@Before public void setupRoles() throws Throwable { this.host.setSystemAuthorizationContext(); AuthorizationHelper authHelper = new AuthorizationHelper(this.host); this.userServiceJane = authHelper.createUserService(this.host, USER_JANE_EMAIL); authHelper.createRoles(this.host, USER_JANE_EMAIL); this.userServiceJohn = authHelper.createUserService(this.host, USER_JOHN_EMAIL); authHelper.createRoles(this.host, USER_JOHN_EMAIL); this.host.resetAuthorizationContext(); }
String userGroupLink = createUserGroup(target, getUserGroupName(email), Builder.create().addFieldClause("email", email).build()); setUserGroupLink(userGroupLink); createResourceGroup(target, emailPrefix + "-resource-group", Builder.create() .addFieldClause( ExampleServiceState.FIELD_NAME_KIND, emailPrefix) .build()); setResourceGroupLink(exampleServiceResourceGroupLink); createResourceGroup(target, "any-query-task-resource-group", Builder.create() .addFieldClause( QueryTask.FIELD_NAME_KIND, String statsResourceGroupLink = createResourceGroup(target, "stats-resource-group", Builder.create() .addFieldClause( String subscriptionsResourceGroupLink = createResourceGroup(target, "subs-resource-group", Builder.create() .addFieldClause( String exampleRoleLink = createRole(target, userGroupLink, exampleServiceResourceGroupLink, new HashSet<>(Arrays.asList(Action.GET, Action.POST))); setRoleLink(exampleRoleLink); paths.add(exampleRoleLink);
@Test public void testInvalidUserAndResourceGroup() throws Throwable { OperationContext.setAuthorizationContext(this.host.getSystemAuthorizationContext()); AuthorizationHelper authsetupHelper = new AuthorizationHelper(this.host); String email = "foo@foo.com"; String userLink = authsetupHelper.createUserService(this.host, email); Query userGroupQuery = Query.Builder.create().addFieldClause(UserState.FIELD_NAME_EMAIL, email).build(); String userGroupLink = authsetupHelper.createUserGroup(this.host, email, userGroupQuery); authsetupHelper.createRole(this.host, userGroupLink, "foo", EnumSet.allOf(Action.class)); // Assume identity this.host.assumeIdentity(userLink); this.host.sendAndWaitExpectSuccess( Operation.createGet(UriUtils.buildUri(this.host, ExampleService.FACTORY_LINK))); // set an invalid userGroupLink for the user OperationContext.setAuthorizationContext(this.host.getSystemAuthorizationContext()); UserState patchUserState = new UserState(); patchUserState.userGroupLinks = Collections.singleton("foo"); this.host.sendAndWaitExpectSuccess( Operation.createPatch(UriUtils.buildUri(this.host, userLink)).setBody(patchUserState)); this.host.assumeIdentity(userLink); this.host.sendAndWaitExpectSuccess( Operation.createGet(UriUtils.buildUri(this.host, ExampleService.FACTORY_LINK))); }
@Test public void testAuthzUtils() throws Throwable { this.host.setSystemAuthorizationContext(); AuthorizationHelper authHelperForFoo = new AuthorizationHelper(this.host); String email = "foo@foo.com"; String fooUserLink = authHelperForFoo.createUserService(this.host, email); UserState patchState = new UserState(); patchState.userGroupLinks = new HashSet<String>(); patchState.userGroupLinks.add(UriUtils.buildUriPath( UserGroupService.FACTORY_LINK, authHelperForFoo.getUserGroupName(email))); authHelperForFoo.patchUserService(this.host, fooUserLink, patchState); authHelperForFoo.createRoles(this.host, email); this.host.resetSystemAuthorizationContext(); String userGroupLink = authHelperForFoo.getUserGroupLink(); String resourceGroupLink = authHelperForFoo.getResourceGroupLink(); String roleLink = authHelperForFoo.getRoleLink();
String resourceGroupLink = this.authHelper.createResourceGroup(this.host, "transaction-group", Builder.create() .addFieldClause( Utils.buildKind(TransactionServiceState.class)) .build()); this.authHelper.createRole(this.host, this.authHelper.getUserGroupLink(), resourceGroupLink, EnumSet.allOf(Action.class)); this.host.resetAuthorizationContext();
this.authHelper.createUserGroup(this.host, "guest-user-group", Builder.create() .addFieldClause( ServiceDocument.FIELD_NAME_SELF_LINK, this.authHelper.createResourceGroup(this.host, "guest-resource-group", Builder.create() .addFieldClause( ExampleServiceState.FIELD_NAME_KIND, this.authHelper.createRole(this.host, userGroupLink, exampleServiceResourceGroupLink, new HashSet<>(Arrays.asList(Action.GET, Action.POST, Action.PATCH)));
