Examples with RoleMember com.yahoo.athenz.zms.RoleMember used on opensource projects

Search in sources :

Example 31 with RoleMember

use of com.yahoo.athenz.zms.RoleMember in project athenz by yahoo.

the class FileConnection method insertRoleMember.

@Override
public boolean insertRoleMember(String domainName, String roleName, RoleMember member, String admin, String auditRef) {
    DomainStruct domainStruct = getDomainStruct(domainName);
    if (domainStruct == null) {
        throw ZMSUtils.error(ResourceException.NOT_FOUND, "domain not found", "insertRoleMember");
    }
    Role role = getRoleObject(domainStruct, roleName);
    if (role == null) {
        throw ZMSUtils.error(ResourceException.NOT_FOUND, "role not found", "insertRoleMember");
    }
    if (!validatePrincipalDomain(member.getMemberName())) {
        throw ZMSUtils.error(ResourceException.NOT_FOUND, "principal domain not found", "insertRoleMember");
    }
    // and if it doesn't exist then create one
    if (role.getRoleMembers() == null) {
        role.setRoleMembers(new ArrayList<RoleMember>());
    }
    // need to check if the member already exists
    boolean entryUpdated = false;
    for (RoleMember roleMember : role.getRoleMembers()) {
        if (roleMember.getMemberName().equals(member.getMemberName())) {
            roleMember.setExpiration(member.getExpiration());
            entryUpdated = true;
        }
    }
    if (!entryUpdated) {
        role.getRoleMembers().add(member);
    }
    putDomainStruct(domainName, domainStruct);
    return true;
}
Also used : Role(com.yahoo.athenz.zms.Role) PrincipalRole(com.yahoo.athenz.zms.PrincipalRole) RoleMember(com.yahoo.athenz.zms.RoleMember)

Example 32 with RoleMember

use of com.yahoo.athenz.zms.RoleMember in project athenz by yahoo.

the class FileConnection method lookupDomainByRole.

@Override
public List<String> lookupDomainByRole(String roleMember, String roleName) {
    boolean memberPresent = (roleMember != null && !roleMember.isEmpty());
    boolean rolePresent = (roleName != null && !roleName.isEmpty());
    // first get the list of domains
    Set<String> uniqueDomains = new HashSet<>();
    List<String> domainNames = listDomains(null, 0);
    for (String domainName : domainNames) {
        DomainStruct domainStruct = getDomainStruct(domainName);
        if (domainStruct == null) {
            continue;
        }
        if (rolePresent || memberPresent) {
            if (rolePresent) {
                Role role = getRoleObject(domainStruct, roleName);
                if (role == null) {
                    continue;
                }
                if (memberPresent) {
                    List<RoleMember> roleMembers = role.getRoleMembers();
                    if (roleMembers != null) {
                        for (RoleMember member : roleMembers) {
                            if (member.getMemberName().equalsIgnoreCase(roleMember)) {
                                uniqueDomains.add(domainName);
                                break;
                            }
                        }
                    }
                } else {
                    uniqueDomains.add(domainName);
                }
            } else {
                HashMap<String, Role> roles = domainStruct.getRoles();
                if (roles != null) {
                    for (Role role : roles.values()) {
                        boolean roleMemberFound = false;
                        if (role.getRoleMembers() != null) {
                            for (RoleMember member : role.getRoleMembers()) {
                                if (member.getMemberName().equals(roleMember)) {
                                    uniqueDomains.add(domainName);
                                    roleMemberFound = true;
                                    break;
                                }
                            }
                            if (roleMemberFound) {
                                break;
                            }
                        }
                    }
                }
            }
        } else {
            uniqueDomains.add(domainName);
        }
    }
    List<String> matchedDomains = new ArrayList<>(uniqueDomains);
    Collections.sort(matchedDomains);
    return matchedDomains;
}
Also used : Role(com.yahoo.athenz.zms.Role) PrincipalRole(com.yahoo.athenz.zms.PrincipalRole) ArrayList(java.util.ArrayList) RoleMember(com.yahoo.athenz.zms.RoleMember) HashSet(java.util.HashSet)

Example 33 with RoleMember

use of com.yahoo.athenz.zms.RoleMember in project athenz by yahoo.

the class ZTSImplTest method signedAuthorizedProviderDomain.

