use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.
the class DBServiceTest method testUpdateRoleMetaWithoutTag.
@Test
public void testUpdateRoleMetaWithoutTag() {
final String domainName = "sys.auth";
final String updateRoleMetaTag = "tag-key-update-role-meta-without-tag";
final List<String> updateRoleMetaTagValues = Collections.singletonList("update-meta-value");
final String roleName = "roleWithTagUpdateMeta";
ObjectStore savedStore = zms.dbService.store;
Role role = new Role().setName(roleName);
RoleMeta rm = new RoleMeta().setTags(Collections.singletonMap(updateRoleMetaTag, new TagValueList().setList(updateRoleMetaTagValues)));
// mock dbService store
ObjectStoreConnection conn = Mockito.mock(ObjectStoreConnection.class);
Mockito.when(conn.updateRole(any(), any())).thenReturn(true);
Mockito.when(conn.insertRoleTags(anyString(), anyString(), anyMap())).thenReturn(true);
Mockito.when(mockObjStore.getConnection(false, true)).thenReturn(conn);
zms.dbService.store = mockObjStore;
// update role meta
zms.dbService.executePutRoleMeta(mockDomRsrcCtx, domainName, roleName, role, rm, auditRef, "testUpdateRoleMetaWithoutTag");
// assert tags to add contains role meta tags
ArgumentCaptor<String> roleCapture = ArgumentCaptor.forClass(String.class);
ArgumentCaptor<String> domainCapture = ArgumentCaptor.forClass(String.class);
ArgumentCaptor<Map<String, TagValueList>> tagInsertCapture = ArgumentCaptor.forClass(Map.class);
Mockito.verify(conn, times(1)).insertRoleTags(roleCapture.capture(), domainCapture.capture(), tagInsertCapture.capture());
assertEquals(roleName, roleCapture.getValue());
assertEquals(domainName, domainCapture.getValue());
Map<String, TagValueList> resultInsertTags = tagInsertCapture.getAllValues().get(0);
TagValueList tagValues = resultInsertTags.get(updateRoleMetaTag);
assertNotNull(tagValues);
assertTrue(tagValues.getList().containsAll(updateRoleMetaTagValues));
zms.dbService.store = savedStore;
}
use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.
the class DBServiceTest method testGetServicePublicKeyEntryServiceUnavailable.
@Test
public void testGetServicePublicKeyEntryServiceUnavailable() {
final String domainName = "test1";
final String serviceName = "service1";
final String keyId = "0";
ObjectStore saveStore = zms.dbService.store;
zms.dbService.store = mockObjStore;
ObjectStoreConnection mockConn = Mockito.mock(ObjectStoreConnection.class);
Mockito.when(mockObjStore.getConnection(true, false)).thenReturn(mockConn);
Mockito.when(mockConn.getPublicKeyEntry(domainName, serviceName, keyId, false)).thenThrow(new ResourceException(ResourceException.SERVICE_UNAVAILABLE));
try {
zms.dbService.getServicePublicKeyEntry(domainName, serviceName, keyId, false);
fail();
} catch (ResourceException ex) {
assertEquals(ex.getCode(), ResourceException.SERVICE_UNAVAILABLE);
}
zms.dbService.store = saveStore;
}
use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.
the class DBServiceTest method testUpdateRoleMembersDueDateTrust.
@Test
public void testUpdateRoleMembersDueDateTrust() {
final String domainName = "role-meta-duedate";
// in this test case we're going to set the expiry days to 0 so we
// get an exception when accessed but we should never get there
// since our role is set as trust
Role role = createRoleObject(domainName, "role1", "coretech", null, null);
ObjectStoreConnection mockConn = Mockito.mock(ObjectStoreConnection.class);
Mockito.when(mockConn.insertRoleMember(Mockito.anyString(), Mockito.anyString(), Mockito.any(), Mockito.any(), Mockito.anyString())).thenReturn(true);
// we're going to make sure to throw an exception here
// since this should never be called
Mockito.when(mockConn.updateDomainModTimestamp(domainName)).thenThrow(new IllegalArgumentException());
zms.dbService.updateRoleMembersDueDates(mockDomRsrcCtx, mockConn, domainName, "role1", role, role, auditRef, "testUpdateRoleMembersDueDateTrust");
}
use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.
the class DBServiceTest method testGetDelegatedRoleMembersInvalidDomain.
@Test
public void testGetDelegatedRoleMembersInvalidDomain() {
ObjectStoreConnection conn = zms.dbService.store.getConnection(true, false);
assertNull(zms.dbService.getDelegatedRoleMembers(conn, "dom1", "dom1", "role1"));
assertNull(zms.dbService.getDelegatedRoleMembers(conn, "dom1", "invalid-domain", "role1"));
}
use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.
the class DBServiceTest method testEnforceGroupUserAuthorityExpiryRestrictionsUpdate.
@Test
public void testEnforceGroupUserAuthorityExpiryRestrictionsUpdate() {
Authority savedAuthority = zms.dbService.zmsConfig.getUserAuthority();
Authority authority = Mockito.mock(Authority.class);
Mockito.when(authority.getDateAttribute("user.joe", "elevated-clearance")).thenReturn(null);
zms.dbService.zmsConfig.setUserAuthority(authority);
final String domainName = "authority-test";
final String groupName = "auth-group";
ObjectStoreConnection mockConn = Mockito.mock(ObjectStoreConnection.class);
Mockito.when(mockConn.insertGroupMember(Mockito.anyString(), Mockito.anyString(), Mockito.any(), Mockito.any(), Mockito.anyString())).thenReturn(true);
Mockito.when(mockConn.updateDomainModTimestamp(domainName)).thenReturn(true);
Mockito.when(mockObjStore.getConnection(true, true)).thenReturn(mockConn);
// first we're going to return a null group and then a group
// with no members - in both cases we return without processing
// any code
Group group = new Group().setUserAuthorityExpiration("elevated-clearance");
List<GroupMember> groupMembers = new ArrayList<>();
groupMembers.add(new GroupMember().setMemberName("user.joe"));
Mockito.when(mockConn.getGroup(domainName, groupName)).thenReturn(group);
Mockito.when(mockConn.listGroupMembers(domainName, groupName, false)).thenReturn(groupMembers);
ObjectStore savedStore = zms.dbService.store;
zms.dbService.store = mockObjStore;
// the request should complete successfully
zms.dbService.enforceGroupUserAuthorityRestrictions(domainName, groupName, null);
zms.dbService.zmsConfig.setUserAuthority(savedAuthority);
zms.dbService.store = savedStore;
}
Aggregations