@Test public void authCacheClearToken() throws Throwable { this.host.setSystemAuthorizationContext(); AuthorizationHelper authHelperForFoo = new AuthorizationHelper(this.host); String email = "foo@foo.com"; String fooUserLink = authHelperForFoo.createUserService(this.host, email); // spin up a privileged service to query for auth context MinimalTestService s = new MinimalTestService(); this.host.addPrivilegedService(MinimalTestService.class); this.host.startServiceAndWait(s, UUID.randomUUID().toString(), null); this.host.resetSystemAuthorizationContext(); AuthorizationContext authContext1 = assumeIdentityAndGetContext(fooUserLink, s, true); AuthorizationContext authContext2 = assumeIdentityAndGetContext(fooUserLink, s, true); assertNotNull(authContext1); assertNotNull(authContext2); this.host.setSystemAuthorizationContext(); Operation clearAuthOp = new Operation(); clearAuthOp.setUri(UriUtils.buildUri(this.host, fooUserLink)); TestContext ctx = this.host.testCreate(1); clearAuthOp.setCompletion(ctx.getCompletion()); AuthorizationCacheUtils.clearAuthzCacheForUser(s, clearAuthOp); clearAuthOp.complete(); this.host.testWait(ctx); this.host.resetSystemAuthorizationContext(); assertNull(this.host.getAuthorizationContext(s, authContext1.getToken())); assertNull(this.host.getAuthorizationContext(s, authContext2.getToken())); }
makeUsersWithAuthSetupHelper(); AuthorizationHelper authHelper = new AuthorizationHelper(this.host); String adminAuthToken = authHelper.login(this.adminUser, this.adminUser); String exampleAuthToken = authHelper.login(this.exampleUser, this.exampleUser); String exampleWithMgmtAuthToken = authHelper.login(this.exampleWithManagementServiceUser, this.exampleWithManagementServiceUser);
public String createUserService(ServiceHost target, String email) throws Throwable { return createUserService(this.host, target, email); }
@Test public void testInvalidUserAndResourceGroup() throws Throwable { OperationContext.setAuthorizationContext(this.host.getSystemAuthorizationContext()); AuthorizationHelper authsetupHelper = new AuthorizationHelper(this.host); String email = "foo@foo.com"; String userLink = authsetupHelper.createUserService(this.host, email); Query userGroupQuery = Query.Builder.create().addFieldClause(UserState.FIELD_NAME_EMAIL, email).build(); String userGroupLink = authsetupHelper.createUserGroup(this.host, email, userGroupQuery); authsetupHelper.createRole(this.host, userGroupLink, "foo", EnumSet.allOf(Action.class)); // Assume identity this.host.assumeIdentity(userLink); this.host.sendAndWaitExpectSuccess( Operation.createGet(UriUtils.buildUri(this.host, ExampleService.FACTORY_LINK))); // set an invalid userGroupLink for the user OperationContext.setAuthorizationContext(this.host.getSystemAuthorizationContext()); UserState patchUserState = new UserState(); patchUserState.userGroupLinks = Collections.singleton("foo"); this.host.sendAndWaitExpectSuccess( Operation.createPatch(UriUtils.buildUri(this.host, userLink)).setBody(patchUserState)); this.host.assumeIdentity(userLink); this.host.sendAndWaitExpectSuccess( Operation.createGet(UriUtils.buildUri(this.host, ExampleService.FACTORY_LINK))); }
@Test public void testAuthzUtils() throws Throwable { this.host.setSystemAuthorizationContext(); AuthorizationHelper authHelperForFoo = new AuthorizationHelper(this.host); String email = "foo@foo.com"; String fooUserLink = authHelperForFoo.createUserService(this.host, email); UserState patchState = new UserState(); patchState.userGroupLinks = new HashSet<String>(); patchState.userGroupLinks.add(UriUtils.buildUriPath( UserGroupService.FACTORY_LINK, authHelperForFoo.getUserGroupName(email))); authHelperForFoo.patchUserService(this.host, fooUserLink, patchState); authHelperForFoo.createRoles(this.host, email); this.host.resetSystemAuthorizationContext(); String userGroupLink = authHelperForFoo.getUserGroupLink(); String resourceGroupLink = authHelperForFoo.getResourceGroupLink(); String roleLink = authHelperForFoo.getRoleLink();
String resourceGroupLink = this.authHelper.createResourceGroup(this.host, "transaction-group", Builder.create() .addFieldClause( Utils.buildKind(TransactionServiceState.class)) .build()); this.authHelper.createRole(this.host, this.authHelper.getUserGroupLink(), resourceGroupLink, EnumSet.allOf(Action.class)); this.host.resetAuthorizationContext();
this.authHelper.createUserGroup(this.host, "guest-user-group", Builder.create() .addFieldClause( ServiceDocument.FIELD_NAME_SELF_LINK, this.authHelper.createResourceGroup(this.host, "guest-resource-group", Builder.create() .addFieldClause( ExampleServiceState.FIELD_NAME_KIND, this.authHelper.createRole(this.host, userGroupLink, exampleServiceResourceGroupLink, new HashSet<>(Arrays.asList(Action.GET, Action.POST, Action.PATCH)));
@Test public void authCacheClearToken() throws Throwable { this.host.setSystemAuthorizationContext(); AuthorizationHelper authHelperForFoo = new AuthorizationHelper(this.host); String email = "foo@foo.com"; String fooUserLink = authHelperForFoo.createUserService(this.host, email); // spin up a privileged service to query for auth context MinimalTestService s = new MinimalTestService(); this.host.addPrivilegedService(MinimalTestService.class); this.host.startServiceAndWait(s, UUID.randomUUID().toString(), null); this.host.resetSystemAuthorizationContext(); AuthorizationContext authContext1 = assumeIdentityAndGetContext(fooUserLink, s, true); AuthorizationContext authContext2 = assumeIdentityAndGetContext(fooUserLink, s, true); assertNotNull(authContext1); assertNotNull(authContext2); this.host.setSystemAuthorizationContext(); Operation clearAuthOp = new Operation(); clearAuthOp.setUri(UriUtils.buildUri(this.host, fooUserLink)); TestContext ctx = this.host.testCreate(1); clearAuthOp.setCompletion(ctx.getCompletion()); AuthorizationCacheUtils.clearAuthzCacheForUser(s, clearAuthOp); clearAuthOp.complete(); this.host.testWait(ctx); this.host.resetSystemAuthorizationContext(); assertNull(this.host.getAuthorizationContext(s, authContext1.getToken())); assertNull(this.host.getAuthorizationContext(s, authContext2.getToken())); }
makeUsersWithAuthSetupHelper(); AuthorizationHelper authHelper = new AuthorizationHelper(this.host); String adminAuthToken = authHelper.login(this.adminUser, this.adminUser); String exampleAuthToken = authHelper.login(this.exampleUser, this.exampleUser); String exampleWithMgmtAuthToken = authHelper.login(this.exampleWithManagementServiceUser, this.exampleWithManagementServiceUser);
public String createUserService(ServiceHost target, String email) throws Throwable { return createUserService(this.host, target, email); }
AuthorizationHelper authsetupHelper = new AuthorizationHelper(this.host); String email = "foo@foo.com"; String userLink = authsetupHelper.createUserService(this.host, email); Query userGroupQuery = Query.Builder.create().addFieldClause(UserState.FIELD_NAME_EMAIL, email).build(); String userGroupLink = authsetupHelper.createUserGroup(this.host, email, userGroupQuery); Query resourceGroupQuery = Query.Builder.create().addFieldClause(ServiceDocument.FIELD_NAME_SELF_LINK, "*", MatchType.WILDCARD).build(); String resourceGroupLink = authsetupHelper.createResourceGroup(this.host, email, resourceGroupQuery); Operation.createGet(UriUtils.buildUri(this.host, services.get(0).getSelfLink()))); OperationContext.setAuthorizationContext(this.host.getSystemAuthorizationContext()); authsetupHelper.createRole(this.host, userGroupLink, resourceGroupLink, EnumSet.of(Action.GET));
String userGroupLink = createUserGroup(target, getUserGroupName(email), Builder.create().addFieldClause("email", email).build()); setUserGroupLink(userGroupLink); createResourceGroup(target, emailPrefix + "-resource-group", Builder.create() .addFieldClause( ExampleServiceState.FIELD_NAME_KIND, emailPrefix) .build()); setResourceGroupLink(exampleServiceResourceGroupLink); createResourceGroup(target, "any-query-task-resource-group", Builder.create() .addFieldClause( QueryTask.FIELD_NAME_KIND, String statsResourceGroupLink = createResourceGroup(target, "stats-resource-group", Builder.create() .addFieldClause( String subscriptionsResourceGroupLink = createResourceGroup(target, "subs-resource-group", Builder.create() .addFieldClause( String exampleRoleLink = createRole(target, userGroupLink, exampleServiceResourceGroupLink, new HashSet<>(Arrays.asList(Action.GET, Action.POST))); setRoleLink(exampleRoleLink); paths.add(exampleRoleLink);
@Before public void setupRoles() throws Throwable { this.host.setSystemAuthorizationContext(); AuthorizationHelper authHelper = new AuthorizationHelper(this.host); this.userServiceJane = authHelper.createUserService(this.host, USER_JANE_EMAIL); authHelper.createRoles(this.host, USER_JANE_EMAIL); this.userServiceJohn = authHelper.createUserService(this.host, USER_JOHN_EMAIL); authHelper.createRoles(this.host, USER_JOHN_EMAIL); this.host.resetAuthorizationContext(); }
String resourceGroupLink = this.authHelper.createResourceGroup(this.host, "stateless-service-group", Builder.create() .addFieldClause( UriUtils.URI_PATH_CHAR + serviceLink) .build()); this.authHelper.createRole(this.host, this.authHelper.getUserGroupLink(), resourceGroupLink, new HashSet<>(Arrays.asList(Action.GET, Action.POST, Action.PATCH, Action.DELETE)));