Example 61 with Struct
use of com.yahoo.rdl.Struct in project athenz by yahoo.
the class ZTSImplTest method createSignedDomain.
private SignedDomain createSignedDomain(String domainName, String tenantDomain, String serviceName, List<RoleMember> writers, List<RoleMember> readers, boolean includeServices, List<Group> groups) {
SignedDomain signedDomain = new SignedDomain();
List<Role> roles = new ArrayList<>();
Role role = new Role();
role.setName(generateRoleName(domainName, "admin"));
List<RoleMember> members = new ArrayList<>();
members.add(new RoleMember().setMemberName("user_domain.adminuser"));
role.setRoleMembers(members);
roles.add(role);
role = new Role();
role.setName(generateRoleName(domainName, "writers"));
role.setRoleMembers(writers);
roles.add(role);
role = new Role();
role.setName(generateRoleName(domainName, "readers"));
role.setRoleMembers(readers);
roles.add(role);
role = new Role();
role.setName(generateRoleName(domainName, "tenant.readers"));
role.setTrust(tenantDomain);
roles.add(role);
role = new Role();
role.setName(generateRoleName(domainName, serviceName + ".tenant." + tenantDomain + ".admin"));
role.setTrust(tenantDomain);
roles.add(role);
List<Entity> entities = new ArrayList<>();
String authzDetails = "{\"type\":\"message_access\",\"roles\":[" + "{\"name\":\"writers\",\"optional\":false},{\"name\":" + "\"editors\"}],\"fields\":[{\"name\":\"location\",\"optional\":true}," + "{\"name\":\"identifier\",\"optional\":false},{\"name\":\"resource\"}]}";
Entity entity = new Entity().setName(ResourceUtils.entityResourceName(domainName, "zts.authorization_details_setup1")).setValue(new Struct().with("data", authzDetails));
entities.add(entity);
authzDetails = "{\"type\":\"record_access\",\"roles\":[" + "{\"name\":\"writers\",\"optional\":false},{\"name\":" + "\"editors\"}],\"fields\":[{\"name\":\"location\",\"optional\":true}," + "{\"name\":\"identifier\",\"optional\":false}]}";
entity = new Entity().setName(ResourceUtils.entityResourceName(domainName, "zts.authorization_details_setup2")).setValue(new Struct().with("data", authzDetails));
entities.add(entity);
entity = new Entity().setName(ResourceUtils.entityResourceName(domainName, "entity1")).setValue(new Struct().with("key", "value"));
entities.add(entity);
// this one is invalid and will be skipped
authzDetails = "{\"type\":\"record_access\",\"data\":[" + "{\"name\":\"writers\",\"optional\":false},{\"name\":" + "\"editors\"}],\"fields\":[{\"name\":\"location\",\"optional\":true}," + "{\"name\":\"identifier\",\"optional\":false}]}";
entity = new Entity().setName(ResourceUtils.entityResourceName(domainName, "zts.authorization_details_setup3")).setValue(new Struct().with("data", authzDetails));
entities.add(entity);
List<ServiceIdentity> services = new ArrayList<>();
if (includeServices) {
ServiceIdentity service = new ServiceIdentity();
service.setName(generateServiceIdentityName(domainName, serviceName));
service.setProviderEndpoint("https://localhost:4443/zts");
setServicePublicKey(service, "0", ZTS_Y64_CERT0);
List<String> hosts = new ArrayList<>();
hosts.add("host1");
hosts.add("host2");
service.setHosts(hosts);
services.add(service);
service = new ServiceIdentity();
service.setName(generateServiceIdentityName(domainName, "backup"));
setServicePublicKey(service, "0", ZTS_Y64_CERT0);
hosts = new ArrayList<>();
hosts.add("host2");
hosts.add("host3");
service.setHosts(hosts);
services.add(service);
}
List<com.yahoo.athenz.zms.Policy> policies = new ArrayList<>();
com.yahoo.athenz.zms.Policy policy = new com.yahoo.athenz.zms.Policy();
com.yahoo.athenz.zms.Assertion assertion = new com.yahoo.athenz.zms.Assertion();
assertion.setResource(domainName + ":tenant." + tenantDomain + ".*");
assertion.setAction("read");
assertion.setRole(generateRoleName(domainName, "tenant.readers"));
List<com.yahoo.athenz.zms.Assertion> assertions = new ArrayList<>();
assertions.add(assertion);
policy.setAssertions(assertions);
policy.setName(generatePolicyName(domainName, "tenant.reader"));
policies.add(policy);
// tenant admin domain
policy = new com.yahoo.athenz.zms.Policy();
assertion = new com.yahoo.athenz.zms.Assertion();
assertion.setResource(domainName + ":service." + serviceName + ".tenant." + tenantDomain + ".*");
assertion.setAction("read");
assertion.setRole(generateRoleName(domainName, serviceName + ".tenant." + tenantDomain + ".admin"));
assertions = new ArrayList<>();
assertions.add(assertion);
policy.setAssertions(assertions);
policy.setName(generatePolicyName(domainName, serviceName + ".tenant." + tenantDomain + ".admin"));
policies.add(policy);
com.yahoo.athenz.zms.DomainPolicies domainPolicies = new com.yahoo.athenz.zms.DomainPolicies();
domainPolicies.setDomain(domainName);
domainPolicies.setPolicies(policies);
com.yahoo.athenz.zms.SignedPolicies signedPolicies = new com.yahoo.athenz.zms.SignedPolicies();
signedPolicies.setContents(domainPolicies);
signedPolicies.setSignature(Crypto.sign(SignUtils.asCanonicalString(domainPolicies), privateKey));
signedPolicies.setKeyId("0");
DomainData domain = new DomainData();
domain.setName(domainName);
domain.setRoles(roles);
domain.setGroups(groups);
domain.setServices(services);
domain.setPolicies(signedPolicies);
domain.setEntities(entities);
domain.setModified(Timestamp.fromCurrentTime());
signedDomain.setDomain(domain);
signedDomain.setSignature(Crypto.sign(SignUtils.asCanonicalString(domain), privateKey));
signedDomain.setKeyId("0");
return signedDomain;
}
Also used :
Policy(com.yahoo.athenz.zms.Policy)
AuthzDetailsEntity(com.yahoo.athenz.common.config.AuthzDetailsEntity)
Assertion(com.yahoo.athenz.zms.Assertion)
Struct(com.yahoo.rdl.Struct)
com.yahoo.athenz.zms(com.yahoo.athenz.zms)
Policy(com.yahoo.athenz.zms.Policy)
ServiceIdentity(com.yahoo.athenz.zms.ServiceIdentity)
Assertion(com.yahoo.athenz.zms.Assertion)
Aggregations
Struct (com.yahoo.rdl.Struct)61
Test (org.testng.annotations.Test)30
Array (com.yahoo.rdl.Array)10
ZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)7
AuthzDetailsEntity (com.yahoo.athenz.common.config.AuthzDetailsEntity)5
Path (java.nio.file.Path)4
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)3
Assertion (com.yahoo.athenz.zms.Assertion)3
Policy (com.yahoo.athenz.zms.Policy)3
ZpeMatch (com.yahoo.athenz.zpe.match.ZpeMatch)3
File (java.io.File)3
AuthzDetailsField (com.yahoo.athenz.common.config.AuthzDetailsField)2
FilesHelper (com.yahoo.athenz.common.server.util.FilesHelper)2
PublicKeyEntry (com.yahoo.athenz.zms.PublicKeyEntry)2
ServiceIdentity (com.yahoo.athenz.zms.ServiceIdentity)2
FileNotFoundException (java.io.FileNotFoundException)2
IOException (java.io.IOException)2
BasicSessionCredentials (com.amazonaws.auth.BasicSessionCredentials)1
JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)1
AthenzConfig (com.yahoo.athenz.common.config.AthenzConfig)1
