use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.
the class CredentialsControllerTypeSpecificSetTest method creatingACredential_createsRequestedPermissions_andFullPermissionsForCurrentUser.
@Test
public void creatingACredential_createsRequestedPermissions_andFullPermissionsForCurrentUser() throws Exception {
MockHttpServletRequestBuilder putRequest = put("/api/v1/data").header("Authorization", "Bearer " + UAA_OAUTH2_PASSWORD_GRANT_TOKEN).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content("{" + "\"name\":\"" + CREDENTIAL_NAME + "\"," + "\"type\":\"" + parametizer.credentialType + "\"," + "\"value\":" + parametizer.credentialValue + "," + "\"overwrite\":" + false + "," + "\"additional_permissions\": [" + "{\"actor\": \"app1-guid\"," + "\"operations\": [\"read\"]}]" + "}");
MockHttpServletRequestBuilder getRequest = get("/api/v1/permissions?credential_name=" + CREDENTIAL_NAME).header("Authorization", "Bearer " + UAA_OAUTH2_PASSWORD_GRANT_TOKEN);
mockMvc.perform(putRequest).andExpect(status().isOk());
String responseContent = mockMvc.perform(getRequest).andExpect(status().isOk()).andReturn().getResponse().getContentAsString();
PermissionsView acl = JsonTestHelper.deserialize(responseContent, PermissionsView.class);
assertThat(acl.getCredentialName(), equalTo(CREDENTIAL_NAME));
assertThat(acl.getPermissions(), containsInAnyOrder(samePropertyValuesAs(new PermissionEntry(UAA_OAUTH2_PASSWORD_GRANT_ACTOR_ID, asList(READ, WRITE, DELETE, READ_ACL, WRITE_ACL))), samePropertyValuesAs(new PermissionEntry("app1-guid", asList(READ)))));
}
use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.
the class PermissionDataServiceTest method seedDatabase.
private void seedDatabase() {
ValueCredentialVersionData valueCredentialData = new ValueCredentialVersionData(CREDENTIAL_NAME);
credential = valueCredentialData.getCredential();
ValueCredentialVersionData noAccessValueCredentialData = new ValueCredentialVersionData(NO_ACCESS_CREDENTIAL_NAME);
Credential noAccessValueCredential = noAccessValueCredentialData.getCredential();
Credential noAccessCredential = credentialDataService.save(noAccessValueCredential);
this.credential = credentialDataService.save(this.credential);
subject.savePermissions(this.credential, singletonList(new PermissionEntry(LUKE, newArrayList(WRITE, DELETE))));
subject.savePermissions(this.credential, singletonList(new PermissionEntry(LEIA, singletonList(READ))));
subject.savePermissions(this.credential, singletonList(new PermissionEntry(HAN_SOLO, newArrayList(READ_ACL, WRITE_ACL))));
}
use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.
the class PermissionsControllerTest method POST_returnsASuccessfulEmptyResponse.
@Test
public void POST_returnsASuccessfulEmptyResponse() throws Exception {
grantPermissions(mockMvc, "test-credential-name", UAA_OAUTH2_PASSWORD_GRANT_TOKEN, "test-actor", "read", "write");
ArgumentCaptor<PermissionsRequest> captor = ArgumentCaptor.forClass(PermissionsRequest.class);
verify(permissionsHandler, times(1)).setPermissions(captor.capture(), any(List.class));
PermissionsRequest permissionsRequest = captor.getValue();
List<PermissionEntry> accessControlEntries = permissionsRequest.getPermissions();
assertThat(accessControlEntries, hasItem(allOf(hasProperty("actor", equalTo("test-actor")), hasProperty("allowedOperations", hasItems(PermissionOperation.READ, PermissionOperation.WRITE)))));
}
use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.
the class EventAuditRecordParametersFactoryTest method createPermissionsEventAuditParameters_returnsPermissionsEventsList.
@Test
public void createPermissionsEventAuditParameters_returnsPermissionsEventsList() {
String credentialName = "/test";
List<PermissionEntry> permissionEntryList = asList(new PermissionEntry("actor1", asList(PermissionOperation.READ, PermissionOperation.WRITE)), new PermissionEntry("actor2", asList(PermissionOperation.READ_ACL, PermissionOperation.WRITE_ACL)));
List<EventAuditRecordParameters> permissionsEventAuditParameters = EventAuditRecordParametersFactory.createPermissionsEventAuditParameters(AuditingOperationCode.ACL_UPDATE, credentialName, permissionEntryList);
assertThat(permissionsEventAuditParameters, containsInAnyOrder(samePropertyValuesAs(new EventAuditRecordParameters(AuditingOperationCode.ACL_UPDATE, credentialName, PermissionOperation.READ, "actor1")), samePropertyValuesAs(new EventAuditRecordParameters(AuditingOperationCode.ACL_UPDATE, credentialName, PermissionOperation.WRITE, "actor1")), samePropertyValuesAs(new EventAuditRecordParameters(AuditingOperationCode.ACL_UPDATE, credentialName, PermissionOperation.READ_ACL, "actor2")), samePropertyValuesAs(new EventAuditRecordParameters(AuditingOperationCode.ACL_UPDATE, credentialName, PermissionOperation.WRITE_ACL, "actor2"))));
}
use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.
the class NoOverwriteTest method whenMultipleThreadsGenerateCredentialWithSameNameAndNoOverwrite_itShouldNotOverwrite.
@Test
public void whenMultipleThreadsGenerateCredentialWithSameNameAndNoOverwrite_itShouldNotOverwrite() throws Exception {
// We need to set the parameters so that we can determine which actor's request won,
// even with authorization enforcement disabled.
runRequestsConcurrently(CREDENTIAL_NAME, ",\"parameters\":{\"exclude_lower\":true,\"exclude_upper\":true}", ",\"parameters\":{\"exclude_number\":true}", () -> post("/api/v1/data"));
MvcResult result1 = responses[0].andDo(print()).andReturn();
final DocumentContext context1 = JsonPath.parse(result1.getResponse().getContentAsString());
MvcResult result2 = responses[1].andDo(print()).andReturn();
final DocumentContext context2 = JsonPath.parse(result2.getResponse().getContentAsString());
assertThat(context1.read("$.value"), equalTo(context2.read("$.value")));
MockHttpServletResponse response1 = mockMvc.perform(get("/api/v1/permissions?credential_name=" + CREDENTIAL_NAME).header("Authorization", "Bearer " + UAA_OAUTH2_PASSWORD_GRANT_TOKEN)).andDo(print()).andReturn().getResponse();
MockHttpServletResponse response2 = mockMvc.perform(get("/api/v1/permissions?credential_name=" + CREDENTIAL_NAME).header("Authorization", "Bearer " + UAA_OAUTH2_CLIENT_CREDENTIALS_TOKEN)).andDo(print()).andReturn().getResponse();
String winningPassword = context1.read("$.value");
String winningActor;
String winningResponse;
if (winningPassword.matches("\\d+")) {
winningActor = UAA_OAUTH2_PASSWORD_GRANT_ACTOR_ID;
winningResponse = response1.getContentAsString();
} else {
winningActor = UAA_OAUTH2_CLIENT_CREDENTIALS_ACTOR_ID;
winningResponse = response2.getContentAsString();
}
PermissionsView acl = JsonTestHelper.deserialize(winningResponse, PermissionsView.class);
assertThat(acl.getPermissions(), containsInAnyOrder(samePropertyValuesAs(new PermissionEntry(winningActor, asList(READ, WRITE, DELETE, READ_ACL, WRITE_ACL))), samePropertyValuesAs(new PermissionEntry("uaa-client:a-different-actor", singletonList(READ)))));
}
Aggregations