Search in sources :

Example 1 with PermissionEntry

use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.

the class PermissionServiceTest method saveAccessControlEntries_withEntries_delegatesToDataService.

@Test
public void saveAccessControlEntries_withEntries_delegatesToDataService() {
    when(permissionCheckingService.userAllowedToOperateOnActor(eq(USER_NAME))).thenReturn(true);
    ArrayList<PermissionEntry> expectedEntries = newArrayList(new PermissionEntry(USER_NAME, PermissionOperation.READ));
    subject.savePermissions(expectedCredentialVersion, expectedEntries, auditRecordParameters, false, CREDENTIAL_NAME);
    verify(permissionDataService).savePermissions(expectedCredentialVersion.getCredential(), expectedEntries);
}
Also used : PermissionEntry(org.cloudfoundry.credhub.request.PermissionEntry) Test(org.junit.Test)

Example 2 with PermissionEntry

use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.

the class PermissionedCredentialServiceTest method save_whenThereIsANewCredentialAndSelfUpdatingAcls_throwsException.

@Test
public void save_whenThereIsANewCredentialAndSelfUpdatingAcls_throwsException() {
    when(request.getType()).thenReturn("password");
    when(request.getOverwriteMode()).thenReturn(CredentialWriteMode.OVERWRITE.mode);
    when(credentialVersionDataService.findMostRecent(CREDENTIAL_NAME)).thenReturn(null);
    when(credentialVersionDataService.save(any(CredentialVersion.class))).thenReturn(new PasswordCredentialVersion().setEncryptor(encryptor));
    when(permissionCheckingService.userAllowedToOperateOnActor("test-user")).thenReturn(true);
    when(permissionCheckingService.hasPermission(userContext.getActor(), CREDENTIAL_NAME, WRITE_ACL)).thenReturn(true);
    accessControlEntries.add(new PermissionEntry("test-user", Arrays.asList(WRITE, WRITE_ACL)));
    try {
        subject.save(existingCredentialVersion, credentialValue, request, auditRecordParameters);
    } catch (InvalidPermissionOperationException e) {
        assertThat(e.getMessage(), equalTo("error.permission.invalid_update_operation"));
    }
}
Also used : PermissionEntry(org.cloudfoundry.credhub.request.PermissionEntry) PasswordCredentialVersion(org.cloudfoundry.credhub.domain.PasswordCredentialVersion) InvalidPermissionOperationException(org.cloudfoundry.credhub.exceptions.InvalidPermissionOperationException) PasswordCredentialVersion(org.cloudfoundry.credhub.domain.PasswordCredentialVersion) CredentialVersion(org.cloudfoundry.credhub.domain.CredentialVersion) Test(org.junit.Test)

Example 3 with PermissionEntry

use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.

the class PermissionsHandlerTest method setPermissions_setsAndReturnsThePermissions.

@Test
public void setPermissions_setsAndReturnsThePermissions() {
    when(permissionCheckingService.hasPermission(any(String.class), eq(CREDENTIAL_NAME), eq(PermissionOperation.WRITE_ACL))).thenReturn(true);
    when(permissionCheckingService.userAllowedToOperateOnActor(ACTOR_NAME)).thenReturn(true);
    ArrayList<PermissionOperation> operations = newArrayList(PermissionOperation.READ, PermissionOperation.WRITE);
    PermissionEntry permissionEntry = new PermissionEntry(ACTOR_NAME, operations);
    List<PermissionEntry> accessControlList = newArrayList(permissionEntry);
    PermissionEntry preexistingPermissionEntry = new PermissionEntry(ACTOR_NAME2, Lists.newArrayList(PermissionOperation.READ));
    List<PermissionEntry> expectedControlList = newArrayList(permissionEntry, preexistingPermissionEntry);
    when(permissionService.getPermissions(credentialVersion, auditRecordParameters, CREDENTIAL_NAME)).thenReturn(expectedControlList);
    when(permissionsRequest.getCredentialName()).thenReturn(CREDENTIAL_NAME);
    when(permissionsRequest.getPermissions()).thenReturn(accessControlList);
    subject.setPermissions(permissionsRequest, auditRecordParameters);
    ArgumentCaptor<List> permissionsListCaptor = ArgumentCaptor.forClass(List.class);
    verify(permissionService).savePermissions(eq(credentialVersion), permissionsListCaptor.capture(), eq(auditRecordParameters), eq(false), eq(CREDENTIAL_NAME));
    List<PermissionEntry> accessControlEntries = permissionsListCaptor.getValue();
    PermissionEntry entry = accessControlEntries.get(0);
    assertThat(entry.getActor(), equalTo(ACTOR_NAME));
    assertThat(entry.getAllowedOperations(), contains(equalTo(PermissionOperation.READ), equalTo(PermissionOperation.WRITE)));
}
Also used : PermissionOperation(org.cloudfoundry.credhub.request.PermissionOperation) PermissionEntry(org.cloudfoundry.credhub.request.PermissionEntry) ArrayList(java.util.ArrayList) List(java.util.List) Lists.newArrayList(com.google.common.collect.Lists.newArrayList) Test(org.junit.Test)

Example 4 with PermissionEntry

use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.

the class PermissionAndCredentialTest method hasEditedAcl.

private void hasEditedAcl(String token) throws Exception {
    MvcResult result = mockMvc.perform(get("/api/v1/permissions?credential_name=/test-password").header("Authorization", "Bearer " + token)).andDo(print()).andExpect(status().isOk()).andReturn();
    String content = result.getResponse().getContentAsString();
    PermissionsView acl = JsonTestHelper.deserialize(content, PermissionsView.class);
    assertThat(acl.getCredentialName(), equalTo("/test-password"));
    assertThat(acl.getPermissions(), containsInAnyOrder(samePropertyValuesAs(new PermissionEntry(UAA_OAUTH2_PASSWORD_GRANT_ACTOR_ID, asList(READ, WRITE, DELETE, READ_ACL, WRITE_ACL))), samePropertyValuesAs(new PermissionEntry(MTLS_APP_GUID, asList(WRITE))), samePropertyValuesAs(new PermissionEntry(UAA_OAUTH2_CLIENT_CREDENTIALS_ACTOR_ID, asList(READ, WRITE, DELETE)))));
}
Also used : PermissionsView(org.cloudfoundry.credhub.view.PermissionsView) PermissionEntry(org.cloudfoundry.credhub.request.PermissionEntry) MvcResult(org.springframework.test.web.servlet.MvcResult)

Example 5 with PermissionEntry

use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.

the class PermissionsEndpointTest method POST_whenTheLeadingSlashIsMissing_prependsTheSlashCorrectly.

@Test
public void POST_whenTheLeadingSlashIsMissing_prependsTheSlashCorrectly() throws Exception {
    RequestHelper.grantPermissions(mockMvc, credentialName, AuthConstants.UAA_OAUTH2_PASSWORD_GRANT_TOKEN, "dan", "read");
    auditingHelper.verifyAuditing(AuthConstants.UAA_OAUTH2_PASSWORD_GRANT_ACTOR_ID, "/api/v1/permissions", 201, newArrayList(new EventAuditRecordParameters(ACL_UPDATE, credentialName, PermissionOperation.READ, "dan")));
    PermissionsView acl = RequestHelper.getPermissions(mockMvc, credentialName, AuthConstants.UAA_OAUTH2_PASSWORD_GRANT_TOKEN);
    assertThat(acl.getCredentialName(), equalTo(credentialName));
    assertThat(acl.getPermissions(), hasSize(2));
    assertThat(acl.getPermissions(), containsInAnyOrder(samePropertyValuesAs(new PermissionEntry(AuthConstants.UAA_OAUTH2_PASSWORD_GRANT_ACTOR_ID, asList(PermissionOperation.READ, PermissionOperation.WRITE, PermissionOperation.DELETE, PermissionOperation.READ_ACL, PermissionOperation.WRITE_ACL))), samePropertyValuesAs(new PermissionEntry("dan", singletonList(PermissionOperation.READ)))));
}
Also used : PermissionsView(org.cloudfoundry.credhub.view.PermissionsView) PermissionEntry(org.cloudfoundry.credhub.request.PermissionEntry) EventAuditRecordParameters(org.cloudfoundry.credhub.audit.EventAuditRecordParameters) Test(org.junit.Test) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Aggregations

PermissionEntry (org.cloudfoundry.credhub.request.PermissionEntry)33 Test (org.junit.Test)26 PermissionsView (org.cloudfoundry.credhub.view.PermissionsView)19 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)16 EventAuditRecordParameters (org.cloudfoundry.credhub.audit.EventAuditRecordParameters)6 MvcResult (org.springframework.test.web.servlet.MvcResult)5 CredentialVersion (org.cloudfoundry.credhub.domain.CredentialVersion)3 InvalidPermissionOperationException (org.cloudfoundry.credhub.exceptions.InvalidPermissionOperationException)3 PermissionOperation (org.cloudfoundry.credhub.request.PermissionOperation)3 Lists.newArrayList (com.google.common.collect.Lists.newArrayList)2 DocumentContext (com.jayway.jsonpath.DocumentContext)2 List (java.util.List)2 PasswordCredentialVersion (org.cloudfoundry.credhub.domain.PasswordCredentialVersion)2 Credential (org.cloudfoundry.credhub.entity.Credential)2 ValueCredentialVersionData (org.cloudfoundry.credhub.entity.ValueCredentialVersionData)2 EntryNotFoundException (org.cloudfoundry.credhub.exceptions.EntryNotFoundException)2 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)2 ArrayList (java.util.ArrayList)1 PermissionException (org.cloudfoundry.credhub.exceptions.PermissionException)1 PermissionsRequest (org.cloudfoundry.credhub.request.PermissionsRequest)1