Example 76 with AthenzDomain
use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class JDBCConnectionTest method testGetAthenzDomainPoliciesAssertionConditionsError.
@Test
public void testGetAthenzDomainPoliciesAssertionConditionsError() throws SQLException {
JDBCConnection jdbcConn = new JDBCConnection(mockConn, true);
AthenzDomain athenzDomain = new AthenzDomain("dom1");
Mockito.when(mockResultSet.next()).thenReturn(true, false, true, false, false);
Mockito.when(mockPrepStmt.executeQuery()).thenReturn(mockResultSet).thenReturn(mockResultSet).thenThrow(new SQLException("sql error"));
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_NAME)).thenReturn("pol1");
Mockito.doReturn(new java.sql.Timestamp(1454358916)).when(mockResultSet).getTimestamp(ZMSConsts.DB_COLUMN_MODIFIED);
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ROLE)).thenReturn("role1");
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_RESOURCE)).thenReturn("resource");
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ACTION)).thenReturn("action");
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_EFFECT)).thenReturn("ALLOW");
Mockito.when(mockResultSet.getLong(ZMSConsts.DB_COLUMN_ASSERT_ID)).thenReturn(1L);
try {
// fail to get assertion conditions
jdbcConn.getAthenzDomainPolicies("dom1", 1, athenzDomain);
fail();
} catch (ResourceException ex) {
assertTrue(ex.getMessage().contains("sql error"));
}
jdbcConn.close();
}
Also used :
AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)
java.sql(java.sql)
Test(org.testng.annotations.Test)
Example 77 with AthenzDomain
use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class JDBCConnectionTest method testGetAthenzDomainPoliciesError.
@Test
public void testGetAthenzDomainPoliciesError() throws SQLException {
JDBCConnection jdbcConn = new JDBCConnection(mockConn, true);
AthenzDomain athenzDomain = new AthenzDomain("dom1");
Mockito.when(mockPrepStmt.executeQuery()).thenThrow(new SQLException("sql error"));
try {
// fail to get assertion conditions
jdbcConn.getAthenzDomainPolicies("dom1", 1, athenzDomain);
fail();
} catch (ResourceException ex) {
assertTrue(ex.getMessage().contains("sql error"));
}
jdbcConn.close();
}
Also used :
AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)
Test(org.testng.annotations.Test)
Example 78 with AthenzDomain
use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class ZMSImplTest method testRetrieveAccessDomainVirtualValid.
@Test
public void testRetrieveAccessDomainVirtualValid() {
System.setProperty(ZMSConsts.ZMS_PROP_VIRTUAL_DOMAIN, "true");
ZMSImpl zmsTest = zmsTestInitializer.zmsInit();
Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
Principal principal = SimplePrincipal.create("user", "user1", "v=U1;d=user;n=user1;s=signature", 0, principalAuthority);
AthenzDomain athenzDomain = zmsTest.retrieveAccessDomain("user.user1", principal);
assertNotNull(athenzDomain);
assertEquals(athenzDomain.getName(), "user.user1");
System.clearProperty(ZMSConsts.ZMS_PROP_VIRTUAL_DOMAIN);
}
Also used :
AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)
Authority(com.yahoo.athenz.auth.Authority)
Principal(com.yahoo.athenz.auth.Principal)
Example 79 with AthenzDomain
use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class ZMSImplTest method testEvaluateAccessAssertionDenyCaseSensitive.
@Test
public void testEvaluateAccessAssertionDenyCaseSensitive() {
AthenzDomain domain = new AthenzDomain("coretech");
Role role = zmsTestInitializer.createRoleObject("coretech", "role1", null, "user.user1", null);
domain.getRoles().add(role);
Policy policy = new Policy().setName("coretech:policy.policy1");
Assertion assertion = new Assertion();
assertion.setAction("ReaD");
assertion.setEffect(AssertionEffect.DENY);
assertion.setResource("coretech:*");
assertion.setRole("coretech:role.role1");
policy.setAssertions(new ArrayList<>());
policy.getAssertions().add(assertion);
domain.getPolicies().add(policy);
ZMSImpl spiedZms = Mockito.spy(zmsTestInitializer.getZms());
assertEquals(spiedZms.evaluateAccess(domain, "user.user1", "read", "coretech:resource1", null, null, zmsTestInitializer.getMockDomRestRsrcCtx().principal()), AccessStatus.DENIED);
// Verify that it was denied by explicit "Deny" assertion and not because no match was found
verify(spiedZms, times(1)).matchPrincipal(eq(domain.getRoles()), eq("^coretech:role\\.role1$"), eq("user.user1"), eq(null));
}
Also used :
AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)
Example 80 with AthenzDomain
use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class ZMSImplTest method testHasAccessInValidMember.
