Search in sources :

Example 56 with AthenzDomain

use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.

the class ZMSImplTest method testEvaluateAccessAssertionAllow.

@Test
public void testEvaluateAccessAssertionAllow() {
    AthenzDomain domain = new AthenzDomain("coretech");
    Role role = zmsTestInitializer.createRoleObject("coretech", "role1", null, "user.user1", null);
    domain.getRoles().add(role);
    Policy policy = new Policy().setName("coretech:policy.policy1");
    Assertion assertion = new Assertion();
    assertion.setAction("read");
    assertion.setEffect(AssertionEffect.ALLOW);
    assertion.setResource("coretech:*");
    assertion.setRole("coretech:role.role1");
    policy.setAssertions(new ArrayList<>());
    policy.getAssertions().add(assertion);
    domain.getPolicies().add(policy);
    assertEquals(zmsTestInitializer.getZms().evaluateAccess(domain, "user.user1", "read", "coretech:resource1", null, null, zmsTestInitializer.getMockDomRestRsrcCtx().principal()), AccessStatus.ALLOWED);
}
Also used : AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)

Example 57 with AthenzDomain

use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.

the class PutRoleMembershipNotificationTaskTest method testGenerateAndSendPostPutMembershipNotification.

@Test
public void testGenerateAndSendPostPutMembershipNotification() {
    DBService dbsvc = Mockito.mock(DBService.class);
    NotificationService mockNotificationService = Mockito.mock(NotificationService.class);
    NotificationServiceFactory testfact = () -> mockNotificationService;
    NotificationManager notificationManager = getNotificationManager(dbsvc, testfact);
    notificationManager.shutdown();
    Map<String, String> details = new HashMap<>();
    details.put("domain", "testdomain1");
    details.put("role", "role1");
    List<RoleMember> roleMembers = new ArrayList<>();
    RoleMember rm = new RoleMember().setMemberName("user.domapprover1").setActive(true);
    roleMembers.add(rm);
    rm = new RoleMember().setMemberName("user.domapprover2").setActive(true);
    roleMembers.add(rm);
    rm = new RoleMember().setMemberName("dom2.testsvc1").setActive(true);
    roleMembers.add(rm);
    Role domainRole = new Role().setName("sys.auth.audit.domain:role.testdomain1").setRoleMembers(roleMembers);
    roleMembers = new ArrayList<>();
    rm = new RoleMember().setMemberName("user.orgapprover1").setActive(true);
    roleMembers.add(rm);
    rm = new RoleMember().setMemberName("user.orgapprover2").setActive(true);
    roleMembers.add(rm);
    rm = new RoleMember().setMemberName("dom2.testsvc1").setActive(true);
    roleMembers.add(rm);
    Role orgRole = new Role().setName("sys.auth.audit.org:role.neworg").setRoleMembers(roleMembers);
    List<Role> roles1 = new ArrayList<>();
    roles1.add(orgRole);
    AthenzDomain athenzDomain1 = new AthenzDomain("sys.auth.audit.org");
    athenzDomain1.setRoles(roles1);
    List<Role> roles2 = new ArrayList<>();
    roles2.add(domainRole);
    AthenzDomain athenzDomain2 = new AthenzDomain("sys.auth.audit.domain");
    athenzDomain2.setRoles(roles2);
    Mockito.when(dbsvc.getRolesByDomain("sys.auth.audit.org")).thenReturn(athenzDomain1.getRoles());
    Mockito.when(dbsvc.getRolesByDomain("sys.auth.audit.domain")).thenReturn(athenzDomain2.getRoles());
    ArgumentCaptor<Notification> captor = ArgumentCaptor.forClass(Notification.class);
    Role notifyRole = new Role().setAuditEnabled(true).setSelfServe(false);
    List<Notification> notifications = new PutRoleMembershipNotificationTask("testdomain1", "neworg", notifyRole, details, dbsvc, USER_DOMAIN_PREFIX, notificationToEmailConverterCommon).getNotifications();
    notificationManager.sendNotifications(notifications);
    Notification notification = new Notification();
    notification.addRecipient("user.domapprover1").addRecipient("user.domapprover2").addRecipient("user.orgapprover1").addRecipient("user.orgapprover2");
    notification.addDetails("domain", "testdomain1").addDetails("role", "role1");
    PutRoleMembershipNotificationTask.PutMembershipNotificationToEmailConverter converter = new PutRoleMembershipNotificationTask.PutMembershipNotificationToEmailConverter(notificationToEmailConverterCommon);
    notification.setNotificationToEmailConverter(converter);
    PutRoleMembershipNotificationTask.PutMembershipNotificationToMetricConverter metricConverter = new PutRoleMembershipNotificationTask.PutMembershipNotificationToMetricConverter();
    notification.setNotificationToMetricConverter(metricConverter);
    Mockito.verify(mockNotificationService, atLeastOnce()).notify(captor.capture());
    Notification actualNotification = captor.getValue();
    assertEquals(actualNotification, notification);
}
Also used : DBService(com.yahoo.athenz.zms.DBService) ZMSNotificationManagerTest.getNotificationManager(com.yahoo.athenz.zms.notification.ZMSNotificationManagerTest.getNotificationManager) AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain) MetricNotificationService(com.yahoo.athenz.common.server.notification.impl.MetricNotificationService) Role(com.yahoo.athenz.zms.Role) RoleMember(com.yahoo.athenz.zms.RoleMember) Test(org.testng.annotations.Test)

