Search in sources :

Example 11 with PermissionEntry

use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.

the class CredentialsControllerTypeSpecificSetTest method creatingACredential_createsRequestedPermissions_andFullPermissionsForCurrentUser.

@Test
public void creatingACredential_createsRequestedPermissions_andFullPermissionsForCurrentUser() throws Exception {
    MockHttpServletRequestBuilder putRequest = put("/api/v1/data").header("Authorization", "Bearer " + UAA_OAUTH2_PASSWORD_GRANT_TOKEN).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content("{" + "\"name\":\"" + CREDENTIAL_NAME + "\"," + "\"type\":\"" + parametizer.credentialType + "\"," + "\"value\":" + parametizer.credentialValue + "," + "\"overwrite\":" + false + "," + "\"additional_permissions\": [" + "{\"actor\": \"app1-guid\"," + "\"operations\": [\"read\"]}]" + "}");
    MockHttpServletRequestBuilder getRequest = get("/api/v1/permissions?credential_name=" + CREDENTIAL_NAME).header("Authorization", "Bearer " + UAA_OAUTH2_PASSWORD_GRANT_TOKEN);
    mockMvc.perform(putRequest).andExpect(status().isOk());
    String responseContent = mockMvc.perform(getRequest).andExpect(status().isOk()).andReturn().getResponse().getContentAsString();
    PermissionsView acl = JsonTestHelper.deserialize(responseContent, PermissionsView.class);
    assertThat(acl.getCredentialName(), equalTo(CREDENTIAL_NAME));
    assertThat(acl.getPermissions(), containsInAnyOrder(samePropertyValuesAs(new PermissionEntry(UAA_OAUTH2_PASSWORD_GRANT_ACTOR_ID, asList(READ, WRITE, DELETE, READ_ACL, WRITE_ACL))), samePropertyValuesAs(new PermissionEntry("app1-guid", asList(READ)))));
}
Also used : PermissionsView(org.cloudfoundry.credhub.view.PermissionsView) MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder) PermissionEntry(org.cloudfoundry.credhub.request.PermissionEntry) SpringBootTest(org.springframework.boot.test.context.SpringBootTest) Test(org.junit.Test)

Example 12 with PermissionEntry

use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.

the class PermissionDataServiceTest method seedDatabase.

private void seedDatabase() {
    ValueCredentialVersionData valueCredentialData = new ValueCredentialVersionData(CREDENTIAL_NAME);
    credential = valueCredentialData.getCredential();
    ValueCredentialVersionData noAccessValueCredentialData = new ValueCredentialVersionData(NO_ACCESS_CREDENTIAL_NAME);
    Credential noAccessValueCredential = noAccessValueCredentialData.getCredential();
    Credential noAccessCredential = credentialDataService.save(noAccessValueCredential);
    this.credential = credentialDataService.save(this.credential);
    subject.savePermissions(this.credential, singletonList(new PermissionEntry(LUKE, newArrayList(WRITE, DELETE))));
    subject.savePermissions(this.credential, singletonList(new PermissionEntry(LEIA, singletonList(READ))));
    subject.savePermissions(this.credential, singletonList(new PermissionEntry(HAN_SOLO, newArrayList(READ_ACL, WRITE_ACL))));
}
Also used : Credential(org.cloudfoundry.credhub.entity.Credential) PermissionEntry(org.cloudfoundry.credhub.request.PermissionEntry) ValueCredentialVersionData(org.cloudfoundry.credhub.entity.ValueCredentialVersionData)

Example 13 with PermissionEntry

use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.

the class PermissionsControllerTest method POST_returnsASuccessfulEmptyResponse.

@Test
public void POST_returnsASuccessfulEmptyResponse() throws Exception {
    grantPermissions(mockMvc, "test-credential-name", UAA_OAUTH2_PASSWORD_GRANT_TOKEN, "test-actor", "read", "write");
    ArgumentCaptor<PermissionsRequest> captor = ArgumentCaptor.forClass(PermissionsRequest.class);
    verify(permissionsHandler, times(1)).setPermissions(captor.capture(), any(List.class));
    PermissionsRequest permissionsRequest = captor.getValue();
    List<PermissionEntry> accessControlEntries = permissionsRequest.getPermissions();
    assertThat(accessControlEntries, hasItem(allOf(hasProperty("actor", equalTo("test-actor")), hasProperty("allowedOperations", hasItems(PermissionOperation.READ, PermissionOperation.WRITE)))));
}
Also used : PermissionsRequest(org.cloudfoundry.credhub.request.PermissionsRequest) PermissionEntry(org.cloudfoundry.credhub.request.PermissionEntry) List(java.util.List) Lists.newArrayList(com.google.common.collect.Lists.newArrayList) SpringBootTest(org.springframework.boot.test.context.SpringBootTest) Test(org.junit.Test)

Example 14 with PermissionEntry

use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.

the class EventAuditRecordParametersFactoryTest method createPermissionsEventAuditParameters_returnsPermissionsEventsList.

@Test
public void createPermissionsEventAuditParameters_returnsPermissionsEventsList() {
    String credentialName = "/test";
    List<PermissionEntry> permissionEntryList = asList(new PermissionEntry("actor1", asList(PermissionOperation.READ, PermissionOperation.WRITE)), new PermissionEntry("actor2", asList(PermissionOperation.READ_ACL, PermissionOperation.WRITE_ACL)));
    List<EventAuditRecordParameters> permissionsEventAuditParameters = EventAuditRecordParametersFactory.createPermissionsEventAuditParameters(AuditingOperationCode.ACL_UPDATE, credentialName, permissionEntryList);
    assertThat(permissionsEventAuditParameters, containsInAnyOrder(samePropertyValuesAs(new EventAuditRecordParameters(AuditingOperationCode.ACL_UPDATE, credentialName, PermissionOperation.READ, "actor1")), samePropertyValuesAs(new EventAuditRecordParameters(AuditingOperationCode.ACL_UPDATE, credentialName, PermissionOperation.WRITE, "actor1")), samePropertyValuesAs(new EventAuditRecordParameters(AuditingOperationCode.ACL_UPDATE, credentialName, PermissionOperation.READ_ACL, "actor2")), samePropertyValuesAs(new EventAuditRecordParameters(AuditingOperationCode.ACL_UPDATE, credentialName, PermissionOperation.WRITE_ACL, "actor2"))));
}
Also used : PermissionEntry(org.cloudfoundry.credhub.request.PermissionEntry) Test(org.junit.Test)

Example 15 with PermissionEntry

use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.

the class NoOverwriteTest method whenMultipleThreadsGenerateCredentialWithSameNameAndNoOverwrite_itShouldNotOverwrite.

@Test
public void whenMultipleThreadsGenerateCredentialWithSameNameAndNoOverwrite_itShouldNotOverwrite() throws Exception {
    // We need to set the parameters so that we can determine which actor's request won,
    // even with authorization enforcement disabled.
    runRequestsConcurrently(CREDENTIAL_NAME, ",\"parameters\":{\"exclude_lower\":true,\"exclude_upper\":true}", ",\"parameters\":{\"exclude_number\":true}", () -> post("/api/v1/data"));
    MvcResult result1 = responses[0].andDo(print()).andReturn();
    final DocumentContext context1 = JsonPath.parse(result1.getResponse().getContentAsString());
    MvcResult result2 = responses[1].andDo(print()).andReturn();
    final DocumentContext context2 = JsonPath.parse(result2.getResponse().getContentAsString());
    assertThat(context1.read("$.value"), equalTo(context2.read("$.value")));
    MockHttpServletResponse response1 = mockMvc.perform(get("/api/v1/permissions?credential_name=" + CREDENTIAL_NAME).header("Authorization", "Bearer " + UAA_OAUTH2_PASSWORD_GRANT_TOKEN)).andDo(print()).andReturn().getResponse();
    MockHttpServletResponse response2 = mockMvc.perform(get("/api/v1/permissions?credential_name=" + CREDENTIAL_NAME).header("Authorization", "Bearer " + UAA_OAUTH2_CLIENT_CREDENTIALS_TOKEN)).andDo(print()).andReturn().getResponse();
    String winningPassword = context1.read("$.value");
    String winningActor;
    String winningResponse;
    if (winningPassword.matches("\\d+")) {
        winningActor = UAA_OAUTH2_PASSWORD_GRANT_ACTOR_ID;
        winningResponse = response1.getContentAsString();
    } else {
        winningActor = UAA_OAUTH2_CLIENT_CREDENTIALS_ACTOR_ID;
        winningResponse = response2.getContentAsString();
    }
    PermissionsView acl = JsonTestHelper.deserialize(winningResponse, PermissionsView.class);
    assertThat(acl.getPermissions(), containsInAnyOrder(samePropertyValuesAs(new PermissionEntry(winningActor, asList(READ, WRITE, DELETE, READ_ACL, WRITE_ACL))), samePropertyValuesAs(new PermissionEntry("uaa-client:a-different-actor", singletonList(READ)))));
}
Also used : PermissionsView(org.cloudfoundry.credhub.view.PermissionsView) PermissionEntry(org.cloudfoundry.credhub.request.PermissionEntry) MvcResult(org.springframework.test.web.servlet.MvcResult) DocumentContext(com.jayway.jsonpath.DocumentContext) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) SpringBootTest(org.springframework.boot.test.context.SpringBootTest) Test(org.junit.Test)

Aggregations

PermissionEntry (org.cloudfoundry.credhub.request.PermissionEntry)33 Test (org.junit.Test)26 PermissionsView (org.cloudfoundry.credhub.view.PermissionsView)19 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)16 EventAuditRecordParameters (org.cloudfoundry.credhub.audit.EventAuditRecordParameters)6 MvcResult (org.springframework.test.web.servlet.MvcResult)5 CredentialVersion (org.cloudfoundry.credhub.domain.CredentialVersion)3 InvalidPermissionOperationException (org.cloudfoundry.credhub.exceptions.InvalidPermissionOperationException)3 PermissionOperation (org.cloudfoundry.credhub.request.PermissionOperation)3 Lists.newArrayList (com.google.common.collect.Lists.newArrayList)2 DocumentContext (com.jayway.jsonpath.DocumentContext)2 List (java.util.List)2 PasswordCredentialVersion (org.cloudfoundry.credhub.domain.PasswordCredentialVersion)2 Credential (org.cloudfoundry.credhub.entity.Credential)2 ValueCredentialVersionData (org.cloudfoundry.credhub.entity.ValueCredentialVersionData)2 EntryNotFoundException (org.cloudfoundry.credhub.exceptions.EntryNotFoundException)2 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)2 ArrayList (java.util.ArrayList)1 PermissionException (org.cloudfoundry.credhub.exceptions.PermissionException)1 PermissionsRequest (org.cloudfoundry.credhub.request.PermissionsRequest)1