Examples with Role com.yahoo.athenz.zms.Role used on opensource projects

Search in sources :

Example 21 with Role

use of com.yahoo.athenz.zms.Role in project athenz by yahoo.

the class ZTSImplTest method testMatchPrincipalInRoleStdMemberNoMatch.

@Test
public void testMatchPrincipalInRoleStdMemberNoMatch() {
    Role role = createRoleObject("weather", "Role", null, "user_domain.user2", null);
    assertFalse(authorizer.matchPrincipalInRole(role, null, "user_domain.user23", null));
}
Also used : Role(com.yahoo.athenz.zms.Role) Test(org.testng.annotations.Test)

Example 22 with Role

use of com.yahoo.athenz.zms.Role in project athenz by yahoo.

the class ZTSImplTest method createSignedDomainExpiration.

private SignedDomain createSignedDomainExpiration(String domainName, String serviceName, Boolean enabled) {
    SignedDomain signedDomain = new SignedDomain();
    List<Role> roles = new ArrayList<>();
    String memberName = "user_domain.user1";
    Role role = new Role();
    role.setName(generateRoleName(domainName, "admin"));
    List<RoleMember> members = new ArrayList<RoleMember>();
    RoleMember roleMember = new RoleMember();
    roleMember.setMemberName("user_domain.adminuser");
    members.add(roleMember);
    role.setRoleMembers(members);
    roles.add(role);
    role = new Role();
    role.setName(generateRoleName(domainName, "role1"));
    members = new ArrayList<RoleMember>();
    roleMember = new RoleMember();
    roleMember.setMemberName(memberName);
    roleMember.setExpiration(Timestamp.fromMillis(System.currentTimeMillis() - 100));
    members.add(roleMember);
    role.setRoleMembers(members);
    roles.add(role);
    role = new Role();
    role.setName(generateRoleName(domainName, "role2"));
    members = new ArrayList<RoleMember>();
    roleMember = new RoleMember();
    roleMember.setMemberName(memberName);
    roleMember.setExpiration(Timestamp.fromMillis(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(1)));
    members.add(roleMember);
    role.setRoleMembers(members);
    roles.add(role);
    List<ServiceIdentity> services = new ArrayList<>();
    ServiceIdentity service = new ServiceIdentity();
    service.setName(generateServiceIdentityName(domainName, serviceName));
    setServicePublicKey(service, "0", ZTS_Y64_CERT0);
    services.add(service);
    DomainData domain = new DomainData();
    domain.setName(domainName);
    domain.setRoles(roles);
    domain.setServices(services);
    domain.setModified(Timestamp.fromCurrentTime());
    domain.setEnabled(enabled);
    signedDomain.setDomain(domain);
    signedDomain.setSignature(Crypto.sign(SignUtils.asCanonicalString(domain), privateKey));
    signedDomain.setKeyId("0");
    return signedDomain;
}
Also used : Role(com.yahoo.athenz.zms.Role) ServiceIdentity(com.yahoo.athenz.zms.ServiceIdentity) SignedDomain(com.yahoo.athenz.zms.SignedDomain) ArrayList(java.util.ArrayList) DomainData(com.yahoo.athenz.zms.DomainData) RoleMember(com.yahoo.athenz.zms.RoleMember)

Example 23 with Role

use of com.yahoo.athenz.zms.Role in project athenz by yahoo.

the class ZTSImplTest method testMatchDelegatedTrustAssertionNoMemberMatch.

@Test
public void testMatchDelegatedTrustAssertionNoMemberMatch() {
    Assertion assertion = new Assertion();
    assertion.setAction("ASSUME_ROLE");
    assertion.setEffect(AssertionEffect.ALLOW);
    assertion.setResource("*:role.Role");
    assertion.setRole("weather:role.Role");
    Role role = null;
    List<Role> roles = new ArrayList<>();
    role = createRoleObject("weather", "Role1", null, "user_domain.user1", null);
    roles.add(role);
    role = createRoleObject("weather", "Role", null, "user_domain.user2", null);
    roles.add(role);
    assertFalse(authorizer.matchDelegatedTrustAssertion(assertion, "weather:role.Role", "user_domain.user1", roles));
}
Also used : Role(com.yahoo.athenz.zms.Role) Assertion(com.yahoo.athenz.zms.Assertion) ArrayList(java.util.ArrayList) Test(org.testng.annotations.Test)

Example 24 with Role

use of com.yahoo.athenz.zms.Role in project athenz by yahoo.

the class SignUtilsTest method testAsStructRoleService.

