Search in sources :

Example 26 with CloudStore

use of com.yahoo.athenz.zts.store.CloudStore in project athenz by yahoo.

the class CloudStoreTest method testGetS3ClientAWSNotEnabled.

@Test
public void testGetS3ClientAWSNotEnabled() {
    CloudStore store = new CloudStore(null);
    store.credentials = null;
    try {
        store.getS3Client();
        fail();
    } catch (ResourceException ex) {
        assertEquals(500, ex.getCode());
    }
    store.close();
}
Also used : CloudStore(com.yahoo.athenz.zts.store.CloudStore) ResourceException(com.yahoo.athenz.zts.ResourceException) Test(org.testng.annotations.Test)

Example 27 with CloudStore

use of com.yahoo.athenz.zts.store.CloudStore in project athenz by yahoo.

the class CloudStoreTest method testGetMetaDataEmptyResponse.

@Test
public void testGetMetaDataEmptyResponse() throws InterruptedException, ExecutionException, TimeoutException {
    CloudStore store = new CloudStore(null);
    HttpClient httpClient = Mockito.mock(HttpClient.class);
    ContentResponse response = Mockito.mock(ContentResponse.class);
    Mockito.when(response.getStatus()).thenReturn(200);
    Mockito.when(response.getContentAsString()).thenReturn("");
    store.setHttpClient(httpClient);
    Mockito.when(httpClient.GET("http://169.254.169.254/latest/iam-info")).thenReturn(response);
    assertNull(store.getMetaData("/iam-info"));
    store.close();
}
Also used : CloudStore(com.yahoo.athenz.zts.store.CloudStore) ContentResponse(org.eclipse.jetty.client.api.ContentResponse) HttpClient(org.eclipse.jetty.client.HttpClient) Test(org.testng.annotations.Test)

Example 28 with CloudStore

use of com.yahoo.athenz.zts.store.CloudStore in project athenz by yahoo.

the class ZTSImplTest method testGetRoleTokenCert.

@Test
public void testGetRoleTokenCert() throws Exception {
    // this csr is for sports:role.readers role
    RoleCertificateRequest req = new RoleCertificateRequest().setCsr(ROLE_CERT_CORETECH_REQUEST).setExpiryTime(Long.valueOf(3600));
    SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", true);
    store.processDomain(signedDomain, false);
    File caCert = new File("src/test/resources/valid_cn_x509.cert");
    X509Certificate caCertificate = Crypto.loadX509Certificate(caCert);
    File caKey = new File("src/test/resources/private_encrypted.key");
    PrivateKey caPrivateKey = Crypto.loadPrivateKey(caKey, "athenz");
    CertSigner certSigner = new SelfCertSigner(caPrivateKey, caCertificate);
    CloudStore cloudStore = new MockCloudStore(certSigner);
    store.setCloudStore(cloudStore);
    zts.cloudStore = cloudStore;
    Principal principal = SimplePrincipal.create("user_domain", "user1", "v=U1;d=user_domain;n=user;s=signature", 0, null);
    ResourceContext context = createResourceContext(principal);
    RoleToken roleToken = zts.postRoleCertificateRequest(context, "coretech", "readers", req);
    assertNotNull(roleToken);
    assertEquals(roleToken.getExpiryTime(), TimeUnit.SECONDS.convert(30, TimeUnit.DAYS));
}
Also used : PrivateKey(java.security.PrivateKey) MockCloudStore(com.yahoo.athenz.zts.store.MockCloudStore) CloudStore(com.yahoo.athenz.zts.store.CloudStore) CertSigner(com.yahoo.athenz.common.server.cert.CertSigner) SelfCertSigner(com.yahoo.athenz.zts.cert.impl.SelfCertSigner) SignedDomain(com.yahoo.athenz.zms.SignedDomain) MockCloudStore(com.yahoo.athenz.zts.store.MockCloudStore) SelfCertSigner(com.yahoo.athenz.zts.cert.impl.SelfCertSigner) File(java.io.File) X509Certificate(java.security.cert.X509Certificate) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Example 29 with CloudStore

use of com.yahoo.athenz.zts.store.CloudStore in project athenz by yahoo.

the class CloudStoreTest method testLoadBootMetaData.

@Test
public void testLoadBootMetaData() throws InterruptedException, ExecutionException, TimeoutException {
    CloudStore store = new CloudStore(null);
    HttpClient httpClient = Mockito.mock(HttpClient.class);
    ContentResponse responseDoc = Mockito.mock(ContentResponse.class);
    Mockito.when(responseDoc.getStatus()).thenReturn(200);
    Mockito.when(responseDoc.getContentAsString()).thenReturn(AWS_INSTANCE_DOCUMENT);
    ContentResponse responseSig = Mockito.mock(ContentResponse.class);
    Mockito.when(responseSig.getStatus()).thenReturn(200);
    Mockito.when(responseSig.getContentAsString()).thenReturn("pkcs7-signature");
    ContentResponse responseInfo = Mockito.mock(ContentResponse.class);
    Mockito.when(responseInfo.getStatus()).thenReturn(200);
    Mockito.when(responseInfo.getContentAsString()).thenReturn(AWS_IAM_ROLE_INFO);
    store.setHttpClient(httpClient);
    Mockito.when(httpClient.GET("http://169.254.169.254/latest/dynamic/instance-identity/document")).thenReturn(responseDoc);
    Mockito.when(httpClient.GET("http://169.254.169.254/latest/dynamic/instance-identity/pkcs7")).thenReturn(responseSig);
    Mockito.when(httpClient.GET("http://169.254.169.254/latest/meta-data/iam/info")).thenReturn(responseInfo);
    assertTrue(store.loadBootMetaData());
    assertEquals(store.awsRole, "athenz.zts");
    assertEquals(store.awsRegion, "us-west-2");
    store.close();
}
Also used : CloudStore(com.yahoo.athenz.zts.store.CloudStore) ContentResponse(org.eclipse.jetty.client.api.ContentResponse) HttpClient(org.eclipse.jetty.client.HttpClient) Test(org.testng.annotations.Test)

Example 30 with CloudStore

use of com.yahoo.athenz.zts.store.CloudStore in project athenz by yahoo.

the class CloudStoreTest method testParseIamRoleInfoInvalidInstanceProfile.

@Test
public void testParseIamRoleInfoInvalidInstanceProfile() {
    CloudStore store = new CloudStore(null);
    assertFalse(store.parseIamRoleInfo("{\"accountId\":\"012345678901\"}"));
    assertFalse(store.parseIamRoleInfo("{\"accountId\":\"012345678901\",\"InstanceProfileArn\":\"invalid\"}"));
    store.close();
}
Also used : CloudStore(com.yahoo.athenz.zts.store.CloudStore) Test(org.testng.annotations.Test)

Aggregations

CloudStore (com.yahoo.athenz.zts.store.CloudStore)45 Test (org.testng.annotations.Test)44 HttpClient (org.eclipse.jetty.client.HttpClient)17 ContentResponse (org.eclipse.jetty.client.api.ContentResponse)16 MockCloudStore (com.yahoo.athenz.zts.store.MockCloudStore)6 Principal (com.yahoo.athenz.auth.Principal)5 SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)5 SignedDomain (com.yahoo.athenz.zms.SignedDomain)5 ResourceException (com.yahoo.athenz.zts.ResourceException)5 BasicSessionCredentials (com.amazonaws.auth.BasicSessionCredentials)2 File (java.io.File)2 AssumeRoleRequest (com.amazonaws.services.securitytoken.model.AssumeRoleRequest)1 CertSigner (com.yahoo.athenz.common.server.cert.CertSigner)1 SelfCertSigner (com.yahoo.athenz.zts.cert.impl.SelfCertSigner)1 ChangeLogStore (com.yahoo.athenz.zts.store.ChangeLogStore)1 DataStore (com.yahoo.athenz.zts.store.DataStore)1 MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)1 ZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)1 PrivateKey (java.security.PrivateKey)1 X509Certificate (java.security.cert.X509Certificate)1