Search in sources :

Example 11 with AthenzDomain

use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.

the class ZMSImplTest method testSetupServiceListWithHostsOnly.

@Test
public void testSetupServiceListWithHostsOnly() {
    final String domainName = "setup-service-hosts-only";
    TopLevelDomain dom1 = zmsTestInitializer.createTopLevelDomainObject(domainName, "Test Domain1", "testOrg", zmsTestInitializer.getAdminUser());
    zmsTestInitializer.getZms().postTopLevelDomain(zmsTestInitializer.getMockDomRsrcCtx(), zmsTestInitializer.getAuditRef(), dom1);
    ServiceIdentity service1 = zmsTestInitializer.createServiceObject(domainName, "service1", "http://localhost", "/usr/bin/java", "root", "users", "host1");
    zmsTestInitializer.getZms().putServiceIdentity(zmsTestInitializer.getMockDomRsrcCtx(), domainName, "service1", zmsTestInitializer.getAuditRef(), service1);
    ServiceIdentity service2 = zmsTestInitializer.createServiceObject(domainName, "service2", "http://localhost", "/usr/bin/java", "yahoo", "users", "host2");
    zmsTestInitializer.getZms().putServiceIdentity(zmsTestInitializer.getMockDomRsrcCtx(), domainName, "service2", zmsTestInitializer.getAuditRef(), service2);
    AthenzDomain domain = zmsTestInitializer.getZms().getAthenzDomain(domainName, false);
    List<ServiceIdentity> services = zmsTestInitializer.getZms().setupServiceIdentityList(domain, Boolean.FALSE, Boolean.TRUE);
    assertEquals(2, services.size());
    boolean service1Check = false;
    boolean service2Check = false;
    for (ServiceIdentity service : services) {
        switch(service.getName()) {
            case "setup-service-hosts-only.service1":
                assertEquals(service.getExecutable(), "/usr/bin/java");
                assertEquals(service.getUser(), "root");
                assertNull(service.getPublicKeys());
                assertEquals(service.getHosts().size(), 1);
                assertEquals(service.getHosts().get(0), "host1");
                service1Check = true;
                break;
            case "setup-service-hosts-only.service2":
                assertEquals(service.getExecutable(), "/usr/bin/java");
                assertEquals(service.getUser(), "yahoo");
                assertNull(service.getPublicKeys());
                assertEquals(service.getHosts().size(), 1);
                assertEquals(service.getHosts().get(0), "host2");
                service2Check = true;
                break;
        }
    }
    assertTrue(service1Check);
    assertTrue(service2Check);
    zmsTestInitializer.getZms().deleteTopLevelDomain(zmsTestInitializer.getMockDomRsrcCtx(), domainName, zmsTestInitializer.getAuditRef());
}
Also used : AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)

Example 12 with AthenzDomain

use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.

the class ZMSImplTest method testSetupRoleListWithOutMembers.

