use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class PutGroupMembershipNotificationTaskTest method testGenerateAndSendPostPutGroupMembershipNotificationNullOrgGroup.
@Test
public void testGenerateAndSendPostPutGroupMembershipNotificationNullOrgGroup() {
DBService dbsvc = Mockito.mock(DBService.class);
NotificationService mockNotificationService = Mockito.mock(NotificationService.class);
NotificationServiceFactory testfact = () -> mockNotificationService;
NotificationManager notificationManager = getNotificationManager(dbsvc, testfact);
notificationManager.shutdown();
Map<String, String> details = new HashMap<>();
details.put("domain", "testdomain1");
details.put("group", "group1");
List<RoleMember> roleMembers = new ArrayList<>();
RoleMember rm = new RoleMember().setMemberName("user.domapprover1").setActive(true);
roleMembers.add(rm);
rm = new RoleMember().setMemberName("user.domapprover2").setActive(true);
roleMembers.add(rm);
rm = new RoleMember().setMemberName("dom2.testsvc1").setActive(true);
roleMembers.add(rm);
Role domainRole = new Role().setName("sys.auth.audit.domain:role.testdomain1").setRoleMembers(roleMembers);
List<Role> roles = new ArrayList<>();
roles.add(domainRole);
AthenzDomain athenzDomain = new AthenzDomain("sys.auth.audit.domain");
athenzDomain.setRoles(roles);
Mockito.when(dbsvc.getRolesByDomain("sys.auth.audit.domain")).thenReturn(athenzDomain.getRoles());
ArgumentCaptor<Notification> captor = ArgumentCaptor.forClass(Notification.class);
Group notifyGroup = new Group().setAuditEnabled(true).setSelfServe(false);
List<Notification> notifications = new PutGroupMembershipNotificationTask("testdomain1", "neworg", notifyGroup, details, dbsvc, USER_DOMAIN_PREFIX, notificationToEmailConverterCommon).getNotifications();
notificationManager.sendNotifications(notifications);
Notification notification = new Notification();
notification.addRecipient("user.domapprover1").addRecipient("user.domapprover2");
notification.addDetails("domain", "testdomain1").addDetails("group", "group1");
PutGroupMembershipNotificationTask.PutGroupMembershipNotificationToEmailConverter converter = new PutGroupMembershipNotificationTask.PutGroupMembershipNotificationToEmailConverter(notificationToEmailConverterCommon);
notification.setNotificationToEmailConverter(converter);
PutGroupMembershipNotificationTask.PutGroupMembershipNotificationToMetricConverter metricConverter = new PutGroupMembershipNotificationTask.PutGroupMembershipNotificationToMetricConverter();
notification.setNotificationToMetricConverter(metricConverter);
Mockito.verify(mockNotificationService, atLeastOnce()).notify(captor.capture());
Notification actualNotification = captor.getValue();
assertEquals(actualNotification, notification);
}
use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class PutGroupMembershipNotificationTaskTest method testGenerateAndSendPostPutGroupMembershipNotificationNotifyGroups.
@Test
public void testGenerateAndSendPostPutGroupMembershipNotificationNotifyGroups() {
DBService dbsvc = Mockito.mock(DBService.class);
NotificationService mockNotificationService = Mockito.mock(NotificationService.class);
NotificationServiceFactory testfact = () -> mockNotificationService;
NotificationManager notificationManager = getNotificationManager(dbsvc, testfact);
notificationManager.shutdown();
Map<String, String> details = new HashMap<>();
details.put("domain", "testdomain1");
details.put("group", "group1");
List<RoleMember> roleMembers = new ArrayList<>();
RoleMember rm = new RoleMember().setMemberName("user.domapprover1").setActive(true);
roleMembers.add(rm);
rm = new RoleMember().setMemberName("user.domapprover2").setActive(true);
roleMembers.add(rm);
rm = new RoleMember().setMemberName("dom2.testsvc1").setActive(true);
roleMembers.add(rm);
Role domainRole = new Role().setName("athenz:role.approvers").setRoleMembers(roleMembers);
roleMembers = new ArrayList<>();
rm = new RoleMember().setMemberName("user.approver1").setActive(true);
roleMembers.add(rm);
rm = new RoleMember().setMemberName("user.approver2").setActive(true);
roleMembers.add(rm);
rm = new RoleMember().setMemberName("dom2.testsvc1").setActive(true);
roleMembers.add(rm);
Role localRole = new Role().setName("testdomain1:role.notify").setRoleMembers(roleMembers);
List<Role> roles1 = new ArrayList<>();
roles1.add(localRole);
AthenzDomain athenzDomain1 = new AthenzDomain("coretech");
athenzDomain1.setRoles(roles1);
List<Role> roles2 = new ArrayList<>();
roles2.add(domainRole);
AthenzDomain athenzDomain2 = new AthenzDomain("athenz");
athenzDomain2.setRoles(roles2);
Mockito.when(dbsvc.getRolesByDomain("testdomain1")).thenReturn(athenzDomain1.getRoles());
Mockito.when(dbsvc.getRolesByDomain("athenz")).thenReturn(athenzDomain2.getRoles());
ArgumentCaptor<Notification> captor = ArgumentCaptor.forClass(Notification.class);
Group notifyGroup = new Group().setAuditEnabled(false).setSelfServe(false).setReviewEnabled(true).setNotifyRoles("athenz:role.approvers,notify");
List<Notification> notifications = new PutGroupMembershipNotificationTask("testdomain1", "neworg", notifyGroup, details, dbsvc, USER_DOMAIN_PREFIX, notificationToEmailConverterCommon).getNotifications();
notificationManager.sendNotifications(notifications);
Notification notification = new Notification();
notification.addRecipient("user.domapprover1").addRecipient("user.domapprover2").addRecipient("user.approver1").addRecipient("user.approver2");
notification.addDetails("domain", "testdomain1").addDetails("group", "group1");
PutGroupMembershipNotificationTask.PutGroupMembershipNotificationToEmailConverter converter = new PutGroupMembershipNotificationTask.PutGroupMembershipNotificationToEmailConverter(notificationToEmailConverterCommon);
notification.setNotificationToEmailConverter(converter);
PutGroupMembershipNotificationTask.PutGroupMembershipNotificationToMetricConverter metricConverter = new PutGroupMembershipNotificationTask.PutGroupMembershipNotificationToMetricConverter();
notification.setNotificationToMetricConverter(metricConverter);
Mockito.verify(mockNotificationService, atLeastOnce()).notify(captor.capture());
Notification actualNotification = captor.getValue();
assertEquals(actualNotification, notification);
assertEquals(actualNotification, notification);
}
use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class PutGroupMembershipNotificationTaskTest method testGenerateAndSendPostPutGroupMembershipNotification.
@Test
public void testGenerateAndSendPostPutGroupMembershipNotification() {
DBService dbsvc = Mockito.mock(DBService.class);
NotificationService mockNotificationService = Mockito.mock(NotificationService.class);
NotificationServiceFactory testfact = () -> mockNotificationService;
NotificationManager notificationManager = getNotificationManager(dbsvc, testfact);
notificationManager.shutdown();
Map<String, String> details = new HashMap<>();
details.put("domain", "testdomain1");
details.put("group", "group1");
List<RoleMember> roleMembers = new ArrayList<>();
RoleMember rm = new RoleMember().setMemberName("user.domapprover1").setActive(true);
roleMembers.add(rm);
rm = new RoleMember().setMemberName("user.domapprover2").setActive(true);
roleMembers.add(rm);
rm = new RoleMember().setMemberName("dom2.testsvc1").setActive(true);
roleMembers.add(rm);
Role domainRole = new Role().setName("sys.auth.audit.domain:role.testdomain1").setRoleMembers(roleMembers);
roleMembers = new ArrayList<>();
rm = new RoleMember().setMemberName("user.orgapprover1").setActive(true);
roleMembers.add(rm);
rm = new RoleMember().setMemberName("user.orgapprover2").setActive(true);
roleMembers.add(rm);
rm = new RoleMember().setMemberName("dom2.testsvc1").setActive(true);
roleMembers.add(rm);
Role orgRole = new Role().setName("sys.auth.audit.org:role.neworg").setRoleMembers(roleMembers);
List<Role> roles1 = new ArrayList<>();
roles1.add(orgRole);
AthenzDomain athenzDomain1 = new AthenzDomain("sys.auth.audit.org");
athenzDomain1.setRoles(roles1);
List<Role> roles2 = new ArrayList<>();
roles2.add(domainRole);
AthenzDomain athenzDomain2 = new AthenzDomain("sys.auth.audit.domain");
athenzDomain2.setRoles(roles2);
Mockito.when(dbsvc.getRolesByDomain("sys.auth.audit.org")).thenReturn(athenzDomain1.getRoles());
Mockito.when(dbsvc.getRolesByDomain("sys.auth.audit.domain")).thenReturn(athenzDomain2.getRoles());
ArgumentCaptor<Notification> captor = ArgumentCaptor.forClass(Notification.class);
Group notifyGroup = new Group().setAuditEnabled(true).setSelfServe(false);
List<Notification> notifications = new PutGroupMembershipNotificationTask("testdomain1", "neworg", notifyGroup, details, dbsvc, USER_DOMAIN_PREFIX, notificationToEmailConverterCommon).getNotifications();
notificationManager.sendNotifications(notifications);
Notification notification = new Notification();
notification.addRecipient("user.domapprover1").addRecipient("user.domapprover2").addRecipient("user.orgapprover1").addRecipient("user.orgapprover2");
notification.addDetails("domain", "testdomain1").addDetails("group", "group1");
PutGroupMembershipNotificationTask.PutGroupMembershipNotificationToEmailConverter converter = new PutGroupMembershipNotificationTask.PutGroupMembershipNotificationToEmailConverter(notificationToEmailConverterCommon);
notification.setNotificationToEmailConverter(converter);
PutGroupMembershipNotificationTask.PutGroupMembershipNotificationToMetricConverter metricConverter = new PutGroupMembershipNotificationTask.PutGroupMembershipNotificationToMetricConverter();
notification.setNotificationToMetricConverter(metricConverter);
Mockito.verify(mockNotificationService, atLeastOnce()).notify(captor.capture());
Notification actualNotification = captor.getValue();
assertEquals(actualNotification, notification);
}
use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class JDBCConnectionTest method testGetAthenzDomain.
@Test
public void testGetAthenzDomain() throws Exception {
JDBCConnection jdbcConn = new JDBCConnection(mockConn, true);
// one-domain, 2 roles, 2 members altogether
// 2 group with 2 member
// 2 policies, 2 assertions
// 1 service, 1 public key
// domain
Mockito.when(mockResultSet.next()).thenReturn(true).thenReturn(true).thenReturn(// domain with 1 tag
false).thenReturn(true).thenReturn(true).thenReturn(// 2 roles
false).thenReturn(true).thenReturn(true).thenReturn(// 1 member each
false).thenReturn(true).thenReturn(true).thenReturn(// roles tags
false).thenReturn(true).thenReturn(true).thenReturn(// 2 groups
false).thenReturn(true).thenReturn(true).thenReturn(// 1 member each
false).thenReturn(true).thenReturn(true).thenReturn(// groups tags
false).thenReturn(true).thenReturn(true).thenReturn(// 2 policies
false).thenReturn(true).thenReturn(true).thenReturn(false).thenReturn(// no conditions
false).thenReturn(true).thenReturn(// 1 service
false).thenReturn(true).thenReturn(// 1 public key
false).thenReturn(true).thenReturn(// 1 host
false);
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_NAME)).thenReturn("role1").thenReturn(// role names
"role2").thenReturn("group1").thenReturn(// group names
"group2").thenReturn(// service name
"service1");
