Examples with RoleMember com.yahoo.athenz.zms.RoleMember used on opensource projects

Search in sources :

Example 6 with RoleMember

use of com.yahoo.athenz.zms.RoleMember in project athenz by yahoo.

the class JDBCConnectionTest method testInsertRoleMemberUpdate.

@Test
public void testInsertRoleMemberUpdate() throws Exception {
    JDBCConnection jdbcConn = new JDBCConnection(mockConn, true);
    Mockito.when(mockResultSet.getInt(1)).thenReturn(// domain id
    5).thenReturn(// role id
    7).thenReturn(// principal id
    9);
    Mockito.when(mockResultSet.next()).thenReturn(// this one is for domain id
    true).thenReturn(// this one is for role id
    true).thenReturn(// validate principle domain
    true).thenReturn(// principal id
    true).thenReturn(// member exists
    true);
    Mockito.doReturn(1).when(mockPrepStmt).executeUpdate();
    RoleMember roleMember = new RoleMember().setMemberName("user.user1");
    Timestamp expiration = Timestamp.fromCurrentTime();
    roleMember.setExpiration(expiration);
    java.sql.Timestamp javaExpiration = new java.sql.Timestamp(expiration.toDate().getTime());
    boolean requestSuccess = jdbcConn.insertRoleMember("my-domain", "role1", roleMember, "user.admin", "audit-ref");
    // this is combined for all operations above
    Mockito.verify(mockPrepStmt, times(1)).setString(1, "my-domain");
    Mockito.verify(mockPrepStmt, times(1)).setInt(1, 5);
    Mockito.verify(mockPrepStmt, times(1)).setString(2, "role1");
    Mockito.verify(mockPrepStmt, times(1)).setString(1, "user.user1");
    // we need additional operation for the audit log
    Mockito.verify(mockPrepStmt, times(2)).setInt(1, 7);
    Mockito.verify(mockPrepStmt, times(1)).setInt(2, 9);
    // update operation
    Mockito.verify(mockPrepStmt, times(1)).setTimestamp(1, javaExpiration);
    Mockito.verify(mockPrepStmt, times(1)).setInt(2, 7);
    Mockito.verify(mockPrepStmt, times(1)).setInt(3, 9);
    // the rest of the audit log details
    Mockito.verify(mockPrepStmt, times(1)).setString(2, "user.admin");
    Mockito.verify(mockPrepStmt, times(1)).setString(3, "user.user1");
    Mockito.verify(mockPrepStmt, times(1)).setString(4, "UPDATE");
    Mockito.verify(mockPrepStmt, times(1)).setString(5, "audit-ref");
    assertTrue(requestSuccess);
    jdbcConn.close();
}
Also used : Timestamp(com.yahoo.rdl.Timestamp) JDBCConnection(com.yahoo.athenz.zms.store.jdbc.JDBCConnection) RoleMember(com.yahoo.athenz.zms.RoleMember) Test(org.testng.annotations.Test)

Example 7 with RoleMember

use of com.yahoo.athenz.zms.RoleMember in project athenz by yahoo.

the class JDBCConnectionTest method testInsertRoleMemberNewPrincipal.

@Test
public void testInsertRoleMemberNewPrincipal() throws Exception {
    JDBCConnection jdbcConn = new JDBCConnection(mockConn, true);
    Mockito.when(mockResultSet.getInt(1)).thenReturn(// domain id
    5).thenReturn(// role id
    7).thenReturn(// principal domain id
    8).thenReturn(// principal id
    9);
    Mockito.when(mockResultSet.next()).thenReturn(// this one is for domain id
    true).thenReturn(// this one is for role id
    true).thenReturn(// this one is for valid principal domain
    true).thenReturn(// principal does not exist
    false).thenReturn(// get last id (for new principal)
    true).thenReturn(// role member exists
    false);
    Mockito.doReturn(1).when(mockPrepStmt).executeUpdate();
    boolean requestSuccess = jdbcConn.insertRoleMember("my-domain", "role1", new RoleMember().setMemberName("user.user1"), "user.admin", "audit-ref");
    // this is combined for all operations above
    Mockito.verify(mockPrepStmt, times(1)).setString(1, "my-domain");
    Mockito.verify(mockPrepStmt, times(1)).setInt(1, 5);
    Mockito.verify(mockPrepStmt, times(1)).setString(2, "role1");
    Mockito.verify(mockPrepStmt, times(1)).setString(1, "user");
    // we're going to have 2 sets of operations for principal name
    Mockito.verify(mockPrepStmt, times(2)).setString(1, "user.user1");
    // we need additional operation for the audit log
    // additional operation to check for roleMember exist using roleID and principal ID.
    Mockito.verify(mockPrepStmt, times(3)).setInt(1, 7);
    Mockito.verify(mockPrepStmt, times(2)).setInt(2, 9);
    // the rest of the audit log details
    Mockito.verify(mockPrepStmt, times(1)).setString(2, "user.admin");
    Mockito.verify(mockPrepStmt, times(1)).setString(3, "user.user1");
    Mockito.verify(mockPrepStmt, times(1)).setString(4, "ADD");
    Mockito.verify(mockPrepStmt, times(1)).setString(5, "audit-ref");
    assertTrue(requestSuccess);
    jdbcConn.close();
}
Also used : JDBCConnection(com.yahoo.athenz.zms.store.jdbc.JDBCConnection) RoleMember(com.yahoo.athenz.zms.RoleMember) Test(org.testng.annotations.Test)

Example 8 with RoleMember

use of com.yahoo.athenz.zms.RoleMember in project athenz by yahoo.

the class JDBCConnectionTest method testInsertRoleMemberNewPrincipalFailure.

@Test
public void testInsertRoleMemberNewPrincipalFailure() throws Exception {
    JDBCConnection jdbcConn = new JDBCConnection(mockConn, true);
    Mockito.when(mockResultSet.getInt(1)).thenReturn(// domain id
    5).thenReturn(// role id
    7).thenReturn(// principal domain id
    8).thenReturn(// principal id
    9);
    Mockito.when(mockResultSet.next()).thenReturn(// this one is for domain id
    true).thenReturn(// this one is for role id
    true).thenReturn(// this one is for valid principal domain
    true).thenReturn(// principal does not exist
    false);
    // principal add returns 0
    Mockito.doReturn(0).when(mockPrepStmt).executeUpdate();
    try {
        jdbcConn.insertRoleMember("my-domain", "role1", new RoleMember().setMemberName("user.user1"), "user.admin", "audit-ref");
        fail();
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), 500);
    }
    jdbcConn.close();
}
Also used : ResourceException(com.yahoo.athenz.zms.ResourceException) JDBCConnection(com.yahoo.athenz.zms.store.jdbc.JDBCConnection) RoleMember(com.yahoo.athenz.zms.RoleMember) Test(org.testng.annotations.Test)

Example 9 with RoleMember

use of com.yahoo.athenz.zms.RoleMember in project athenz by yahoo.

the class DataStoreTest method createTenantSignedDomain.

private SignedDomain createTenantSignedDomain(String domainName, String providerDomain) {
    SignedDomain signedDomain = new SignedDomain();
    List<Role> roles = new ArrayList<>();
    Role role = new Role();
    role.setName(domainName + ":role.admin");
    List<RoleMember> members = new ArrayList<>();
    members.add(new RoleMember().setMemberName("user_domain.user"));
    role.setRoleMembers(members);
    roles.add(role);
    role = new Role();
    role.setName(domainName + ":role.readers");
    members = new ArrayList<>();
    members.add(new RoleMember().setMemberName("user_domain.user100"));
    members.add(new RoleMember().setMemberName("user_domain.user101"));
    role.setRoleMembers(members);
    roles.add(role);
    List<com.yahoo.athenz.zms.Policy> policies = new ArrayList<>();
    com.yahoo.athenz.zms.Policy policy = new com.yahoo.athenz.zms.Policy();
    com.yahoo.athenz.zms.Assertion assertion = new com.yahoo.athenz.zms.Assertion();
    assertion.setResource(providerDomain + ":role.tenant.readers");
    assertion.setAction("assume_role");
    assertion.setRole(domainName + ":role.readers");
    List<com.yahoo.athenz.zms.Assertion> assertions = new ArrayList<>();
    assertions.add(assertion);
    policy.setAssertions(assertions);
    policy.setName(domainName + ":policy.tenancy.readers");
    policies.add(policy);
    ServiceIdentity service = new ServiceIdentity();
    service.setName(domainName + ".storage");
    setServicePublicKey(service, "0", "abcdefgh");
    List<String> hosts = new ArrayList<>();
    hosts.add("host1");
    service.setHosts(hosts);
    List<ServiceIdentity> services = new ArrayList<>();
    services.add(service);
    com.yahoo.athenz.zms.DomainPolicies domainPolicies = new com.yahoo.athenz.zms.DomainPolicies();
    domainPolicies.setDomain(domainName);
    domainPolicies.setPolicies(policies);
    com.yahoo.athenz.zms.SignedPolicies signedPolicies = new com.yahoo.athenz.zms.SignedPolicies();
    signedPolicies.setContents(domainPolicies);
    signedPolicies.setSignature(Crypto.sign(SignUtils.asCanonicalString(domainPolicies), pkey));
    signedPolicies.setKeyId("0");
    DomainData domain = new DomainData();
    domain.setName(domainName);
    domain.setRoles(roles);
    domain.setServices(services);
    domain.setPolicies(signedPolicies);
    signedDomain.setDomain(domain);
    signedDomain.setSignature(Crypto.sign(SignUtils.asCanonicalString(domain), pkey));
    signedDomain.setKeyId("0");
    return signedDomain;
}
Also used : ArrayList(java.util.ArrayList) DomainData(com.yahoo.athenz.zms.DomainData) SignedDomain(com.yahoo.athenz.zms.SignedDomain) ServiceIdentity(com.yahoo.athenz.zms.ServiceIdentity) Role(com.yahoo.athenz.zms.Role) MemberRole(com.yahoo.athenz.zts.cache.MemberRole) RoleMember(com.yahoo.athenz.zms.RoleMember)