@Test
public void testSetupRoleListWithOutMembers() {
    String domainName = "setuprolelistwithoutmembers";
    TopLevelDomain dom1 = zmsTestInitializer.createTopLevelDomainObject(domainName, "Test Domain1", "testOrg", "user.user1");
    zmsTestInitializer.getZms().postTopLevelDomain(zmsTestInitializer.getMockDomRsrcCtx(), zmsTestInitializer.getAuditRef(), dom1);
    Role role1 = zmsTestInitializer.createRoleObject(domainName, "Role1", null, "user.joe", "user.jane");
    zmsTestInitializer.getZms().putRole(zmsTestInitializer.getMockDomRsrcCtx(), domainName, "Role1", zmsTestInitializer.getAuditRef(), role1);
    Role role2 = zmsTestInitializer.createRoleObject(domainName, "Role2", null, "user.doe", "user.janie");
    zmsTestInitializer.getZms().putRole(zmsTestInitializer.getMockDomRsrcCtx(), domainName, "Role2", zmsTestInitializer.getAuditRef(), role2);
    Role role3 = zmsTestInitializer.createRoleObject(domainName, "Role3", "sys.auth", null, null);
    zmsTestInitializer.getZms().putRole(zmsTestInitializer.getMockDomRsrcCtx(), domainName, "Role3", zmsTestInitializer.getAuditRef(), role3);
    Role role4 = zmsTestInitializer.createRoleObject(domainName, "Role4", null, "user.doe", "user.jane");
    zmsTestInitializer.getZms().putRole(zmsTestInitializer.getMockDomRsrcCtx(), domainName, "Role4", zmsTestInitializer.getAuditRef(), role4);
    RoleMeta rm = createRoleMetaObject(true);
    rm.setReviewEnabled(true);
    rm.setMemberExpiryDays(45);
    rm.setCertExpiryMins(55);
    rm.setServiceExpiryDays(45);
    rm.setGroupExpiryDays(50);
    rm.setTokenExpiryMins(65);
    rm.setMemberReviewDays(70);
    rm.setServiceReviewDays(80);
    rm.setGroupReviewDays(90);
    rm.setSignAlgorithm("ec");
    zmsTestInitializer.getZms().putRoleMeta(zmsTestInitializer.getMockDomRsrcCtx(), domainName, "role4", zmsTestInitializer.getAuditRef(), rm);
    AthenzDomain domain = zmsTestInitializer.getZms().getAthenzDomain(domainName, false);
    List<Role> roles = zmsTestInitializer.getZms().setupRoleList(domain, Boolean.FALSE, null, null);
    // need to account for admin role
    assertEquals(5, roles.size());
    boolean role1Check = false;
    boolean role2Check = false;
    boolean role3Check = false;
    boolean role4Check = false;
    for (Role role : roles) {
        switch(role.getName()) {
            case "setuprolelistwithoutmembers:role.role1":
                assertNull(role.getRoleMembers());
                assertNull(role.getTrust());
                assertNotNull(role.getModified());
                role1Check = true;
                break;
            case "setuprolelistwithoutmembers:role.role2":
                assertNull(role.getRoleMembers());
                assertNull(role.getTrust());
                assertNotNull(role.getModified());
                role2Check = true;
                break;
            case "setuprolelistwithoutmembers:role.role3":
                assertEquals(role.getTrust(), "sys.auth");
                assertNull(role.getRoleMembers());
                role3Check = true;
                assertNotNull(role.getModified());
                break;
            case "setuprolelistwithoutmembers:role.role4":
                assertNull(role.getRoleMembers());
                assertNull(role.getTrust());
                assertNotNull(role.getModified());
                assertNull(role.getLastReviewedDate());
                assertEquals(role.getMemberExpiryDays().intValue(), 45);
                assertEquals(role.getCertExpiryMins().intValue(), 55);
                assertEquals(role.getServiceExpiryDays().intValue(), 45);
                assertEquals(role.getGroupExpiryDays().intValue(), 50);
                assertEquals(role.getTokenExpiryMins().intValue(), 65);
                assertEquals(role.getMemberReviewDays().intValue(), 70);
                assertEquals(role.getServiceReviewDays().intValue(), 80);
                assertEquals(role.getGroupReviewDays().intValue(), 90);
                assertNotNull(role.getSignAlgorithm());
                assertTrue(role.getReviewEnabled());
                assertTrue(role.getSelfServe());
                assertNull(role.getAuditEnabled());
                role4Check = true;
                break;
        }
    }
    assertTrue(role1Check);
    assertTrue(role2Check);
    assertTrue(role3Check);
    assertTrue(role4Check);
    // we'll do the same check this time passing null
    // for the boolean flag instead of false
    roles = zmsTestInitializer.getZms().setupRoleList(domain, null, null, null);
    // need to account for admin role
    assertEquals(5, roles.size());
    role1Check = false;
    role2Check = false;
    role3Check = false;
    role4Check = false;
    for (Role role : roles) {
        switch(role.getName()) {
            case "setuprolelistwithoutmembers:role.role1":
                assertNull(role.getRoleMembers());
                assertNull(role.getTrust());
                assertNotNull(role.getModified());
                role1Check = true;
                break;
            case "setuprolelistwithoutmembers:role.role2":
                assertNull(role.getRoleMembers());
                assertNull(role.getTrust());
                assertNotNull(role.getModified());
                role2Check = true;
                break;
            case "setuprolelistwithoutmembers:role.role3":
                assertEquals(role.getTrust(), "sys.auth");
                assertNull(role.getRoleMembers());
                role3Check = true;
                assertNotNull(role.getModified());
                break;
            case "setuprolelistwithoutmembers:role.role4":
                assertNull(role.getRoleMembers());
                assertNull(role.getTrust());
                assertNotNull(role.getModified());
                assertNull(role.getLastReviewedDate());
                assertEquals(role.getMemberExpiryDays().intValue(), 45);
                assertEquals(role.getCertExpiryMins().intValue(), 55);
                assertEquals(role.getServiceExpiryDays().intValue(), 45);
                assertEquals(role.getGroupExpiryDays().intValue(), 50);
                assertEquals(role.getTokenExpiryMins().intValue(), 65);
                assertEquals(role.getMemberReviewDays().intValue(), 70);
                assertEquals(role.getServiceReviewDays().intValue(), 80);
                assertEquals(role.getGroupReviewDays().intValue(), 90);
                assertNotNull(role.getSignAlgorithm());
                assertTrue(role.getReviewEnabled());
                assertTrue(role.getSelfServe());
                role4Check = true;
                break;
        }
    }
    assertTrue(role1Check);
    assertTrue(role2Check);
    assertTrue(role3Check);
    assertTrue(role4Check);
    zmsTestInitializer.getZms().deleteTopLevelDomain(zmsTestInitializer.getMockDomRsrcCtx(), domainName, zmsTestInitializer.getAuditRef());
}
Also used : AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)

