use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class JDBCConnection method getAthenzDomain.
@Override
public AthenzDomain getAthenzDomain(String domainName) {
final String caller = "getAthenzDomain";
int domainId = 0;
AthenzDomain athenzDomain = new AthenzDomain(domainName);
try (PreparedStatement ps = con.prepareStatement(SQL_GET_DOMAIN)) {
ps.setString(1, domainName);
try (ResultSet rs = executeQuery(ps, caller)) {
if (rs.next()) {
Domain domain = saveDomainSettings(domainName, rs, caller);
athenzDomain.setDomain(domain);
domainId = rs.getInt(ZMSConsts.DB_COLUMN_DOMAIN_ID);
}
}
} catch (SQLException ex) {
throw sqlError(ex, caller);
}
if (domainId == 0) {
throw notFoundError(caller, ZMSConsts.OBJECT_DOMAIN, domainName);
}
getAthenzDomainRoles(domainName, domainId, athenzDomain, caller);
getAthenzDomainPolicies(domainName, domainId, athenzDomain, caller);
getAthenzDomainServices(domainName, domainId, athenzDomain, caller);
return athenzDomain;
}
use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class JDBCConnectionTest method testGetAthenzDomain.
@Test
public void testGetAthenzDomain() throws Exception {
JDBCConnection jdbcConn = new JDBCConnection(mockConn, true);
// one-domain, 2 roles, 2 members altogether
// 2 policies, 2 assertions
// 1 service, 1 public key
// domain
Mockito.when(mockResultSet.next()).thenReturn(true).thenReturn(true).thenReturn(true).thenReturn(// 2 roles
false).thenReturn(true).thenReturn(true).thenReturn(// 1 member each
false).thenReturn(true).thenReturn(true).thenReturn(// 2 policies
false).thenReturn(true).thenReturn(true).thenReturn(// 1 assertion each
false).thenReturn(true).thenReturn(// 1 service
false).thenReturn(true).thenReturn(// 1 public key
false).thenReturn(true).thenReturn(// 1 host
false);
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_NAME)).thenReturn("role1").thenReturn(// role names
"role2").thenReturn("policy1").thenReturn(// policy names
"policy2").thenReturn(// service name
"service1");
Mockito.when(mockResultSet.getString(1)).thenReturn("role1").thenReturn(// role names
"role2").thenReturn("policy1").thenReturn(// policy names
"policy2").thenReturn(// service names
"service1");
Mockito.when(mockResultSet.getString(2)).thenReturn("user").thenReturn(// member domain names
"user").thenReturn(// service host name
"host1");
// member local names
Mockito.when(mockResultSet.getString(3)).thenReturn("user1").thenReturn("user2");
Mockito.doReturn(new java.sql.Timestamp(1454358916)).when(mockResultSet).getTimestamp(ZMSConsts.DB_COLUMN_MODIFIED);
Mockito.doReturn(true).when(mockResultSet).getBoolean(ZMSConsts.DB_COLUMN_ENABLED);
Mockito.doReturn(false).when(mockResultSet).getBoolean(ZMSConsts.DB_COLUMN_AUDIT_ENABLED);
Mockito.doReturn("").when(mockResultSet).getString(ZMSConsts.DB_COLUMN_DESCRIPTION);
Mockito.doReturn("").when(mockResultSet).getString(ZMSConsts.DB_COLUMN_ORG);
Mockito.doReturn("").when(mockResultSet).getString(ZMSConsts.DB_COLUMN_UUID);
Mockito.doReturn("").when(mockResultSet).getString(ZMSConsts.DB_COLUMN_TRUST);
Mockito.doReturn("").when(mockResultSet).getString(ZMSConsts.DB_COLUMN_ACCOUNT);
Mockito.doReturn(0).when(mockResultSet).getInt(ZMSConsts.DB_COLUMN_PRODUCT_ID);
Mockito.doReturn(5).when(mockResultSet).getInt(ZMSConsts.DB_COLUMN_DOMAIN_ID);
Mockito.doReturn("/usr/bin64/athenz").when(mockResultSet).getString(ZMSConsts.DB_COLUMN_EXECTUABLE);
Mockito.doReturn("users").when(mockResultSet).getString(ZMSConsts.DB_COLUMN_SVC_GROUP);
Mockito.doReturn("root").when(mockResultSet).getString(ZMSConsts.DB_COLUMN_SVC_USER);
Mockito.doReturn("http://server.athenzcompany.com").when(mockResultSet).getString(ZMSConsts.DB_COLUMN_PROVIDER_ENDPOINT);
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ROLE)).thenReturn("role1").thenReturn("role2");
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_RESOURCE)).thenReturn("my-domain:*").thenReturn("my-domain:service.*");
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ACTION)).thenReturn("*").thenReturn("read");
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_EFFECT)).thenReturn("ALLOW").thenReturn("DENY");
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_KEY_ID)).thenReturn("zms1.zone1");
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_KEY_VALUE)).thenReturn("Value1");
AthenzDomain athenzDomain = jdbcConn.getAthenzDomain("my-domain");
assertNotNull(athenzDomain);
assertEquals("my-domain", athenzDomain.getDomain().getName());
assertEquals(2, athenzDomain.getRoles().size());
assertEquals(1, athenzDomain.getRoles().get(0).getRoleMembers().size());
assertEquals(1, athenzDomain.getRoles().get(1).getRoleMembers().size());
assertEquals(2, athenzDomain.getPolicies().size());
assertEquals(1, athenzDomain.getPolicies().get(0).getAssertions().size());
assertEquals(1, athenzDomain.getPolicies().get(1).getAssertions().size());
assertEquals(1, athenzDomain.getServices().size());
assertEquals(1, athenzDomain.getServices().get(0).getPublicKeys().size());
assertEquals("zms1.zone1", athenzDomain.getServices().get(0).getPublicKeys().get(0).getId());
assertEquals("Value1", athenzDomain.getServices().get(0).getPublicKeys().get(0).getKey());
assertEquals(1, athenzDomain.getServices().get(0).getHosts().size());
assertEquals("host1", athenzDomain.getServices().get(0).getHosts().get(0));
jdbcConn.close();
}
use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class ZMSImplTest method testSetupPolicyListWithAssertionsAllVersions.
@Test
public void testSetupPolicyListWithAssertionsAllVersions() {
final String domainName = "setup-policy-with-assert-all-versions";
Policy policy1 = zmsTestInitializer.createPolicyObject(domainName, "policy1").setActive(true).setVersion("ver1");
Policy policy2 = zmsTestInitializer.createPolicyObject(domainName, "policy2").setActive(false).setVersion("ver2");
List<Policy> policyList = new ArrayList<>();
policyList.add(policy1);
policyList.add(policy2);
AthenzDomain domain = new AthenzDomain(domainName);
domain.setPolicies(policyList);
List<Policy> policies = zmsTestInitializer.getZms().setupPolicyList(domain, Boolean.TRUE, Boolean.TRUE);
assertEquals(2, policies.size());
assertEquals(policies.get(0).getName(), "setup-policy-with-assert-all-versions:policy.policy1");
assertEquals(policies.get(0).getVersion(), "ver1");
assertTrue(policies.get(0).getActive());
assertEquals(policies.get(1).getName(), "setup-policy-with-assert-all-versions:policy.policy2");
assertEquals(policies.get(1).getVersion(), "ver2");
assertFalse(policies.get(1).getActive());
policies = zmsTestInitializer.getZms().setupPolicyList(domain, Boolean.FALSE, Boolean.TRUE);
assertEquals(2, policies.size());
assertEquals(policies.get(0).getName(), "setup-policy-with-assert-all-versions:policy.policy1");
assertEquals(policies.get(0).getVersion(), "ver1");
assertTrue(policies.get(0).getActive());
assertEquals(policies.get(1).getName(), "setup-policy-with-assert-all-versions:policy.policy2");
assertEquals(policies.get(1).getVersion(), "ver2");
assertFalse(policies.get(1).getActive());
}
use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class ZMSImplTest method testVirtualHomeDomainDifferentUserHome.
@Test
public void testVirtualHomeDomainDifferentUserHome() {
Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
Principal principal = SimplePrincipal.create("user", "john.smith", "v=U1;d=user;n=john.smith;s=signature", 0, principalAuthority);
AthenzDomain virtualDomain = zmsTestInitializer.getZms().virtualHomeDomain(principal, "home.john-smith");
assertNotNull(virtualDomain);
List<Role> roles = virtualDomain.getRoles();
assertNotNull(roles);
Role adminRole = null;
for (Role role : roles) {
if (role.getName().equals("home.john-smith:role.admin")) {
adminRole = role;
break;
}
}
assertNotNull(adminRole);
List<RoleMember> roleMembers = adminRole.getRoleMembers();
assertEquals(roleMembers.size(), 1);
assertEquals(roleMembers.get(0).getMemberName(), "user.john.smith");
List<Policy> policies = virtualDomain.getPolicies();
assertNotNull(policies);
Policy adminPolicy = null;
for (Policy policy : policies) {
if (policy.getName().equals("home.john-smith:policy.admin")) {
adminPolicy = policy;
break;
}
}
assertNotNull(adminPolicy);
}
use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class ZMSImplTest method testEvaluateAccessAssertionDeny.
@Test
public void testEvaluateAccessAssertionDeny() {
AthenzDomain domain = new AthenzDomain("coretech");
Role role = zmsTestInitializer.createRoleObject("coretech", "role1", null, "user.user1", null);
domain.getRoles().add(role);
Policy policy = new Policy().setName("coretech:policy.policy1");
Assertion assertion = new Assertion();
assertion.setAction("read");
assertion.setEffect(AssertionEffect.DENY);
assertion.setResource("coretech:*");
assertion.setRole("coretech:role.role1");
policy.setAssertions(new ArrayList<>());
policy.getAssertions().add(assertion);
domain.getPolicies().add(policy);
assertEquals(zmsTestInitializer.getZms().evaluateAccess(domain, "user.user1", "read", "coretech:resource1", null, null, zmsTestInitializer.getMockDomRestRsrcCtx().principal()), AccessStatus.DENIED);
}
Aggregations