private SignedDomain signedAuthorizedProviderDomain() {
    SignedDomain signedDomain = new SignedDomain();
    List<Role> roles = new ArrayList<>();
    Role role = new Role();
    role.setName(generateRoleName("sys.auth", "providers"));
    List<RoleMember> members = new ArrayList<>();
    members.add(new RoleMember().setMemberName("athenz.provider"));
    role.setRoleMembers(members);
    roles.add(role);
    List<com.yahoo.athenz.zms.Policy> policies = new ArrayList<>();
    com.yahoo.athenz.zms.Policy policy = new com.yahoo.athenz.zms.Policy();
    com.yahoo.athenz.zms.Assertion assertion1 = new com.yahoo.athenz.zms.Assertion();
    assertion1.setResource("sys.auth:instance");
    assertion1.setAction("launch");
    assertion1.setRole("sys.auth:role.providers");
    com.yahoo.athenz.zms.Assertion assertion2 = new com.yahoo.athenz.zms.Assertion();
    assertion2.setResource("sys.auth:dns.ostk.athenz.cloud");
    assertion2.setAction("launch");
    assertion2.setRole("sys.auth:role.providers");
    List<com.yahoo.athenz.zms.Assertion> assertions = new ArrayList<>();
    assertions.add(assertion1);
    assertions.add(assertion2);
    policy.setAssertions(assertions);
    policy.setName("sys.auth:policy.providers");
    policies.add(policy);
    com.yahoo.athenz.zms.DomainPolicies domainPolicies = new com.yahoo.athenz.zms.DomainPolicies();
    domainPolicies.setDomain("sys.auth");
    domainPolicies.setPolicies(policies);
    com.yahoo.athenz.zms.SignedPolicies signedPolicies = new com.yahoo.athenz.zms.SignedPolicies();
    signedPolicies.setContents(domainPolicies);
    signedPolicies.setSignature(Crypto.sign(SignUtils.asCanonicalString(domainPolicies), privateKey));
    signedPolicies.setKeyId("0");
    DomainData domain = new DomainData();
    domain.setName("sys.auth");
    domain.setRoles(roles);
    domain.setPolicies(signedPolicies);
    domain.setModified(Timestamp.fromCurrentTime());
    signedDomain.setDomain(domain);
    signedDomain.setSignature(Crypto.sign(SignUtils.asCanonicalString(domain), privateKey));
    signedDomain.setKeyId("0");
    return signedDomain;
}
Also used : Policy(com.yahoo.athenz.zms.Policy) Policy(com.yahoo.athenz.zms.Policy) ArrayList(java.util.ArrayList) Assertion(com.yahoo.athenz.zms.Assertion) DomainData(com.yahoo.athenz.zms.DomainData) Assertion(com.yahoo.athenz.zms.Assertion) Role(com.yahoo.athenz.zms.Role) SignedDomain(com.yahoo.athenz.zms.SignedDomain) RoleMember(com.yahoo.athenz.zms.RoleMember)

Example 34 with RoleMember

use of com.yahoo.athenz.zms.RoleMember in project athenz by yahoo.

the class ZTSImplTest method createTenantSignedDomainWildCard.

private SignedDomain createTenantSignedDomainWildCard(String domainName, String providerDomain) {
    SignedDomain signedDomain = new SignedDomain();
    List<Role> roles = new ArrayList<>();
    Role role = new Role();
    role.setName(generateRoleName(domainName, "superusers"));
    List<RoleMember> members = new ArrayList<>();
    members.add(new RoleMember().setMemberName("user_domain.siteops_user_1"));
    role.setRoleMembers(members);
    roles.add(role);
    role = new Role();
    role.setName(generateRoleName(domainName, "users"));
    roles.add(role);
    List<com.yahoo.athenz.zms.Policy> policies = new ArrayList<>();
    com.yahoo.athenz.zms.Policy policy = new com.yahoo.athenz.zms.Policy();
    com.yahoo.athenz.zms.Assertion assertion = new com.yahoo.athenz.zms.Assertion();
    assertion.setResource("*:role.netops_superusers");
    assertion.setAction("assume_role");
    assertion.setRole(generateRoleName(domainName, "superusers"));
    List<com.yahoo.athenz.zms.Assertion> assertions = new ArrayList<>();
    assertions.add(assertion);
    policy.setAssertions(assertions);
    policy.setName(generatePolicyName(domainName, "netops_superusers"));
    policies.add(policy);
    policy = new com.yahoo.athenz.zms.Policy();
    assertion = new com.yahoo.athenz.zms.Assertion();
    assertion.setResource(domainName + "netops:node.*");
    assertion.setAction("node_user");
    assertion.setRole(generateRoleName(domainName, "users"));
    assertions = new ArrayList<>();
    assertions.add(assertion);
    policy.setAssertions(assertions);
    policy.setName(generatePolicyName(domainName, "users"));
    policies.add(policy);
    policy = new com.yahoo.athenz.zms.Policy();
    assertion = new com.yahoo.athenz.zms.Assertion();
    assertion.setResource(domainName + "netops:node.*");
    assertion.setAction("node_sudo");
    assertion.setRole(generateRoleName(domainName, "superusers"));
    assertions = new ArrayList<>();
    assertions.add(assertion);
    policy.setAssertions(assertions);
    policy.setName(generatePolicyName(domainName, "superusers"));
    policies.add(policy);
    com.yahoo.athenz.zms.DomainPolicies domainPolicies = new com.yahoo.athenz.zms.DomainPolicies();
    domainPolicies.setDomain(domainName);
    domainPolicies.setPolicies(policies);
    com.yahoo.athenz.zms.SignedPolicies signedPolicies = new com.yahoo.athenz.zms.SignedPolicies();
    signedPolicies.setContents(domainPolicies);
    signedPolicies.setSignature(Crypto.sign(SignUtils.asCanonicalString(domainPolicies), privateKey));
    signedPolicies.setKeyId("0");
    DomainData domain = new DomainData();
    domain.setName(domainName);
    domain.setRoles(roles);
    domain.setPolicies(signedPolicies);
    signedDomain.setDomain(domain);
    signedDomain.setSignature(Crypto.sign(SignUtils.asCanonicalString(domain), privateKey));
    signedDomain.setKeyId("0");
    return signedDomain;
}
Also used : Policy(com.yahoo.athenz.zms.Policy) Policy(com.yahoo.athenz.zms.Policy) ArrayList(java.util.ArrayList) Assertion(com.yahoo.athenz.zms.Assertion) DomainData(com.yahoo.athenz.zms.DomainData) Assertion(com.yahoo.athenz.zms.Assertion) Role(com.yahoo.athenz.zms.Role) SignedDomain(com.yahoo.athenz.zms.SignedDomain) RoleMember(com.yahoo.athenz.zms.RoleMember)

Example 35 with RoleMember

use of com.yahoo.athenz.zms.RoleMember in project athenz by yahoo.

the class ZTSImplTest method testGetRoleTokenProxyUserMismatchRolesIntersection.

@Test
public void testGetRoleTokenProxyUserMismatchRolesIntersection() {
    List<RoleMember> writers = new ArrayList<>();
    writers.add(new RoleMember().setMemberName("user_domain.proxy-user1"));
    writers.add(new RoleMember().setMemberName("user_domain.joe"));
    List<RoleMember> readers = new ArrayList<>();
    readers.add(new RoleMember().setMemberName("user_domain.proxy-user2"));
    readers.add(new RoleMember().setMemberName("user_domain.jane"));
    readers.add(new RoleMember().setMemberName("user_domain.proxy-user1"));
    SignedDomain signedDomain = createSignedDomain("coretech-proxy3", "weather-proxy3", "storage", writers, readers, true);
    store.processDomain(signedDomain, false);
    Principal principal = SimplePrincipal.create("user_domain", "proxy-user1", "v=U1;d=user_domain;n=proxy-user1;s=sig", 0, null);
    ResourceContext context = createResourceContext(principal);
    RoleToken roleToken = zts.getRoleToken(context, "coretech-proxy3", null, Integer.valueOf(600), Integer.valueOf(1200), "user_domain.joe");
    com.yahoo.athenz.auth.token.RoleToken token = new com.yahoo.athenz.auth.token.RoleToken(roleToken.getToken());
    assertEquals(token.getRoles().size(), 1);
    assertTrue(token.getRoles().contains("writers"));
}
Also used : ArrayList(java.util.ArrayList) SignedDomain(com.yahoo.athenz.zms.SignedDomain) RoleMember(com.yahoo.athenz.zms.RoleMember) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Aggregations

RoleMember (com.yahoo.athenz.zms.RoleMember)65 ArrayList (java.util.ArrayList)48 Role (com.yahoo.athenz.zms.Role)47 Test (org.testng.annotations.Test)35 SignedDomain (com.yahoo.athenz.zms.SignedDomain)26 DomainData (com.yahoo.athenz.zms.DomainData)25 DataCache (com.yahoo.athenz.zts.cache.DataCache)23 MemberRole (com.yahoo.athenz.zts.cache.MemberRole)18 Policy (com.yahoo.athenz.zms.Policy)13 MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)13 Assertion (com.yahoo.athenz.zms.Assertion)12 ZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)12 PrincipalRole (com.yahoo.athenz.zms.PrincipalRole)9 ServiceIdentity (com.yahoo.athenz.zms.ServiceIdentity)8 HashSet (java.util.HashSet)7 JDBCConnection (com.yahoo.athenz.zms.store.jdbc.JDBCConnection)6 File (java.io.File)6 HashMap (java.util.HashMap)6 Domain (com.yahoo.athenz.zms.Domain)5 Set (java.util.Set)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial