Example 11 with MemberRole
use of com.yahoo.athenz.zts.cache.MemberRole in project athenz by yahoo.
the class DataStore method processStandardMembership.
// Internal
void processStandardMembership(Set<MemberRole> memberRoles, String rolePrefix, String[] requestedRoleList, Set<String> accessibleRoles, boolean keepFullName) {
if (memberRoles == null) {
return;
}
long currentTime = System.currentTimeMillis();
for (MemberRole memberRole : memberRoles) {
// before adding to the list make sure the user
// hasn't expired
long expiration = memberRole.getExpiration();
if (expiration != 0 && expiration < currentTime) {
continue;
}
addRoleToList(memberRole.getRole(), rolePrefix, requestedRoleList, accessibleRoles, keepFullName);
}
}
Also used :
MemberRole(com.yahoo.athenz.zts.cache.MemberRole)
Example 12 with MemberRole
use of com.yahoo.athenz.zts.cache.MemberRole in project athenz by yahoo.
the class DataStore method roleMatchInSet.
// Internal
boolean roleMatchInSet(String role, Set<MemberRole> memberRoles) {
String rolePattern;
long currentTime = System.currentTimeMillis();
for (MemberRole memberRole : memberRoles) {
// before processing make sure the member hasn't
// expired for this role
long expiration = memberRole.getExpiration();
if (expiration != 0 && expiration < currentTime) {
continue;
}
// if the role does not contain any of our pattern
// characters then we can just a regular compare
final String roleName = memberRole.getRole();
if (StringUtils.containsMatchCharacter(roleName)) {
rolePattern = StringUtils.patternFromGlob(roleName);
if (role.matches(rolePattern)) {
return true;
}
} else {
if (role.equals(roleName)) {
return true;
}
}
}
return false;
}
Also used :
MemberRole(com.yahoo.athenz.zts.cache.MemberRole)
Example 13 with MemberRole
use of com.yahoo.athenz.zts.cache.MemberRole in project athenz by yahoo.
the class DataStoreTest method testProcessDomainPolicies.
@Test
public void testProcessDomainPolicies() {
ChangeLogStore clogStore = new MockZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", pkey, "0");
DataStore store = new DataStore(clogStore, null, ztsMetric);
List<com.yahoo.athenz.zms.Policy> policies = new ArrayList<>();
com.yahoo.athenz.zms.Policy policy = new com.yahoo.athenz.zms.Policy();
com.yahoo.athenz.zms.Assertion assertion = new com.yahoo.athenz.zms.Assertion();
assertion.setResource("sports:role.readers");
assertion.setAction("assume_role");
assertion.setRole("coretech:role.readers");
List<com.yahoo.athenz.zms.Assertion> assertions = new ArrayList<>();
assertions.add(assertion);
policy.setAssertions(assertions);
policies.add(policy);
List<Role> roles = new ArrayList<>();
Role role = new Role();
role.setName("coretech:role.admin");
List<RoleMember> members = new ArrayList<>();
members.add(new RoleMember().setMemberName("user_domain.user"));
role.setRoleMembers(members);
roles.add(role);
role = new Role();
role.setName("coretech:role.readers");
members = new ArrayList<>();
members.add(new RoleMember().setMemberName("user_domain.user"));
role.setRoleMembers(members);
roles.add(role);
com.yahoo.athenz.zms.DomainPolicies domainPolicies = new com.yahoo.athenz.zms.DomainPolicies();
domainPolicies.setDomain("coretech");
domainPolicies.setPolicies(policies);
com.yahoo.athenz.zms.SignedPolicies signedPolicies = new com.yahoo.athenz.zms.SignedPolicies();
signedPolicies.setContents(domainPolicies);
signedPolicies.setSignature(Crypto.sign(SignUtils.asCanonicalString(domainPolicies), pkey));
signedPolicies.setKeyId("0");
DomainData domainData = new DomainData();
domainData.setName("coretech");
domainData.setPolicies(signedPolicies);
domainData.setRoles(roles);
DataCache dataCache = new DataCache();
dataCache.setDomainData(domainData);
store.processDomainPolicies(domainData, dataCache);
assertEquals(dataCache.getMemberRoleSet("user_domain.user").size(), 1);
assertTrue(dataCache.getMemberRoleSet("user_domain.user").contains(new MemberRole("sports:role.readers", 0)));
}
Also used :
com.yahoo.athenz.zms(com.yahoo.athenz.zms)
DataCache(com.yahoo.athenz.zts.cache.DataCache)
MemberRole(com.yahoo.athenz.zts.cache.MemberRole)
MemberRole(com.yahoo.athenz.zts.cache.MemberRole)
ChangeLogStore(com.yahoo.athenz.common.server.store.ChangeLogStore)
Test(org.testng.annotations.Test)
Example 14 with MemberRole
use of com.yahoo.athenz.zts.cache.MemberRole in project athenz by yahoo.
the class DataStoreTest method testProcessDomainRoles.
@Test
public void testProcessDomainRoles() {
ChangeLogStore clogStore = new MockZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", pkey, "0");
DataStore store = new DataStore(clogStore, null, ztsMetric);
List<Role> roles = new ArrayList<>();
Role role = new Role();
role.setName("coretech:role.admin");
List<RoleMember> members = new ArrayList<>();
members.add(new RoleMember().setMemberName("user_domain.user"));
role.setRoleMembers(members);
roles.add(role);
role = new Role();
role.setName("coretech:role.readers");
members = new ArrayList<>();
members.add(new RoleMember().setMemberName("user_domain.user"));
role.setRoleMembers(members);
roles.add(role);
DomainData domainData = new DomainData();
domainData.setName("coretech");
domainData.setRoles(roles);
DataCache dataCache = new DataCache();
store.processDomainRoles(domainData, dataCache);
assertEquals(dataCache.getMemberRoleSet("user_domain.user").size(), 2);
assertTrue(dataCache.getMemberRoleSet("user_domain.user").contains(new MemberRole("coretech:role.admin", 0)));
assertTrue(dataCache.getMemberRoleSet("user_domain.user").contains(new MemberRole("coretech:role.readers", 0)));
}
Also used :
MemberRole(com.yahoo.athenz.zts.cache.MemberRole)
MemberRole(com.yahoo.athenz.zts.cache.MemberRole)
ChangeLogStore(com.yahoo.athenz.common.server.store.ChangeLogStore)
DataCache(com.yahoo.athenz.zts.cache.DataCache)
Test(org.testng.annotations.Test)
Example 15 with MemberRole
use of com.yahoo.athenz.zts.cache.MemberRole in project athenz by yahoo.
the class DataStoreTest method testProcessStandardMembershipRoleInvalid.
@Test
public void testProcessStandardMembershipRoleInvalid() {
ChangeLogStore clogStore = new MockZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", pkey, "0");
DataStore store = new DataStore(clogStore, null, ztsMetric);
Set<String> accessibleRoles = new HashSet<>();
String prefix = "coretech2" + ROLE_POSTFIX;
/* invalid prefix causing no match */
String[] requestedRoleList = { "coretech:role.admin" };
Set<MemberRole> memberRoles = new HashSet<>();
memberRoles.add(new MemberRole("coretech:role.admin", 0));
memberRoles.add(new MemberRole("coretech:role.readers", 0));
store.processStandardMembership(memberRoles, prefix, requestedRoleList, accessibleRoles, false);
assertEquals(accessibleRoles.size(), 0);
}
Also used :
MemberRole(com.yahoo.athenz.zts.cache.MemberRole)
ChangeLogStore(com.yahoo.athenz.common.server.store.ChangeLogStore)
Test(org.testng.annotations.Test)
Aggregations
MemberRole (com.yahoo.athenz.zts.cache.MemberRole)18
ChangeLogStore (com.yahoo.athenz.common.server.store.ChangeLogStore)16
Test (org.testng.annotations.Test)16
DataCache (com.yahoo.athenz.zts.cache.DataCache)4
com.yahoo.athenz.zms (com.yahoo.athenz.zms)1
