Examples with DataCache com.yahoo.athenz.zts.cache.DataCache used on opensource projects

Search in sources :

Example 41 with DataCache

use of com.yahoo.athenz.zts.cache.DataCache in project athenz by yahoo.

the class ZTSImplTest method testResourceAccess.

@Test
public void testResourceAccess() {
    final String domainName = "coretechaccess";
    DataCache domain = new DataCache();
    DomainData domainData = new DomainData();
    domainData.setName(domainName);
    domain.setDomainData(domainData);
    domainData.setRoles(new ArrayList<Role>());
    Role role1 = createRoleObject(domainName, "role1", null, "user.user1", "user.user3");
    Role role2 = createRoleObject(domainName, "role2", null, "user.user2", null);
    domainData.getRoles().add(role1);
    domainData.getRoles().add(role2);
    Policy policy = createPolicyObject(domainName, "access", domainName + ":role.role1", false, "update", domainName + ":table1", AssertionEffect.ALLOW);
    domainData.setPolicies(new com.yahoo.athenz.zms.SignedPolicies());
    domainData.getPolicies().setContents(new com.yahoo.athenz.zms.DomainPolicies());
    domainData.getPolicies().getContents().setPolicies(new ArrayList<Policy>());
    domainData.getPolicies().getContents().getPolicies().add(policy);
    store.getCacheStore().put(domainName, domain);
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    Principal principal = SimplePrincipal.create("user", "user1", "v=U1;d=user;n=user1;s=signature", 0, principalAuthority);
    ResourceContext ctx = createResourceContext(principal, null);
    // process
    ResourceAccess access = zts.getResourceAccess(ctx, "update", domainName + ":table1", null, null);
    assertTrue(access.getGranted());
    access = zts.getResourceAccessExt(ctx, "update", domainName + ":table1", null, null);
    assertTrue(access.getGranted());
    access = zts.getResourceAccess(ctx, "update", domainName + ":table2", null, null);
    assertFalse(access.getGranted());
    access = zts.getResourceAccessExt(ctx, "update", domainName + ":table2", null, null);
    assertFalse(access.getGranted());
    access = zts.getResourceAccess(ctx, "delete", domainName + ":table1", null, null);
    assertFalse(access.getGranted());
    access = zts.getResourceAccessExt(ctx, "delete", domainName + ":table1", null, null);
    assertFalse(access.getGranted());
    access = zts.getResourceAccess(ctx, "update", domainName + ":table1", null, "user.user2");
    assertFalse(access.getGranted());
    access = zts.getResourceAccess(ctx, "update", domainName + ":table1", null, "user.user3");
    assertTrue(access.getGranted());
    access = zts.getResourceAccess(ctx, "update", domainName + ":table2", null, "user.user3");
    assertFalse(access.getGranted());
    store.getCacheStore().invalidate(domainName);
}
Also used : Policy(com.yahoo.athenz.zms.Policy) UserAuthority(com.yahoo.athenz.auth.impl.UserAuthority) Authority(com.yahoo.athenz.auth.Authority) CertificateAuthority(com.yahoo.athenz.auth.impl.CertificateAuthority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) DomainData(com.yahoo.athenz.zms.DomainData) DataCache(com.yahoo.athenz.zts.cache.DataCache) Role(com.yahoo.athenz.zms.Role) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Example 42 with DataCache

use of com.yahoo.athenz.zts.cache.DataCache in project athenz by yahoo.

the class ZTSImplTest method testAccessDelegatedTrust.

