    store.loadZMSPublicKeys();
    SignedDomain signedDomain = new SignedDomain();
    List<Role> roles = new ArrayList<>();
    Role role = new Role();
    role.setName("coretech:role.admin");
    List<RoleMember> members = new ArrayList<>();
    members.add(new RoleMember().setMemberName("user_domain.user"));
    role.setRoleMembers(members);
    roles.add(role);
    DomainData domain = new DomainData();
    domain.setRoles(roles);
    signedDomain.setDomain(domain);
    signedDomain.setSignature(Crypto.sign(SignUtils.asCanonicalString(domain), pkey));
    signedDomain.setKeyId("0");
    domain.setRoles(null);
    signedDomain.setDomain(domain);
    assertFalse(store.validateSignedDomain(signedDomain));
}

Example 90 with Role

use of com.yahoo.athenz.zms.Role in project athenz by yahoo.

the class DataStoreTest method testProcessDomainPolicies.

@Test
public void testProcessDomainPolicies() {
    ChangeLogStore clogStore = new MockZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", pkey, "0");
    DataStore store = new DataStore(clogStore, null);
    List<com.yahoo.athenz.zms.Policy> policies = new ArrayList<>();
    com.yahoo.athenz.zms.Policy policy = new com.yahoo.athenz.zms.Policy();
    com.yahoo.athenz.zms.Assertion assertion = new com.yahoo.athenz.zms.Assertion();
    assertion.setResource("sports:role.readers");
    assertion.setAction("assume_role");
    assertion.setRole("coretech:role.readers");
    List<com.yahoo.athenz.zms.Assertion> assertions = new ArrayList<>();
    assertions.add(assertion);
    policy.setAssertions(assertions);
    policies.add(policy);
    List<Role> roles = new ArrayList<>();
    Role role = new Role();
    role.setName("coretech:role.admin");
    List<RoleMember> members = new ArrayList<>();
    members.add(new RoleMember().setMemberName("user_domain.user"));
    role.setRoleMembers(members);
    roles.add(role);
    role = new Role();
    role.setName("coretech:role.readers");
    members = new ArrayList<>();
    members.add(new RoleMember().setMemberName("user_domain.user"));
    role.setRoleMembers(members);
    roles.add(role);
    com.yahoo.athenz.zms.DomainPolicies domainPolicies = new com.yahoo.athenz.zms.DomainPolicies();
    domainPolicies.setDomain("coretech");
    domainPolicies.setPolicies(policies);
    com.yahoo.athenz.zms.SignedPolicies signedPolicies = new com.yahoo.athenz.zms.SignedPolicies();
    signedPolicies.setContents(domainPolicies);
    signedPolicies.setSignature(Crypto.sign(SignUtils.asCanonicalString(domainPolicies), pkey));
    signedPolicies.setKeyId("0");
    DomainData domainData = new DomainData();
    domainData.setName("coretech");
    domainData.setPolicies(signedPolicies);
    domainData.setRoles(roles);
    DataCache dataCache = new DataCache();
    dataCache.setDomainData(domainData);
    store.processDomainRoles(domainData, dataCache);
    assertEquals(dataCache.getMemberRoleSet("user_domain.user").size(), 2);
    assertTrue(dataCache.getMemberRoleSet("user_domain.user").contains(new MemberRole("coretech:role.admin", 0)));
    assertTrue(dataCache.getMemberRoleSet("user_domain.user").contains(new MemberRole("coretech:role.readers", 0)));
}