Example 58 with AthenzDomain

use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.

the class ZMSNotificationManagerTest method testCreateNotification.

@Test
public void testCreateNotification() {
    System.clearProperty(NOTIFICATION_PROP_SERVICE_FACTORY_CLASS);
    DBService dbsvc = Mockito.mock(DBService.class);
    Mockito.when(dbsvc.getPendingMembershipApproverRoles(1)).thenReturn(Collections.emptySet());
    AthenzDomain mockAthenzDomain = Mockito.mock(AthenzDomain.class);
    List<Role> roles = new ArrayList<>();
    List<RoleMember> members = new ArrayList<>();
    // Add role users
    RoleMember rm = new RoleMember().setMemberName("user.use1");
    members.add(rm);
    rm = new RoleMember().setMemberName("user.use2");
    members.add(rm);
    // Add role user who's authorization just expired
    long currentTimeInMillis = System.currentTimeMillis();
    rm = new RoleMember().setMemberName("user.expired");
    rm.setExpiration(Timestamp.fromMillis(currentTimeInMillis));
    members.add(rm);
    // Add role user who's authorization will expire tomorrow
    rm = new RoleMember().setMemberName("user.notExpiredYet");
    rm.setExpiration(Timestamp.fromMillis(currentTimeInMillis + TimeUnit.DAYS.toMillis(1)));
    members.add(rm);
    // Add role service
    rm = new RoleMember().setMemberName("testdom2.svc1");
    members.add(rm);
    // Add role
    Role r = new Role().setName("testdom:role.role1").setRoleMembers(members);
    roles.add(r);
    Mockito.when(mockAthenzDomain.getName()).thenReturn("testdom");
    Mockito.when(mockAthenzDomain.getRoles()).thenReturn(roles);
    Mockito.when(dbsvc.getRolesByDomain("testdom")).thenReturn(roles);
    Set<String> recipients = new HashSet<>();
    recipients.add("testdom:role.role1");
    recipients.add("user.user3");
    Map<String, String> details = new HashMap<>();
    details.put("domain", "testdom");
    details.put("role", "role1");
    DomainRoleMembersFetcher domainRoleMembersFetcher = new DomainRoleMembersFetcher(dbsvc, USER_DOMAIN_PREFIX);
    NotificationCommon notificationCommon = new NotificationCommon(domainRoleMembersFetcher, USER_DOMAIN_PREFIX);
    PutRoleMembershipNotificationTask.PutMembershipNotificationToEmailConverter converter = new PutRoleMembershipNotificationTask.PutMembershipNotificationToEmailConverter(notificationToEmailConverterCommon);
    PutRoleMembershipNotificationTask.PutMembershipNotificationToMetricConverter metricConverter = new PutRoleMembershipNotificationTask.PutMembershipNotificationToMetricConverter();
    Notification notification = notificationCommon.createNotification(recipients, details, converter, metricConverter);
    assertNotNull(notification);
    // Assert service is not a receipient
    assertFalse(notification.getRecipients().contains("testdom2.svc1"));
    // Assert expired user is not a recipient
    assertFalse(notification.getRecipients().contains("user.expired"));
    // Assert user with tomorrow's expiration date is a valid recipient
    assertTrue(notification.getRecipients().contains("user.notExpiredYet"));
    // Assert user with no expiration date is a valid recipient
    assertTrue(notification.getRecipients().contains("user.use1"));
}
Also used : AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain) Test(org.testng.annotations.Test)

Example 59 with AthenzDomain

use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.

the class ZMSNotificationManagerTest method testCreateNotificationNoValidRecipients.

@Test
public void testCreateNotificationNoValidRecipients() {
    DBService dbsvc = Mockito.mock(DBService.class);
    Mockito.when(dbsvc.getPendingMembershipApproverRoles(1)).thenReturn(Collections.emptySet());
    AthenzDomain mockAthenzDomain = Mockito.mock(AthenzDomain.class);
    Set<String> recipients = new HashSet<>();
    recipients.add("unix.ykeykey");
    recipients.add("testdom:role.role3");
    Mockito.when(dbsvc.getAthenzDomain("testdom", false)).thenReturn(mockAthenzDomain);
    List<Role> roles = new ArrayList<>();
    List<RoleMember> members = new ArrayList<>();
    RoleMember rm = new RoleMember().setMemberName("user.use1");
    members.add(rm);
    rm = new RoleMember().setMemberName("user.use2");
    members.add(rm);
    Role r = new Role().setName("testdom:role.role1").setRoleMembers(members);
    roles.add(r);
    Mockito.when(mockAthenzDomain.getName()).thenReturn("testdom");
    Mockito.when(mockAthenzDomain.getRoles()).thenReturn(roles);
    DomainRoleMembersFetcher domainRoleMembersFetcher = new DomainRoleMembersFetcher(dbsvc, USER_DOMAIN_PREFIX);
    NotificationCommon notificationCommon = new NotificationCommon(domainRoleMembersFetcher, USER_DOMAIN_PREFIX);
    PendingRoleMembershipApprovalNotificationTask.PendingRoleMembershipApprovalNotificationToEmailConverter converter = new PendingRoleMembershipApprovalNotificationTask.PendingRoleMembershipApprovalNotificationToEmailConverter(notificationToEmailConverterCommon);
    PendingRoleMembershipApprovalNotificationTask.PendingRoleMembershipApprovalNotificationToMetricConverter metricConverter = new PendingRoleMembershipApprovalNotificationTask.PendingRoleMembershipApprovalNotificationToMetricConverter();
    Notification notification = notificationCommon.createNotification(recipients, null, converter, metricConverter);
    assertNull(notification);
}
Also used : AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain) Test(org.testng.annotations.Test)

Example 60 with AthenzDomain

use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.

the class PutGroupMembershipNotificationTaskTest method testGenerateAndSendPostPutGroupMembershipNotificationNullDomainGroup.

@Test
public void testGenerateAndSendPostPutGroupMembershipNotificationNullDomainGroup() {
    DBService dbsvc = Mockito.mock(DBService.class);
    NotificationService mockNotificationService = Mockito.mock(NotificationService.class);
    NotificationServiceFactory testfact = () -> mockNotificationService;
    NotificationManager notificationManager = getNotificationManager(dbsvc, testfact);
    notificationManager.shutdown();
    Map<String, String> details = new HashMap<>();
    details.put("domain", "testdomain1");
    details.put("group", "group1");
    List<RoleMember> roleMembers = new ArrayList<>();
    RoleMember rm = new RoleMember().setMemberName("user.orgapprover1").setActive(true);
    roleMembers.add(rm);
    rm = new RoleMember().setMemberName("user.orgapprover2").setActive(true);
    roleMembers.add(rm);
    rm = new RoleMember().setMemberName("dom2.testsvc1").setActive(true);
    roleMembers.add(rm);
    Role orgRole = new Role().setName("sys.auth.audit.org:role.neworg").setRoleMembers(roleMembers);
    List<Role> roles = new ArrayList<>();
    roles.add(orgRole);
    AthenzDomain athenzDomain = new AthenzDomain("sys.auth.audit.org");
    athenzDomain.setRoles(roles);
    Mockito.when(dbsvc.getRolesByDomain("sys.auth.audit.org")).thenReturn(athenzDomain.getRoles());
    ArgumentCaptor<Notification> captor = ArgumentCaptor.forClass(Notification.class);
    Group notifyGroup = new Group().setAuditEnabled(true).setSelfServe(false);
    List<Notification> notifications = new PutGroupMembershipNotificationTask("testdomain1", "neworg", notifyGroup, details, dbsvc, USER_DOMAIN_PREFIX, notificationToEmailConverterCommon).getNotifications();
    notificationManager.sendNotifications(notifications);
    Notification notification = new Notification();
    notification.addRecipient("user.orgapprover1").addRecipient("user.orgapprover2");
    notification.addDetails("domain", "testdomain1").addDetails("group", "group1");
    PutGroupMembershipNotificationTask.PutGroupMembershipNotificationToEmailConverter converter = new PutGroupMembershipNotificationTask.PutGroupMembershipNotificationToEmailConverter(notificationToEmailConverterCommon);
    notification.setNotificationToEmailConverter(converter);
    PutGroupMembershipNotificationTask.PutGroupMembershipNotificationToMetricConverter metricConverter = new PutGroupMembershipNotificationTask.PutGroupMembershipNotificationToMetricConverter();
    notification.setNotificationToMetricConverter(metricConverter);
    Mockito.verify(mockNotificationService, atLeastOnce()).notify(captor.capture());
    Notification actualNotification = captor.getValue();
    assertEquals(actualNotification, notification);
}
Also used : ZMSNotificationManagerTest.getNotificationManager(com.yahoo.athenz.zms.notification.ZMSNotificationManagerTest.getNotificationManager) AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain) MetricNotificationService(com.yahoo.athenz.common.server.notification.impl.MetricNotificationService) Test(org.testng.annotations.Test)

Aggregations

AthenzDomain (com.yahoo.athenz.zms.store.AthenzDomain)104 Test (org.testng.annotations.Test)28 Principal (com.yahoo.athenz.auth.Principal)14 Authority (com.yahoo.athenz.auth.Authority)13 MetricNotificationService (com.yahoo.athenz.common.server.notification.impl.MetricNotificationService)13 ZMSNotificationManagerTest.getNotificationManager (com.yahoo.athenz.zms.notification.ZMSNotificationManagerTest.getNotificationManager)13 DBService (com.yahoo.athenz.zms.DBService)6 Role (com.yahoo.athenz.zms.Role)6 RoleMember (com.yahoo.athenz.zms.RoleMember)6 ObjectStore (com.yahoo.athenz.zms.store.ObjectStore)3 ObjectStoreConnection (com.yahoo.athenz.zms.store.ObjectStoreConnection)3 java.sql (java.sql)3 SQLException (java.sql.SQLException)2 AuthzDetailsEntity (com.yahoo.athenz.common.config.AuthzDetailsEntity)1 DomainRoleMembersFetcher (com.yahoo.athenz.common.server.notification.DomainRoleMembersFetcher)1 DataCache (com.yahoo.athenz.zms.DBService.DataCache)1 Domain (com.yahoo.athenz.zms.Domain)1 ResourceException (com.yahoo.athenz.zms.ResourceException)1 JDBCConnection (com.yahoo.athenz.zms.store.jdbc.JDBCConnection)1 Timestamp (com.yahoo.rdl.Timestamp)1