Example 16 with PermissionEntry
use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.
the class NoOverwriteTest method whenMultipleThreadsPutWithSameNameAndNoOverwrite_itShouldNotOverwrite.
@Test
public void whenMultipleThreadsPutWithSameNameAndNoOverwrite_itShouldNotOverwrite() throws Exception {
runRequestsConcurrently(CREDENTIAL_NAME, ",\"value\":\"thread1\"", ",\"value\":\"thread2\"", () -> put("/api/v1/data"));
MvcResult result1 = responses[0].andDo(print()).andReturn();
final DocumentContext context1 = JsonPath.parse(result1.getResponse().getContentAsString());
MvcResult result2 = responses[1].andDo(print()).andReturn();
final DocumentContext context2 = JsonPath.parse(result2.getResponse().getContentAsString());
assertThat(context1.read("$.value"), equalTo(context2.read("$.value")));
String winningValue = context1.read("$.value");
String tokenForWinningActor = ImmutableMap.of("thread1", UAA_OAUTH2_PASSWORD_GRANT_TOKEN, "thread2", UAA_OAUTH2_CLIENT_CREDENTIALS_TOKEN).get(winningValue);
String winningActor = ImmutableMap.of("thread1", UAA_OAUTH2_PASSWORD_GRANT_ACTOR_ID, "thread2", UAA_OAUTH2_CLIENT_CREDENTIALS_ACTOR_ID).get(winningValue);
MvcResult result = mockMvc.perform(get("/api/v1/permissions?credential_name=" + CREDENTIAL_NAME).header("Authorization", "Bearer " + tokenForWinningActor)).andDo(print()).andExpect(status().isOk()).andReturn();
String content = result.getResponse().getContentAsString();
PermissionsView acl = JsonTestHelper.deserialize(content, PermissionsView.class);
assertThat(acl.getPermissions(), containsInAnyOrder(samePropertyValuesAs(new PermissionEntry(winningActor, asList(READ, WRITE, DELETE, READ_ACL, WRITE_ACL))), samePropertyValuesAs(new PermissionEntry("uaa-client:a-different-actor", asList(READ)))));
}
Also used :
PermissionsView(org.cloudfoundry.credhub.view.PermissionsView)
PermissionEntry(org.cloudfoundry.credhub.request.PermissionEntry)
MvcResult(org.springframework.test.web.servlet.MvcResult)
DocumentContext(com.jayway.jsonpath.DocumentContext)
SpringBootTest(org.springframework.boot.test.context.SpringBootTest)
Test(org.junit.Test)
Example 17 with PermissionEntry
use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.
the class PermissionAndCredentialTest method hasUnchangedAcl.
private void hasUnchangedAcl() throws Exception {
MvcResult result = mockMvc.perform(get("/api/v1/permissions?credential_name=" + "/test-password").header("Authorization", "Bearer " + UAA_OAUTH2_PASSWORD_GRANT_TOKEN)).andDo(print()).andExpect(status().isOk()).andReturn();
String content = result.getResponse().getContentAsString();
PermissionsView acl = JsonTestHelper.deserialize(content, PermissionsView.class);
assertThat(acl.getCredentialName(), equalTo("/test-password"));
assertThat(acl.getPermissions(), containsInAnyOrder(samePropertyValuesAs(new PermissionEntry(UAA_OAUTH2_PASSWORD_GRANT_ACTOR_ID, asList(READ, WRITE, DELETE, READ_ACL, WRITE_ACL))), samePropertyValuesAs(new PermissionEntry(UAA_OAUTH2_CLIENT_CREDENTIALS_ACTOR_ID, asList(READ, WRITE)))));
}
Also used :
PermissionsView(org.cloudfoundry.credhub.view.PermissionsView)
PermissionEntry(org.cloudfoundry.credhub.request.PermissionEntry)
MvcResult(org.springframework.test.web.servlet.MvcResult)
Example 18 with PermissionEntry
use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.
the class PermissionServiceTest method saveAccessControlEntries_whenUserCantWrite_throws.
@Test
public void saveAccessControlEntries_whenUserCantWrite_throws() {
when(permissionCheckingService.userAllowedToOperateOnActor(eq(USER_NAME))).thenReturn(true);
when(permissionCheckingService.hasPermission(USER_NAME, CREDENTIAL_NAME, PermissionOperation.WRITE_ACL)).thenReturn(false);
ArrayList<PermissionEntry> expectedEntries = newArrayList(new PermissionEntry(USER_NAME, PermissionOperation.READ));
try {
subject.savePermissions(expectedCredentialVersion, expectedEntries, auditRecordParameters, false, CREDENTIAL_NAME);
fail("expected exception");
} catch (EntryNotFoundException e) {
assertThat(e.getMessage(), IsEqual.equalTo("error.credential.invalid_access"));
}
}
Also used :
PermissionEntry(org.cloudfoundry.credhub.request.PermissionEntry)
EntryNotFoundException(org.cloudfoundry.credhub.exceptions.EntryNotFoundException)
Test(org.junit.Test)
Example 19 with PermissionEntry
use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.
the class PermissionServiceTest method saveAccessControlEntries_whenCredentialHasACEs_shouldCallVerifyAclWritePermission.
@Test
public void saveAccessControlEntries_whenCredentialHasACEs_shouldCallVerifyAclWritePermission() {
when(permissionCheckingService.userAllowedToOperateOnActor(eq(USER_NAME))).thenReturn(true);
ArrayList<PermissionEntry> entries = newArrayList();
entries.add(new PermissionEntry(USER_NAME, asList(PermissionOperation.WRITE_ACL)));
subject.savePermissions(expectedCredentialVersion, entries, auditRecordParameters, false, CREDENTIAL_NAME);
verify(permissionCheckingService).hasPermission(USER_NAME, CREDENTIAL_NAME, PermissionOperation.WRITE_ACL);
}
Also used :
PermissionEntry(org.cloudfoundry.credhub.request.PermissionEntry)
Test(org.junit.Test)
Example 20 with PermissionEntry
use of org.cloudfoundry.credhub.request.PermissionEntry in project credhub by cloudfoundry-incubator.
the class PermissionedCredentialServiceTest method save_whenThereIsAnExistingCredentialWithACEs_shouldThrowAnExceptionIfItLacksPermission.
@Test
public void save_whenThereIsAnExistingCredentialWithACEs_shouldThrowAnExceptionIfItLacksPermission() {
when(request.getType()).thenReturn("password");
when(request.getOverwriteMode()).thenReturn(CredentialWriteMode.NO_OVERWRITE.mode);
when(credentialVersionDataService.findMostRecent(CREDENTIAL_NAME)).thenReturn(existingCredentialVersion);
when(permissionCheckingService.hasPermission(userContext.getActor(), CREDENTIAL_NAME, WRITE_ACL)).thenReturn(false);
accessControlEntries.add(new PermissionEntry("some_actor", Arrays.asList(PermissionOperation.READ_ACL)));
try {
subject.save(existingCredentialVersion, credentialValue, request, auditRecordParameters);
} catch (PermissionException pe) {
assertThat(pe.getMessage(), equalTo("error.credential.invalid_access"));
}
}
Also used :
PermissionException(org.cloudfoundry.credhub.exceptions.PermissionException)
PermissionEntry(org.cloudfoundry.credhub.request.PermissionEntry)
Test(org.junit.Test)
Aggregations
PermissionEntry (org.cloudfoundry.credhub.request.PermissionEntry)33
Test (org.junit.Test)26
PermissionsView (org.cloudfoundry.credhub.view.PermissionsView)19
SpringBootTest (org.springframework.boot.test.context.SpringBootTest)16
EventAuditRecordParameters (org.cloudfoundry.credhub.audit.EventAuditRecordParameters)6
MvcResult (org.springframework.test.web.servlet.MvcResult)5
CredentialVersion (org.cloudfoundry.credhub.domain.CredentialVersion)3
InvalidPermissionOperationException (org.cloudfoundry.credhub.exceptions.InvalidPermissionOperationException)3
PermissionOperation (org.cloudfoundry.credhub.request.PermissionOperation)3
Lists.newArrayList (com.google.common.collect.Lists.newArrayList)2
DocumentContext (com.jayway.jsonpath.DocumentContext)2
List (java.util.List)2
PasswordCredentialVersion (org.cloudfoundry.credhub.domain.PasswordCredentialVersion)2
Credential (org.cloudfoundry.credhub.entity.Credential)2
ValueCredentialVersionData (org.cloudfoundry.credhub.entity.ValueCredentialVersionData)2
EntryNotFoundException (org.cloudfoundry.credhub.exceptions.EntryNotFoundException)2
MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)2
ArrayList (java.util.ArrayList)1
PermissionException (org.cloudfoundry.credhub.exceptions.PermissionException)1
PermissionsRequest (org.cloudfoundry.credhub.request.PermissionsRequest)1
