use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class ZMSImplTest method testSetupServiceListWithHostsOnly.
@Test
public void testSetupServiceListWithHostsOnly() {
final String domainName = "setup-service-hosts-only";
TopLevelDomain dom1 = zmsTestInitializer.createTopLevelDomainObject(domainName, "Test Domain1", "testOrg", zmsTestInitializer.getAdminUser());
zmsTestInitializer.getZms().postTopLevelDomain(zmsTestInitializer.getMockDomRsrcCtx(), zmsTestInitializer.getAuditRef(), dom1);
ServiceIdentity service1 = zmsTestInitializer.createServiceObject(domainName, "service1", "http://localhost", "/usr/bin/java", "root", "users", "host1");
zmsTestInitializer.getZms().putServiceIdentity(zmsTestInitializer.getMockDomRsrcCtx(), domainName, "service1", zmsTestInitializer.getAuditRef(), service1);
ServiceIdentity service2 = zmsTestInitializer.createServiceObject(domainName, "service2", "http://localhost", "/usr/bin/java", "yahoo", "users", "host2");
zmsTestInitializer.getZms().putServiceIdentity(zmsTestInitializer.getMockDomRsrcCtx(), domainName, "service2", zmsTestInitializer.getAuditRef(), service2);
AthenzDomain domain = zmsTestInitializer.getZms().getAthenzDomain(domainName, false);
List<ServiceIdentity> services = zmsTestInitializer.getZms().setupServiceIdentityList(domain, Boolean.FALSE, Boolean.TRUE);
assertEquals(2, services.size());
boolean service1Check = false;
boolean service2Check = false;
for (ServiceIdentity service : services) {
switch(service.getName()) {
case "setup-service-hosts-only.service1":
assertEquals(service.getExecutable(), "/usr/bin/java");
assertEquals(service.getUser(), "root");
assertNull(service.getPublicKeys());
assertEquals(service.getHosts().size(), 1);
assertEquals(service.getHosts().get(0), "host1");
service1Check = true;
break;
case "setup-service-hosts-only.service2":
assertEquals(service.getExecutable(), "/usr/bin/java");
assertEquals(service.getUser(), "yahoo");
assertNull(service.getPublicKeys());
assertEquals(service.getHosts().size(), 1);
assertEquals(service.getHosts().get(0), "host2");
service2Check = true;
break;
}
}
assertTrue(service1Check);
assertTrue(service2Check);
zmsTestInitializer.getZms().deleteTopLevelDomain(zmsTestInitializer.getMockDomRsrcCtx(), domainName, zmsTestInitializer.getAuditRef());
}
use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class ZMSImplTest method testSetupRoleListWithOutMembers.
@Test
public void testSetupRoleListWithOutMembers() {
String domainName = "setuprolelistwithoutmembers";
TopLevelDomain dom1 = zmsTestInitializer.createTopLevelDomainObject(domainName, "Test Domain1", "testOrg", "user.user1");
zmsTestInitializer.getZms().postTopLevelDomain(zmsTestInitializer.getMockDomRsrcCtx(), zmsTestInitializer.getAuditRef(), dom1);
Role role1 = zmsTestInitializer.createRoleObject(domainName, "Role1", null, "user.joe", "user.jane");
zmsTestInitializer.getZms().putRole(zmsTestInitializer.getMockDomRsrcCtx(), domainName, "Role1", zmsTestInitializer.getAuditRef(), role1);
Role role2 = zmsTestInitializer.createRoleObject(domainName, "Role2", null, "user.doe", "user.janie");
zmsTestInitializer.getZms().putRole(zmsTestInitializer.getMockDomRsrcCtx(), domainName, "Role2", zmsTestInitializer.getAuditRef(), role2);
Role role3 = zmsTestInitializer.createRoleObject(domainName, "Role3", "sys.auth", null, null);
zmsTestInitializer.getZms().putRole(zmsTestInitializer.getMockDomRsrcCtx(), domainName, "Role3", zmsTestInitializer.getAuditRef(), role3);
Role role4 = zmsTestInitializer.createRoleObject(domainName, "Role4", null, "user.doe", "user.jane");
zmsTestInitializer.getZms().putRole(zmsTestInitializer.getMockDomRsrcCtx(), domainName, "Role4", zmsTestInitializer.getAuditRef(), role4);
RoleMeta rm = createRoleMetaObject(true);
rm.setReviewEnabled(true);
rm.setMemberExpiryDays(45);
rm.setCertExpiryMins(55);
rm.setServiceExpiryDays(45);
rm.setGroupExpiryDays(50);
rm.setTokenExpiryMins(65);
rm.setMemberReviewDays(70);
rm.setServiceReviewDays(80);
rm.setGroupReviewDays(90);
rm.setSignAlgorithm("ec");