Example 10 with RoleMember

use of com.yahoo.athenz.zms.RoleMember in project athenz by yahoo.

the class DataStoreTest method createSignedDomainWildCardMembers.

private SignedDomain createSignedDomainWildCardMembers(String domainName, String tenantDomain) {
    SignedDomain signedDomain = new SignedDomain();
    List<Role> roles = new ArrayList<>();
    Role role = new Role();
    role.setName(domainName + ":role.admin");
    List<RoleMember> members = new ArrayList<>();
    members.add(new RoleMember().setMemberName("user_domain.user"));
    role.setRoleMembers(members);
    roles.add(role);
    role = new Role();
    role.setName(domainName + ":role.writers");
    members = new ArrayList<>();
    members.add(new RoleMember().setMemberName("user_domain.user*"));
    members.add(new RoleMember().setMemberName("user_domain.user1"));
    role.setRoleMembers(members);
    roles.add(role);
    role = new Role();
    role.setName(domainName + ":role.readers");
    members = new ArrayList<>();
    members.add(new RoleMember().setMemberName("user_domain.user3"));
    members.add(new RoleMember().setMemberName("user_domain.user4"));
    role.setRoleMembers(members);
    roles.add(role);
    role = new Role();
    role.setName(domainName + ":role.all");
    members = new ArrayList<>();
    members.add(new RoleMember().setMemberName("*"));
    role.setRoleMembers(members);
    roles.add(role);
    role = new Role();
    role.setName(domainName + ":role.tenant.readers");
    role.setTrust(tenantDomain);
    roles.add(role);
    List<com.yahoo.athenz.zms.Policy> policies = new ArrayList<>();
    com.yahoo.athenz.zms.Policy policy = new com.yahoo.athenz.zms.Policy();
    com.yahoo.athenz.zms.Assertion assertion = new com.yahoo.athenz.zms.Assertion();
    assertion.setResource(domainName + ":tenant.weather.*");
    assertion.setAction("read");
    assertion.setRole(domainName + ":role.tenant.readers");
    List<com.yahoo.athenz.zms.Assertion> assertions = new ArrayList<>();
    assertions.add(assertion);
    policy.setAssertions(assertions);
    policy.setName(domainName + ":policy.tenant.reader");
    policies.add(policy);
    ServiceIdentity service = new ServiceIdentity();
    service.setName(domainName + ".storage");
    setServicePublicKey(service, "0", "abcdefgh");
    List<String> hosts = new ArrayList<>();
    hosts.add("host1");
    service.setHosts(hosts);
    List<ServiceIdentity> services = new ArrayList<>();
    services.add(service);
    com.yahoo.athenz.zms.DomainPolicies domainPolicies = new com.yahoo.athenz.zms.DomainPolicies();
    domainPolicies.setDomain(domainName);
    domainPolicies.setPolicies(policies);
    com.yahoo.athenz.zms.SignedPolicies signedPolicies = new com.yahoo.athenz.zms.SignedPolicies();
    signedPolicies.setContents(domainPolicies);
    signedPolicies.setSignature(Crypto.sign(SignUtils.asCanonicalString(domainPolicies), pkey));
    signedPolicies.setKeyId("0");
    DomainData domain = new DomainData();
    domain.setName(domainName);
    domain.setRoles(roles);
    domain.setServices(services);
    domain.setPolicies(signedPolicies);
    signedDomain.setDomain(domain);
    signedDomain.setSignature(Crypto.sign(SignUtils.asCanonicalString(domain), pkey));
    signedDomain.setKeyId("0");
    return signedDomain;
}
Also used : ArrayList(java.util.ArrayList) DomainData(com.yahoo.athenz.zms.DomainData) SignedDomain(com.yahoo.athenz.zms.SignedDomain) ServiceIdentity(com.yahoo.athenz.zms.ServiceIdentity) Role(com.yahoo.athenz.zms.Role) MemberRole(com.yahoo.athenz.zts.cache.MemberRole) RoleMember(com.yahoo.athenz.zms.RoleMember)

Aggregations

RoleMember (com.yahoo.athenz.zms.RoleMember)65 ArrayList (java.util.ArrayList)48 Role (com.yahoo.athenz.zms.Role)47 Test (org.testng.annotations.Test)35 SignedDomain (com.yahoo.athenz.zms.SignedDomain)26 DomainData (com.yahoo.athenz.zms.DomainData)25 DataCache (com.yahoo.athenz.zts.cache.DataCache)23 MemberRole (com.yahoo.athenz.zts.cache.MemberRole)18 Policy (com.yahoo.athenz.zms.Policy)13 MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)13 Assertion (com.yahoo.athenz.zms.Assertion)12 ZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)12 PrincipalRole (com.yahoo.athenz.zms.PrincipalRole)9 ServiceIdentity (com.yahoo.athenz.zms.ServiceIdentity)8 HashSet (java.util.HashSet)7 JDBCConnection (com.yahoo.athenz.zms.store.jdbc.JDBCConnection)6 File (java.io.File)6 HashMap (java.util.HashMap)6 Domain (com.yahoo.athenz.zms.Domain)5 Set (java.util.Set)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial