Search in sources :

Example 96 with ObjectStoreConnection

use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.

the class DBServiceTest method testUpdateGroupMetaWithoutTag.

@Test
public void testUpdateGroupMetaWithoutTag() {
    final String domainName = "sys.auth";
    final String updateGroupMetaTag = "tag-key-update-group-meta-without-tag";
    final List<String> updateGroupMetaTagValues = Collections.singletonList("update-meta-value");
    final String groupName = "groupWithTagUpdateMeta";
    ObjectStore savedStore = zms.dbService.store;
    Group group = new Group().setName(groupName);
    GroupMeta rm = new GroupMeta().setTags(Collections.singletonMap(updateGroupMetaTag, new TagValueList().setList(updateGroupMetaTagValues)));
    // mock dbService store
    ObjectStoreConnection conn = Mockito.mock(ObjectStoreConnection.class);
    Mockito.when(conn.updateGroup(any(), any())).thenReturn(true);
    Mockito.when(conn.getGroup(domainName, groupName)).thenReturn(group);
    Mockito.when(conn.insertGroupTags(anyString(), anyString(), anyMap())).thenReturn(true);
    Mockito.when(mockObjStore.getConnection(false, true)).thenReturn(conn);
    zms.dbService.store = mockObjStore;
    // update group meta
    zms.dbService.executePutGroupMeta(mockDomRsrcCtx, domainName, groupName, rm, auditRef);
    // assert tags to add contains group meta tags
    ArgumentCaptor<String> groupCapture = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<String> domainCapture = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<Map<String, TagValueList>> tagInsertCapture = ArgumentCaptor.forClass(Map.class);
    Mockito.verify(conn, times(1)).insertGroupTags(groupCapture.capture(), domainCapture.capture(), tagInsertCapture.capture());
    assertEquals(groupName, groupCapture.getValue());
    assertEquals(domainName, domainCapture.getValue());
    Map<String, TagValueList> resultInsertTags = tagInsertCapture.getAllValues().get(0);
    TagValueList tagValues = resultInsertTags.get(updateGroupMetaTag);
    assertNotNull(tagValues);
    assertTrue(tagValues.getList().containsAll(updateGroupMetaTagValues));
    zms.dbService.store = savedStore;
}
Also used : ObjectStore(com.yahoo.athenz.zms.store.ObjectStore) ObjectStoreConnection(com.yahoo.athenz.zms.store.ObjectStoreConnection) Test(org.testng.annotations.Test)

Example 97 with ObjectStoreConnection

use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.

the class DBServiceTest method testProcessGroupUserAuthorityRestrictionsExceptions.

@Test
public void testProcessGroupUserAuthorityRestrictionsExceptions() {
    Authority savedAuthority = zms.dbService.zmsConfig.getUserAuthority();
    Authority authority = Mockito.mock(Authority.class);
    Mockito.when(authority.getDateAttribute("user.joe", "elevated-clearance")).thenReturn(null);
    zms.dbService.zmsConfig.setUserAuthority(authority);
    final String domainName = "authority-test";
    final String groupName1 = "auth-group1";
    final String groupName2 = "auth-group2";
    ObjectStoreConnection mockConn = Mockito.mock(ObjectStoreConnection.class);
    Mockito.when(mockConn.insertGroupMember(Mockito.anyString(), Mockito.anyString(), Mockito.any(), Mockito.any(), Mockito.anyString())).thenReturn(true);
    Mockito.when(mockConn.updateDomainModTimestamp(domainName)).thenReturn(true);
    // we're going to return an exception for the first insert group member
    // and then success for the second one
    Mockito.when(mockObjStore.getConnection(true, true)).thenThrow(new ResourceException(500, "DB Error")).thenReturn(mockConn);
    Mockito.when(mockObjStore.getConnection(true, false)).thenReturn(mockConn);
    // first we're going to return a null group and then a group
    // with no members - in both cases we return without processing
    // any code
    Group group1 = new Group().setUserAuthorityExpiration("elevated-clearance");
    List<GroupMember> groupMembers1 = new ArrayList<>();
    groupMembers1.add(new GroupMember().setMemberName("user.joe"));
    Mockito.when(mockConn.getGroup(domainName, groupName1)).thenReturn(group1);
    Mockito.when(mockConn.listGroupMembers(domainName, groupName1, false)).thenReturn(groupMembers1);
    Group group2 = new Group().setUserAuthorityExpiration("elevated-clearance");
    List<GroupMember> groupMembers2 = new ArrayList<>();
    groupMembers2.add(new GroupMember().setMemberName("user.joe"));
    Mockito.when(mockConn.getGroup(domainName, groupName2)).thenReturn(group2);
    Mockito.when(mockConn.listGroupMembers(domainName, groupName2, false)).thenReturn(groupMembers2);
    List<PrincipalGroup> groups = new ArrayList<>();
    PrincipalGroup prGroup1 = new PrincipalGroup();
    prGroup1.setDomainName(domainName);
    prGroup1.setGroupName(groupName1);
    groups.add(prGroup1);
    PrincipalGroup prGroup2 = new PrincipalGroup();
    prGroup2.setDomainName(domainName);
    prGroup2.setGroupName(groupName2);
    groups.add(prGroup2);
    Mockito.when(mockConn.listGroupsWithUserAuthorityRestrictions()).thenReturn(groups);
    ObjectStore savedStore = zms.dbService.store;
    zms.dbService.store = mockObjStore;
    // the request should complete successfully
    // for the first group we'll get an exception but we'll just log
    // for the second group we'll get success
    zms.dbService.processGroupUserAuthorityRestrictions();
    zms.dbService.zmsConfig.setUserAuthority(savedAuthority);
    zms.dbService.store = savedStore;
}
Also used : ObjectStore(com.yahoo.athenz.zms.store.ObjectStore) Authority(com.yahoo.athenz.auth.Authority) ObjectStoreConnection(com.yahoo.athenz.zms.store.ObjectStoreConnection) Test(org.testng.annotations.Test)

Example 98 with ObjectStoreConnection

use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.

the class DBServiceTest method testUpdateRoleMembersSystemDisabledStateTrustRole.

@Test
public void testUpdateRoleMembersSystemDisabledStateTrustRole() {
    // we're going to throw an exception here since this should never be called
    ObjectStoreConnection mockConn = Mockito.mock(ObjectStoreConnection.class);
    Mockito.when(mockConn.updateRoleMemberDisabledState(Mockito.anyString(), Mockito.anyString(), Mockito.any(), Mockito.any(), Mockito.anyInt(), Mockito.anyString())).thenThrow(new ResourceException(400, "Invalid request"));
    final String domainName = "user-auth-attrs";
    Mockito.when(mockConn.updateDomainModTimestamp(domainName)).thenReturn(true);
    Role originalRole = new Role().setTrust("trust-domain");
    // passing null for updated role - not used since original is a trust role
    zms.dbService.updateRoleMembersSystemDisabledState(mockDomRsrcCtx, mockConn, domainName, "auth-role", originalRole, null, auditRef, "unit-test");
}
Also used : ObjectStoreConnection(com.yahoo.athenz.zms.store.ObjectStoreConnection) Test(org.testng.annotations.Test)

Example 99 with ObjectStoreConnection

use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.

the class DBServiceTest method testUpdateRoleMemberDisabledState.

@Test
public void testUpdateRoleMemberDisabledState() {
    final String domainName = "test-domain";
    final String roleName = "role-name";
    final String adminUser = "user.admin";
    ObjectStoreConnection con = Mockito.mock(ObjectStoreConnection.class);
    Mockito.when(con.updateRoleMemberDisabledState(domainName, roleName, "user.john", "user.admin", 1, "auditref")).thenReturn(true).thenReturn(false).thenThrow(new ResourceException(500, "invalid operation"));
    RoleMember roleMember = new RoleMember().setMemberName("user.john").setSystemDisabled(1);
    List<RoleMember> roleMembers = new ArrayList<>();
    roleMembers.add(roleMember);
    // first time we get successful response
    assertTrue(zms.dbService.updateRoleMemberDisabledState(null, con, roleMembers, domainName, roleName, adminUser, "auditref", "unit-test"));
    // second time we're getting false so no changes
    assertFalse(zms.dbService.updateRoleMemberDisabledState(null, con, roleMembers, domainName, roleName, adminUser, "auditref", "unit-test"));
    // last time exception so no changes
    assertFalse(zms.dbService.updateRoleMemberDisabledState(null, con, roleMembers, domainName, roleName, adminUser, "auditref", "unit-test"));
}
Also used : ObjectStoreConnection(com.yahoo.athenz.zms.store.ObjectStoreConnection) Test(org.testng.annotations.Test)

Example 100 with ObjectStoreConnection

use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.

the class DBServiceTest method testEnforceGroupUserAuthorityRestrictionsNoUpdate.

@Test
public void testEnforceGroupUserAuthorityRestrictionsNoUpdate() {
    Authority savedAuthority = zms.dbService.zmsConfig.getUserAuthority();
    Authority authority = Mockito.mock(Authority.class);
    Mockito.when(authority.getDateAttribute("user.joe", "elevated-clearance")).thenReturn(null);
    zms.dbService.zmsConfig.setUserAuthority(authority);
    final String domainName = "authority-test";
    final String groupName = "auth-group";
    ObjectStoreConnection mockConn = Mockito.mock(ObjectStoreConnection.class);
    Mockito.when(mockConn.insertGroupMember(Mockito.anyString(), Mockito.anyString(), Mockito.any(), Mockito.any(), Mockito.anyString())).thenReturn(true);
    Mockito.when(mockConn.updateDomainModTimestamp(domainName)).thenReturn(true);
    Mockito.when(mockObjStore.getConnection(true, true)).thenReturn(mockConn);
    // first we're going to return a null group and then a group
    // with no members - in both cases we return without processing
    // any code
    Group group = new Group().setUserAuthorityExpiration("elevated-clearance");
    List<GroupMember> groupMembers = new ArrayList<>();
    groupMembers.add(new GroupMember().setMemberName("user.joe").setExpiration(Timestamp.fromMillis(System.currentTimeMillis() - 10000)));
    Mockito.when(mockConn.getGroup(domainName, groupName)).thenReturn(group);
    Mockito.when(mockConn.listGroupMembers(domainName, groupName, false)).thenReturn(groupMembers);
    ObjectStore savedStore = zms.dbService.store;
    zms.dbService.store = mockObjStore;
    // the request should complete successfully
    zms.dbService.enforceGroupUserAuthorityRestrictions(domainName, groupName, null);
    zms.dbService.zmsConfig.setUserAuthority(savedAuthority);
    zms.dbService.store = savedStore;
}
Also used : ObjectStore(com.yahoo.athenz.zms.store.ObjectStore) Authority(com.yahoo.athenz.auth.Authority) ObjectStoreConnection(com.yahoo.athenz.zms.store.ObjectStoreConnection) Test(org.testng.annotations.Test)

Aggregations

ObjectStoreConnection (com.yahoo.athenz.zms.store.ObjectStoreConnection)173 Test (org.testng.annotations.Test)96 ObjectStore (com.yahoo.athenz.zms.store.ObjectStore)38 AthenzDomain (com.yahoo.athenz.zms.store.AthenzDomain)34 Authority (com.yahoo.athenz.auth.Authority)23 Timestamp (com.yahoo.rdl.Timestamp)17 ArrayList (java.util.ArrayList)16 MemberDueDays (com.yahoo.athenz.zms.config.MemberDueDays)11 Principal (com.yahoo.athenz.auth.Principal)7 SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)7 EmbeddedMysql (com.wix.mysql.EmbeddedMysql)5 FilePrivateKeyStore (com.yahoo.athenz.auth.impl.FilePrivateKeyStore)5 Crypto (com.yahoo.athenz.auth.util.Crypto)5 AuditReferenceValidator (com.yahoo.athenz.common.server.audit.AuditReferenceValidator)5 NotificationManager (com.yahoo.athenz.common.server.notification.NotificationManager)5 ResourceUtils (com.yahoo.athenz.common.server.util.ResourceUtils)5 DataCache (com.yahoo.athenz.zms.DBService.DataCache)5 MockAuditReferenceValidatorImpl (com.yahoo.athenz.zms.audit.MockAuditReferenceValidatorImpl)5 JDBCConnection (com.yahoo.athenz.zms.store.impl.jdbc.JDBCConnection)5 ZMSUtils (com.yahoo.athenz.zms.utils.ZMSUtils)5