zmsTestInitializer.getZms().putRoleMeta(zmsTestInitializer.getMockDomRsrcCtx(), domainName, "role4", zmsTestInitializer.getAuditRef(), rm);
AthenzDomain domain = zmsTestInitializer.getZms().getAthenzDomain(domainName, false);
List<Role> roles = zmsTestInitializer.getZms().setupRoleList(domain, Boolean.FALSE, null, null);
// need to account for admin role
assertEquals(5, roles.size());
boolean role1Check = false;
boolean role2Check = false;
boolean role3Check = false;
boolean role4Check = false;
for (Role role : roles) {
switch(role.getName()) {
case "setuprolelistwithoutmembers:role.role1":
assertNull(role.getRoleMembers());
assertNull(role.getTrust());
assertNotNull(role.getModified());
role1Check = true;
break;
case "setuprolelistwithoutmembers:role.role2":
assertNull(role.getRoleMembers());
assertNull(role.getTrust());
assertNotNull(role.getModified());
role2Check = true;
break;
case "setuprolelistwithoutmembers:role.role3":
assertEquals(role.getTrust(), "sys.auth");
assertNull(role.getRoleMembers());
role3Check = true;
assertNotNull(role.getModified());
break;
case "setuprolelistwithoutmembers:role.role4":
assertNull(role.getRoleMembers());
assertNull(role.getTrust());
assertNotNull(role.getModified());
assertNull(role.getLastReviewedDate());
assertEquals(role.getMemberExpiryDays().intValue(), 45);
assertEquals(role.getCertExpiryMins().intValue(), 55);
assertEquals(role.getServiceExpiryDays().intValue(), 45);
assertEquals(role.getGroupExpiryDays().intValue(), 50);
assertEquals(role.getTokenExpiryMins().intValue(), 65);
assertEquals(role.getMemberReviewDays().intValue(), 70);
assertEquals(role.getServiceReviewDays().intValue(), 80);
assertEquals(role.getGroupReviewDays().intValue(), 90);
assertNotNull(role.getSignAlgorithm());
assertTrue(role.getReviewEnabled());
assertTrue(role.getSelfServe());
assertNull(role.getAuditEnabled());
role4Check = true;
break;
}
}
assertTrue(role1Check);
assertTrue(role2Check);
assertTrue(role3Check);
assertTrue(role4Check);
// we'll do the same check this time passing null
// for the boolean flag instead of false
roles = zmsTestInitializer.getZms().setupRoleList(domain, null, null, null);
// need to account for admin role
assertEquals(5, roles.size());
role1Check = false;
role2Check = false;
role3Check = false;
role4Check = false;
for (Role role : roles) {
switch(role.getName()) {
case "setuprolelistwithoutmembers:role.role1":
assertNull(role.getRoleMembers());
assertNull(role.getTrust());
assertNotNull(role.getModified());
role1Check = true;
break;
case "setuprolelistwithoutmembers:role.role2":
assertNull(role.getRoleMembers());
assertNull(role.getTrust());
assertNotNull(role.getModified());
role2Check = true;
break;
case "setuprolelistwithoutmembers:role.role3":
assertEquals(role.getTrust(), "sys.auth");
assertNull(role.getRoleMembers());
role3Check = true;
assertNotNull(role.getModified());
break;
case "setuprolelistwithoutmembers:role.role4":
assertNull(role.getRoleMembers());
assertNull(role.getTrust());
assertNotNull(role.getModified());
assertNull(role.getLastReviewedDate());
assertEquals(role.getMemberExpiryDays().intValue(), 45);
assertEquals(role.getCertExpiryMins().intValue(), 55);
assertEquals(role.getServiceExpiryDays().intValue(), 45);
assertEquals(role.getGroupExpiryDays().intValue(), 50);
assertEquals(role.getTokenExpiryMins().intValue(), 65);
assertEquals(role.getMemberReviewDays().intValue(), 70);
assertEquals(role.getServiceReviewDays().intValue(), 80);
assertEquals(role.getGroupReviewDays().intValue(), 90);
assertNotNull(role.getSignAlgorithm());
assertTrue(role.getReviewEnabled());
assertTrue(role.getSelfServe());
role4Check = true;
break;
}
}
assertTrue(role1Check);
assertTrue(role2Check);
assertTrue(role3Check);
assertTrue(role4Check);
zmsTestInitializer.getZms().deleteTopLevelDomain(zmsTestInitializer.getMockDomRsrcCtx(), domainName, zmsTestInitializer.getAuditRef());
}
use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class ZMSImplTest method testSetupRoleListWithMembers.