Example 13 with AthenzDomain

use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.

the class ZMSImplTest method testSetupRoleListWithMembers.

@Test
public void testSetupRoleListWithMembers() {
    String domainName = "setuprolelistwithmembers";
    TopLevelDomain dom1 = zmsTestInitializer.createTopLevelDomainObject(domainName, "Test Domain1", "testOrg", zmsTestInitializer.getAdminUser());
    zmsTestInitializer.getZms().postTopLevelDomain(zmsTestInitializer.getMockDomRsrcCtx(), zmsTestInitializer.getAuditRef(), dom1);
    Role role1 = zmsTestInitializer.createRoleObject(domainName, "Role1", null, "user.joe", "user.jane");
    zmsTestInitializer.getZms().putRole(zmsTestInitializer.getMockDomRsrcCtx(), domainName, "Role1", zmsTestInitializer.getAuditRef(), role1);
    Role role2 = zmsTestInitializer.createRoleObject(domainName, "Role2", null, "user.doe", "user.janie");
    zmsTestInitializer.getZms().putRole(zmsTestInitializer.getMockDomRsrcCtx(), domainName, "Role2", zmsTestInitializer.getAuditRef(), role2);
    Role role3 = zmsTestInitializer.createRoleObject(domainName, "Role3", "sys.auth", null, null);
    zmsTestInitializer.getZms().putRole(zmsTestInitializer.getMockDomRsrcCtx(), domainName, "Role3", zmsTestInitializer.getAuditRef(), role3);
    AthenzDomain domain = zmsTestInitializer.getZms().getAthenzDomain(domainName, false);
    List<Role> roles = zmsTestInitializer.getZms().setupRoleList(domain, Boolean.TRUE, null, null);
    // need to account for admin role
    assertEquals(4, roles.size());
    boolean role1Check = false;
    boolean role2Check = false;
    boolean role3Check = false;
    for (Role role : roles) {
        switch(role.getName()) {
            case "setuprolelistwithmembers:role.role1":
                List<String> checkList = new ArrayList<>();
                checkList.add("user.joe");
                checkList.add("user.jane");
                zmsTestInitializer.checkRoleMember(checkList, role.getRoleMembers());
                assertEquals(role.getRoleMembers().size(), 2);
                assertNull(role.getTrust());
                assertNotNull(role.getModified());
                role1Check = true;
                break;
            case "setuprolelistwithmembers:role.role2":
                List<String> checkList2 = new ArrayList<>();
                checkList2.add("user.doe");
                checkList2.add("user.janie");
                zmsTestInitializer.checkRoleMember(checkList2, role.getRoleMembers());
                assertEquals(role.getRoleMembers().size(), 2);
                assertNull(role.getTrust());
                assertNotNull(role.getModified());
                role2Check = true;
                break;
            case "setuprolelistwithmembers:role.role3":
                assertEquals(role.getTrust(), "sys.auth");
                assertNull(role.getRoleMembers());
                role3Check = true;
                assertNotNull(role.getModified());
                break;
        }
    }
    assertTrue(role1Check);
    assertTrue(role2Check);
    assertTrue(role3Check);
    zmsTestInitializer.getZms().deleteTopLevelDomain(zmsTestInitializer.getMockDomRsrcCtx(), domainName, zmsTestInitializer.getAuditRef());
}
Also used : AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)

Example 14 with AthenzDomain

use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.

the class PutRoleMembershipNotificationTaskTest method testGenerateAndSendPostPutMembershipNotificationSelfserve.

@Test
public void testGenerateAndSendPostPutMembershipNotificationSelfserve() {
    DBService dbsvc = Mockito.mock(DBService.class);
    NotificationService mockNotificationService = Mockito.mock(NotificationService.class);
    NotificationServiceFactory testfact = () -> mockNotificationService;
    NotificationManager notificationManager = getNotificationManager(dbsvc, testfact);
    notificationManager.shutdown();
    Map<String, String> details = new HashMap<>();
    details.put("domain", "testdomain1");
    details.put("role", "role1");
    List<RoleMember> roleMembers = new ArrayList<>();
    RoleMember rm = new RoleMember().setMemberName("user.domadmin1").setActive(true);
    roleMembers.add(rm);
    rm = new RoleMember().setMemberName("user.domadmin2").setActive(true);
    roleMembers.add(rm);
    rm = new RoleMember().setMemberName("dom2.testsvc1").setActive(true);
    roleMembers.add(rm);
    Role adminRole = new Role().setName("testdomain1:role.admin").setRoleMembers(roleMembers);
    List<Role> roles = new ArrayList<>();
    roles.add(adminRole);
    AthenzDomain athenzDomain = new AthenzDomain("testdomain1");
    athenzDomain.setRoles(roles);
    Mockito.when(dbsvc.getRolesByDomain("testdomain1")).thenReturn(athenzDomain.getRoles());
    ArgumentCaptor<Notification> captor = ArgumentCaptor.forClass(Notification.class);
    Role notifyRole = new Role().setAuditEnabled(false).setSelfServe(true);
    List<Notification> notifications = new PutRoleMembershipNotificationTask("testdomain1", "neworg", notifyRole, details, dbsvc, USER_DOMAIN_PREFIX, notificationToEmailConverterCommon).getNotifications();
    notificationManager.sendNotifications(notifications);
    Notification notification = new Notification();
    notification.addRecipient("user.domadmin1").addRecipient("user.domadmin2");
    notification.addDetails("domain", "testdomain1").addDetails("role", "role1");
    PutRoleMembershipNotificationTask.PutMembershipNotificationToEmailConverter converter = new PutRoleMembershipNotificationTask.PutMembershipNotificationToEmailConverter(notificationToEmailConverterCommon);
    notification.setNotificationToEmailConverter(converter);
    PutRoleMembershipNotificationTask.PutMembershipNotificationToMetricConverter metricConverter = new PutRoleMembershipNotificationTask.PutMembershipNotificationToMetricConverter();
    notification.setNotificationToMetricConverter(metricConverter);
    Mockito.verify(mockNotificationService, atLeastOnce()).notify(captor.capture());
    Notification actualNotification = captor.getValue();
    assertEquals(actualNotification, notification);
}
Also used : DBService(com.yahoo.athenz.zms.DBService) ZMSNotificationManagerTest.getNotificationManager(com.yahoo.athenz.zms.notification.ZMSNotificationManagerTest.getNotificationManager) AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain) MetricNotificationService(com.yahoo.athenz.common.server.notification.impl.MetricNotificationService) Role(com.yahoo.athenz.zms.Role) RoleMember(com.yahoo.athenz.zms.RoleMember) Test(org.testng.annotations.Test)

Example 15 with AthenzDomain

use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.

the class RoleMemberReviewNotificationTaskTest method testSendRoleMemberReviewReminders.

