use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class ZMSImplTest method testEvaluateAccessAssertionAllow.
@Test
public void testEvaluateAccessAssertionAllow() {
AthenzDomain domain = new AthenzDomain("coretech");
Role role = zmsTestInitializer.createRoleObject("coretech", "role1", null, "user.user1", null);
domain.getRoles().add(role);
Policy policy = new Policy().setName("coretech:policy.policy1");
Assertion assertion = new Assertion();
assertion.setAction("read");
assertion.setEffect(AssertionEffect.ALLOW);
assertion.setResource("coretech:*");
assertion.setRole("coretech:role.role1");
policy.setAssertions(new ArrayList<>());
policy.getAssertions().add(assertion);
domain.getPolicies().add(policy);
assertEquals(zmsTestInitializer.getZms().evaluateAccess(domain, "user.user1", "read", "coretech:resource1", null, null, zmsTestInitializer.getMockDomRestRsrcCtx().principal()), AccessStatus.ALLOWED);
}
use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class PutRoleMembershipNotificationTaskTest method testGenerateAndSendPostPutMembershipNotification.
@Test
public void testGenerateAndSendPostPutMembershipNotification() {
DBService dbsvc = Mockito.mock(DBService.class);
NotificationService mockNotificationService = Mockito.mock(NotificationService.class);
NotificationServiceFactory testfact = () -> mockNotificationService;
NotificationManager notificationManager = getNotificationManager(dbsvc, testfact);
notificationManager.shutdown();
Map<String, String> details = new HashMap<>();
details.put("domain", "testdomain1");
details.put("role", "role1");
List<RoleMember> roleMembers = new ArrayList<>();
RoleMember rm = new RoleMember().setMemberName("user.domapprover1").setActive(true);
roleMembers.add(rm);
rm = new RoleMember().setMemberName("user.domapprover2").setActive(true);
roleMembers.add(rm);
rm = new RoleMember().setMemberName("dom2.testsvc1").setActive(true);
roleMembers.add(rm);
Role domainRole = new Role().setName("sys.auth.audit.domain:role.testdomain1").setRoleMembers(roleMembers);
roleMembers = new ArrayList<>();
rm = new RoleMember().setMemberName("user.orgapprover1").setActive(true);
roleMembers.add(rm);
rm = new RoleMember().setMemberName("user.orgapprover2").setActive(true);
roleMembers.add(rm);
rm = new RoleMember().setMemberName("dom2.testsvc1").setActive(true);
roleMembers.add(rm);
Role orgRole = new Role().setName("sys.auth.audit.org:role.neworg").setRoleMembers(roleMembers);
List<Role> roles1 = new ArrayList<>();
roles1.add(orgRole);
AthenzDomain athenzDomain1 = new AthenzDomain("sys.auth.audit.org");
athenzDomain1.setRoles(roles1);
List<Role> roles2 = new ArrayList<>();
roles2.add(domainRole);
AthenzDomain athenzDomain2 = new AthenzDomain("sys.auth.audit.domain");
athenzDomain2.setRoles(roles2);
Mockito.when(dbsvc.getRolesByDomain("sys.auth.audit.org")).thenReturn(athenzDomain1.getRoles());
Mockito.when(dbsvc.getRolesByDomain("sys.auth.audit.domain")).thenReturn(athenzDomain2.getRoles());
ArgumentCaptor<Notification> captor = ArgumentCaptor.forClass(Notification.class);
Role notifyRole = new Role().setAuditEnabled(true).setSelfServe(false);
List<Notification> notifications = new PutRoleMembershipNotificationTask("testdomain1", "neworg", notifyRole, details, dbsvc, USER_DOMAIN_PREFIX, notificationToEmailConverterCommon).getNotifications();
notificationManager.sendNotifications(notifications);
Notification notification = new Notification();
notification.addRecipient("user.domapprover1").addRecipient("user.domapprover2").addRecipient("user.orgapprover1").addRecipient("user.orgapprover2");
notification.addDetails("domain", "testdomain1").addDetails("role", "role1");
PutRoleMembershipNotificationTask.PutMembershipNotificationToEmailConverter converter = new PutRoleMembershipNotificationTask.PutMembershipNotificationToEmailConverter(notificationToEmailConverterCommon);
notification.setNotificationToEmailConverter(converter);
PutRoleMembershipNotificationTask.PutMembershipNotificationToMetricConverter metricConverter = new PutRoleMembershipNotificationTask.PutMembershipNotificationToMetricConverter();
notification.setNotificationToMetricConverter(metricConverter);
Mockito.verify(mockNotificationService, atLeastOnce()).notify(captor.capture());
Notification actualNotification = captor.getValue();
assertEquals(actualNotification, notification);
}
use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class ZMSNotificationManagerTest method testCreateNotification.
