Examples with ObjectStoreConnection com.yahoo.athenz.zms.store.ObjectStoreConnection used on opensource projects

Search in sources :

Example 21 with ObjectStoreConnection

use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.

the class DBServiceTest method testExecutePutGroupReviewDelError.

@Test
public void testExecutePutGroupReviewDelError() {
    final String domainName = "group-review-del-error";
    List<String> admins = new ArrayList<>();
    admins.add(adminUser);
    Timestamp thirtyDayExpiry = Timestamp.fromMillis(System.currentTimeMillis() + TimeUnit.MILLISECONDS.convert(30, TimeUnit.DAYS) + TimeUnit.MILLISECONDS.convert(2, TimeUnit.MINUTES));
    zms.dbService.makeDomain(mockDomRsrcCtx, ZMSTestUtils.makeDomainObject(domainName, "test desc", "org", false, "", 1234, "", 0), admins, null, auditRef);
    Group group1 = createGroupObject(domainName, "group1", "user.john", "user.jane");
    Timestamp timExpiry = Timestamp.fromMillis(System.currentTimeMillis() + TimeUnit.MILLISECONDS.convert(10, TimeUnit.DAYS));
    group1.getGroupMembers().add(new GroupMember().setMemberName("user.tim").setExpiration(timExpiry).setApproved(true).setActive(true));
    zms.dbService.executePutGroup(mockDomRsrcCtx, domainName, "group1", group1, "test");
    Group incomingGroup = new Group().setName("group1");
    List<GroupMember> incomingMembers = new ArrayList<>();
    incomingMembers.add(new GroupMember().setMemberName("user.john").setActive(false).setExpiration(thirtyDayExpiry).setPrincipalType(Principal.Type.USER.getValue()));
    incomingMembers.add(new GroupMember().setMemberName("user.jane").setActive(true).setExpiration(thirtyDayExpiry).setPrincipalType(Principal.Type.USER.getValue()));
    incomingGroup.setGroupMembers(incomingMembers);
    Domain resDom = zms.dbService.getDomain(domainName, true);
    ObjectStore saveStore = zms.dbService.store;
    zms.dbService.store = mockObjStore;
    ObjectStoreConnection mockConn = Mockito.mock(ObjectStoreConnection.class);
    Mockito.when(mockObjStore.getConnection(false, true)).thenReturn(mockConn);
    Mockito.when(mockConn.getDomain(domainName)).thenReturn(resDom);
    Mockito.when(mockConn.getGroup(domainName, "group1")).thenReturn(group1);
    Mockito.when(mockConn.listGroupMembers(domainName, "group1", false)).thenReturn(group1.getGroupMembers());
    Mockito.when(mockConn.deleteRoleMember(domainName, "role1", "user.john", adminUser, auditRef)).thenThrow(new ResourceException(ResourceException.NOT_FOUND));
    MemberDueDays expiryDueDays = new MemberDueDays(new Domain(), new Group().setMemberExpiryDays(10));
    try {
        zms.dbService.executePutGroupReview(mockDomRsrcCtx, domainName, "group1", incomingGroup, expiryDueDays, "review test");
        fail();
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), ResourceException.NOT_FOUND);
    }
    zms.dbService.store = saveStore;
    Group resGroup = zms.dbService.getGroup(domainName, "group1", false, false);
    assertEquals(group1.getGroupMembers().size(), 3);
    int membersChecked = 0;
    for (GroupMember groupMember : resGroup.getGroupMembers()) {
        switch(groupMember.getMemberName()) {
            case "user.john":
            case "user.jane":
                assertNull(groupMember.getExpiration());
                assertTrue(groupMember.getApproved());
                membersChecked += 1;
                break;
            case "user.tim":
                assertEquals(groupMember.getExpiration(), timExpiry);
                membersChecked += 1;
                break;
        }
    }
    assertEquals(membersChecked, 3);
    zms.dbService.executeDeleteDomain(mockDomRsrcCtx, domainName, auditRef, "deletedomain");
}
Also used : ObjectStore(com.yahoo.athenz.zms.store.ObjectStore) ObjectStoreConnection(com.yahoo.athenz.zms.store.ObjectStoreConnection) Timestamp(com.yahoo.rdl.Timestamp) MemberDueDays(com.yahoo.athenz.zms.config.MemberDueDays) AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain) Test(org.testng.annotations.Test)

Example 22 with ObjectStoreConnection

use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.

the class DBServiceTest method testGetDelegatedRoleMembers.