@Test
public void testSendRoleMemberReviewReminders() {
    DBService dbsvc = Mockito.mock(DBService.class);
    NotificationService mockNotificationService = Mockito.mock(NotificationService.class);
    NotificationServiceFactory testfact = () -> mockNotificationService;
    List<MemberRole> memberRoles = new ArrayList<>();
    memberRoles.add(new MemberRole().setRoleName("role1").setDomainName("athenz1").setMemberName("user.joe").setReviewReminder(Timestamp.fromMillis(100)));
    DomainRoleMember domainRoleMember = new DomainRoleMember().setMemberName("user.joe").setMemberRoles(memberRoles);
    Map<String, DomainRoleMember> reviewMembers = new HashMap<>();
    reviewMembers.put("user.joe", domainRoleMember);
    // we're going to return null for our first thread which will
    // run during init call and then the real data for the second
    // call
    Mockito.when(dbsvc.getRoleReviewMembers(1)).thenReturn(null).thenReturn(reviewMembers);
    NotificationManager notificationManager = getNotificationManager(dbsvc, testfact);
    ZMSTestUtils.sleep(1000);
    AthenzDomain domain = new AthenzDomain("athenz1");
    List<RoleMember> roleMembers = new ArrayList<>();
    roleMembers.add(new RoleMember().setMemberName("user.jane"));
    Role adminRole = new Role().setName("athenz1:role.admin").setRoleMembers(roleMembers);
    List<Role> roles = new ArrayList<>();
    roles.add(adminRole);
    domain.setRoles(roles);
    Mockito.when(dbsvc.getRolesByDomain("athenz1")).thenReturn(domain.getRoles());
    List<Notification> notifications = new RoleMemberReviewNotificationTask(dbsvc, USER_DOMAIN_PREFIX, notificationToEmailConverterCommon).getNotifications();
    // we should get 2 notifications - one for user and one for domain
    assertEquals(notifications.size(), 2);
    // Verify contents of notifications is as expected
    Notification expectedFirstNotification = new Notification();
    expectedFirstNotification.addRecipient("user.joe");
    expectedFirstNotification.addDetails(NOTIFICATION_DETAILS_ROLES_LIST, "athenz1;role1;1970-01-01T00:00:00.100Z");
    expectedFirstNotification.addDetails("member", "user.joe");
    expectedFirstNotification.setNotificationToEmailConverter(new RoleMemberReviewNotificationTask.RoleReviewPrincipalNotificationToEmailConverter(notificationToEmailConverterCommon));
    expectedFirstNotification.setNotificationToMetricConverter(new RoleMemberReviewNotificationTask.RoleReviewPrincipalNotificationToMetricConverter());
    Notification expectedSecondNotification = new Notification();
    expectedSecondNotification.addRecipient("user.jane");
    expectedSecondNotification.addDetails(NOTIFICATION_DETAILS_MEMBERS_LIST, "user.joe;role1;1970-01-01T00:00:00.100Z");
    expectedSecondNotification.addDetails("domain", "athenz1");
    expectedSecondNotification.setNotificationToEmailConverter(new RoleMemberReviewNotificationTask.RoleReviewDomainNotificationToEmailConverter(notificationToEmailConverterCommon));
    expectedSecondNotification.setNotificationToMetricConverter(new RoleMemberReviewNotificationTask.RoleReviewDomainNotificationToMetricConverter());
    assertEquals(notifications.get(0), expectedFirstNotification);
    assertEquals(notifications.get(1), expectedSecondNotification);
    notificationManager.shutdown();
}
Also used : ZMSNotificationManagerTest.getNotificationManager(com.yahoo.athenz.zms.notification.ZMSNotificationManagerTest.getNotificationManager) AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain) MetricNotificationService(com.yahoo.athenz.common.server.notification.impl.MetricNotificationService) Test(org.testng.annotations.Test)

Aggregations

AthenzDomain (com.yahoo.athenz.zms.store.AthenzDomain)104 Test (org.testng.annotations.Test)28 Principal (com.yahoo.athenz.auth.Principal)14 Authority (com.yahoo.athenz.auth.Authority)13 MetricNotificationService (com.yahoo.athenz.common.server.notification.impl.MetricNotificationService)13 ZMSNotificationManagerTest.getNotificationManager (com.yahoo.athenz.zms.notification.ZMSNotificationManagerTest.getNotificationManager)13 DBService (com.yahoo.athenz.zms.DBService)6 Role (com.yahoo.athenz.zms.Role)6 RoleMember (com.yahoo.athenz.zms.RoleMember)6 ObjectStore (com.yahoo.athenz.zms.store.ObjectStore)3 ObjectStoreConnection (com.yahoo.athenz.zms.store.ObjectStoreConnection)3 java.sql (java.sql)3 SQLException (java.sql.SQLException)2 AuthzDetailsEntity (com.yahoo.athenz.common.config.AuthzDetailsEntity)1 DomainRoleMembersFetcher (com.yahoo.athenz.common.server.notification.DomainRoleMembersFetcher)1 DataCache (com.yahoo.athenz.zms.DBService.DataCache)1 Domain (com.yahoo.athenz.zms.Domain)1 ResourceException (com.yahoo.athenz.zms.ResourceException)1 JDBCConnection (com.yahoo.athenz.zms.store.jdbc.JDBCConnection)1 Timestamp (com.yahoo.rdl.Timestamp)1