@Test
public void testCreateNotification() {
System.clearProperty(NOTIFICATION_PROP_SERVICE_FACTORY_CLASS);
DBService dbsvc = Mockito.mock(DBService.class);
Mockito.when(dbsvc.getPendingMembershipApproverRoles(1)).thenReturn(Collections.emptySet());
AthenzDomain mockAthenzDomain = Mockito.mock(AthenzDomain.class);
List<Role> roles = new ArrayList<>();
List<RoleMember> members = new ArrayList<>();
// Add role users
RoleMember rm = new RoleMember().setMemberName("user.use1");
members.add(rm);
rm = new RoleMember().setMemberName("user.use2");
members.add(rm);
// Add role user who's authorization just expired
long currentTimeInMillis = System.currentTimeMillis();
rm = new RoleMember().setMemberName("user.expired");
rm.setExpiration(Timestamp.fromMillis(currentTimeInMillis));
members.add(rm);
// Add role user who's authorization will expire tomorrow
rm = new RoleMember().setMemberName("user.notExpiredYet");
rm.setExpiration(Timestamp.fromMillis(currentTimeInMillis + TimeUnit.DAYS.toMillis(1)));
members.add(rm);
// Add role service
rm = new RoleMember().setMemberName("testdom2.svc1");
members.add(rm);
// Add role
Role r = new Role().setName("testdom:role.role1").setRoleMembers(members);
roles.add(r);
Mockito.when(mockAthenzDomain.getName()).thenReturn("testdom");
Mockito.when(mockAthenzDomain.getRoles()).thenReturn(roles);
Mockito.when(dbsvc.getRolesByDomain("testdom")).thenReturn(roles);
Set<String> recipients = new HashSet<>();
recipients.add("testdom:role.role1");
recipients.add("user.user3");
Map<String, String> details = new HashMap<>();
details.put("domain", "testdom");
details.put("role", "role1");
DomainRoleMembersFetcher domainRoleMembersFetcher = new DomainRoleMembersFetcher(dbsvc, USER_DOMAIN_PREFIX);
NotificationCommon notificationCommon = new NotificationCommon(domainRoleMembersFetcher, USER_DOMAIN_PREFIX);
PutRoleMembershipNotificationTask.PutMembershipNotificationToEmailConverter converter = new PutRoleMembershipNotificationTask.PutMembershipNotificationToEmailConverter(notificationToEmailConverterCommon);
PutRoleMembershipNotificationTask.PutMembershipNotificationToMetricConverter metricConverter = new PutRoleMembershipNotificationTask.PutMembershipNotificationToMetricConverter();
Notification notification = notificationCommon.createNotification(recipients, details, converter, metricConverter);
assertNotNull(notification);
// Assert service is not a receipient
assertFalse(notification.getRecipients().contains("testdom2.svc1"));
// Assert expired user is not a recipient
assertFalse(notification.getRecipients().contains("user.expired"));
// Assert user with tomorrow's expiration date is a valid recipient
assertTrue(notification.getRecipients().contains("user.notExpiredYet"));
// Assert user with no expiration date is a valid recipient
assertTrue(notification.getRecipients().contains("user.use1"));
}
use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class ZMSNotificationManagerTest method testCreateNotificationNoValidRecipients.
