Search in sources :

Example 86 with AthenzDomain

use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.

the class ZMSImplTest method testEvaluateAccessAssertionAllowCaseSensitive.

@Test
public void testEvaluateAccessAssertionAllowCaseSensitive() {
    AthenzDomain domain = new AthenzDomain("coretech");
    Role role = zmsTestInitializer.createRoleObject("coretech", "role1", null, "user.user1", null);
    domain.getRoles().add(role);
    Policy policy = new Policy().setName("coretech:policy.policy1");
    Assertion assertion = new Assertion();
    assertion.setAction("ReaD");
    assertion.setEffect(AssertionEffect.ALLOW);
    assertion.setResource("coretech:*");
    assertion.setRole("coretech:role.role1");
    policy.setAssertions(new ArrayList<>());
    policy.getAssertions().add(assertion);
    domain.getPolicies().add(policy);
    assertEquals(zmsTestInitializer.getZms().evaluateAccess(domain, "user.user1", "read", "coretech:resource1", null, null, zmsTestInitializer.getMockDomRestRsrcCtx().principal()), AccessStatus.ALLOWED);
}
Also used : AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)

Example 87 with AthenzDomain

use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.

the class ZMSImplTest method testIsAllowedPutMembership.

@Test
public void testIsAllowedPutMembership() {
    TopLevelDomain dom1 = zmsTestInitializer.createTopLevelDomainObject("testdomain1", "Role Test Domain1", "testOrg", "user.user1");
    zmsTestInitializer.getZms().postTopLevelDomain(zmsTestInitializer.getMockDomRsrcCtx(), zmsTestInitializer.getAuditRef(), dom1);
    Role role1 = zmsTestInitializer.createRoleObject("testdomain1", "testrole1", null, "user.john", "user.jane");
    zmsTestInitializer.getZms().putRole(zmsTestInitializer.getMockDomRsrcCtx(), "testdomain1", "testrole1", zmsTestInitializer.getAuditRef(), role1);
    AthenzDomain domain = zmsTestInitializer.getZms().getAthenzDomain("testdomain1", false);
    Role role = zmsTestInitializer.getZms().getRoleFromDomain("testrole1", domain);
    RoleMember roleMember = new RoleMember().setMemberName("user.user1");
    // admin allowed
    assertTrue(zmsTestInitializer.getZms().isAllowedPutMembership(zmsTestInitializer.getMockDomRestRsrcCtx().principal(), domain, role, roleMember));
    assertTrue(roleMember.getApproved());
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    String unsignedCreds = "v=U1;d=user;n=bob";
    final Principal rsrcPrince = SimplePrincipal.create("user", "bob", unsignedCreds + ";s=signature", 0, principalAuthority);
    assertNotNull(rsrcPrince);
    ((SimplePrincipal) rsrcPrince).setUnsignedCreds(unsignedCreds);
    roleMember = new RoleMember().setMemberName("user.bob");
    // bob trying to add himself
    assertFalse(zmsTestInitializer.getZms().isAllowedPutMembership(rsrcPrince, domain, role, roleMember));
    // without self-serve bob is not allowed to add dave
    roleMember = new RoleMember().setMemberName("user.dave");
    // bob trying to add dave
    assertFalse(zmsTestInitializer.getZms().isAllowedPutMembership(rsrcPrince, domain, role, roleMember));
    Role selfserverole = zmsTestInitializer.createRoleObject("testdomain1", "testrole2", null, "user.john", "user.jane");
    zmsTestInitializer.getZms().putRole(zmsTestInitializer.getMockDomRsrcCtx(), "testdomain1", "testrole2", zmsTestInitializer.getAuditRef(), selfserverole);
    RoleMeta rm = createRoleMetaObject(true);
    zmsTestInitializer.getZms().putRoleMeta(zmsTestInitializer.getMockDomRsrcCtx(), "testdomain1", "testrole2", zmsTestInitializer.getAuditRef(), rm);
    domain = zmsTestInitializer.getZms().getAthenzDomain("testdomain1", false);
    role = zmsTestInitializer.getZms().getRoleFromDomain("testrole2", domain);
    roleMember = new RoleMember().setMemberName("user.bob");
    // bob trying to add himself
    assertTrue(zmsTestInitializer.getZms().isAllowedPutMembership(rsrcPrince, domain, role, roleMember));
    assertFalse(roleMember.getApproved());
    // with self-serve bob is now allowed to add dave
    roleMember.setMemberName("user.dave");
    // bob trying to add dave
    assertTrue(zmsTestInitializer.getZms().isAllowedPutMembership(rsrcPrince, domain, role, roleMember));
    assertFalse(roleMember.getApproved());
    DomainMeta meta = zmsTestInitializer.createDomainMetaObject("Domain Meta for Role Meta test", "testOrg", true, true, "12345", 1001);
    zmsTestInitializer.getZms().putDomainMeta(zmsTestInitializer.getMockDomRsrcCtx(), "testdomain1", zmsTestInitializer.getAuditRef(), meta);
    zmsTestInitializer.getZms().putDomainSystemMeta(zmsTestInitializer.getMockDomRsrcCtx(), "testdomain1", "auditenabled", zmsTestInitializer.getAuditRef(), meta);
    Role auditedRole = zmsTestInitializer.createRoleObject("testdomain1", "testrole3", null, "user.john", "user.jane");
    zmsTestInitializer.getZms().putRole(zmsTestInitializer.getMockDomRsrcCtx(), "testdomain1", "testrole3", zmsTestInitializer.getAuditRef(), auditedRole);
    RoleSystemMeta rsm = createRoleSystemMetaObject(true);
    zmsTestInitializer.getZms().putRoleSystemMeta(zmsTestInitializer.getMockDomRsrcCtx(), "testdomain1", "testrole3", "auditenabled", zmsTestInitializer.getAuditRef(), rsm);
    domain = zmsTestInitializer.getZms().getAthenzDomain("testdomain1", false);
    role = zmsTestInitializer.getZms().getRoleFromDomain("testrole3", domain);
    roleMember = new RoleMember().setMemberName("user.user1");
    // admin allowed
    assertTrue(zmsTestInitializer.getZms().isAllowedPutMembership(zmsTestInitializer.getMockDomRestRsrcCtx().principal(), domain, role, roleMember));
    assertFalse(roleMember.getApproved());
    roleMember = new RoleMember().setMemberName("user.bob");
    // bob trying to add himself not allowed
    assertFalse(zmsTestInitializer.getZms().isAllowedPutMembership(rsrcPrince, domain, role, roleMember));
    roleMember = new RoleMember().setMemberName("user.dave");
    // bob trying to add dave not allowed
    assertFalse(zmsTestInitializer.getZms().isAllowedPutMembership(rsrcPrince, domain, role, roleMember));
    zmsTestInitializer.getZms().deleteTopLevelDomain(zmsTestInitializer.getMockDomRsrcCtx(), "testdomain1", zmsTestInitializer.getAuditRef());
}
Also used : AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain) Authority(com.yahoo.athenz.auth.Authority) Principal(com.yahoo.athenz.auth.Principal)

Example 88 with AthenzDomain

use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.

the class DBServiceTest method testUpdateDomainMembersExpirationObjectStoreFailure.

@Test
public void testUpdateDomainMembersExpirationObjectStoreFailure() {
    final String domainName = "domain-meta-expiry";
    List<String> admins = new ArrayList<>();
    admins.add(adminUser);
    zms.dbService.makeDomain(mockDomRsrcCtx, ZMSTestUtils.makeDomainObject(domainName, "test desc", "org", false, "", 1999, "", 0), admins, null, auditRef);
    Domain domain = new Domain().setName(domainName).setMemberExpiryDays(100).setModified(Timestamp.fromCurrentTime());
    Domain updateDomain = new Domain().setName(domainName).setMemberExpiryDays(50);
    ObjectStoreConnection mockConn = Mockito.mock(ObjectStoreConnection.class);
    AthenzDomain athenzDomain = new AthenzDomain(domainName);
    athenzDomain.setDomain(domain);
    Mockito.when(mockConn.getAthenzDomain(domainName)).thenReturn(athenzDomain);
    Mockito.when(mockConn.insertRoleMember(Mockito.anyString(), Mockito.anyString(), Mockito.any(), Mockito.any(), Mockito.anyString())).thenReturn(false);
    // we're going to make sure to throw an exception here
    // since this should never be called
    Mockito.when(mockConn.updateDomainModTimestamp(domainName)).thenThrow(new ResourceException(400));
    Authority savedAuthority = zms.dbService.zmsConfig.getUserAuthority();
    Authority authority = Mockito.mock(Authority.class);
    zms.dbService.zmsConfig.setUserAuthority(authority);
    zms.dbService.updateDomainMembersExpiration(mockDomRsrcCtx, mockConn, domain, updateDomain, auditRef, "testUpdateDomainMembersExpirationFailure");
    zms.dbService.zmsConfig.setUserAuthority(savedAuthority);
    zms.dbService.executeDeleteDomain(mockDomRsrcCtx, domainName, auditRef, "deletedomain");
}
Also used : AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain) Authority(com.yahoo.athenz.auth.Authority) ObjectStoreConnection(com.yahoo.athenz.zms.store.ObjectStoreConnection) AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain) Test(org.testng.annotations.Test)

Example 89 with AthenzDomain

use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.

the class ZMSImplTest method testEvaluateAccessNoAssertions.

@Test
public void testEvaluateAccessNoAssertions() {
    AthenzDomain domain = new AthenzDomain("coretech");
    Role role = new Role().setName("coretech:role.role1");
    domain.getRoles().add(role);
    Policy policy = new Policy().setName("coretech:policy.policy1");
    domain.getPolicies().add(policy);
    assertEquals(zmsTestInitializer.getZms().evaluateAccess(domain, null, null, null, null, null, zmsTestInitializer.getMockDomRestRsrcCtx().principal()), AccessStatus.DENIED);
}
Also used : AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)

Example 90 with AthenzDomain

use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.

the class ZMSImplTest method testRetrieveAccessDomainMismatch.

@Test
public void testRetrieveAccessDomainMismatch() {
    System.setProperty(ZMSConsts.ZMS_PROP_VIRTUAL_DOMAIN, "true");
    ZMSImpl zmsTest = zmsTestInitializer.zmsInit();
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    Principal principal = SimplePrincipal.create("user", "user2", "v=U1;d=user;n=user2;s=signature", 0, principalAuthority);
    AthenzDomain athenzDomain = zmsTest.retrieveAccessDomain("user.user1", principal);
    assertNull(athenzDomain);
    System.clearProperty(ZMSConsts.ZMS_PROP_VIRTUAL_DOMAIN);
}
Also used : AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain) Authority(com.yahoo.athenz.auth.Authority) Principal(com.yahoo.athenz.auth.Principal)

Aggregations

AthenzDomain (com.yahoo.athenz.zms.store.AthenzDomain)104 Test (org.testng.annotations.Test)28 Principal (com.yahoo.athenz.auth.Principal)14 Authority (com.yahoo.athenz.auth.Authority)13 MetricNotificationService (com.yahoo.athenz.common.server.notification.impl.MetricNotificationService)13 ZMSNotificationManagerTest.getNotificationManager (com.yahoo.athenz.zms.notification.ZMSNotificationManagerTest.getNotificationManager)13 DBService (com.yahoo.athenz.zms.DBService)6 Role (com.yahoo.athenz.zms.Role)6 RoleMember (com.yahoo.athenz.zms.RoleMember)6 ObjectStore (com.yahoo.athenz.zms.store.ObjectStore)3 ObjectStoreConnection (com.yahoo.athenz.zms.store.ObjectStoreConnection)3 java.sql (java.sql)3 SQLException (java.sql.SQLException)2 AuthzDetailsEntity (com.yahoo.athenz.common.config.AuthzDetailsEntity)1 DomainRoleMembersFetcher (com.yahoo.athenz.common.server.notification.DomainRoleMembersFetcher)1 DataCache (com.yahoo.athenz.zms.DBService.DataCache)1 Domain (com.yahoo.athenz.zms.Domain)1 ResourceException (com.yahoo.athenz.zms.ResourceException)1 JDBCConnection (com.yahoo.athenz.zms.store.jdbc.JDBCConnection)1 Timestamp (com.yahoo.rdl.Timestamp)1