Examples with Policy io.envoyproxy.envoy.config.rbac.v3.Policy used on opensource projects

Search in sources :

Example 21 with Policy

use of io.envoyproxy.envoy.config.rbac.v3.Policy in project google-cloud-java by GoogleCloudPlatform.

the class SubscriptionAdminClientTest method setIamPolicyTest.

@Test
@SuppressWarnings("all")
public void setIamPolicyTest() {
    int version = 351608024;
    ByteString etag = ByteString.copyFromUtf8("21");
    Policy expectedResponse = Policy.newBuilder().setVersion(version).setEtag(etag).build();
    mockIAMPolicy.addResponse(expectedResponse);
    String formattedResource = SubscriptionName.create("[PROJECT]", "[SUBSCRIPTION]").toString();
    Policy policy = Policy.newBuilder().build();
    Policy actualResponse = client.setIamPolicy(formattedResource, policy);
    Assert.assertEquals(expectedResponse, actualResponse);
    List<GeneratedMessageV3> actualRequests = mockIAMPolicy.getRequests();
    Assert.assertEquals(1, actualRequests.size());
    SetIamPolicyRequest actualRequest = (SetIamPolicyRequest) actualRequests.get(0);
    Assert.assertEquals(formattedResource, actualRequest.getResource());
    Assert.assertEquals(policy, actualRequest.getPolicy());
}
Also used : Policy(com.google.iam.v1.Policy) SetIamPolicyRequest(com.google.iam.v1.SetIamPolicyRequest) ByteString(com.google.protobuf.ByteString) ByteString(com.google.protobuf.ByteString) GeneratedMessageV3(com.google.protobuf.GeneratedMessageV3) Test(org.junit.Test)

Example 22 with Policy

use of io.envoyproxy.envoy.config.rbac.v3.Policy in project openstack4j by ContainX.

the class KeystonePolicyServiceTest method policy_update_Test.

// ------------ Policy Tests ------------
// The following tests are to verify the update() method of the
// PolicyService using HTTP PATCH, which is not supported by betamax.
// Find more tests in KeystonePolicyServiceSpec in core-integration-test
// module.
public void policy_update_Test() throws Exception {
    respondWith(JSON_POLICIES_GET_BYID);
    Policy policy_setToUpdate = osv3().identity().policies().get(POLICY_ID);
    respondWith(JSON_POLICIES_UPDATE);
    Policy updatedPolicy = osv3().identity().policies().update(policy_setToUpdate.toBuilder().blob(POLICY_BLOB_UPDATE).build());
    assertEquals(updatedPolicy.getId(), POLICY_ID);
    assertEquals(updatedPolicy.getBlob(), POLICY_BLOB_UPDATE);
    assertEquals(updatedPolicy.getProjectId(), POLICY_PROJECT_ID);
    assertEquals(updatedPolicy.getUserId(), POLICY_USER_ID);
    assertEquals(updatedPolicy.getType(), POLICY_TYPE);
}
Also used : Policy(org.openstack4j.model.identity.v3.Policy)

Example 23 with Policy

use of io.envoyproxy.envoy.config.rbac.v3.Policy in project grpc-java by grpc.

the class RbacFilterTest method handleException.

@Test
public void handleException() {
    PathMatcher pathMatcher = PathMatcher.newBuilder().setPath(StringMatcher.newBuilder().build()).build();
    List<Permission> permissionList = Arrays.asList(Permission.newBuilder().setUrlPath(pathMatcher).build());
    List<Principal> principalList = Arrays.asList(Principal.newBuilder().setUrlPath(pathMatcher).build());
    ConfigOrError<?> result = parse(permissionList, principalList);
    assertThat(result.errorDetail).isNotNull();
    permissionList = Arrays.asList(Permission.newBuilder().build());
    principalList = Arrays.asList(Principal.newBuilder().build());
    result = parse(permissionList, principalList);
    assertThat(result.errorDetail).isNotNull();
    Message rawProto = io.envoyproxy.envoy.extensions.filters.http.rbac.v3.RBAC.newBuilder().setRules(RBAC.newBuilder().setAction(Action.DENY).putPolicies("policy-name", Policy.newBuilder().setCondition(Expr.newBuilder().build()).build()).build()).build();
    result = new RbacFilter().parseFilterConfig(Any.pack(rawProto));
    assertThat(result.errorDetail).isNotNull();
}
Also used : PathMatcher(io.envoyproxy.envoy.type.matcher.v3.PathMatcher) Message(com.google.protobuf.Message) Permission(io.envoyproxy.envoy.config.rbac.v3.Permission) Principal(io.envoyproxy.envoy.config.rbac.v3.Principal) Test(org.junit.Test)

Example 24 with Policy

use of io.envoyproxy.envoy.config.rbac.v3.Policy in project grpc-java by grpc.

the class AuthorizationPolicyTranslatorTest method parseSourceSuccess.

@Test
public void parseSourceSuccess() throws Exception {
    String policy = "{" + " \"name\" : \"authz\" ," + " \"deny_rules\": [" + "   {" + "     \"name\": \"deny_users\"," + "     \"source\": {" + "       \"principals\": [" + "         \"spiffe://foo.com\"," + "         \"spiffe://bar*\"," + "         \"*baz\"," + "         \"spiffe://*.com\"" + "       ]" + "     }" + "   }" + " ]," + " \"allow_rules\": [" + "   {" + "     \"name\": \"allow_any\"," + "     \"source\": {" + "       \"principals\": [" + "         \"*\"" + "       ]" + "     }" + "   }" + " ]" + "}";
    List<RBAC> rbacs = AuthorizationPolicyTranslator.translate(policy);
    assertEquals(2, rbacs.size());
    RBAC expected_deny_rbac = RBAC.newBuilder().setAction(Action.DENY).putPolicies("authz_deny_users", Policy.newBuilder().addPrincipals(Principal.newBuilder().setOrIds(Principal.Set.newBuilder().addIds(Principal.newBuilder().setAuthenticated(Authenticated.newBuilder().setPrincipalName(StringMatcher.newBuilder().setExact("spiffe://foo.com").build()).build()).build()).addIds(Principal.newBuilder().setAuthenticated(Authenticated.newBuilder().setPrincipalName(StringMatcher.newBuilder().setPrefix("spiffe://bar").build()).build()).build()).addIds(Principal.newBuilder().setAuthenticated(Authenticated.newBuilder().setPrincipalName(StringMatcher.newBuilder().setSuffix("baz").build()).build()).build()).addIds(Principal.newBuilder().setAuthenticated(Authenticated.newBuilder().setPrincipalName(StringMatcher.newBuilder().setExact("spiffe://*.com").build()).build()).build()).build()).build()).addPermissions(Permission.newBuilder().setAny(true)).build()).build();
    RBAC expected_allow_rbac = RBAC.newBuilder().setAction(Action.ALLOW).putPolicies("authz_allow_any", Policy.newBuilder().addPrincipals(Principal.newBuilder().setOrIds(Principal.Set.newBuilder().addIds(Principal.newBuilder().setAuthenticated(Authenticated.newBuilder().setPrincipalName(StringMatcher.newBuilder().setSafeRegex(RegexMatcher.newBuilder().setRegex(".+").build()).build()).build()).build()).build()).build()).addPermissions(Permission.newBuilder().setAny(true)).build()).build();
    assertEquals(expected_deny_rbac, rbacs.get(0));
    assertEquals(expected_allow_rbac, rbacs.get(1));
}
Also used : RBAC(io.envoyproxy.envoy.config.rbac.v3.RBAC) Test(org.junit.Test)

Example 25 with Policy

use of io.envoyproxy.envoy.config.rbac.v3.Policy in project grpc-java by grpc.

the class AuthorizationPolicyTranslatorTest method parseRequestSuccess.

@Test
public void parseRequestSuccess() throws Exception {
    String policy = "{" + " \"name\" : \"authz\" ," + " \"deny_rules\": [" + "   {" + "     \"name\": \"deny_access\"," + "     \"request\": {" + "       \"paths\": [" + "         \"/pkg.service/foo\"," + "         \"/pkg.service/bar*\"" + "       ]," + "       \"headers\": [" + "         {" + "           \"key\": \"dev-path\"," + "           \"values\": [\"/dev/path/*\"]" + "         }" + "       ]" + "     }" + "   }" + " ]," + " \"allow_rules\": [" + "   {" + "     \"name\": \"allow_access1\"," + "     \"request\": {" + "       \"headers\": [" + "         {" + "           \"key\": \"key-1\"," + "           \"values\": [" + "             \"foo\"," + "             \"*bar\"" + "           ]" + "         }," + "         {" + "           \"key\": \"key-2\"," + "           \"values\": [" + "             \"*\"" + "           ]" + "         }" + "       ]" + "     }" + "   }," + "   {" + "     \"name\": \"allow_access2\"," + "     \"request\": {" + "       \"paths\": [" + "         \"*baz\"" + "       ]" + "     }" + "   }" + " ]" + "}";
    List<RBAC> rbacs = AuthorizationPolicyTranslator.translate(policy);
    assertEquals(2, rbacs.size());
    RBAC expected_deny_rbac = RBAC.newBuilder().setAction(Action.DENY).putPolicies("authz_deny_access", Policy.newBuilder().addPermissions(Permission.newBuilder().setAndRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setOrRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setUrlPath(PathMatcher.newBuilder().setPath(StringMatcher.newBuilder().setExact("/pkg.service/foo").build()).build()).build()).addRules(Permission.newBuilder().setUrlPath(PathMatcher.newBuilder().setPath(StringMatcher.newBuilder().setPrefix("/pkg.service/bar").build()).build()).build()).build()).build()).addRules(Permission.newBuilder().setAndRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setOrRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setHeader(HeaderMatcher.newBuilder().setName("dev-path").setStringMatch(StringMatcher.newBuilder().setPrefix("/dev/path/").build()).build()).build()).build()).build()).build()).build()).build())).addPrincipals(Principal.newBuilder().setAny(true)).build()).build();
    RBAC expected_allow_rbac = RBAC.newBuilder().setAction(Action.ALLOW).putPolicies("authz_allow_access1", Policy.newBuilder().addPermissions(Permission.newBuilder().setAndRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setAndRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setOrRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setHeader(HeaderMatcher.newBuilder().setName("key-1").setStringMatch(StringMatcher.newBuilder().setExact("foo").build()).build()).build()).addRules(Permission.newBuilder().setHeader(HeaderMatcher.newBuilder().setName("key-1").setStringMatch(StringMatcher.newBuilder().setSuffix("bar").build()).build()).build()).build()).build()).addRules(Permission.newBuilder().setOrRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setHeader(HeaderMatcher.newBuilder().setName("key-2").setStringMatch(StringMatcher.newBuilder().setSafeRegex(RegexMatcher.newBuilder().setRegex(".+").build()).build()).build()).build()).build()).build()).build()).build()).build())).addPrincipals(Principal.newBuilder().setAny(true)).build()).putPolicies("authz_allow_access2", Policy.newBuilder().addPermissions(Permission.newBuilder().setAndRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setOrRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setUrlPath(PathMatcher.newBuilder().setPath(StringMatcher.newBuilder().setSuffix("baz").build()).build()).build()).build()).build()).build())).addPrincipals(Principal.newBuilder().setAny(true)).build()).build();
    assertEquals(expected_deny_rbac, rbacs.get(0));
    assertEquals(expected_allow_rbac, rbacs.get(1));
}
Also used : RBAC(io.envoyproxy.envoy.config.rbac.v3.RBAC) Test(org.junit.Test)

Aggregations

Policy (com.google.iam.v1.Policy)17 Test (org.junit.Test)16 ByteString (com.google.protobuf.ByteString)9 Binding (com.google.iam.v1.Binding)4 GeneratedMessageV3 (com.google.protobuf.GeneratedMessageV3)4 RBAC (io.envoyproxy.envoy.config.rbac.v3.RBAC)4 GetIamPolicyRequest (com.google.iam.v1.GetIamPolicyRequest)3 SetIamPolicyRequest (com.google.iam.v1.SetIamPolicyRequest)3 ApiException (com.google.api.gax.grpc.ApiException)2 SubscriptionAdminClient (com.google.cloud.pubsub.spi.v1.SubscriptionAdminClient)2 TopicAdminClient (com.google.cloud.pubsub.spi.v1.TopicAdminClient)2 SecurityCenterClient (com.google.cloud.securitycenter.v1.SecurityCenterClient)2 TestIamPermissionsResponse (com.google.iam.v1.TestIamPermissionsResponse)2 SubscriptionName (com.google.pubsub.v1.SubscriptionName)2 TopicName (com.google.pubsub.v1.TopicName)2 Permission (io.envoyproxy.envoy.config.rbac.v3.Permission)2 Policy (io.envoyproxy.envoy.config.rbac.v3.Policy)2 Principal (io.envoyproxy.envoy.config.rbac.v3.Principal)2 StatusRuntimeException (io.grpc.StatusRuntimeException)2 IOException (java.io.IOException)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial