Example 51 with AthenzDomain
use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class FileConnection method getAthenzDomain.
@Override
public AthenzDomain getAthenzDomain(String domainName) {
DomainStruct domainStruct = getDomainStruct(domainName);
if (domainStruct == null) {
throw ZMSUtils.error(ResourceException.NOT_FOUND, "domain not found", "getAthenzDomain");
}
AthenzDomain athenzDomain = new AthenzDomain(domainName);
athenzDomain.setDomain(getDomain(domainStruct));
if (domainStruct.getRoles() != null) {
athenzDomain.setRoles(new ArrayList<>(domainStruct.getRoles().values()));
}
if (domainStruct.getPolicies() != null) {
athenzDomain.setPolicies(new ArrayList<>(domainStruct.getPolicies().values()));
}
if (domainStruct.getServices() != null) {
athenzDomain.setServices(new ArrayList<>(domainStruct.getServices().values()));
}
return athenzDomain;
}
Also used :
AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)
Example 52 with AthenzDomain
use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class ZMSImplTest method testEvaluateAccessAssertionAllowNotActive.
@Test
public void testEvaluateAccessAssertionAllowNotActive() {
AthenzDomain domain = new AthenzDomain("coretech");
Role role = zmsTestInitializer.createRoleObject("coretech", "role1", null, "user.user1", null);
domain.getRoles().add(role);
// we have valid policy that would match however we have the
// active flag set to false so the policy will be skipped
Policy policy = new Policy().setName("coretech:policy.policy1").setActive(false);
Assertion assertion = new Assertion();
assertion.setAction("read");
assertion.setEffect(AssertionEffect.ALLOW);
assertion.setResource("coretech:*");
assertion.setRole("coretech:role.role1");
policy.setAssertions(new ArrayList<>());
policy.getAssertions().add(assertion);
domain.getPolicies().add(policy);
assertEquals(zmsTestInitializer.getZms().evaluateAccess(domain, "user.user1", "read", "coretech:resource1", null, null, zmsTestInitializer.getMockDomRestRsrcCtx().principal()), AccessStatus.DENIED);
}
Also used :
AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)
Example 53 with AthenzDomain
use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class ZMSImplTest method testSetupPolicyListWithAssertionsBothActive.
@Test
public void testSetupPolicyListWithAssertionsBothActive() {
final String domainName = "setup-policy-with-assert";
TopLevelDomain dom1 = zmsTestInitializer.createTopLevelDomainObject(domainName, "Test Domain1", "testOrg", zmsTestInitializer.getAdminUser());
zmsTestInitializer.getZms().postTopLevelDomain(zmsTestInitializer.getMockDomRsrcCtx(), zmsTestInitializer.getAuditRef(), dom1);
Policy policy1 = zmsTestInitializer.createPolicyObject(domainName, "policy1");
zmsTestInitializer.getZms().putPolicy(zmsTestInitializer.getMockDomRsrcCtx(), domainName, "policy1", zmsTestInitializer.getAuditRef(), policy1);
Policy policy2 = zmsTestInitializer.createPolicyObject(domainName, "policy2");
zmsTestInitializer.getZms().putPolicy(zmsTestInitializer.getMockDomRsrcCtx(), domainName, "policy2", zmsTestInitializer.getAuditRef(), policy2);
AthenzDomain domain = zmsTestInitializer.getZms().getAthenzDomain(domainName, false);
List<Policy> policies = zmsTestInitializer.getZms().setupPolicyList(domain, Boolean.TRUE, Boolean.FALSE);
// need to account for admin policy
assertEquals(3, policies.size());
boolean policy1Check = false;
boolean policy2Check = false;
List<Assertion> testAssertions;
for (Policy policy : policies) {
switch(policy.getName()) {
case "setup-policy-with-assert:policy.policy1":
testAssertions = policy.getAssertions();
assertEquals(testAssertions.size(), 1);
policy1Check = true;
break;
case "setup-policy-with-assert:policy.policy2":
testAssertions = policy.getAssertions();
assertEquals(testAssertions.size(), 1);
policy2Check = true;
break;
}
}
assertTrue(policy1Check);
assertTrue(policy2Check);
zmsTestInitializer.getZms().deleteTopLevelDomain(zmsTestInitializer.getMockDomRsrcCtx(), domainName, zmsTestInitializer.getAuditRef());
}
Also used :
AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)
Example 54 with AthenzDomain
use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class ZMSImplTest method testSetupServiceListWithOutKeysHosts.
@Test
public void testSetupServiceListWithOutKeysHosts() {
final String domainName = "setup-service-without-keys-hosts";
TopLevelDomain dom1 = zmsTestInitializer.createTopLevelDomainObject(domainName, "Test Domain1", "testOrg", zmsTestInitializer.getAdminUser());
zmsTestInitializer.getZms().postTopLevelDomain(zmsTestInitializer.getMockDomRsrcCtx(), zmsTestInitializer.getAuditRef(), dom1);
ServiceIdentity service1 = zmsTestInitializer.createServiceObject(domainName, "service1", "http://localhost", "/usr/bin/java", "root", "users", "host1");
zmsTestInitializer.getZms().putServiceIdentity(zmsTestInitializer.getMockDomRsrcCtx(), domainName, "service1", zmsTestInitializer.getAuditRef(), service1);
ServiceIdentity service2 = zmsTestInitializer.createServiceObject(domainName, "service2", "http://localhost", "/usr/bin/java", "yahoo", "users", "host2");
zmsTestInitializer.getZms().putServiceIdentity(zmsTestInitializer.getMockDomRsrcCtx(), domainName, "service2", zmsTestInitializer.getAuditRef(), service2);
AthenzDomain domain = zmsTestInitializer.getZms().getAthenzDomain(domainName, false);
List<ServiceIdentity> services = zmsTestInitializer.getZms().setupServiceIdentityList(domain, Boolean.FALSE, Boolean.FALSE);
assertEquals(2, services.size());
boolean service1Check = false;
boolean service2Check = false;
for (ServiceIdentity service : services) {
switch(service.getName()) {
case "setup-service-without-keys-hosts.service1":
assertEquals(service.getExecutable(), "/usr/bin/java");
assertEquals(service.getUser(), "root");
assertNull(service.getPublicKeys());
assertNull(service.getHosts());
service1Check = true;
break;
case "setup-service-without-keys-hosts.service2":
assertEquals(service.getExecutable(), "/usr/bin/java");
assertEquals(service.getUser(), "yahoo");
assertNull(service.getPublicKeys());
assertNull(service.getHosts());
service2Check = true;
break;
}
}
assertTrue(service1Check);
assertTrue(service2Check);
zmsTestInitializer.getZms().deleteTopLevelDomain(zmsTestInitializer.getMockDomRsrcCtx(), domainName, zmsTestInitializer.getAuditRef());
}
Also used :
AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)
Example 55 with AthenzDomain
use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class ZMSImplTest method testHasAccessInvalidRoleTokenAccess.
@Test
public void testHasAccessInvalidRoleTokenAccess() {
final String domainName = "coretech";
TopLevelDomain dom = zmsTestInitializer.createTopLevelDomainObject(domainName, "Test Domain", "testOrg", zmsTestInitializer.getAdminUser());
zmsTestInitializer.getZms().postTopLevelDomain(zmsTestInitializer.getMockDomRsrcCtx(), zmsTestInitializer.getAuditRef(), dom);
List<String> authRoles = new ArrayList<>();
authRoles.add("role1");
Principal principal = SimplePrincipal.create(domainName, "v=U1;d=user;n=user1;s=signature", authRoles, null);
assertNotNull(principal);
AthenzDomain domain = zmsTestInitializer.getZms().retrieveAccessDomain(domainName, principal);
assertEquals(zmsTestInitializer.getZms().hasAccess(domain, "read", domainName + ":entity", principal, "trustdomain"), AccessStatus.DENIED_INVALID_ROLE_TOKEN);
zmsTestInitializer.getZms().deleteTopLevelDomain(zmsTestInitializer.getMockDomRsrcCtx(), domainName, zmsTestInitializer.getAuditRef());
}
Also used :
AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)
Principal(com.yahoo.athenz.auth.Principal)
Aggregations
AthenzDomain (com.yahoo.athenz.zms.store.AthenzDomain)104
Test (org.testng.annotations.Test)28
Principal (com.yahoo.athenz.auth.Principal)14
Authority (com.yahoo.athenz.auth.Authority)13
MetricNotificationService (com.yahoo.athenz.common.server.notification.impl.MetricNotificationService)13
ZMSNotificationManagerTest.getNotificationManager (com.yahoo.athenz.zms.notification.ZMSNotificationManagerTest.getNotificationManager)13
DBService (com.yahoo.athenz.zms.DBService)6
Role (com.yahoo.athenz.zms.Role)6
RoleMember (com.yahoo.athenz.zms.RoleMember)6
ObjectStore (com.yahoo.athenz.zms.store.ObjectStore)3
ObjectStoreConnection (com.yahoo.athenz.zms.store.ObjectStoreConnection)3
java.sql (java.sql)3
SQLException (java.sql.SQLException)2
AuthzDetailsEntity (com.yahoo.athenz.common.config.AuthzDetailsEntity)1
DomainRoleMembersFetcher (com.yahoo.athenz.common.server.notification.DomainRoleMembersFetcher)1
DataCache (com.yahoo.athenz.zms.DBService.DataCache)1
Domain (com.yahoo.athenz.zms.Domain)1
ResourceException (com.yahoo.athenz.zms.ResourceException)1
JDBCConnection (com.yahoo.athenz.zms.store.jdbc.JDBCConnection)1
Timestamp (com.yahoo.rdl.Timestamp)1
