use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.
the class NoOverwriteTest method whenMultipleThreadsPutWithSameNameAndNoOverwrite_itShouldNotOverwrite.
@Test
public void whenMultipleThreadsPutWithSameNameAndNoOverwrite_itShouldNotOverwrite() throws Exception {
runRequestsConcurrently(CREDENTIAL_NAME, ",\"value\":\"thread1\"", ",\"value\":\"thread2\"", () -> put("/api/v1/data"));
MvcResult result1 = responses[0].andDo(print()).andReturn();
final DocumentContext context1 = JsonPath.parse(result1.getResponse().getContentAsString());
MvcResult result2 = responses[1].andDo(print()).andReturn();
final DocumentContext context2 = JsonPath.parse(result2.getResponse().getContentAsString());
assertThat(context1.read("$.value"), equalTo(context2.read("$.value")));
String winningValue = context1.read("$.value");
String tokenForWinningActor = ImmutableMap.of("thread1", UAA_OAUTH2_PASSWORD_GRANT_TOKEN, "thread2", UAA_OAUTH2_CLIENT_CREDENTIALS_TOKEN).get(winningValue);
String winningActor = ImmutableMap.of("thread1", UAA_OAUTH2_PASSWORD_GRANT_ACTOR_ID, "thread2", UAA_OAUTH2_CLIENT_CREDENTIALS_ACTOR_ID).get(winningValue);
MvcResult result = mockMvc.perform(get("/api/v1/permissions?credential_name=" + CREDENTIAL_NAME).header("Authorization", "Bearer " + tokenForWinningActor)).andDo(print()).andExpect(status().isOk()).andReturn();
String content = result.getResponse().getContentAsString();
PermissionsView acl = JsonTestHelper.deserialize(content, PermissionsView.class);
assertThat(acl.getPermissions(), containsInAnyOrder(samePropertyValuesAs(new PermissionEntry(winningActor, asList(READ, WRITE, DELETE, READ_ACL, WRITE_ACL))), samePropertyValuesAs(new PermissionEntry("uaa-client:a-different-actor", asList(READ)))));
}
use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.
the class PermissionAndCredentialTest method hasUnchangedAcl.
private void hasUnchangedAcl() throws Exception {
MvcResult result = mockMvc.perform(get("/api/v1/permissions?credential_name=" + "/test-password").header("Authorization", "Bearer " + UAA_OAUTH2_PASSWORD_GRANT_TOKEN)).andDo(print()).andExpect(status().isOk()).andReturn();
String content = result.getResponse().getContentAsString();
PermissionsView acl = JsonTestHelper.deserialize(content, PermissionsView.class);
assertThat(acl.getCredentialName(), equalTo("/test-password"));
assertThat(acl.getPermissions(), containsInAnyOrder(samePropertyValuesAs(new PermissionEntry(UAA_OAUTH2_PASSWORD_GRANT_ACTOR_ID, asList(READ, WRITE, DELETE, READ_ACL, WRITE_ACL))), samePropertyValuesAs(new PermissionEntry(UAA_OAUTH2_CLIENT_CREDENTIALS_ACTOR_ID, asList(READ, WRITE)))));
}
use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.
the class PermissionServiceTest method saveAccessControlEntries_whenUserCantWrite_throws.
@Test
public void saveAccessControlEntries_whenUserCantWrite_throws() {
when(permissionCheckingService.userAllowedToOperateOnActor(eq(USER_NAME))).thenReturn(true);
when(permissionCheckingService.hasPermission(USER_NAME, CREDENTIAL_NAME, PermissionOperation.WRITE_ACL)).thenReturn(false);
ArrayList<PermissionEntry> expectedEntries = newArrayList(new PermissionEntry(USER_NAME, PermissionOperation.READ));
try {
subject.savePermissions(expectedCredentialVersion, expectedEntries, auditRecordParameters, false, CREDENTIAL_NAME);
fail("expected exception");
} catch (EntryNotFoundException e) {
assertThat(e.getMessage(), IsEqual.equalTo("error.credential.invalid_access"));
}
}
use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.
the class PermissionServiceTest method saveAccessControlEntries_whenCredentialHasACEs_shouldCallVerifyAclWritePermission.
@Test
public void saveAccessControlEntries_whenCredentialHasACEs_shouldCallVerifyAclWritePermission() {
when(permissionCheckingService.userAllowedToOperateOnActor(eq(USER_NAME))).thenReturn(true);
ArrayList<PermissionEntry> entries = newArrayList();
entries.add(new PermissionEntry(USER_NAME, asList(PermissionOperation.WRITE_ACL)));
subject.savePermissions(expectedCredentialVersion, entries, auditRecordParameters, false, CREDENTIAL_NAME);
verify(permissionCheckingService).hasPermission(USER_NAME, CREDENTIAL_NAME, PermissionOperation.WRITE_ACL);
}
use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.
the class PermissionedCredentialServiceTest method save_whenThereIsAnExistingCredentialWithACEs_shouldThrowAnExceptionIfItLacksPermission.
@Test
public void save_whenThereIsAnExistingCredentialWithACEs_shouldThrowAnExceptionIfItLacksPermission() {
when(request.getType()).thenReturn("password");
when(request.getOverwriteMode()).thenReturn(CredentialWriteMode.NO_OVERWRITE.mode);
when(credentialVersionDataService.findMostRecent(CREDENTIAL_NAME)).thenReturn(existingCredentialVersion);
when(permissionCheckingService.hasPermission(userContext.getActor(), CREDENTIAL_NAME, WRITE_ACL)).thenReturn(false);
accessControlEntries.add(new PermissionEntry("some_actor", Arrays.asList(PermissionOperation.READ_ACL)));
try {
subject.save(existingCredentialVersion, credentialValue, request, auditRecordParameters);
} catch (PermissionException pe) {
assertThat(pe.getMessage(), equalTo("error.credential.invalid_access"));
}
}
Aggregations