@Test
public void testSetupRoleListWithMembers() {
String domainName = "setuprolelistwithmembers";
TopLevelDomain dom1 = zmsTestInitializer.createTopLevelDomainObject(domainName, "Test Domain1", "testOrg", zmsTestInitializer.getAdminUser());
zmsTestInitializer.getZms().postTopLevelDomain(zmsTestInitializer.getMockDomRsrcCtx(), zmsTestInitializer.getAuditRef(), dom1);
Role role1 = zmsTestInitializer.createRoleObject(domainName, "Role1", null, "user.joe", "user.jane");
zmsTestInitializer.getZms().putRole(zmsTestInitializer.getMockDomRsrcCtx(), domainName, "Role1", zmsTestInitializer.getAuditRef(), role1);
Role role2 = zmsTestInitializer.createRoleObject(domainName, "Role2", null, "user.doe", "user.janie");
zmsTestInitializer.getZms().putRole(zmsTestInitializer.getMockDomRsrcCtx(), domainName, "Role2", zmsTestInitializer.getAuditRef(), role2);
Role role3 = zmsTestInitializer.createRoleObject(domainName, "Role3", "sys.auth", null, null);
zmsTestInitializer.getZms().putRole(zmsTestInitializer.getMockDomRsrcCtx(), domainName, "Role3", zmsTestInitializer.getAuditRef(), role3);
AthenzDomain domain = zmsTestInitializer.getZms().getAthenzDomain(domainName, false);
List<Role> roles = zmsTestInitializer.getZms().setupRoleList(domain, Boolean.TRUE, null, null);
// need to account for admin role
assertEquals(4, roles.size());
boolean role1Check = false;
boolean role2Check = false;
boolean role3Check = false;
for (Role role : roles) {
switch(role.getName()) {
case "setuprolelistwithmembers:role.role1":
List<String> checkList = new ArrayList<>();
checkList.add("user.joe");
checkList.add("user.jane");
zmsTestInitializer.checkRoleMember(checkList, role.getRoleMembers());
assertEquals(role.getRoleMembers().size(), 2);
assertNull(role.getTrust());
assertNotNull(role.getModified());
role1Check = true;
break;
case "setuprolelistwithmembers:role.role2":
List<String> checkList2 = new ArrayList<>();
checkList2.add("user.doe");
checkList2.add("user.janie");
zmsTestInitializer.checkRoleMember(checkList2, role.getRoleMembers());
assertEquals(role.getRoleMembers().size(), 2);
assertNull(role.getTrust());
assertNotNull(role.getModified());
role2Check = true;
break;
case "setuprolelistwithmembers:role.role3":
assertEquals(role.getTrust(), "sys.auth");
assertNull(role.getRoleMembers());
role3Check = true;
assertNotNull(role.getModified());
break;
}
}
assertTrue(role1Check);
assertTrue(role2Check);
assertTrue(role3Check);
zmsTestInitializer.getZms().deleteTopLevelDomain(zmsTestInitializer.getMockDomRsrcCtx(), domainName, zmsTestInitializer.getAuditRef());
}
use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class PutRoleMembershipNotificationTaskTest method testGenerateAndSendPostPutMembershipNotificationSelfserve.
@Test
public void testGenerateAndSendPostPutMembershipNotificationSelfserve() {
DBService dbsvc = Mockito.mock(DBService.class);
NotificationService mockNotificationService = Mockito.mock(NotificationService.class);
NotificationServiceFactory testfact = () -> mockNotificationService;
NotificationManager notificationManager = getNotificationManager(dbsvc, testfact);
notificationManager.shutdown();
Map<String, String> details = new HashMap<>();
details.put("domain", "testdomain1");
details.put("role", "role1");
List<RoleMember> roleMembers = new ArrayList<>();
RoleMember rm = new RoleMember().setMemberName("user.domadmin1").setActive(true);
roleMembers.add(rm);
rm = new RoleMember().setMemberName("user.domadmin2").setActive(true);
roleMembers.add(rm);
rm = new RoleMember().setMemberName("dom2.testsvc1").setActive(true);
roleMembers.add(rm);
Role adminRole = new Role().setName("testdomain1:role.admin").setRoleMembers(roleMembers);
List<Role> roles = new ArrayList<>();
roles.add(adminRole);
AthenzDomain athenzDomain = new AthenzDomain("testdomain1");
athenzDomain.setRoles(roles);
Mockito.when(dbsvc.getRolesByDomain("testdomain1")).thenReturn(athenzDomain.getRoles());
ArgumentCaptor<Notification> captor = ArgumentCaptor.forClass(Notification.class);
Role notifyRole = new Role().setAuditEnabled(false).setSelfServe(true);
List<Notification> notifications = new PutRoleMembershipNotificationTask("testdomain1", "neworg", notifyRole, details, dbsvc, USER_DOMAIN_PREFIX, notificationToEmailConverterCommon).getNotifications();
notificationManager.sendNotifications(notifications);
Notification notification = new Notification();
notification.addRecipient("user.domadmin1").addRecipient("user.domadmin2");
notification.addDetails("domain", "testdomain1").addDetails("role", "role1");
PutRoleMembershipNotificationTask.PutMembershipNotificationToEmailConverter converter = new PutRoleMembershipNotificationTask.PutMembershipNotificationToEmailConverter(notificationToEmailConverterCommon);
notification.setNotificationToEmailConverter(converter);
PutRoleMembershipNotificationTask.PutMembershipNotificationToMetricConverter metricConverter = new PutRoleMembershipNotificationTask.PutMembershipNotificationToMetricConverter();
notification.setNotificationToMetricConverter(metricConverter);
Mockito.verify(mockNotificationService, atLeastOnce()).notify(captor.capture());
Notification actualNotification = captor.getValue();
assertEquals(actualNotification, notification);
}
use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class RoleMemberReviewNotificationTaskTest method testSendRoleMemberReviewReminders.
@Test
public void testSendRoleMemberReviewReminders() {
DBService dbsvc = Mockito.mock(DBService.class);
NotificationService mockNotificationService = Mockito.mock(NotificationService.class);
NotificationServiceFactory testfact = () -> mockNotificationService;
List<MemberRole> memberRoles = new ArrayList<>();
memberRoles.add(new MemberRole().setRoleName("role1").setDomainName("athenz1").setMemberName("user.joe").setReviewReminder(Timestamp.fromMillis(100)));
DomainRoleMember domainRoleMember = new DomainRoleMember().setMemberName("user.joe").setMemberRoles(memberRoles);
Map<String, DomainRoleMember> reviewMembers = new HashMap<>();
reviewMembers.put("user.joe", domainRoleMember);
// we're going to return null for our first thread which will
// run during init call and then the real data for the second
// call
Mockito.when(dbsvc.getRoleReviewMembers(1)).thenReturn(null).thenReturn(reviewMembers);
NotificationManager notificationManager = getNotificationManager(dbsvc, testfact);
ZMSTestUtils.sleep(1000);
AthenzDomain domain = new AthenzDomain("athenz1");
List<RoleMember> roleMembers = new ArrayList<>();
roleMembers.add(new RoleMember().setMemberName("user.jane"));
Role adminRole = new Role().setName("athenz1:role.admin").setRoleMembers(roleMembers);
List<Role> roles = new ArrayList<>();
roles.add(adminRole);
domain.setRoles(roles);
Mockito.when(dbsvc.getRolesByDomain("athenz1")).thenReturn(domain.getRoles());
List<Notification> notifications = new RoleMemberReviewNotificationTask(dbsvc, USER_DOMAIN_PREFIX, notificationToEmailConverterCommon).getNotifications();
// we should get 2 notifications - one for user and one for domain
assertEquals(notifications.size(), 2);
// Verify contents of notifications is as expected
Notification expectedFirstNotification = new Notification();
expectedFirstNotification.addRecipient("user.joe");
expectedFirstNotification.addDetails(NOTIFICATION_DETAILS_ROLES_LIST, "athenz1;role1;1970-01-01T00:00:00.100Z");
expectedFirstNotification.addDetails("member", "user.joe");
expectedFirstNotification.setNotificationToEmailConverter(new RoleMemberReviewNotificationTask.RoleReviewPrincipalNotificationToEmailConverter(notificationToEmailConverterCommon));
expectedFirstNotification.setNotificationToMetricConverter(new RoleMemberReviewNotificationTask.RoleReviewPrincipalNotificationToMetricConverter());
Notification expectedSecondNotification = new Notification();
expectedSecondNotification.addRecipient("user.jane");
expectedSecondNotification.addDetails(NOTIFICATION_DETAILS_MEMBERS_LIST, "user.joe;role1;1970-01-01T00:00:00.100Z");
expectedSecondNotification.addDetails("domain", "athenz1");
expectedSecondNotification.setNotificationToEmailConverter(new RoleMemberReviewNotificationTask.RoleReviewDomainNotificationToEmailConverter(notificationToEmailConverterCommon));
expectedSecondNotification.setNotificationToMetricConverter(new RoleMemberReviewNotificationTask.RoleReviewDomainNotificationToMetricConverter());
assertEquals(notifications.get(0), expectedFirstNotification);
assertEquals(notifications.get(1), expectedSecondNotification);
notificationManager.shutdown();
}
Aggregations