@Test
public void testGetDelegatedRoleMembers() {
    String domainName1 = "role-expand1";
    String domainName2 = "role-expand2";
    String roleName = "role1";
    TopLevelDomain dom1 = createTopLevelDomainObject(domainName1, "Test Domain1", "testOrg", adminUser);
    zms.postTopLevelDomain(mockDomRsrcCtx, auditRef, dom1);
    TopLevelDomain dom2 = createTopLevelDomainObject(domainName2, "Test Domain2", "testOrg", adminUser);
    zms.postTopLevelDomain(mockDomRsrcCtx, auditRef, dom2);
    Role role1 = createRoleObject(domainName1, roleName, domainName2, null, null);
    zms.putRole(mockDomRsrcCtx, domainName1, roleName, auditRef, role1);
    Role role2a = createRoleObject(domainName2, "role2a", null, "user.joe", "user.jane");
    zms.putRole(mockDomRsrcCtx, domainName2, "role2a", auditRef, role2a);
    Role role2b = createRoleObject(domainName2, "role2b", null, "user.joe", "user.doe");
    zms.putRole(mockDomRsrcCtx, domainName2, "role2b", auditRef, role2b);
    Role role2c = createRoleObject(domainName2, "role2c", "sys.auth", null, null);
    zms.putRole(mockDomRsrcCtx, domainName2, "role2c", auditRef, role2c);
    Role role2d = createRoleObject(domainName2, "role2d", null, "user.user1", "user.user2");
    zms.putRole(mockDomRsrcCtx, domainName2, "role2d", auditRef, role2d);
    Role role2e = createRoleObject(domainName2, "role2e", null, null, null);
    zms.putRole(mockDomRsrcCtx, domainName2, "role2e", auditRef, role2e);
    Policy policy = createPolicyObject(domainName2, "policy", domainName2 + ":role.role2a", false, "assume_role", domainName1 + ":role." + roleName, AssertionEffect.ALLOW, null, true);
    Assertion assertion = new Assertion();
    assertion.setAction("assume_role");
    assertion.setEffect(AssertionEffect.ALLOW);
    assertion.setResource("*:role." + roleName);
    assertion.setRole(domainName2 + ":role.role2b");
    policy.getAssertions().add(assertion);
    zms.putPolicy(mockDomRsrcCtx, domainName2, "policy", auditRef, policy);
    policy = new Policy().setName(domainName2 + ":policy.policy2");
    zms.dbService.executePutPolicy(mockDomRsrcCtx, domainName2, "policy2", policy, auditRef, "putPolicy");
    ObjectStoreConnection conn = zms.dbService.store.getConnection(true, false);
    List<RoleMember> members = zms.dbService.getDelegatedRoleMembers(conn, domainName1, domainName2, roleName);
    assertEquals(3, members.size());
    List<String> checkList = new ArrayList<>();
    checkList.add("user.joe");
    checkList.add("user.jane");
    checkList.add("user.doe");
    checkRoleMember(checkList, members);
    zms.deleteTopLevelDomain(mockDomRsrcCtx, domainName1, auditRef);
    zms.deleteTopLevelDomain(mockDomRsrcCtx, domainName2, auditRef);
}
Also used : ObjectStoreConnection(com.yahoo.athenz.zms.store.ObjectStoreConnection) Test(org.testng.annotations.Test)

Example 23 with ObjectStoreConnection

use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.

the class DBServiceTest method testProcessGroupUserAuthorityRestrictions.

@Test
public void testProcessGroupUserAuthorityRestrictions() {
    Authority savedAuthority = zms.dbService.zmsConfig.getUserAuthority();
    Authority authority = Mockito.mock(Authority.class);
    Mockito.when(authority.getDateAttribute("user.joe", "elevated-clearance")).thenReturn(null);
    zms.dbService.zmsConfig.setUserAuthority(authority);
    final String domainName = "authority-test";
    final String groupName = "auth-group";
    ObjectStoreConnection mockConn = Mockito.mock(ObjectStoreConnection.class);
    Mockito.when(mockConn.insertGroupMember(Mockito.anyString(), Mockito.anyString(), Mockito.any(), Mockito.any(), Mockito.anyString())).thenReturn(true);
    Mockito.when(mockConn.updateDomainModTimestamp(domainName)).thenReturn(true);
    Mockito.when(mockObjStore.getConnection(true, true)).thenReturn(mockConn);
    Mockito.when(mockObjStore.getConnection(true, false)).thenReturn(mockConn);
    // first we're going to return a null group and then a group
    // with no members - in both cases we return without processing
    // any code
    Group group = new Group().setUserAuthorityExpiration("elevated-clearance");
    List<GroupMember> groupMembers = new ArrayList<>();
    groupMembers.add(new GroupMember().setMemberName("user.joe"));
    Mockito.when(mockConn.getGroup(domainName, groupName)).thenReturn(group);
    Mockito.when(mockConn.listGroupMembers(domainName, groupName, false)).thenReturn(groupMembers);
    // first we're going to return no groups and then list of groups
    // in the second one
    List<PrincipalGroup> groups = new ArrayList<>();
    PrincipalGroup prGroup = new PrincipalGroup();
    prGroup.setDomainName(domainName);
    prGroup.setGroupName(groupName);
    groups.add(prGroup);
    Mockito.when(mockConn.listGroupsWithUserAuthorityRestrictions()).thenReturn(null).thenReturn(groups);
    ObjectStore savedStore = zms.dbService.store;
    zms.dbService.store = mockObjStore;
    // the request should complete successfully
    // first time we'll get no groups so no work is done
    // second time we'll get a single group that we'll process
    zms.dbService.processGroupUserAuthorityRestrictions();
    zms.dbService.processGroupUserAuthorityRestrictions();
    zms.dbService.zmsConfig.setUserAuthority(savedAuthority);
    zms.dbService.store = savedStore;
}
Also used : ObjectStore(com.yahoo.athenz.zms.store.ObjectStore) Authority(com.yahoo.athenz.auth.Authority) ObjectStoreConnection(com.yahoo.athenz.zms.store.ObjectStoreConnection) Test(org.testng.annotations.Test)

Example 24 with ObjectStoreConnection

use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.

the class DBServiceTest method testUpdateRoleMembersSystemDisabledState.

@Test
public void testUpdateRoleMembersSystemDisabledState() {
    Authority savedAuthority = zms.dbService.zmsConfig.getUserAuthority();
    Authority authority = Mockito.mock(Authority.class);
    Mockito.when(authority.isAttributeSet("user.john", "employee")).thenReturn(true);
    Mockito.when(authority.isAttributeSet("user.jane", "employee")).thenReturn(false);
    Mockito.when(authority.isAttributeSet("user.joe", "employee")).thenReturn(true);
    zms.dbService.zmsConfig.setUserAuthority(authority);
    ObjectStoreConnection mockConn = Mockito.mock(ObjectStoreConnection.class);
    Mockito.when(mockConn.updateRoleMemberDisabledState(Mockito.anyString(), Mockito.anyString(), Mockito.any(), Mockito.any(), Mockito.anyInt(), Mockito.anyString())).thenReturn(true);
    final String domainName = "user-auth-attrs";
    Mockito.when(mockConn.updateDomainModTimestamp(domainName)).thenReturn(true);
    List<RoleMember> roleMembers = new ArrayList<>();
    roleMembers.add(new RoleMember().setMemberName("user.john"));
    roleMembers.add(new RoleMember().setMemberName("user.jane"));
    roleMembers.add(new RoleMember().setMemberName("sports.api"));
    Timestamp tstamp = Timestamp.fromMillis(System.currentTimeMillis() - 10000);
    roleMembers.add(new RoleMember().setMemberName("weather.api").setExpiration(tstamp));
    Role originalRole = new Role().setName(domainName + ":role.auth-role").setRoleMembers(roleMembers);
    Role updatedRole = new Role().setName(domainName + ":role.auth-role").setUserAuthorityFilter("employee").setRoleMembers(roleMembers);
    zms.dbService.updateRoleMembersSystemDisabledState(mockDomRsrcCtx, mockConn, domainName, "auth-role", originalRole, updatedRole, auditRef, "unit-test");
    // john should not have an expiry while jane should have the disabled state
    // since jane no longer has the user attribute set
    RoleMember member = getRoleMember(updatedRole, "user.john");
    assertNull(member.getExpiration());
    assertNull(member.getSystemDisabled());
    member = getRoleMember(updatedRole, "user.jane");
    assertNull(member.getExpiration());
    assertEquals(member.getSystemDisabled(), Integer.valueOf(ZMSConsts.ZMS_DISABLED_AUTHORITY_FILTER));
    // sports api should not be disabled set since it's not a user
    member = getRoleMember(updatedRole, "sports.api");
    assertNull(member.getExpiration());
    assertNull(member.getSystemDisabled());
    // weather api expiry should not change since it's already expired
    member = getRoleMember(updatedRole, "weather.api");
    assertEquals(member.getExpiration(), tstamp);
    assertNull(member.getSystemDisabled());
    // now let's reset the state back to null which should
    // remove the filter disabled flag
    originalRole.setUserAuthorityFilter("employee");
    updatedRole.setUserAuthorityFilter(null);
    zms.dbService.updateRoleMembersSystemDisabledState(mockDomRsrcCtx, mockConn, domainName, "auth-role", originalRole, updatedRole, auditRef, "unit-test");
    member = getRoleMember(updatedRole, "user.john");
    assertNull(member.getExpiration());
    assertNull(member.getSystemDisabled());
    member = getRoleMember(updatedRole, "user.jane");
    assertNull(member.getExpiration());
    assertEquals(member.getSystemDisabled(), Integer.valueOf(0));
    member = getRoleMember(updatedRole, "sports.api");
    assertNull(member.getExpiration());
    assertNull(member.getSystemDisabled());
    member = getRoleMember(updatedRole, "weather.api");
    assertEquals(member.getExpiration(), tstamp);
    assertNull(member.getSystemDisabled());
    // reset authority to its original value
    zms.dbService.zmsConfig.setUserAuthority(savedAuthority);
}
Also used : Authority(com.yahoo.athenz.auth.Authority) ObjectStoreConnection(com.yahoo.athenz.zms.store.ObjectStoreConnection) Timestamp(com.yahoo.rdl.Timestamp) Test(org.testng.annotations.Test)

Example 25 with ObjectStoreConnection

use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.

the class DBServiceTest method testUpdateDomainMemberUserAuthorityFilterObjectStoreFailure.

@Test
public void testUpdateDomainMemberUserAuthorityFilterObjectStoreFailure() {
    final String domainName = "domain-meta-user-authority-filter";
    List<String> admins = new ArrayList<>();
    admins.add("user.john");
    zms.dbService.makeDomain(mockDomRsrcCtx, ZMSTestUtils.makeDomainObject(domainName, "test desc", "org", false, "", 1997, "", 0), admins, null, auditRef);
    AthenzDomain athenzDomain = zms.dbService.getAthenzDomain(domainName, false);
    Domain domain = new Domain().setName(domainName).setUserAuthorityFilter("contractor").setModified(Timestamp.fromCurrentTime());
    Domain updateDomain = new Domain().setName(domainName).setUserAuthorityFilter("employee");
    ObjectStoreConnection mockConn = Mockito.mock(ObjectStoreConnection.class);
    Mockito.when(mockConn.getAthenzDomain(domainName)).thenReturn(athenzDomain);
    Mockito.when(mockConn.updateRoleMemberDisabledState(Mockito.anyString(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString(), Mockito.anyInt(), Mockito.anyString())).thenReturn(false);
    // we're going to make sure to throw an exception here
    // since this should never be called
    Mockito.when(mockConn.updateDomainModTimestamp(domainName)).thenThrow(new IllegalArgumentException());
    Authority savedAuthority = zms.dbService.zmsConfig.getUserAuthority();
    Authority authority = Mockito.mock(Authority.class);
    zms.dbService.zmsConfig.setUserAuthority(authority);
    zms.dbService.updateDomainMembersUserAuthorityFilter(mockDomRsrcCtx, mockConn, domain, updateDomain, auditRef, "testUpdateDomainMemberUserAuthorityFilterObjectStoreFailure");
    zms.dbService.zmsConfig.setUserAuthority(savedAuthority);
    zms.dbService.executeDeleteDomain(mockDomRsrcCtx, domainName, auditRef, "deletedomain");
}
Also used : AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain) Authority(com.yahoo.athenz.auth.Authority) ObjectStoreConnection(com.yahoo.athenz.zms.store.ObjectStoreConnection) AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain) Test(org.testng.annotations.Test)

Aggregations

ObjectStoreConnection (com.yahoo.athenz.zms.store.ObjectStoreConnection)173 Test (org.testng.annotations.Test)96 ObjectStore (com.yahoo.athenz.zms.store.ObjectStore)38 AthenzDomain (com.yahoo.athenz.zms.store.AthenzDomain)34 Authority (com.yahoo.athenz.auth.Authority)23 Timestamp (com.yahoo.rdl.Timestamp)17 ArrayList (java.util.ArrayList)16 MemberDueDays (com.yahoo.athenz.zms.config.MemberDueDays)11 Principal (com.yahoo.athenz.auth.Principal)7 SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)7 EmbeddedMysql (com.wix.mysql.EmbeddedMysql)5 FilePrivateKeyStore (com.yahoo.athenz.auth.impl.FilePrivateKeyStore)5 Crypto (com.yahoo.athenz.auth.util.Crypto)5 AuditReferenceValidator (com.yahoo.athenz.common.server.audit.AuditReferenceValidator)5 NotificationManager (com.yahoo.athenz.common.server.notification.NotificationManager)5 ResourceUtils (com.yahoo.athenz.common.server.util.ResourceUtils)5 DataCache (com.yahoo.athenz.zms.DBService.DataCache)5 MockAuditReferenceValidatorImpl (com.yahoo.athenz.zms.audit.MockAuditReferenceValidatorImpl)5 JDBCConnection (com.yahoo.athenz.zms.store.impl.jdbc.JDBCConnection)5 ZMSUtils (com.yahoo.athenz.zms.utils.ZMSUtils)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial