use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.
the class DBServiceTest method testUpdateGroupMetaWithoutTag.
@Test
public void testUpdateGroupMetaWithoutTag() {
final String domainName = "sys.auth";
final String updateGroupMetaTag = "tag-key-update-group-meta-without-tag";
final List<String> updateGroupMetaTagValues = Collections.singletonList("update-meta-value");
final String groupName = "groupWithTagUpdateMeta";
ObjectStore savedStore = zms.dbService.store;
Group group = new Group().setName(groupName);
GroupMeta rm = new GroupMeta().setTags(Collections.singletonMap(updateGroupMetaTag, new TagValueList().setList(updateGroupMetaTagValues)));
// mock dbService store
ObjectStoreConnection conn = Mockito.mock(ObjectStoreConnection.class);
Mockito.when(conn.updateGroup(any(), any())).thenReturn(true);
Mockito.when(conn.getGroup(domainName, groupName)).thenReturn(group);
Mockito.when(conn.insertGroupTags(anyString(), anyString(), anyMap())).thenReturn(true);
Mockito.when(mockObjStore.getConnection(false, true)).thenReturn(conn);
zms.dbService.store = mockObjStore;
// update group meta
zms.dbService.executePutGroupMeta(mockDomRsrcCtx, domainName, groupName, rm, auditRef);
// assert tags to add contains group meta tags
ArgumentCaptor<String> groupCapture = ArgumentCaptor.forClass(String.class);
ArgumentCaptor<String> domainCapture = ArgumentCaptor.forClass(String.class);
ArgumentCaptor<Map<String, TagValueList>> tagInsertCapture = ArgumentCaptor.forClass(Map.class);
Mockito.verify(conn, times(1)).insertGroupTags(groupCapture.capture(), domainCapture.capture(), tagInsertCapture.capture());
assertEquals(groupName, groupCapture.getValue());
assertEquals(domainName, domainCapture.getValue());
Map<String, TagValueList> resultInsertTags = tagInsertCapture.getAllValues().get(0);
TagValueList tagValues = resultInsertTags.get(updateGroupMetaTag);
assertNotNull(tagValues);
assertTrue(tagValues.getList().containsAll(updateGroupMetaTagValues));
zms.dbService.store = savedStore;
}
use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.
the class DBServiceTest method testProcessGroupUserAuthorityRestrictionsExceptions.
@Test
public void testProcessGroupUserAuthorityRestrictionsExceptions() {
Authority savedAuthority = zms.dbService.zmsConfig.getUserAuthority();
Authority authority = Mockito.mock(Authority.class);
Mockito.when(authority.getDateAttribute("user.joe", "elevated-clearance")).thenReturn(null);
zms.dbService.zmsConfig.setUserAuthority(authority);
final String domainName = "authority-test";
final String groupName1 = "auth-group1";
final String groupName2 = "auth-group2";
ObjectStoreConnection mockConn = Mockito.mock(ObjectStoreConnection.class);
Mockito.when(mockConn.insertGroupMember(Mockito.anyString(), Mockito.anyString(), Mockito.any(), Mockito.any(), Mockito.anyString())).thenReturn(true);
Mockito.when(mockConn.updateDomainModTimestamp(domainName)).thenReturn(true);
// we're going to return an exception for the first insert group member
// and then success for the second one
Mockito.when(mockObjStore.getConnection(true, true)).thenThrow(new ResourceException(500, "DB Error")).thenReturn(mockConn);
Mockito.when(mockObjStore.getConnection(true, false)).thenReturn(mockConn);
// first we're going to return a null group and then a group
// with no members - in both cases we return without processing
// any code
Group group1 = new Group().setUserAuthorityExpiration("elevated-clearance");
List<GroupMember> groupMembers1 = new ArrayList<>();
groupMembers1.add(new GroupMember().setMemberName("user.joe"));
Mockito.when(mockConn.getGroup(domainName, groupName1)).thenReturn(group1);
Mockito.when(mockConn.listGroupMembers(domainName, groupName1, false)).thenReturn(groupMembers1);
Group group2 = new Group().setUserAuthorityExpiration("elevated-clearance");
List<GroupMember> groupMembers2 = new ArrayList<>();
groupMembers2.add(new GroupMember().setMemberName("user.joe"));
Mockito.when(mockConn.getGroup(domainName, groupName2)).thenReturn(group2);
Mockito.when(mockConn.listGroupMembers(domainName, groupName2, false)).thenReturn(groupMembers2);
List<PrincipalGroup> groups = new ArrayList<>();
PrincipalGroup prGroup1 = new PrincipalGroup();
prGroup1.setDomainName(domainName);
prGroup1.setGroupName(groupName1);
groups.add(prGroup1);
PrincipalGroup prGroup2 = new PrincipalGroup();
prGroup2.setDomainName(domainName);
prGroup2.setGroupName(groupName2);
groups.add(prGroup2);
Mockito.when(mockConn.listGroupsWithUserAuthorityRestrictions()).thenReturn(groups);
ObjectStore savedStore = zms.dbService.store;
zms.dbService.store = mockObjStore;
// the request should complete successfully
// for the first group we'll get an exception but we'll just log
// for the second group we'll get success
zms.dbService.processGroupUserAuthorityRestrictions();
zms.dbService.zmsConfig.setUserAuthority(savedAuthority);
zms.dbService.store = savedStore;
}
use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.
the class DBServiceTest method testUpdateRoleMembersSystemDisabledStateTrustRole.
@Test
public void testUpdateRoleMembersSystemDisabledStateTrustRole() {
// we're going to throw an exception here since this should never be called
ObjectStoreConnection mockConn = Mockito.mock(ObjectStoreConnection.class);
Mockito.when(mockConn.updateRoleMemberDisabledState(Mockito.anyString(), Mockito.anyString(), Mockito.any(), Mockito.any(), Mockito.anyInt(), Mockito.anyString())).thenThrow(new ResourceException(400, "Invalid request"));
final String domainName = "user-auth-attrs";
Mockito.when(mockConn.updateDomainModTimestamp(domainName)).thenReturn(true);
Role originalRole = new Role().setTrust("trust-domain");
// passing null for updated role - not used since original is a trust role
zms.dbService.updateRoleMembersSystemDisabledState(mockDomRsrcCtx, mockConn, domainName, "auth-role", originalRole, null, auditRef, "unit-test");
}
use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.
the class DBServiceTest method testUpdateRoleMemberDisabledState.
@Test
public void testUpdateRoleMemberDisabledState() {
final String domainName = "test-domain";
final String roleName = "role-name";
final String adminUser = "user.admin";
ObjectStoreConnection con = Mockito.mock(ObjectStoreConnection.class);
Mockito.when(con.updateRoleMemberDisabledState(domainName, roleName, "user.john", "user.admin", 1, "auditref")).thenReturn(true).thenReturn(false).thenThrow(new ResourceException(500, "invalid operation"));
RoleMember roleMember = new RoleMember().setMemberName("user.john").setSystemDisabled(1);
List<RoleMember> roleMembers = new ArrayList<>();
roleMembers.add(roleMember);
// first time we get successful response
assertTrue(zms.dbService.updateRoleMemberDisabledState(null, con, roleMembers, domainName, roleName, adminUser, "auditref", "unit-test"));
// second time we're getting false so no changes
assertFalse(zms.dbService.updateRoleMemberDisabledState(null, con, roleMembers, domainName, roleName, adminUser, "auditref", "unit-test"));
// last time exception so no changes
assertFalse(zms.dbService.updateRoleMemberDisabledState(null, con, roleMembers, domainName, roleName, adminUser, "auditref", "unit-test"));
}
use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.
the class DBServiceTest method testEnforceGroupUserAuthorityRestrictionsNoUpdate.
@Test
public void testEnforceGroupUserAuthorityRestrictionsNoUpdate() {
Authority savedAuthority = zms.dbService.zmsConfig.getUserAuthority();
Authority authority = Mockito.mock(Authority.class);
Mockito.when(authority.getDateAttribute("user.joe", "elevated-clearance")).thenReturn(null);
zms.dbService.zmsConfig.setUserAuthority(authority);
final String domainName = "authority-test";
final String groupName = "auth-group";
ObjectStoreConnection mockConn = Mockito.mock(ObjectStoreConnection.class);
Mockito.when(mockConn.insertGroupMember(Mockito.anyString(), Mockito.anyString(), Mockito.any(), Mockito.any(), Mockito.anyString())).thenReturn(true);
Mockito.when(mockConn.updateDomainModTimestamp(domainName)).thenReturn(true);
Mockito.when(mockObjStore.getConnection(true, true)).thenReturn(mockConn);
// first we're going to return a null group and then a group
// with no members - in both cases we return without processing
// any code
Group group = new Group().setUserAuthorityExpiration("elevated-clearance");
List<GroupMember> groupMembers = new ArrayList<>();
groupMembers.add(new GroupMember().setMemberName("user.joe").setExpiration(Timestamp.fromMillis(System.currentTimeMillis() - 10000)));
Mockito.when(mockConn.getGroup(domainName, groupName)).thenReturn(group);
Mockito.when(mockConn.listGroupMembers(domainName, groupName, false)).thenReturn(groupMembers);
ObjectStore savedStore = zms.dbService.store;
zms.dbService.store = mockObjStore;
// the request should complete successfully
zms.dbService.enforceGroupUserAuthorityRestrictions(domainName, groupName, null);
zms.dbService.zmsConfig.setUserAuthority(savedAuthority);
zms.dbService.store = savedStore;
}
Aggregations