Mockito.when(mockResultSet.getString(1)).thenReturn(// tag key
"tag-key").thenReturn("role1").thenReturn(// role names
"role2").thenReturn("role1").thenReturn(// roles tags
"role2").thenReturn("group1").thenReturn(// group names
"group2").thenReturn("group1").thenReturn(// groups tags
"group2").thenReturn(// service names
"service1");
Mockito.when(mockResultSet.getInt(ZMSConsts.DB_COLUMN_POLICY_ID)).thenReturn(10001).thenReturn(// policy ids
10002).thenReturn(10001).thenReturn(10002);
Mockito.when(mockResultSet.getString(2)).thenReturn(// tag value
"tag-val").thenReturn("user").thenReturn(// role member domain names
"user").thenReturn("role1-tag-key").thenReturn(// roles tags
"role2-tag-key").thenReturn("user").thenReturn(// group member domain names
"user").thenReturn("group1-tag-key").thenReturn(// group tags
"group2-tag-key").thenReturn(// service host name
"host1");
Mockito.when(mockResultSet.getString(3)).thenReturn("role1-tag-val").thenReturn(// tag values
"role2-tag-val").thenReturn("group1-tag-val").thenReturn(// tag values
"group2-tag-val");
Mockito.doReturn(new java.sql.Timestamp(1454358916)).when(mockResultSet).getTimestamp(ZMSConsts.DB_COLUMN_MODIFIED);
Mockito.doReturn(true).when(mockResultSet).getBoolean(ZMSConsts.DB_COLUMN_ENABLED);
Mockito.doReturn(false).when(mockResultSet).getBoolean(ZMSConsts.DB_COLUMN_AUDIT_ENABLED);
Mockito.doReturn("").when(mockResultSet).getString(ZMSConsts.DB_COLUMN_DESCRIPTION);
Mockito.doReturn("").when(mockResultSet).getString(ZMSConsts.DB_COLUMN_ORG);
Mockito.doReturn("").when(mockResultSet).getString(ZMSConsts.DB_COLUMN_UUID);
Mockito.doReturn("").when(mockResultSet).getString(ZMSConsts.DB_COLUMN_TRUST);
Mockito.doReturn("").when(mockResultSet).getString(ZMSConsts.DB_COLUMN_ACCOUNT);
Mockito.doReturn(0).when(mockResultSet).getInt(ZMSConsts.DB_COLUMN_PRODUCT_ID);
Mockito.doReturn(5).when(mockResultSet).getInt(ZMSConsts.DB_COLUMN_DOMAIN_ID);
Mockito.doReturn("/usr/bin64/athenz").when(mockResultSet).getString(ZMSConsts.DB_COLUMN_EXECUTABLE);
Mockito.doReturn("users").when(mockResultSet).getString(ZMSConsts.DB_COLUMN_SVC_GROUP);
Mockito.doReturn("root").when(mockResultSet).getString(ZMSConsts.DB_COLUMN_SVC_USER);
Mockito.doReturn("http://server.athenzcompany.com").when(mockResultSet).getString(ZMSConsts.DB_COLUMN_PROVIDER_ENDPOINT);
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ROLE)).thenReturn("role1").thenReturn("role2");
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_PRINCIPAL_GROUP)).thenReturn("group1").thenReturn("group2");
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_RESOURCE)).thenReturn("my-domain:*").thenReturn("my-domain:service.*");
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ACTION)).thenReturn("*").thenReturn("read");
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_EFFECT)).thenReturn("ALLOW").thenReturn("DENY");
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_KEY_ID)).thenReturn("zms1.zone1");
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_KEY_VALUE)).thenReturn("Value1");
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_KEY_VALUE)).thenReturn("Value1");
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_SIGN_ALGORITHM)).thenReturn("rsa");
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_CERT_DNS_DOMAIN)).thenReturn("");
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_APPLICATION_ID)).thenReturn("");
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_NOTIFY_ROLES)).thenReturn("");
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_USER_AUTHORITY_FILTER)).thenReturn("");
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_USER_AUTHORITY_EXPIRATION)).thenReturn("");
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_AZURE_SUBSCRIPTION)).thenReturn("");
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_BUSINESS_SERVICE)).thenReturn("");
AthenzDomain athenzDomain = jdbcConn.getAthenzDomain("my-domain");
assertNotNull(athenzDomain);
assertEquals("my-domain", athenzDomain.getDomain().getName());
assertEquals(athenzDomain.getDomain().getSignAlgorithm(), "rsa");
assertEquals(2, athenzDomain.getRoles().size());