@Test
public void testCreateNotificationNoValidRecipients() {
DBService dbsvc = Mockito.mock(DBService.class);
Mockito.when(dbsvc.getPendingMembershipApproverRoles(1)).thenReturn(Collections.emptySet());
AthenzDomain mockAthenzDomain = Mockito.mock(AthenzDomain.class);
Set<String> recipients = new HashSet<>();
recipients.add("unix.ykeykey");
recipients.add("testdom:role.role3");
Mockito.when(dbsvc.getAthenzDomain("testdom", false)).thenReturn(mockAthenzDomain);
List<Role> roles = new ArrayList<>();
List<RoleMember> members = new ArrayList<>();
RoleMember rm = new RoleMember().setMemberName("user.use1");
members.add(rm);
rm = new RoleMember().setMemberName("user.use2");
members.add(rm);
Role r = new Role().setName("testdom:role.role1").setRoleMembers(members);
roles.add(r);
Mockito.when(mockAthenzDomain.getName()).thenReturn("testdom");
Mockito.when(mockAthenzDomain.getRoles()).thenReturn(roles);
DomainRoleMembersFetcher domainRoleMembersFetcher = new DomainRoleMembersFetcher(dbsvc, USER_DOMAIN_PREFIX);
NotificationCommon notificationCommon = new NotificationCommon(domainRoleMembersFetcher, USER_DOMAIN_PREFIX);
PendingRoleMembershipApprovalNotificationTask.PendingRoleMembershipApprovalNotificationToEmailConverter converter = new PendingRoleMembershipApprovalNotificationTask.PendingRoleMembershipApprovalNotificationToEmailConverter(notificationToEmailConverterCommon);
PendingRoleMembershipApprovalNotificationTask.PendingRoleMembershipApprovalNotificationToMetricConverter metricConverter = new PendingRoleMembershipApprovalNotificationTask.PendingRoleMembershipApprovalNotificationToMetricConverter();
Notification notification = notificationCommon.createNotification(recipients, null, converter, metricConverter);
assertNull(notification);
}
use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class PutGroupMembershipNotificationTaskTest method testGenerateAndSendPostPutGroupMembershipNotificationNullDomainGroup.
@Test
public void testGenerateAndSendPostPutGroupMembershipNotificationNullDomainGroup() {
DBService dbsvc = Mockito.mock(DBService.class);
NotificationService mockNotificationService = Mockito.mock(NotificationService.class);
NotificationServiceFactory testfact = () -> mockNotificationService;
NotificationManager notificationManager = getNotificationManager(dbsvc, testfact);
notificationManager.shutdown();
Map<String, String> details = new HashMap<>();
details.put("domain", "testdomain1");
details.put("group", "group1");
List<RoleMember> roleMembers = new ArrayList<>();
RoleMember rm = new RoleMember().setMemberName("user.orgapprover1").setActive(true);
roleMembers.add(rm);
rm = new RoleMember().setMemberName("user.orgapprover2").setActive(true);
roleMembers.add(rm);
rm = new RoleMember().setMemberName("dom2.testsvc1").setActive(true);
roleMembers.add(rm);
Role orgRole = new Role().setName("sys.auth.audit.org:role.neworg").setRoleMembers(roleMembers);
List<Role> roles = new ArrayList<>();
roles.add(orgRole);
AthenzDomain athenzDomain = new AthenzDomain("sys.auth.audit.org");
athenzDomain.setRoles(roles);
Mockito.when(dbsvc.getRolesByDomain("sys.auth.audit.org")).thenReturn(athenzDomain.getRoles());
ArgumentCaptor<Notification> captor = ArgumentCaptor.forClass(Notification.class);
Group notifyGroup = new Group().setAuditEnabled(true).setSelfServe(false);
List<Notification> notifications = new PutGroupMembershipNotificationTask("testdomain1", "neworg", notifyGroup, details, dbsvc, USER_DOMAIN_PREFIX, notificationToEmailConverterCommon).getNotifications();
notificationManager.sendNotifications(notifications);
Notification notification = new Notification();
notification.addRecipient("user.orgapprover1").addRecipient("user.orgapprover2");
notification.addDetails("domain", "testdomain1").addDetails("group", "group1");
PutGroupMembershipNotificationTask.PutGroupMembershipNotificationToEmailConverter converter = new PutGroupMembershipNotificationTask.PutGroupMembershipNotificationToEmailConverter(notificationToEmailConverterCommon);
notification.setNotificationToEmailConverter(converter);
PutGroupMembershipNotificationTask.PutGroupMembershipNotificationToMetricConverter metricConverter = new PutGroupMembershipNotificationTask.PutGroupMembershipNotificationToMetricConverter();
notification.setNotificationToMetricConverter(metricConverter);
Mockito.verify(mockNotificationService, atLeastOnce()).notify(captor.capture());
Notification actualNotification = captor.getValue();
assertEquals(actualNotification, notification);
}
Aggregations