Example 21 with AccessCheckStatus
use of com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus in project athenz by yahoo.
the class TestAuthZpe method testPublicFishingAllowed.
@Test
public void testPublicFishingAllowed() {
String action = "fish";
String angResource = "angler:stockedpondBigBassLake";
StringBuilder roleName = new StringBuilder();
AccessCheckStatus status = AuthZpeClient.allowAccess(rToken0AnglerPublic, angResource, action, roleName);
Assert.assertEquals(status, AccessCheckStatus.ALLOW);
Assert.assertEquals(roleName.toString(), "public");
}
Also used :
AccessCheckStatus(com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus)
Test(org.testng.annotations.Test)
Example 22 with AccessCheckStatus
use of com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus in project athenz by yahoo.
the class TestAuthZpe method testAllowAccessMatchAllAccessTokenInvalid.
@Test
public void testAllowAccessMatchAllAccessTokenInvalid() {
String action = "all";
String resource = "angler:stuff";
StringBuilder roleName = new StringBuilder();
// create a token with a key id that does not exist
List<String> roles = Collections.singletonList("matchall");
final String invalidKeyIdToken = createInvalidAccessToken("angler", roles);
AccessCheckStatus status = AuthZpeClient.allowAccess(invalidKeyIdToken, resource, action, roleName);
Assert.assertEquals(status, AccessCheckStatus.DENY_ROLETOKEN_INVALID);
}
Also used :
AccessCheckStatus(com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus)
Test(org.testng.annotations.Test)
Example 23 with AccessCheckStatus
use of com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus in project athenz by yahoo.
the class TestAuthZpe method testCleanupOfToken.
@Test
public void testCleanupOfToken() {
// perform allowed access check
String action = "fish";
String angResource = "angler:stockedpondBigBassLake";
List<String> roles = new ArrayList<>();
roles.add("public");
roles.add("admin");
// 1 sec expiry
RoleToken rtoken = createRoleToken("angler", roles, "0", 1);
String signedToken = rtoken.getSignedToken();
AccessCheckStatus status = AuthZpeClient.allowAccess(signedToken, angResource, action);
Assert.assertEquals(status, AccessCheckStatus.ALLOW);
Map<String, RoleToken> roleMap = ZpeUpdPolLoader.getRoleTokenCacheMap();
RoleToken mapToken = roleMap.get(signedToken);
Assert.assertEquals(signedToken, mapToken.getSignedToken());
// before the entry is expired.
for (int cnt = 0; mapToken != null && cnt < 30; ++cnt) {
// -Dyahoo.zpeclient.updater.cleanup_tokens_secs=1
try {
// test has timeout set to 1 second
Thread.sleep(1000);
} catch (Exception exc) {
System.out.println("testCleanupOfToken: sleep was interrupted: in loop, cnt=" + cnt + " token=" + signedToken);
}
mapToken = roleMap.get(signedToken);
if (mapToken != null) {
Assert.assertEquals(signedToken, mapToken.getSignedToken());
}
}
// assert token is not in the map outside of the loop
Assert.assertNull(mapToken);
}
Also used :
AccessCheckStatus(com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus)
IOException(java.io.IOException)
RoleToken(com.yahoo.athenz.auth.token.RoleToken)
Test(org.testng.annotations.Test)
Example 24 with AccessCheckStatus
use of com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus in project athenz by yahoo.
the class TestAuthZpe method testValidAccessResource.
@Test
public void testValidAccessResource() {
String action = "ACCESS";
String angResource = "angler:tables.blah";
StringBuilder roleName = new StringBuilder();
AccessCheckStatus status = AuthZpeClient.allowAccess(rToken0AnglerPachinko, angResource, action, roleName);
Assert.assertEquals(status, AccessCheckStatus.ALLOW);
Assert.assertEquals(roleName.toString(), "pachinko");
}
Also used :
AccessCheckStatus(com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus)
Test(org.testng.annotations.Test)
Example 25 with AccessCheckStatus
use of com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus in project athenz by yahoo.
the class TestAuthZpe method testWildcardManageRiversVenturaAllowed.
@Test
public void testWildcardManageRiversVenturaAllowed() {
String action = "manage";
String angResource = "angler:RiversVenturaCounty";
List<String> roles = new ArrayList<>();
roles.add("managerventuraco");
// 1000 sec expiry
RoleToken rtoken = createRoleToken("angler", roles, "0", 1000);
StringBuilder roleName = new StringBuilder(256);
AccessCheckStatus status = AuthZpeClient.allowAccess(rtoken, angResource, action, roleName);
// Ventura county manager is allowed to manage Kern county ponds
Assert.assertEquals(status, AccessCheckStatus.ALLOW);
}
Also used :
AccessCheckStatus(com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus)
RoleToken(com.yahoo.athenz.auth.token.RoleToken)
Test(org.testng.annotations.Test)
Aggregations
AccessCheckStatus (com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus)56
Test (org.testng.annotations.Test)55
RoleToken (com.yahoo.athenz.auth.token.RoleToken)11
X509Certificate (java.security.cert.X509Certificate)5
Path (java.nio.file.Path)4
IOException (java.io.IOException)3
AccessToken (com.yahoo.athenz.auth.token.AccessToken)1
PrintWriter (java.io.PrintWriter)1
ArrayList (java.util.ArrayList)1
X500Principal (javax.security.auth.x500.X500Principal)1
