Search in sources :

Example 16 with PermissionEntry

use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.

the class NoOverwriteTest method whenMultipleThreadsPutWithSameNameAndNoOverwrite_itShouldNotOverwrite.

@Test
public void whenMultipleThreadsPutWithSameNameAndNoOverwrite_itShouldNotOverwrite() throws Exception {
    runRequestsConcurrently(CREDENTIAL_NAME, ",\"value\":\"thread1\"", ",\"value\":\"thread2\"", () -> put("/api/v1/data"));
    MvcResult result1 = responses[0].andDo(print()).andReturn();
    final DocumentContext context1 = JsonPath.parse(result1.getResponse().getContentAsString());
    MvcResult result2 = responses[1].andDo(print()).andReturn();
    final DocumentContext context2 = JsonPath.parse(result2.getResponse().getContentAsString());
    assertThat(context1.read("$.value"), equalTo(context2.read("$.value")));
    String winningValue = context1.read("$.value");
    String tokenForWinningActor = ImmutableMap.of("thread1", UAA_OAUTH2_PASSWORD_GRANT_TOKEN, "thread2", UAA_OAUTH2_CLIENT_CREDENTIALS_TOKEN).get(winningValue);
    String winningActor = ImmutableMap.of("thread1", UAA_OAUTH2_PASSWORD_GRANT_ACTOR_ID, "thread2", UAA_OAUTH2_CLIENT_CREDENTIALS_ACTOR_ID).get(winningValue);
    MvcResult result = mockMvc.perform(get("/api/v1/permissions?credential_name=" + CREDENTIAL_NAME).header("Authorization", "Bearer " + tokenForWinningActor)).andDo(print()).andExpect(status().isOk()).andReturn();
    String content = result.getResponse().getContentAsString();
    PermissionsView acl = JsonTestHelper.deserialize(content, PermissionsView.class);
    assertThat(acl.getPermissions(), containsInAnyOrder(samePropertyValuesAs(new PermissionEntry(winningActor, asList(READ, WRITE, DELETE, READ_ACL, WRITE_ACL))), samePropertyValuesAs(new PermissionEntry("uaa-client:a-different-actor", asList(READ)))));
}
Also used : PermissionsView(org.cloudfoundry.credhub.view.PermissionsView) PermissionEntry(org.cloudfoundry.credhub.request.PermissionEntry) MvcResult(org.springframework.test.web.servlet.MvcResult) DocumentContext(com.jayway.jsonpath.DocumentContext) SpringBootTest(org.springframework.boot.test.context.SpringBootTest) Test(org.junit.Test)

Example 17 with PermissionEntry

use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.

the class PermissionAndCredentialTest method hasUnchangedAcl.

private void hasUnchangedAcl() throws Exception {
    MvcResult result = mockMvc.perform(get("/api/v1/permissions?credential_name=" + "/test-password").header("Authorization", "Bearer " + UAA_OAUTH2_PASSWORD_GRANT_TOKEN)).andDo(print()).andExpect(status().isOk()).andReturn();
    String content = result.getResponse().getContentAsString();
    PermissionsView acl = JsonTestHelper.deserialize(content, PermissionsView.class);
    assertThat(acl.getCredentialName(), equalTo("/test-password"));
    assertThat(acl.getPermissions(), containsInAnyOrder(samePropertyValuesAs(new PermissionEntry(UAA_OAUTH2_PASSWORD_GRANT_ACTOR_ID, asList(READ, WRITE, DELETE, READ_ACL, WRITE_ACL))), samePropertyValuesAs(new PermissionEntry(UAA_OAUTH2_CLIENT_CREDENTIALS_ACTOR_ID, asList(READ, WRITE)))));
}
Also used : PermissionsView(org.cloudfoundry.credhub.view.PermissionsView) PermissionEntry(org.cloudfoundry.credhub.request.PermissionEntry) MvcResult(org.springframework.test.web.servlet.MvcResult)

Example 18 with PermissionEntry

use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.

the class PermissionServiceTest method saveAccessControlEntries_whenUserCantWrite_throws.

@Test
public void saveAccessControlEntries_whenUserCantWrite_throws() {
    when(permissionCheckingService.userAllowedToOperateOnActor(eq(USER_NAME))).thenReturn(true);
    when(permissionCheckingService.hasPermission(USER_NAME, CREDENTIAL_NAME, PermissionOperation.WRITE_ACL)).thenReturn(false);
    ArrayList<PermissionEntry> expectedEntries = newArrayList(new PermissionEntry(USER_NAME, PermissionOperation.READ));
    try {
        subject.savePermissions(expectedCredentialVersion, expectedEntries, auditRecordParameters, false, CREDENTIAL_NAME);
        fail("expected exception");
    } catch (EntryNotFoundException e) {
        assertThat(e.getMessage(), IsEqual.equalTo("error.credential.invalid_access"));
    }
}
Also used : PermissionEntry(org.cloudfoundry.credhub.request.PermissionEntry) EntryNotFoundException(org.cloudfoundry.credhub.exceptions.EntryNotFoundException) Test(org.junit.Test)

Example 19 with PermissionEntry

use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.

the class PermissionServiceTest method saveAccessControlEntries_whenCredentialHasACEs_shouldCallVerifyAclWritePermission.

@Test
public void saveAccessControlEntries_whenCredentialHasACEs_shouldCallVerifyAclWritePermission() {
    when(permissionCheckingService.userAllowedToOperateOnActor(eq(USER_NAME))).thenReturn(true);
    ArrayList<PermissionEntry> entries = newArrayList();
    entries.add(new PermissionEntry(USER_NAME, asList(PermissionOperation.WRITE_ACL)));
    subject.savePermissions(expectedCredentialVersion, entries, auditRecordParameters, false, CREDENTIAL_NAME);
    verify(permissionCheckingService).hasPermission(USER_NAME, CREDENTIAL_NAME, PermissionOperation.WRITE_ACL);
}
Also used : PermissionEntry(org.cloudfoundry.credhub.request.PermissionEntry) Test(org.junit.Test)

Example 20 with PermissionEntry

use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.

the class PermissionedCredentialServiceTest method save_whenThereIsAnExistingCredentialWithACEs_shouldThrowAnExceptionIfItLacksPermission.

@Test
public void save_whenThereIsAnExistingCredentialWithACEs_shouldThrowAnExceptionIfItLacksPermission() {
    when(request.getType()).thenReturn("password");
    when(request.getOverwriteMode()).thenReturn(CredentialWriteMode.NO_OVERWRITE.mode);
    when(credentialVersionDataService.findMostRecent(CREDENTIAL_NAME)).thenReturn(existingCredentialVersion);
    when(permissionCheckingService.hasPermission(userContext.getActor(), CREDENTIAL_NAME, WRITE_ACL)).thenReturn(false);
    accessControlEntries.add(new PermissionEntry("some_actor", Arrays.asList(PermissionOperation.READ_ACL)));
    try {
        subject.save(existingCredentialVersion, credentialValue, request, auditRecordParameters);
    } catch (PermissionException pe) {
        assertThat(pe.getMessage(), equalTo("error.credential.invalid_access"));
    }
}
Also used : PermissionException(org.cloudfoundry.credhub.exceptions.PermissionException) PermissionEntry(org.cloudfoundry.credhub.request.PermissionEntry) Test(org.junit.Test)

Aggregations

PermissionEntry (org.cloudfoundry.credhub.request.PermissionEntry)33 Test (org.junit.Test)26 PermissionsView (org.cloudfoundry.credhub.view.PermissionsView)19 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)16 EventAuditRecordParameters (org.cloudfoundry.credhub.audit.EventAuditRecordParameters)6 MvcResult (org.springframework.test.web.servlet.MvcResult)5 CredentialVersion (org.cloudfoundry.credhub.domain.CredentialVersion)3 InvalidPermissionOperationException (org.cloudfoundry.credhub.exceptions.InvalidPermissionOperationException)3 PermissionOperation (org.cloudfoundry.credhub.request.PermissionOperation)3 Lists.newArrayList (com.google.common.collect.Lists.newArrayList)2 DocumentContext (com.jayway.jsonpath.DocumentContext)2 List (java.util.List)2 PasswordCredentialVersion (org.cloudfoundry.credhub.domain.PasswordCredentialVersion)2 Credential (org.cloudfoundry.credhub.entity.Credential)2 ValueCredentialVersionData (org.cloudfoundry.credhub.entity.ValueCredentialVersionData)2 EntryNotFoundException (org.cloudfoundry.credhub.exceptions.EntryNotFoundException)2 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)2 ArrayList (java.util.ArrayList)1 PermissionException (org.cloudfoundry.credhub.exceptions.PermissionException)1 PermissionsRequest (org.cloudfoundry.credhub.request.PermissionsRequest)1