assertEquals(1, athenzDomain.getRoles().get(0).getRoleMembers().size());
assertEquals(1, athenzDomain.getRoles().get(1).getRoleMembers().size());
assertEquals(2, athenzDomain.getGroups().size());
assertEquals(1, athenzDomain.getGroups().get(0).getGroupMembers().size());
assertEquals(1, athenzDomain.getGroups().get(1).getGroupMembers().size());
assertEquals(2, athenzDomain.getPolicies().size());
assertEquals(1, athenzDomain.getPolicies().get(0).getAssertions().size());
assertEquals(1, athenzDomain.getPolicies().get(1).getAssertions().size());
assertEquals(1, athenzDomain.getServices().size());
assertEquals(1, athenzDomain.getServices().get(0).getPublicKeys().size());
assertEquals("zms1.zone1", athenzDomain.getServices().get(0).getPublicKeys().get(0).getId());
assertEquals("Value1", athenzDomain.getServices().get(0).getPublicKeys().get(0).getKey());
assertEquals(1, athenzDomain.getServices().get(0).getHosts().size());
assertEquals("host1", athenzDomain.getServices().get(0).getHosts().get(0));
assertEquals(athenzDomain.getRoles().get(0).getTags().get("role1-tag-key").getList().get(0), "role1-tag-val");
assertEquals(athenzDomain.getRoles().get(1).getTags().get("role2-tag-key").getList().get(0), "role2-tag-val");
assertEquals(athenzDomain.getGroups().get(0).getTags().get("group2-tag-key").getList().get(0), "group2-tag-val");
assertEquals(athenzDomain.getGroups().get(1).getTags().get("group1-tag-key").getList().get(0), "group1-tag-val");
jdbcConn.close();
}
use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class JDBCConnectionTest method testGetAthenzDomainPolicies.
@Test
public void testGetAthenzDomainPolicies() throws SQLException {
JDBCConnection jdbcConn = new JDBCConnection(mockConn, true);
Mockito.when(mockResultSet.next()).thenReturn(true, false, true, false, true, false);
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_NAME)).thenReturn("pol1");
Mockito.doReturn(new java.sql.Timestamp(1454358916)).when(mockResultSet).getTimestamp(ZMSConsts.DB_COLUMN_MODIFIED);
Mockito.when(mockResultSet.getString(1)).thenReturn("pol1");
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ROLE)).thenReturn("role1");
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_RESOURCE)).thenReturn("dom1:*");
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_ACTION)).thenReturn("*");
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_EFFECT)).thenReturn("ALLOW");
Mockito.when(mockResultSet.getLong(ZMSConsts.DB_COLUMN_ASSERT_ID)).thenReturn(1L);
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_KEY)).thenReturn("key1");
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_OPERATOR)).thenReturn("EQUALS");
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_VALUE)).thenReturn("value1");
Mockito.when(mockResultSet.getInt(ZMSConsts.DB_COLUMN_CONDITION_ID)).thenReturn(1);
AthenzDomain athenzDomain = new AthenzDomain("dom1");
jdbcConn.getAthenzDomainPolicies("dom1", 1, athenzDomain);
assertNotNull(athenzDomain.getPolicies().get(0).getAssertions().get(0).getConditions());
AssertionCondition ac1 = new AssertionCondition().setId(1);
Map<String, AssertionConditionData> m1 = new HashMap<>();
m1.put("key1", new AssertionConditionData().setOperator(AssertionConditionOperator.EQUALS).setValue("value1"));
ac1.setConditionsMap(m1);
org.hamcrest.MatcherAssert.assertThat(athenzDomain.getPolicies().get(0).getAssertions().get(0).getConditions().getConditionsList(), CoreMatchers.hasItems(ac1));
jdbcConn.close();
jdbcConn = new JDBCConnection(mockConn, true);
Mockito.when(mockPrepStmt.executeQuery()).thenReturn(mockResultSet).thenThrow(new SQLException("sql error")).thenThrow(new SQLException("sql error"));
Mockito.when(mockResultSet.next()).thenReturn(true, false);
Mockito.when(mockResultSet.getString(ZMSConsts.DB_COLUMN_NAME)).thenReturn("pol1");
Mockito.doReturn(new java.sql.Timestamp(1454358916)).when(mockResultSet).getTimestamp(ZMSConsts.DB_COLUMN_MODIFIED);
try {
// fail to get assertion conditions
jdbcConn.getAthenzDomainPolicies("dom1", 1, athenzDomain);
fail();
} catch (ResourceException ex) {
assertTrue(ex.getMessage().contains("sql error"));
}
jdbcConn.close();
}
Aggregations