@Test
public void testHasAccessInValidMember() {
TopLevelDomain dom1 = zmsTestInitializer.createTopLevelDomainObject("HasAccessDom2", "Test Domain1", "testOrg", zmsTestInitializer.getAdminUser());
zmsTestInitializer.getZms().postTopLevelDomain(zmsTestInitializer.getMockDomRsrcCtx(), zmsTestInitializer.getAuditRef(), dom1);
Role role1 = zmsTestInitializer.createRoleObject("HasAccessDom2", "Role1", null, "user.user1", "user.user3");
zmsTestInitializer.getZms().putRole(zmsTestInitializer.getMockDomRsrcCtx(), "HasAccessDom2", "Role1", zmsTestInitializer.getAuditRef(), role1);
Policy policy1 = zmsTestInitializer.createPolicyObject("HasAccessDom2", "Policy1", "Role1", "UPDATE", "HasAccessDom2:resource1", AssertionEffect.ALLOW);
zmsTestInitializer.getZms().putPolicy(zmsTestInitializer.getMockDomRsrcCtx(), "HasAccessDom2", "Policy1", zmsTestInitializer.getAuditRef(), policy1);
// user2 does not have access to UPDATE/resource1
Principal principal2 = SimplePrincipal.create("user", "user2", "v=U1;d=user;n=user2;s=signature");
// this is internal zms function so the values passed have already been converted to lower
// case so we need to handle the test case accordingly.
AthenzDomain domain = zmsTestInitializer.getZms().retrieveAccessDomain("hasaccessdom2", principal2);
assertEquals(AccessStatus.DENIED, zmsTestInitializer.getZms().hasAccess(domain, "update", "hasaccessdom2:resource1", principal2, null));
zmsTestInitializer.getZms().deleteTopLevelDomain(zmsTestInitializer.getMockDomRsrcCtx(), "HasAccessDom2", zmsTestInitializer.getAuditRef());
}
Also used :
AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)
Principal(com.yahoo.athenz.auth.Principal)
Aggregations
AthenzDomain (com.yahoo.athenz.zms.store.AthenzDomain)104
Test (org.testng.annotations.Test)28
Principal (com.yahoo.athenz.auth.Principal)14
Authority (com.yahoo.athenz.auth.Authority)13
MetricNotificationService (com.yahoo.athenz.common.server.notification.impl.MetricNotificationService)13
ZMSNotificationManagerTest.getNotificationManager (com.yahoo.athenz.zms.notification.ZMSNotificationManagerTest.getNotificationManager)13
DBService (com.yahoo.athenz.zms.DBService)6
Role (com.yahoo.athenz.zms.Role)6
RoleMember (com.yahoo.athenz.zms.RoleMember)6
ObjectStore (com.yahoo.athenz.zms.store.ObjectStore)3
ObjectStoreConnection (com.yahoo.athenz.zms.store.ObjectStoreConnection)3
java.sql (java.sql)3
SQLException (java.sql.SQLException)2
AuthzDetailsEntity (com.yahoo.athenz.common.config.AuthzDetailsEntity)1
DomainRoleMembersFetcher (com.yahoo.athenz.common.server.notification.DomainRoleMembersFetcher)1
DataCache (com.yahoo.athenz.zms.DBService.DataCache)1
Domain (com.yahoo.athenz.zms.Domain)1
ResourceException (com.yahoo.athenz.zms.ResourceException)1
JDBCConnection (com.yahoo.athenz.zms.store.jdbc.JDBCConnection)1
Timestamp (com.yahoo.rdl.Timestamp)1