@Test
public void testAsStructRoleService() {
    List<Role> roles = new ArrayList<Role>();
    Role mRole = Mockito.mock(Role.class);
    roles.add(mRole);
    List<String> items = new ArrayList<String>();
    String item = "check_item";
    items.add(item);
    List<ServiceIdentity> services = new ArrayList<ServiceIdentity>();
    ServiceIdentity mService = Mockito.mock(ServiceIdentity.class);
    services.add(mService);
    List<PublicKeyEntry> publicKeys = new ArrayList<PublicKeyEntry>();
    PublicKeyEntry mPublicKey = Mockito.mock(PublicKeyEntry.class);
    publicKeys.add(mPublicKey);
    SignedPolicies signedPolicies = Mockito.mock(SignedPolicies.class);
    Mockito.when(mockDomain.getEnabled()).thenReturn(null);
    Mockito.when(mockDomain.getAccount()).thenReturn("chk_string");
    Mockito.when(mockDomain.getRoles()).thenReturn(roles);
    Mockito.when(mRole.getMembers()).thenReturn(items);
    Mockito.when(mockDomain.getServices()).thenReturn(services);
    Mockito.when(mService.getHosts()).thenReturn(null);
    Mockito.when(mService.getPublicKeys()).thenReturn(publicKeys);
    Mockito.when(mockDomain.getPolicies()).thenReturn(signedPolicies);
    Mockito.when(signedPolicies.getContents()).thenReturn(mockPolicies);
    String check = SignUtils.asCanonicalString(mockDomain);
    assertNotNull(check);
    assertEquals(check, "{\"account\":\"chk_string\",\"policies\":{\"contents\":{\"policies\":[]}},\"roles\":[{\"members\":[\"check_item\"],\"roleMembers\":[]}],\"services\":[{\"publicKeys\":[{}]}],\"ypmId\":0}");
    Mockito.when(mService.getPublicKeys()).thenReturn(null);
    check = SignUtils.asCanonicalString(mockDomain);
    assertNotNull(check);
    assertEquals(check, "{\"account\":\"chk_string\",\"policies\":{\"contents\":{\"policies\":[]}},\"roles\":[{\"members\":[\"check_item\"],\"roleMembers\":[]}],\"services\":[{\"publicKeys\":[]}],\"ypmId\":0}");
}
Also used : Role(com.yahoo.athenz.zms.Role) PublicKeyEntry(com.yahoo.athenz.zms.PublicKeyEntry) SignedPolicies(com.yahoo.athenz.zms.SignedPolicies) ServiceIdentity(com.yahoo.athenz.zms.ServiceIdentity) ArrayList(java.util.ArrayList) Test(org.testng.annotations.Test)

Example 25 with Role

use of com.yahoo.athenz.zms.Role in project athenz by yahoo.

the class SignUtils method asStruct.

private static Struct asStruct(DomainData domainData) {
    // all of our fields are in canonical order based
    // on their attribute name
    Struct struct = new Struct();
    appendObject(struct, ATTR_ACCOUNT, domainData.getAccount());
    appendObject(struct, ATTR_ENABLED, domainData.getEnabled());
    appendObject(struct, ATTR_MODIFIED, domainData.getModified());
    appendObject(struct, ATTR_NAME, domainData.getName());
    SignedPolicies signedPolicies = domainData.getPolicies();
    if (signedPolicies != null) {
        Struct structSignedPolicies = new Struct();
        appendObject(structSignedPolicies, ATTR_CONTENTS, asStruct(signedPolicies.getContents()));
        appendObject(structSignedPolicies, ATTR_KEYID, signedPolicies.getKeyId());
        appendObject(struct, ATTR_POLICIES, structSignedPolicies);
        appendObject(structSignedPolicies, ATTR_SIGNATURE, signedPolicies.getSignature());
    }
    Array structRoles = new Array();
    if (domainData.getRoles() != null) {
        for (Role role : domainData.getRoles()) {
            structRoles.add(asStruct(role));
        }
    }
    appendArray(struct, ATTR_ROLES, structRoles);
    Array structServices = new Array();
    if (domainData.getServices() != null) {
        for (ServiceIdentity service : domainData.getServices()) {
            structServices.add(asStruct(service));
        }
    }
    appendArray(struct, ATTR_SERVICES, structServices);
    appendObject(struct, ATTR_YPMID, domainData.getYpmId());
    return struct;
}
Also used : SignedPolicies(com.yahoo.athenz.zms.SignedPolicies) Array(com.yahoo.rdl.Array) Role(com.yahoo.athenz.zms.Role) ServiceIdentity(com.yahoo.athenz.zms.ServiceIdentity) Struct(com.yahoo.rdl.Struct)

Aggregations

Role (com.yahoo.athenz.zms.Role)94 Test (org.testng.annotations.Test)57 RoleMember (com.yahoo.athenz.zms.RoleMember)47 ArrayList (java.util.ArrayList)47 DomainData (com.yahoo.athenz.zms.DomainData)32 DataCache (com.yahoo.athenz.zts.cache.DataCache)31 PrincipalRole (com.yahoo.athenz.zms.PrincipalRole)27 Policy (com.yahoo.athenz.zms.Policy)22 SignedDomain (com.yahoo.athenz.zms.SignedDomain)22 Assertion (com.yahoo.athenz.zms.Assertion)20 MemberRole (com.yahoo.athenz.zts.cache.MemberRole)19 JDBCConnection (com.yahoo.athenz.zms.store.jdbc.JDBCConnection)14 MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)13 ZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)12 ServiceIdentity (com.yahoo.athenz.zms.ServiceIdentity)11 SQLException (java.sql.SQLException)9 HashMap (java.util.HashMap)8 ResourceException (com.yahoo.athenz.zms.ResourceException)7 Domain (com.yahoo.athenz.zms.Domain)6 File (java.io.File)6
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial