use of com.yahoo.athenz.zts.store.DataStore.DataUpdater in project athenz by yahoo.
the class DataStoreTest method testProcessDomainUpdatesFromZMSWithUpdater.
@Test
public void testProcessDomainUpdatesFromZMSWithUpdater() {
ChangeLogStore clogStore = new MockZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", pkey, "0");
DataStore store = new DataStore(clogStore, null);
((MockZMSFileChangeLogStore) store.changeLogStore).setTagHeader("2014-01-01T12:00:00");
store.loadZMSPublicKeys();
SignedDomain signedDomain = createSignedDomain("coretech", "weather");
store.processDomain(signedDomain, true);
List<SignedDomain> domains = new ArrayList<>();
/* we're going to create a new domain */
signedDomain = createSignedDomain("sports", "weather");
domains.add(signedDomain);
/* we're going to update the coretech domain and set new roles */
signedDomain = createSignedDomain("coretech", "weather");
Role role = new Role();
role.setName("coretech:role.admin");
List<RoleMember> members = new ArrayList<>();
members.add(new RoleMember().setMemberName("user_domain.user8"));
role.setRoleMembers(members);
List<Role> roles = new ArrayList<>();
roles.add(role);
signedDomain.getDomain().setRoles(roles);
signedDomain.setSignature(Crypto.sign(SignUtils.asCanonicalString(signedDomain.getDomain()), pkey));
domains.add(signedDomain);
SignedDomains signedDomains = new SignedDomains();
signedDomains.setDomains(domains);
((MockZMSFileChangeLogStore) store.changeLogStore).setSignedDomains(signedDomains);
store.lastDeleteRunTime = System.currentTimeMillis() - 24 * 60 * 60;
DataUpdater updater = store.new DataUpdater();
updater.run();
Set<String> accessibleRoles = new HashSet<>();
DataCache data = store.getDataCache("coretech");
store.getAccessibleRoles(data, "coretech", "user_domain.user1", null, accessibleRoles, false);
assertEquals(accessibleRoles.size(), 0);
accessibleRoles = new HashSet<>();
store.getAccessibleRoles(data, "coretech", "user_domain.user8", null, accessibleRoles, false);
assertEquals(accessibleRoles.size(), 1);
assertTrue(accessibleRoles.contains("admin"));
accessibleRoles = new HashSet<>();
data = store.getDataCache("sports");
store.getAccessibleRoles(data, "sports", "user_domain.user", null, accessibleRoles, false);
assertEquals(accessibleRoles.size(), 2);
assertTrue(accessibleRoles.contains("admin"));
assertTrue(accessibleRoles.contains("writers"));
}
use of com.yahoo.athenz.zts.store.DataStore.DataUpdater in project athenz by yahoo.
the class DataStoreTest method testDataUpdaterException.
@Test
public void testDataUpdaterException() {
DataStore store = Mockito.mock(DataStore.class);
when(store.processDomainUpdates()).thenThrow(new ResourceException(401, "exc"));
when(store.processDomainDeletes()).thenThrow(new ResourceException(401, "exc"));
doThrow(new ResourceException(401, "exc")).when(store).processDomainChecks();
DataUpdater updater1 = store.new DataUpdater();
updater1.run();
store.jwsDomainSupport = true;
DataUpdater updater2 = store.new DataUpdater();
updater2.run();
}
use of com.yahoo.athenz.zts.store.DataStore.DataUpdater in project athenz by yahoo.
the class DataStoreTest method testProcessSignedDomainUpdatesFromZMSWithUpdater.
@Test
public void testProcessSignedDomainUpdatesFromZMSWithUpdater() {
ChangeLogStore clogStore = new MockZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", pkey, "0");
DataStore store = new DataStore(clogStore, null, ztsMetric);
store.loadAthenzPublicKeys();
SignedDomain signedDomain = createSignedDomain("coretech", "weather");
store.processSignedDomain(signedDomain, true);
List<SignedDomain> domains = new ArrayList<>();
// we're going to create a new domain
signedDomain = createSignedDomain("sports", "weather");
domains.add(signedDomain);
// we're going to update the coretech domain and set new roles
signedDomain = createSignedDomain("coretech", "weather");
Role role = new Role();
role.setName("coretech:role.admin");
List<RoleMember> members = new ArrayList<>();
members.add(new RoleMember().setMemberName("user_domain.user8"));
role.setRoleMembers(members);
List<Role> roles = new ArrayList<>();
roles.add(role);
signedDomain.getDomain().setRoles(roles);
signedDomain.setSignature(Crypto.sign(SignUtils.asCanonicalString(signedDomain.getDomain()), pkey));
domains.add(signedDomain);
SignedDomains signedDomains = new SignedDomains();
signedDomains.setDomains(domains);
((MockZMSFileChangeLogStore) store.changeLogStore).setSignedDomains(signedDomains);
store.lastDeleteRunTime = System.currentTimeMillis() - 59 * 60 * 1000;
store.lastCheckRunTime = System.currentTimeMillis() - 9 * 60 * 1000;
DataUpdater updater = store.new DataUpdater();
updater.run();
Set<String> accessibleRoles = new HashSet<>();
DataCache data = store.getDataCache("coretech");
store.getAccessibleRoles(data, "coretech", "user_domain.user1", null, accessibleRoles, false);
assertEquals(accessibleRoles.size(), 0);
accessibleRoles = new HashSet<>();
store.getAccessibleRoles(data, "coretech", "user_domain.user8", null, accessibleRoles, false);
assertEquals(accessibleRoles.size(), 1);
assertTrue(accessibleRoles.contains("admin"));
accessibleRoles = new HashSet<>();
data = store.getDataCache("sports");
store.getAccessibleRoles(data, "sports", "user_domain.user", null, accessibleRoles, false);
assertEquals(accessibleRoles.size(), 2);
assertTrue(accessibleRoles.contains("admin"));
assertTrue(accessibleRoles.contains("writers"));
// run again with both checks enabled
store.lastDeleteRunTime = System.currentTimeMillis() - 61 * 60 * 60 * 1000;
store.lastCheckRunTime = System.currentTimeMillis() - 11 * 60 * 1000;
updater = store.new DataUpdater();
updater.run();
accessibleRoles = new HashSet<>();
data = store.getDataCache("coretech");
store.getAccessibleRoles(data, "coretech", "user_domain.user1", null, accessibleRoles, false);
assertEquals(accessibleRoles.size(), 0);
accessibleRoles = new HashSet<>();
store.getAccessibleRoles(data, "coretech", "user_domain.user8", null, accessibleRoles, false);
assertEquals(accessibleRoles.size(), 1);
assertTrue(accessibleRoles.contains("admin"));
accessibleRoles = new HashSet<>();
data = store.getDataCache("sports");
store.getAccessibleRoles(data, "sports", "user_domain.user", null, accessibleRoles, false);
assertEquals(accessibleRoles.size(), 2);
assertTrue(accessibleRoles.contains("admin"));
assertTrue(accessibleRoles.contains("writers"));
}
use of com.yahoo.athenz.zts.store.DataStore.DataUpdater in project athenz by yahoo.
the class DataStoreTest method testProcessJWSDomainUpdatesFromZMSWithUpdater.
@Test
public void testProcessJWSDomainUpdatesFromZMSWithUpdater() {
ChangeLogStore clogStore = new MockZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", pkey, "0");
DataStore store = new DataStore(clogStore, null, ztsMetric);
store.jwsDomainSupport = true;
store.loadAthenzPublicKeys();
JWSDomain jwsDomain = createJWSDomain("coretech", "weather", "0");
store.processJWSDomain(jwsDomain, true);
List<JWSDomain> domains = new ArrayList<>();
// we're going to create a new domain
jwsDomain = createJWSDomain("sports", "weather", "0");
domains.add(jwsDomain);
// we're going to update the coretech domain and set new roles
SignedDomain signedDomain = createSignedDomain("coretech", "weather");
Role role = new Role();
role.setName("coretech:role.admin");
List<RoleMember> members = new ArrayList<>();
members.add(new RoleMember().setMemberName("user_domain.user8"));
role.setRoleMembers(members);
List<Role> roles = new ArrayList<>();
roles.add(role);
signedDomain.getDomain().setRoles(roles);
jwsDomain = signJwsDomain(signedDomain.getDomain(), "0");
domains.add(jwsDomain);
((MockZMSFileChangeLogStore) store.changeLogStore).setJWSDomains(domains);
store.lastDeleteRunTime = System.currentTimeMillis() - 59 * 60 * 1000;
store.lastCheckRunTime = System.currentTimeMillis() - 9 * 60 * 1000;
DataUpdater updater = store.new DataUpdater();
updater.run();
Set<String> accessibleRoles = new HashSet<>();
DataCache data = store.getDataCache("coretech");
store.getAccessibleRoles(data, "coretech", "user_domain.user1", null, accessibleRoles, false);
assertEquals(accessibleRoles.size(), 0);
accessibleRoles = new HashSet<>();
store.getAccessibleRoles(data, "coretech", "user_domain.user8", null, accessibleRoles, false);
assertEquals(accessibleRoles.size(), 1);
assertTrue(accessibleRoles.contains("admin"));
accessibleRoles = new HashSet<>();
data = store.getDataCache("sports");
store.getAccessibleRoles(data, "sports", "user_domain.user", null, accessibleRoles, false);
assertEquals(accessibleRoles.size(), 2);
assertTrue(accessibleRoles.contains("admin"));
assertTrue(accessibleRoles.contains("writers"));
// run again with both checks enabled
store.lastDeleteRunTime = System.currentTimeMillis() - 61 * 60 * 60 * 1000;
store.lastCheckRunTime = System.currentTimeMillis() - 11 * 60 * 1000;
updater = store.new DataUpdater();
updater.run();
accessibleRoles = new HashSet<>();
data = store.getDataCache("coretech");
store.getAccessibleRoles(data, "coretech", "user_domain.user1", null, accessibleRoles, false);
assertEquals(accessibleRoles.size(), 0);
accessibleRoles = new HashSet<>();
store.getAccessibleRoles(data, "coretech", "user_domain.user8", null, accessibleRoles, false);
assertEquals(accessibleRoles.size(), 1);
assertTrue(accessibleRoles.contains("admin"));
accessibleRoles = new HashSet<>();
data = store.getDataCache("sports");
store.getAccessibleRoles(data, "sports", "user_domain.user", null, accessibleRoles, false);
assertEquals(accessibleRoles.size(), 2);
assertTrue(accessibleRoles.contains("admin"));
assertTrue(accessibleRoles.contains("writers"));
}
Aggregations