@Test
public void testAccessDelegatedTrust() {
    DataCache domain = new DataCache();
    DomainData domainData = new DomainData();
    domainData.setName("coretechtrust");
    domain.setDomainData(domainData);
    domainData.setRoles(new ArrayList<Role>());
    Role role1 = createRoleObject("coretechtrust", "role1", null, "user_domain.user1", null);
    Role role2 = createRoleObject("coretechtrust", "role2", null, "user_domain.user2", null);
    domainData.getRoles().add(role1);
    domainData.getRoles().add(role2);
    Policy policy = createPolicyObject("coretechtrust", "trust", "coretechtrust:role.role1", false, "ASSUME_ROLE", "weather:role.role1", AssertionEffect.ALLOW);
    domainData.setPolicies(new com.yahoo.athenz.zms.SignedPolicies());
    domainData.getPolicies().setContents(new com.yahoo.athenz.zms.DomainPolicies());
    domainData.getPolicies().getContents().setPolicies(new ArrayList<Policy>());
    domainData.getPolicies().getContents().getPolicies().add(policy);
    store.getCacheStore().put("coretechtrust", domain);
    domain = new DataCache();
    domainData = new DomainData();
    domainData.setName("weather");
    domain.setDomainData(domainData);
    domainData.setRoles(new ArrayList<Role>());
    role1 = createRoleObject("weather", "role1", "coretechtrust");
    domainData.getRoles().add(role1);
    policy = createPolicyObject("weather", "access", "weather:role.role1", false, "update", "weather:table1", AssertionEffect.ALLOW);
    domainData.setPolicies(new com.yahoo.athenz.zms.SignedPolicies());
    domainData.getPolicies().setContents(new com.yahoo.athenz.zms.DomainPolicies());
    domainData.getPolicies().getContents().setPolicies(new ArrayList<Policy>());
    domainData.getPolicies().getContents().getPolicies().add(policy);
    store.getCacheStore().put("weather", domain);
    Principal principal1 = SimplePrincipal.create("user_domain", "user1", "v=U1;d=user_domain;n=user1;s=signature", 0, null);
    assertTrue(authorizer.access("update", "weather:table1", principal1, null));
    assertTrue(authorizer.access("update", "weather:table1", principal1, "coretechtrust"));
    assertFalse(authorizer.access("update", "weather:table1", principal1, "unknowntrust"));
    assertFalse(authorizer.access("update", "weather:table2", principal1, null));
    assertFalse(authorizer.access("delete", "weather:table1", principal1, null));
    Principal principal2 = SimplePrincipal.create("user_domain", "user2", "v=U1;d=user_domain;n=user2;s=signature", 0, null);
    assertFalse(authorizer.access("update", "weather:table1", principal2, null));
    Principal principal3 = SimplePrincipal.create("user_domain", "user3", "v=U1;d=user_domain;n=user3;s=signature", 0, null);
    assertFalse(authorizer.access("update", "weather:table1", principal3, null));
    store.getCacheStore().invalidate("coretechtrust");
    store.getCacheStore().invalidate("weather");
}
Also used : Role(com.yahoo.athenz.zms.Role) Policy(com.yahoo.athenz.zms.Policy) DomainData(com.yahoo.athenz.zms.DomainData) DataCache(com.yahoo.athenz.zts.cache.DataCache) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Example 43 with DataCache

use of com.yahoo.athenz.zts.cache.DataCache in project athenz by yahoo.

the class ZTSImplTest method testEvaluateAccessAssertionAllow.

@Test
public void testEvaluateAccessAssertionAllow() {
    DataCache domain = new DataCache();
    DomainData domainData = new DomainData();
    domainData.setName("coretech");
    domain.setDomainData(domainData);
    domainData.setRoles(new ArrayList<Role>());
    Role role = createRoleObject("coretech", "role1", null, "user_domain.user1", null);
    domainData.getRoles().add(role);
    Policy policy = new Policy().setName("coretech:policy.policy1");
    Assertion assertion1 = new Assertion();
    assertion1.setAction("read");
    assertion1.setEffect(AssertionEffect.ALLOW);
    assertion1.setResource("coretech:*");
    assertion1.setRole("coretech:role.role1");
    Assertion assertion2 = new Assertion();
    assertion2.setAction("read");
    assertion2.setEffect(AssertionEffect.ALLOW);
    assertion2.setResource("coretech:resource1");
    assertion2.setRole("coretech:role.role1");
    policy.setAssertions(new ArrayList<Assertion>());
    policy.getAssertions().add(assertion1);
    policy.getAssertions().add(assertion2);
    domainData.setPolicies(new com.yahoo.athenz.zms.SignedPolicies());
    domainData.getPolicies().setContents(new com.yahoo.athenz.zms.DomainPolicies());
    domainData.getPolicies().getContents().setPolicies(new ArrayList<Policy>());
    domainData.getPolicies().getContents().getPolicies().add(policy);
    assertEquals(authorizer.evaluateAccess(domain, "user_domain.user1", "read", "coretech:resource1", null), AccessStatus.ALLOWED);
}
Also used : Role(com.yahoo.athenz.zms.Role) Policy(com.yahoo.athenz.zms.Policy) DomainData(com.yahoo.athenz.zms.DomainData) Assertion(com.yahoo.athenz.zms.Assertion) DataCache(com.yahoo.athenz.zts.cache.DataCache) Test(org.testng.annotations.Test)

Example 44 with DataCache

use of com.yahoo.athenz.zts.cache.DataCache in project athenz by yahoo.

the class ZTSImplTest method testMatchPrincipalInRoleDelegatedTrustMatch.

@Test
public void testMatchPrincipalInRoleDelegatedTrustMatch() {
    DataCache domain = new DataCache();
    DomainData domainData = new DomainData();
    domainData.setName("coretechtrust");
    domain.setDomainData(domainData);
    domainData.setRoles(new ArrayList<Role>());
    Role role1 = createRoleObject("coretechtrust", "role1", null, "user_domain.user1", null);
    Role role2 = createRoleObject("coretechtrust", "role2", null, "user_domain.user2", null);
    domainData.getRoles().add(role1);
    domainData.getRoles().add(role2);
    Policy policy = createPolicyObject("coretechtrust", "trust", "coretechtrust:role.role1", false, "ASSUME_ROLE", "weather:role.role1", AssertionEffect.ALLOW);
    domainData.setPolicies(new com.yahoo.athenz.zms.SignedPolicies());
    domainData.getPolicies().setContents(new com.yahoo.athenz.zms.DomainPolicies());
    domainData.getPolicies().getContents().setPolicies(new ArrayList<Policy>());
    domainData.getPolicies().getContents().getPolicies().add(policy);
    store.getCacheStore().put("coretechtrust", domain);
    Role role = createRoleObject("weather", "role1", "coretechtrust");
    assertTrue(authorizer.matchPrincipalInRole(role, "weather:role.role1", "user_domain.user1", "coretechtrust"));
    assertFalse(authorizer.matchPrincipalInRole(role, "weather:role.role1", "user_domain.user1", "coretechtrust2"));
    assertFalse(authorizer.matchPrincipalInRole(role, "weather:role.role1", "user_domain.user3", "coretechtrust"));
    store.getCacheStore().invalidate("coretechtrust");
}
Also used : Role(com.yahoo.athenz.zms.Role) Policy(com.yahoo.athenz.zms.Policy) DomainData(com.yahoo.athenz.zms.DomainData) DataCache(com.yahoo.athenz.zts.cache.DataCache) Test(org.testng.annotations.Test)

Example 45 with DataCache

use of com.yahoo.athenz.zts.cache.DataCache in project athenz by yahoo.

the class DataCacheTest method testProcessRoleTrustDomain.

@Test
public void testProcessRoleTrustDomain() {
    DataCache cache = new DataCache();
    cache.processRoleTrustDomain("dom.role1", "trustD");
    Map<String, Set<String>> map = cache.getTrustMap();
    assertNotNull(map);
    assertEquals(map.size(), 1);
    assertTrue(map.containsKey("trustD"));
    assertEquals(map.get("trustD").size(), 1);
    assertTrue(map.get("trustD").contains("dom.role1"));
}
Also used : Set(java.util.Set) DataCache(com.yahoo.athenz.zts.cache.DataCache) Test(org.testng.annotations.Test)

Aggregations

DataCache (com.yahoo.athenz.zts.cache.DataCache)84 Test (org.testng.annotations.Test)68 ArrayList (java.util.ArrayList)44 MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)39 ZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)38 DomainData (com.yahoo.athenz.zms.DomainData)32 Role (com.yahoo.athenz.zms.Role)31 HashSet (java.util.HashSet)24 RoleMember (com.yahoo.athenz.zms.RoleMember)23 ServiceIdentity (com.yahoo.athenz.zms.ServiceIdentity)17 SignedDomain (com.yahoo.athenz.zms.SignedDomain)14 Policy (com.yahoo.athenz.zms.Policy)13 Domain (com.yahoo.athenz.zms.Domain)12 MemberRole (com.yahoo.athenz.zts.cache.MemberRole)12 Set (java.util.Set)12 Assertion (com.yahoo.athenz.zms.Assertion)7 HostServices (com.yahoo.athenz.zts.HostServices)6 HashMap (java.util.HashMap)6 SignedDomains (com.yahoo.athenz.zms.SignedDomains)5 Principal (com.yahoo.athenz.auth.Principal)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial