use of io.envoyproxy.envoy.config.rbac.v3.Policy in project google-cloud-java by GoogleCloudPlatform.
the class SubscriptionAdminClientTest method setIamPolicyTest.
@Test
@SuppressWarnings("all")
public void setIamPolicyTest() {
int version = 351608024;
ByteString etag = ByteString.copyFromUtf8("21");
Policy expectedResponse = Policy.newBuilder().setVersion(version).setEtag(etag).build();
mockIAMPolicy.addResponse(expectedResponse);
String formattedResource = SubscriptionName.create("[PROJECT]", "[SUBSCRIPTION]").toString();
Policy policy = Policy.newBuilder().build();
Policy actualResponse = client.setIamPolicy(formattedResource, policy);
Assert.assertEquals(expectedResponse, actualResponse);
List<GeneratedMessageV3> actualRequests = mockIAMPolicy.getRequests();
Assert.assertEquals(1, actualRequests.size());
SetIamPolicyRequest actualRequest = (SetIamPolicyRequest) actualRequests.get(0);
Assert.assertEquals(formattedResource, actualRequest.getResource());
Assert.assertEquals(policy, actualRequest.getPolicy());
}
use of io.envoyproxy.envoy.config.rbac.v3.Policy in project openstack4j by ContainX.
the class KeystonePolicyServiceTest method policy_update_Test.
// ------------ Policy Tests ------------
// The following tests are to verify the update() method of the
// PolicyService using HTTP PATCH, which is not supported by betamax.
// Find more tests in KeystonePolicyServiceSpec in core-integration-test
// module.
public void policy_update_Test() throws Exception {
respondWith(JSON_POLICIES_GET_BYID);
Policy policy_setToUpdate = osv3().identity().policies().get(POLICY_ID);
respondWith(JSON_POLICIES_UPDATE);
Policy updatedPolicy = osv3().identity().policies().update(policy_setToUpdate.toBuilder().blob(POLICY_BLOB_UPDATE).build());
assertEquals(updatedPolicy.getId(), POLICY_ID);
assertEquals(updatedPolicy.getBlob(), POLICY_BLOB_UPDATE);
assertEquals(updatedPolicy.getProjectId(), POLICY_PROJECT_ID);
assertEquals(updatedPolicy.getUserId(), POLICY_USER_ID);
assertEquals(updatedPolicy.getType(), POLICY_TYPE);
}
use of io.envoyproxy.envoy.config.rbac.v3.Policy in project grpc-java by grpc.
the class RbacFilterTest method handleException.
@Test
public void handleException() {
PathMatcher pathMatcher = PathMatcher.newBuilder().setPath(StringMatcher.newBuilder().build()).build();
List<Permission> permissionList = Arrays.asList(Permission.newBuilder().setUrlPath(pathMatcher).build());
List<Principal> principalList = Arrays.asList(Principal.newBuilder().setUrlPath(pathMatcher).build());
ConfigOrError<?> result = parse(permissionList, principalList);
assertThat(result.errorDetail).isNotNull();
permissionList = Arrays.asList(Permission.newBuilder().build());
principalList = Arrays.asList(Principal.newBuilder().build());
result = parse(permissionList, principalList);
assertThat(result.errorDetail).isNotNull();
Message rawProto = io.envoyproxy.envoy.extensions.filters.http.rbac.v3.RBAC.newBuilder().setRules(RBAC.newBuilder().setAction(Action.DENY).putPolicies("policy-name", Policy.newBuilder().setCondition(Expr.newBuilder().build()).build()).build()).build();
result = new RbacFilter().parseFilterConfig(Any.pack(rawProto));
assertThat(result.errorDetail).isNotNull();
}
use of io.envoyproxy.envoy.config.rbac.v3.Policy in project grpc-java by grpc.
the class AuthorizationPolicyTranslatorTest method parseSourceSuccess.
@Test
public void parseSourceSuccess() throws Exception {
String policy = "{" + " \"name\" : \"authz\" ," + " \"deny_rules\": [" + " {" + " \"name\": \"deny_users\"," + " \"source\": {" + " \"principals\": [" + " \"spiffe://foo.com\"," + " \"spiffe://bar*\"," + " \"*baz\"," + " \"spiffe://*.com\"" + " ]" + " }" + " }" + " ]," + " \"allow_rules\": [" + " {" + " \"name\": \"allow_any\"," + " \"source\": {" + " \"principals\": [" + " \"*\"" + " ]" + " }" + " }" + " ]" + "}";
List<RBAC> rbacs = AuthorizationPolicyTranslator.translate(policy);
assertEquals(2, rbacs.size());
RBAC expected_deny_rbac = RBAC.newBuilder().setAction(Action.DENY).putPolicies("authz_deny_users", Policy.newBuilder().addPrincipals(Principal.newBuilder().setOrIds(Principal.Set.newBuilder().addIds(Principal.newBuilder().setAuthenticated(Authenticated.newBuilder().setPrincipalName(StringMatcher.newBuilder().setExact("spiffe://foo.com").build()).build()).build()).addIds(Principal.newBuilder().setAuthenticated(Authenticated.newBuilder().setPrincipalName(StringMatcher.newBuilder().setPrefix("spiffe://bar").build()).build()).build()).addIds(Principal.newBuilder().setAuthenticated(Authenticated.newBuilder().setPrincipalName(StringMatcher.newBuilder().setSuffix("baz").build()).build()).build()).addIds(Principal.newBuilder().setAuthenticated(Authenticated.newBuilder().setPrincipalName(StringMatcher.newBuilder().setExact("spiffe://*.com").build()).build()).build()).build()).build()).addPermissions(Permission.newBuilder().setAny(true)).build()).build();
RBAC expected_allow_rbac = RBAC.newBuilder().setAction(Action.ALLOW).putPolicies("authz_allow_any", Policy.newBuilder().addPrincipals(Principal.newBuilder().setOrIds(Principal.Set.newBuilder().addIds(Principal.newBuilder().setAuthenticated(Authenticated.newBuilder().setPrincipalName(StringMatcher.newBuilder().setSafeRegex(RegexMatcher.newBuilder().setRegex(".+").build()).build()).build()).build()).build()).build()).addPermissions(Permission.newBuilder().setAny(true)).build()).build();
assertEquals(expected_deny_rbac, rbacs.get(0));
assertEquals(expected_allow_rbac, rbacs.get(1));
}
use of io.envoyproxy.envoy.config.rbac.v3.Policy in project grpc-java by grpc.
the class AuthorizationPolicyTranslatorTest method parseRequestSuccess.
@Test
public void parseRequestSuccess() throws Exception {
String policy = "{" + " \"name\" : \"authz\" ," + " \"deny_rules\": [" + " {" + " \"name\": \"deny_access\"," + " \"request\": {" + " \"paths\": [" + " \"/pkg.service/foo\"," + " \"/pkg.service/bar*\"" + " ]," + " \"headers\": [" + " {" + " \"key\": \"dev-path\"," + " \"values\": [\"/dev/path/*\"]" + " }" + " ]" + " }" + " }" + " ]," + " \"allow_rules\": [" + " {" + " \"name\": \"allow_access1\"," + " \"request\": {" + " \"headers\": [" + " {" + " \"key\": \"key-1\"," + " \"values\": [" + " \"foo\"," + " \"*bar\"" + " ]" + " }," + " {" + " \"key\": \"key-2\"," + " \"values\": [" + " \"*\"" + " ]" + " }" + " ]" + " }" + " }," + " {" + " \"name\": \"allow_access2\"," + " \"request\": {" + " \"paths\": [" + " \"*baz\"" + " ]" + " }" + " }" + " ]" + "}";
List<RBAC> rbacs = AuthorizationPolicyTranslator.translate(policy);
assertEquals(2, rbacs.size());
RBAC expected_deny_rbac = RBAC.newBuilder().setAction(Action.DENY).putPolicies("authz_deny_access", Policy.newBuilder().addPermissions(Permission.newBuilder().setAndRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setOrRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setUrlPath(PathMatcher.newBuilder().setPath(StringMatcher.newBuilder().setExact("/pkg.service/foo").build()).build()).build()).addRules(Permission.newBuilder().setUrlPath(PathMatcher.newBuilder().setPath(StringMatcher.newBuilder().setPrefix("/pkg.service/bar").build()).build()).build()).build()).build()).addRules(Permission.newBuilder().setAndRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setOrRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setHeader(HeaderMatcher.newBuilder().setName("dev-path").setStringMatch(StringMatcher.newBuilder().setPrefix("/dev/path/").build()).build()).build()).build()).build()).build()).build()).build())).addPrincipals(Principal.newBuilder().setAny(true)).build()).build();
RBAC expected_allow_rbac = RBAC.newBuilder().setAction(Action.ALLOW).putPolicies("authz_allow_access1", Policy.newBuilder().addPermissions(Permission.newBuilder().setAndRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setAndRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setOrRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setHeader(HeaderMatcher.newBuilder().setName("key-1").setStringMatch(StringMatcher.newBuilder().setExact("foo").build()).build()).build()).addRules(Permission.newBuilder().setHeader(HeaderMatcher.newBuilder().setName("key-1").setStringMatch(StringMatcher.newBuilder().setSuffix("bar").build()).build()).build()).build()).build()).addRules(Permission.newBuilder().setOrRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setHeader(HeaderMatcher.newBuilder().setName("key-2").setStringMatch(StringMatcher.newBuilder().setSafeRegex(RegexMatcher.newBuilder().setRegex(".+").build()).build()).build()).build()).build()).build()).build()).build()).build())).addPrincipals(Principal.newBuilder().setAny(true)).build()).putPolicies("authz_allow_access2", Policy.newBuilder().addPermissions(Permission.newBuilder().setAndRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setOrRules(Permission.Set.newBuilder().addRules(Permission.newBuilder().setUrlPath(PathMatcher.newBuilder().setPath(StringMatcher.newBuilder().setSuffix("baz").build()).build()).build()).build()).build()).build())).addPrincipals(Principal.newBuilder().setAny(true)).build()).build();
assertEquals(expected_deny_rbac, rbacs.get(0));
assertEquals(expected_allow_rbac, rbacs.get(1));
}
Aggregations