use of com.yahoo.athenz.zms.SignedDomain in project athenz by yahoo.
the class S3ChangeLogStoreTest method testGetUpdatedSignedDomainsWithChange.
@Test
public void testGetUpdatedSignedDomainsWithChange() throws FileNotFoundException {
MockS3ChangeLogStore store = new MockS3ChangeLogStore(null);
ArrayList<S3ObjectSummary> objectList = new ArrayList<>();
S3ObjectSummary objectSummary = new S3ObjectSummary();
objectSummary.setKey("iaas");
objectSummary.setLastModified(new Date(100));
objectList.add(objectSummary);
objectSummary = new S3ObjectSummary();
objectSummary.setKey("iaas.athenz");
objectSummary.setLastModified(new Date(200));
objectList.add(objectSummary);
ObjectListing objectListing = mock(ObjectListing.class);
when(objectListing.getObjectSummaries()).thenReturn(objectList);
when(objectListing.isTruncated()).thenReturn(false);
when(store.awsS3Client.listObjects(any(ListObjectsRequest.class))).thenReturn(objectListing);
InputStream is = new FileInputStream("src/test/resources/iaas.json");
MockS3ObjectInputStream s3Is = new MockS3ObjectInputStream(is, null);
S3Object object = mock(S3Object.class);
when(object.getObjectContent()).thenReturn(s3Is);
when(store.awsS3Client.getObject("athenz-domain-sys.auth", "iaas")).thenReturn(object);
when(store.awsS3Client.getObject("athenz-domain-sys.auth", "iaas.athenz")).thenReturn(object);
// set the last modification time to return one of the domains
store.lastModTime = (new Date(150)).getTime();
StringBuilder lastModTimeBuffer = new StringBuilder(512);
SignedDomains signedDomains = store.getUpdatedSignedDomains(lastModTimeBuffer);
assertTrue(lastModTimeBuffer.length() > 0);
List<SignedDomain> domainList = signedDomains.getDomains();
assertEquals(domainList.size(), 1);
DomainData domainData = domainList.get(0).getDomain();
assertNotNull(domainData);
assertEquals(domainData.getName(), "iaas");
}
use of com.yahoo.athenz.zms.SignedDomain in project athenz by yahoo.
the class DataStoreTest method testProcessDomainUpdatesFromZMSWithUpdater.
@Test
public void testProcessDomainUpdatesFromZMSWithUpdater() {
ChangeLogStore clogStore = new MockZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", pkey, "0");
DataStore store = new DataStore(clogStore, null);
((MockZMSFileChangeLogStore) store.changeLogStore).setTagHeader("2014-01-01T12:00:00");
store.loadZMSPublicKeys();
SignedDomain signedDomain = createSignedDomain("coretech", "weather");
store.processDomain(signedDomain, true);
List<SignedDomain> domains = new ArrayList<>();
/* we're going to create a new domain */
signedDomain = createSignedDomain("sports", "weather");
domains.add(signedDomain);
/* we're going to update the coretech domain and set new roles */
signedDomain = createSignedDomain("coretech", "weather");
Role role = new Role();
role.setName("coretech:role.admin");
List<RoleMember> members = new ArrayList<>();
members.add(new RoleMember().setMemberName("user_domain.user8"));
role.setRoleMembers(members);
List<Role> roles = new ArrayList<>();
roles.add(role);
signedDomain.getDomain().setRoles(roles);
signedDomain.setSignature(Crypto.sign(SignUtils.asCanonicalString(signedDomain.getDomain()), pkey));
domains.add(signedDomain);
SignedDomains signedDomains = new SignedDomains();
signedDomains.setDomains(domains);
((MockZMSFileChangeLogStore) store.changeLogStore).setSignedDomains(signedDomains);
store.lastDeleteRunTime = System.currentTimeMillis() - 24 * 60 * 60;
DataUpdater updater = store.new DataUpdater();
updater.run();
Set<String> accessibleRoles = new HashSet<>();
DataCache data = store.getDataCache("coretech");
store.getAccessibleRoles(data, "coretech", "user_domain.user1", null, accessibleRoles, false);
assertEquals(accessibleRoles.size(), 0);
accessibleRoles = new HashSet<>();
store.getAccessibleRoles(data, "coretech", "user_domain.user8", null, accessibleRoles, false);
assertEquals(accessibleRoles.size(), 1);
assertTrue(accessibleRoles.contains("admin"));
accessibleRoles = new HashSet<>();
data = store.getDataCache("sports");
store.getAccessibleRoles(data, "sports", "user_domain.user", null, accessibleRoles, false);
assertEquals(accessibleRoles.size(), 2);
assertTrue(accessibleRoles.contains("admin"));
assertTrue(accessibleRoles.contains("writers"));
}
use of com.yahoo.athenz.zms.SignedDomain in project athenz by yahoo.
the class ZMSFileChangeLogStoreTest method getSignedDomainListOneBadDomain.
@Test
public void getSignedDomainListOneBadDomain() {
ZMSFileChangeLogStore fstore = new ZMSFileChangeLogStore(FSTORE_PATH, null, null);
ZMSClient zmsClient = Mockito.mock(ZMSClient.class);
DomainData domData1 = new DomainData().setName("athenz");
SignedDomain domain1 = new SignedDomain().setDomain(domData1);
DomainData domData2 = new DomainData().setName("sports");
SignedDomain domain2 = new SignedDomain().setDomain(domData2);
List<SignedDomain> domains = new ArrayList<>();
domains.add(domain1);
domains.add(domain2);
SignedDomains domainList = new SignedDomains().setDomains(domains);
List<SignedDomain> mockDomains = new ArrayList<>();
mockDomains.add(domain1);
SignedDomains mockDomainList = new SignedDomains().setDomains(mockDomains);
Mockito.when(zmsClient.getSignedDomains("athenz", null, null, null)).thenReturn(mockDomainList);
Mockito.when(zmsClient.getSignedDomains("sports", null, null, null)).thenReturn(null);
List<SignedDomain> returnList = fstore.getSignedDomainList(zmsClient, domainList);
assertEquals(returnList.size(), 1);
assertEquals(returnList.get(0).getDomain().getName(), "athenz");
}
use of com.yahoo.athenz.zms.SignedDomain in project athenz by yahoo.
the class ZTSImplTest method testGetRoleTokenInvalidDomainAuditLog.
@Test
public void testGetRoleTokenInvalidDomainAuditLog() {
HttpServletRequest servletRequest = Mockito.mock(HttpServletRequest.class);
Mockito.when(servletRequest.getRemoteAddr()).thenReturn("55.88.77.66");
Mockito.when(servletRequest.isSecure()).thenReturn(true);
final java.util.Set<String> aLogMsgs = new java.util.HashSet<String>();
AuditLogger alogger = new AuditLogger() {
public void log(String logMsg, String msgVersionTag) {
aLogMsgs.add(logMsg);
}
public void log(AuditLogMsgBuilder msgBldr) {
String msg = msgBldr.build();
aLogMsgs.add(msg);
}
@Override
public AuditLogMsgBuilder getMsgBuilder() {
return new DefaultAuditLogMsgBuilder();
}
};
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
DataStore store = new DataStore(structStore, null);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
ztsImpl.auditLogger = alogger;
ZTSImpl.serverHostName = "localhost";
SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", true);
store.processDomain(signedDomain, false);
Principal principal = SimplePrincipal.create("user_domain", "user", "v=U1;d=user_domain;n=user;s=signature", 0, null);
ResourceContext context = createResourceContext(principal, servletRequest);
try {
ztsImpl.getRoleToken(context, "invalidDomain", null, Integer.valueOf(600), Integer.valueOf(1200), null);
fail();
} catch (ResourceException ex) {
assertEquals(ex.getCode(), 404);
}
for (String msg : aLogMsgs) {
assertTrue(msg.contains("ERROR=(No Such Domain)"));
assertTrue(msg.contains("CLIENT-IP=(55.88.77.66)"));
assertTrue(msg.contains("WHO=(who-name=user,who-domain=user_domain,who-fullname=user_domain.user)"));
break;
}
}
use of com.yahoo.athenz.zms.SignedDomain in project athenz by yahoo.
the class ZTSImplTest method testGetServiceIdentityListInvalidDomain.
@Test
public void testGetServiceIdentityListInvalidDomain() {
SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", true);
store.processDomain(signedDomain, false);
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("hockey", "kings", "v=S1,d=hockey;n=kings;s=sig", 0, new PrincipalAuthority());
ResourceContext context = createResourceContext(principal);
try {
@SuppressWarnings("unused") com.yahoo.athenz.zts.ServiceIdentityList svcList = zts.getServiceIdentityList(context, "testDomain2");
fail();
} catch (ResourceException ex) {
assertTrue(true);
}
}
Aggregations