Search in sources :

Example 6 with AthenzDomain

use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.

the class JDBCConnection method getAthenzDomain.

@Override
public AthenzDomain getAthenzDomain(String domainName) {
    final String caller = "getAthenzDomain";
    int domainId = 0;
    AthenzDomain athenzDomain = new AthenzDomain(domainName);
    try (PreparedStatement ps = con.prepareStatement(SQL_GET_DOMAIN)) {
        ps.setString(1, domainName);
        try (ResultSet rs = executeQuery(ps, caller)) {
            if (rs.next()) {
                Domain domain = saveDomainSettings(domainName, rs, caller);
                athenzDomain.setDomain(domain);
                domainId = rs.getInt(ZMSConsts.DB_COLUMN_DOMAIN_ID);
            }
        }
    } catch (SQLException ex) {
        throw sqlError(ex, caller);
    }
    if (domainId == 0) {
        throw notFoundError(caller, ZMSConsts.OBJECT_DOMAIN, domainName);
    }
    getAthenzDomainRoles(domainName, domainId, athenzDomain, caller);
    getAthenzDomainPolicies(domainName, domainId, athenzDomain, caller);
    getAthenzDomainServices(domainName, domainId, athenzDomain, caller);
    return athenzDomain;
}
Also used : AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain) SQLException(java.sql.SQLException) ResultSet(java.sql.ResultSet) PreparedStatement(java.sql.PreparedStatement) Domain(com.yahoo.athenz.zms.Domain) AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)

Example 7 with AthenzDomain

use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.

the class JDBCConnectionTest method testGetAthenzDomain.

@Test
public void testGetAthenzDomain() throws Exception {
    JDBCConnection jdbcConn = new JDBCConnection(mockConn, true);
    // one-domain, 2 roles, 2 members altogether
    // 2 policies, 2 assertions
    // 1 service, 1 public key
    // domain
    Mockito.when(mockResultSet.next()).thenReturn(true).thenReturn(true).thenReturn(true).thenReturn(// 2 roles
    false).thenReturn(true).thenReturn(true).thenReturn(// 1 member each
    false).thenReturn(true).thenReturn(true).thenReturn(// 2 policies
    false).thenReturn(true).thenReturn(true).thenReturn(// 1 assertion each
    false).thenReturn(true).thenReturn(// 1 service
    false).thenReturn(true).thenReturn(// 1 public key
    false).thenReturn(true).thenReturn(// 1 host
    false);
    Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_NAME)).thenReturn("role1").thenReturn(// role names
    "role2").thenReturn("policy1").thenReturn(// policy names
    "policy2").thenReturn(// service name
    "service1");
    Mockito.when(mockResultSet.getString(1)).thenReturn("role1").thenReturn(// role names
    "role2").thenReturn("policy1").thenReturn(// policy names
    "policy2").thenReturn(// service names
    "service1");
    Mockito.when(mockResultSet.getString(2)).thenReturn("user").thenReturn(// member domain names
    "user").thenReturn(// service host name
    "host1");
    // member local names
    Mockito.when(mockResultSet.getString(3)).thenReturn("user1").thenReturn("user2");
    Mockito.doReturn(new java.sql.Timestamp(1454358916)).when(mockResultSet).getTimestamp(ZMSConsts.DB_COLUMN_MODIFIED);
    Mockito.doReturn(true).when(mockResultSet).getBoolean(ZMSConsts.DB_COLUMN_ENABLED);
    Mockito.doReturn(false).when(mockResultSet).getBoolean(ZMSConsts.DB_COLUMN_AUDIT_ENABLED);
    Mockito.doReturn("").when(mockResultSet).getString(ZMSConsts.DB_COLUMN_DESCRIPTION);
    Mockito.doReturn("").when(mockResultSet).getString(ZMSConsts.DB_COLUMN_ORG);
    Mockito.doReturn("").when(mockResultSet).getString(ZMSConsts.DB_COLUMN_UUID);
    Mockito.doReturn("").when(mockResultSet).getString(ZMSConsts.DB_COLUMN_TRUST);
    Mockito.doReturn("").when(mockResultSet).getString(ZMSConsts.DB_COLUMN_ACCOUNT);
    Mockito.doReturn(0).when(mockResultSet).getInt(ZMSConsts.DB_COLUMN_PRODUCT_ID);
    Mockito.doReturn(5).when(mockResultSet).getInt(ZMSConsts.DB_COLUMN_DOMAIN_ID);
    Mockito.doReturn("/usr/bin64/athenz").when(mockResultSet).getString(ZMSConsts.DB_COLUMN_EXECTUABLE);
    Mockito.doReturn("users").when(mockResultSet).getString(ZMSConsts.DB_COLUMN_SVC_GROUP);
    Mockito.doReturn("root").when(mockResultSet).getString(ZMSConsts.DB_COLUMN_SVC_USER);
    Mockito.doReturn("http://server.athenzcompany.com").when(mockResultSet).getString(ZMSConsts.DB_COLUMN_PROVIDER_ENDPOINT);
    Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ROLE)).thenReturn("role1").thenReturn("role2");
    Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_RESOURCE)).thenReturn("my-domain:*").thenReturn("my-domain:service.*");
    Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ACTION)).thenReturn("*").thenReturn("read");
    Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_EFFECT)).thenReturn("ALLOW").thenReturn("DENY");
    Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_KEY_ID)).thenReturn("zms1.zone1");
    Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_KEY_VALUE)).thenReturn("Value1");
    AthenzDomain athenzDomain = jdbcConn.getAthenzDomain("my-domain");
    assertNotNull(athenzDomain);
    assertEquals("my-domain", athenzDomain.getDomain().getName());
    assertEquals(2, athenzDomain.getRoles().size());
    assertEquals(1, athenzDomain.getRoles().get(0).getRoleMembers().size());
    assertEquals(1, athenzDomain.getRoles().get(1).getRoleMembers().size());
    assertEquals(2, athenzDomain.getPolicies().size());
    assertEquals(1, athenzDomain.getPolicies().get(0).getAssertions().size());
    assertEquals(1, athenzDomain.getPolicies().get(1).getAssertions().size());
    assertEquals(1, athenzDomain.getServices().size());
    assertEquals(1, athenzDomain.getServices().get(0).getPublicKeys().size());
    assertEquals("zms1.zone1", athenzDomain.getServices().get(0).getPublicKeys().get(0).getId());
    assertEquals("Value1", athenzDomain.getServices().get(0).getPublicKeys().get(0).getKey());
    assertEquals(1, athenzDomain.getServices().get(0).getHosts().size());
    assertEquals("host1", athenzDomain.getServices().get(0).getHosts().get(0));
    jdbcConn.close();
}
Also used : AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain) JDBCConnection(com.yahoo.athenz.zms.store.jdbc.JDBCConnection) Test(org.testng.annotations.Test)

Example 8 with AthenzDomain

use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.

the class ZMSImplTest method testSetupPolicyListWithAssertionsAllVersions.

@Test
public void testSetupPolicyListWithAssertionsAllVersions() {
    final String domainName = "setup-policy-with-assert-all-versions";
    Policy policy1 = zmsTestInitializer.createPolicyObject(domainName, "policy1").setActive(true).setVersion("ver1");
    Policy policy2 = zmsTestInitializer.createPolicyObject(domainName, "policy2").setActive(false).setVersion("ver2");
    List<Policy> policyList = new ArrayList<>();
    policyList.add(policy1);
    policyList.add(policy2);
    AthenzDomain domain = new AthenzDomain(domainName);
    domain.setPolicies(policyList);
    List<Policy> policies = zmsTestInitializer.getZms().setupPolicyList(domain, Boolean.TRUE, Boolean.TRUE);
    assertEquals(2, policies.size());
    assertEquals(policies.get(0).getName(), "setup-policy-with-assert-all-versions:policy.policy1");
    assertEquals(policies.get(0).getVersion(), "ver1");
    assertTrue(policies.get(0).getActive());
    assertEquals(policies.get(1).getName(), "setup-policy-with-assert-all-versions:policy.policy2");
    assertEquals(policies.get(1).getVersion(), "ver2");
    assertFalse(policies.get(1).getActive());
    policies = zmsTestInitializer.getZms().setupPolicyList(domain, Boolean.FALSE, Boolean.TRUE);
    assertEquals(2, policies.size());
    assertEquals(policies.get(0).getName(), "setup-policy-with-assert-all-versions:policy.policy1");
    assertEquals(policies.get(0).getVersion(), "ver1");
    assertTrue(policies.get(0).getActive());
    assertEquals(policies.get(1).getName(), "setup-policy-with-assert-all-versions:policy.policy2");
    assertEquals(policies.get(1).getVersion(), "ver2");
    assertFalse(policies.get(1).getActive());
}
Also used : AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)

Example 9 with AthenzDomain

use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.

the class ZMSImplTest method testVirtualHomeDomainDifferentUserHome.

@Test
public void testVirtualHomeDomainDifferentUserHome() {
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    Principal principal = SimplePrincipal.create("user", "john.smith", "v=U1;d=user;n=john.smith;s=signature", 0, principalAuthority);
    AthenzDomain virtualDomain = zmsTestInitializer.getZms().virtualHomeDomain(principal, "home.john-smith");
    assertNotNull(virtualDomain);
    List<Role> roles = virtualDomain.getRoles();
    assertNotNull(roles);
    Role adminRole = null;
    for (Role role : roles) {
        if (role.getName().equals("home.john-smith:role.admin")) {
            adminRole = role;
            break;
        }
    }
    assertNotNull(adminRole);
    List<RoleMember> roleMembers = adminRole.getRoleMembers();
    assertEquals(roleMembers.size(), 1);
    assertEquals(roleMembers.get(0).getMemberName(), "user.john.smith");
    List<Policy> policies = virtualDomain.getPolicies();
    assertNotNull(policies);
    Policy adminPolicy = null;
    for (Policy policy : policies) {
        if (policy.getName().equals("home.john-smith:policy.admin")) {
            adminPolicy = policy;
            break;
        }
    }
    assertNotNull(adminPolicy);
}
Also used : AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain) Authority(com.yahoo.athenz.auth.Authority) Principal(com.yahoo.athenz.auth.Principal)

Example 10 with AthenzDomain

use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.

the class ZMSImplTest method testEvaluateAccessAssertionDeny.

@Test
public void testEvaluateAccessAssertionDeny() {
    AthenzDomain domain = new AthenzDomain("coretech");
    Role role = zmsTestInitializer.createRoleObject("coretech", "role1", null, "user.user1", null);
    domain.getRoles().add(role);
    Policy policy = new Policy().setName("coretech:policy.policy1");
    Assertion assertion = new Assertion();
    assertion.setAction("read");
    assertion.setEffect(AssertionEffect.DENY);
    assertion.setResource("coretech:*");
    assertion.setRole("coretech:role.role1");
    policy.setAssertions(new ArrayList<>());
    policy.getAssertions().add(assertion);
    domain.getPolicies().add(policy);
    assertEquals(zmsTestInitializer.getZms().evaluateAccess(domain, "user.user1", "read", "coretech:resource1", null, null, zmsTestInitializer.getMockDomRestRsrcCtx().principal()), AccessStatus.DENIED);
}
Also used : AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)

Aggregations

AthenzDomain (com.yahoo.athenz.zms.store.AthenzDomain)104 Test (org.testng.annotations.Test)28 Principal (com.yahoo.athenz.auth.Principal)14 Authority (com.yahoo.athenz.auth.Authority)13 MetricNotificationService (com.yahoo.athenz.common.server.notification.impl.MetricNotificationService)13 ZMSNotificationManagerTest.getNotificationManager (com.yahoo.athenz.zms.notification.ZMSNotificationManagerTest.getNotificationManager)13 DBService (com.yahoo.athenz.zms.DBService)6 Role (com.yahoo.athenz.zms.Role)6 RoleMember (com.yahoo.athenz.zms.RoleMember)6 ObjectStore (com.yahoo.athenz.zms.store.ObjectStore)3 ObjectStoreConnection (com.yahoo.athenz.zms.store.ObjectStoreConnection)3 java.sql (java.sql)3 SQLException (java.sql.SQLException)2 AuthzDetailsEntity (com.yahoo.athenz.common.config.AuthzDetailsEntity)1 DomainRoleMembersFetcher (com.yahoo.athenz.common.server.notification.DomainRoleMembersFetcher)1 DataCache (com.yahoo.athenz.zms.DBService.DataCache)1 Domain (com.yahoo.athenz.zms.Domain)1 ResourceException (com.yahoo.athenz.zms.ResourceException)1 JDBCConnection (com.yahoo.athenz.zms.store.jdbc.JDBCConnection)1 Timestamp (com.yahoo.rdl.Timestamp)1