/** * Asserts that no NamespaceIamRoleAuthorizationEntities exist for the given namespace. Throws a AlreadyExistsException if any * NamespaceIamRoleAuthorizationEntity exist. * * @param namespaceEntity The namespace entity */ private void assertNamespaceIamRoleAuthorizationNotExist(NamespaceEntity namespaceEntity) { if (CollectionUtils.isNotEmpty(namespaceIamRoleAuthorizationDao.getNamespaceIamRoleAuthorizations(namespaceEntity))) { throw new AlreadyExistsException(String.format("Namespace IAM role authorizations with namespace \"%s\" already exist", namespaceEntity.getCode())); } }
/** * Creates a new namespace entity from the request information. * * @param request the request * * @return the newly created namespace entity */ private NamespaceEntity createNamespaceEntity(NamespaceCreateRequest request) { // Create a new entity. NamespaceEntity namespaceEntity = new NamespaceEntity(); namespaceEntity.setCode(request.getNamespaceCode()); return namespaceEntity; }
@Test public void deleteNamespaceIamRoleAuthorizationAssertErrorWhenDaoReturnsEmpty() { String expectedNamespace = "namespace"; NamespaceEntity expectedNamespaceEntity = new NamespaceEntity(); expectedNamespaceEntity.setCode("NAMESPACE"); when(namespaceDaoHelper.getNamespaceEntity(any())).thenReturn(expectedNamespaceEntity); when(namespaceIamRoleAuthorizationDao.getNamespaceIamRoleAuthorizations(any())).thenReturn(Collections.emptyList()); try { namespaceIamRoleAuthorizationServiceImpl.deleteNamespaceIamRoleAuthorization(expectedNamespace); fail(); } catch (Exception e) { assertEquals(ObjectNotFoundException.class, e.getClass()); assertEquals(String.format("Namespace IAM role authorizations for namespace \"%s\" do not exist", expectedNamespaceEntity.getCode()), e.getMessage()); } verify(namespaceDaoHelper).getNamespaceEntity(expectedNamespace); verify(namespaceIamRoleAuthorizationDao).getNamespaceIamRoleAuthorizations(expectedNamespaceEntity); verifyNoMoreInteractions(namespaceDaoHelper, namespaceIamRoleAuthorizationDao); }
@Test public void checkPermissionsAssertDoNothingWhenAuthorizationDisabled() { NamespaceEntity expectedNamespaceEntity = new NamespaceEntity(); Collection<String> requestedIamRoleNames = new ArrayList<>(); when(configurationHelper.getBooleanProperty(any())).thenReturn(false); namespaceIamRoleAuthorizationHelper.checkPermissions(expectedNamespaceEntity, requestedIamRoleNames); verify(configurationHelper).getBooleanProperty(ConfigurationValue.NAMESPACE_IAM_ROLE_AUTHORIZATION_ENABLED); verifyNoMoreInteractions(configurationHelper, namespaceIamRoleAuthorizationDao); }
@Test public void getNamespaceIamRoleAuthorizationAssertErrorWhenNoEntitiesFound() { String expectedNamespace = "namespace"; NamespaceEntity expectedNamespaceEntity = new NamespaceEntity(); expectedNamespaceEntity.setCode("NAMESPACE"); List<NamespaceIamRoleAuthorizationEntity> namespaceIamRoleAuthorizationEntities = Collections.emptyList(); when(namespaceDaoHelper.getNamespaceEntity(any())).thenReturn(expectedNamespaceEntity); when(namespaceIamRoleAuthorizationDao.getNamespaceIamRoleAuthorizations(any())).thenReturn(namespaceIamRoleAuthorizationEntities); try { namespaceIamRoleAuthorizationServiceImpl.getNamespaceIamRoleAuthorization(expectedNamespace); fail(); } catch (Exception e) { assertEquals(ObjectNotFoundException.class, e.getClass()); assertEquals(String.format("Namespace IAM role authorizations for namespace \"%s\" do not exist", expectedNamespaceEntity.getCode()), e.getMessage()); } verify(namespaceDaoHelper).getNamespaceEntity(expectedNamespace); verify(namespaceIamRoleAuthorizationDao).getNamespaceIamRoleAuthorizations(expectedNamespaceEntity); verifyNoMoreInteractions(namespaceDaoHelper, namespaceIamRoleAuthorizationDao); }
@Test public void checkPermissionsAssertRoleNameIsCaseInsensitive() { NamespaceEntity expectedNamespaceEntity = new NamespaceEntity(); String iamRoleName1 = "iamRoleName1"; String iamRoleName2 = "iamRoleName2"; Collection<String> requestedIamRoleNames = Arrays.asList(StringUtils.capitalize(iamRoleName1), StringUtils.capitalize(iamRoleName2)); List<NamespaceIamRoleAuthorizationEntity> namespaceIamRoleAuthorizationEntities = new ArrayList<>(); NamespaceIamRoleAuthorizationEntity namespaceIamRoleAuthorizationEntity1 = new NamespaceIamRoleAuthorizationEntity(); namespaceIamRoleAuthorizationEntity1.setIamRoleName(iamRoleName1); namespaceIamRoleAuthorizationEntities.add(namespaceIamRoleAuthorizationEntity1); NamespaceIamRoleAuthorizationEntity namespaceIamRoleAuthorizationEntity2 = new NamespaceIamRoleAuthorizationEntity(); namespaceIamRoleAuthorizationEntity2.setIamRoleName(iamRoleName2); namespaceIamRoleAuthorizationEntities.add(namespaceIamRoleAuthorizationEntity2); when(configurationHelper.getBooleanProperty(any())).thenReturn(true); when(namespaceIamRoleAuthorizationDao.getNamespaceIamRoleAuthorizations(any())).thenReturn(namespaceIamRoleAuthorizationEntities); namespaceIamRoleAuthorizationHelper.checkPermissions(expectedNamespaceEntity, requestedIamRoleNames); verify(configurationHelper).getBooleanProperty(ConfigurationValue.NAMESPACE_IAM_ROLE_AUTHORIZATION_ENABLED); verify(namespaceIamRoleAuthorizationDao).getNamespaceIamRoleAuthorizations(expectedNamespaceEntity); verifyNoMoreInteractions(configurationHelper, namespaceIamRoleAuthorizationDao); } }
/** * Asserts that no NamespaceIamRoleAuthorizationEntities exist for the given namespace. Throws a AlreadyExistsException if any * NamespaceIamRoleAuthorizationEntity exist. * * @param namespaceEntity The namespace entity */ private void assertNamespaceIamRoleAuthorizationNotExist(NamespaceEntity namespaceEntity) { if (CollectionUtils.isNotEmpty(namespaceIamRoleAuthorizationDao.getNamespaceIamRoleAuthorizations(namespaceEntity))) { throw new AlreadyExistsException(String.format("Namespace IAM role authorizations with namespace \"%s\" already exist", namespaceEntity.getCode())); } }
/** * Creates a new namespace entity from the request information. * * @param request the request * * @return the newly created namespace entity */ private NamespaceEntity createNamespaceEntity(NamespaceCreateRequest request) { // Create a new entity. NamespaceEntity namespaceEntity = new NamespaceEntity(); namespaceEntity.setCode(request.getNamespaceCode()); return namespaceEntity; }
@Test public void testBuildNamespaceAuthorizationsAssertWildcardQueryExecuted() { ApplicationUser applicationUser = new ApplicationUser(getClass()); String userId = "userId"; applicationUser.setUserId(userId); when(configurationHelper.getBooleanProperty(any())).thenReturn(true); List<UserNamespaceAuthorizationEntity> wildcardEntities = new ArrayList<>(); UserNamespaceAuthorizationEntity wildcardEntity = new UserNamespaceAuthorizationEntity(); wildcardEntity.setUserId("wildcardEntityUserId"); NamespaceEntity namespaceEntity = new NamespaceEntity(); namespaceEntity.setCode("namespace"); wildcardEntity.setNamespace(namespaceEntity); wildcardEntities.add(wildcardEntity); when(userNamespaceAuthorizationDao.getUserNamespaceAuthorizationsByUserIdStartsWith(any())).thenReturn(wildcardEntities); when(wildcardHelper.matches(any(), any())).thenReturn(true); userNamespaceAuthorizationHelper.buildNamespaceAuthorizations(applicationUser); assertEquals(1, applicationUser.getNamespaceAuthorizations().size()); NamespaceAuthorization namespaceAuthorization = IterableUtils.get(applicationUser.getNamespaceAuthorizations(), 0); assertEquals(namespaceEntity.getCode(), namespaceAuthorization.getNamespace()); verify(userNamespaceAuthorizationDao).getUserNamespaceAuthorizationsByUserId(eq(userId)); verify(userNamespaceAuthorizationDao).getUserNamespaceAuthorizationsByUserIdStartsWith(eq(WildcardHelper.WILDCARD_TOKEN)); verify(wildcardHelper).matches(eq(userId.toUpperCase()), eq(wildcardEntity.getUserId().toUpperCase())); verifyNoMoreInteractions(userNamespaceAuthorizationDao, wildcardHelper); }
@Test public void checkPermissionsAssertBlankRequestRoleIgnored() { NamespaceEntity expectedNamespaceEntity = new NamespaceEntity(); String iamRoleName1 = BLANK_TEXT; String iamRoleName2 = "iamRoleName2"; Collection<String> requestedIamRoleNames = Arrays.asList(iamRoleName1, iamRoleName2); List<NamespaceIamRoleAuthorizationEntity> namespaceIamRoleAuthorizationEntities = new ArrayList<>(); NamespaceIamRoleAuthorizationEntity namespaceIamRoleAuthorizationEntity1 = new NamespaceIamRoleAuthorizationEntity(); namespaceIamRoleAuthorizationEntity1.setIamRoleName("iamRoleName1"); namespaceIamRoleAuthorizationEntities.add(namespaceIamRoleAuthorizationEntity1); NamespaceIamRoleAuthorizationEntity namespaceIamRoleAuthorizationEntity2 = new NamespaceIamRoleAuthorizationEntity(); namespaceIamRoleAuthorizationEntity2.setIamRoleName(iamRoleName2); namespaceIamRoleAuthorizationEntities.add(namespaceIamRoleAuthorizationEntity2); when(configurationHelper.getBooleanProperty(any())).thenReturn(true); when(namespaceIamRoleAuthorizationDao.getNamespaceIamRoleAuthorizations(any())).thenReturn(namespaceIamRoleAuthorizationEntities); namespaceIamRoleAuthorizationHelper.checkPermissions(expectedNamespaceEntity, requestedIamRoleNames); verify(configurationHelper).getBooleanProperty(ConfigurationValue.NAMESPACE_IAM_ROLE_AUTHORIZATION_ENABLED); verify(namespaceIamRoleAuthorizationDao).getNamespaceIamRoleAuthorizations(expectedNamespaceEntity); verifyNoMoreInteractions(configurationHelper, namespaceIamRoleAuthorizationDao); }
@Override public EmrClusterDefinitionEntity getEmrClusterDefinitionByNamespaceAndName(NamespaceEntity namespaceEntity, String emrClusterDefinitionName) { // Create criteria builder and a top-level query. CriteriaBuilder builder = entityManager.getCriteriaBuilder(); CriteriaQuery<EmrClusterDefinitionEntity> criteria = builder.createQuery(EmrClusterDefinitionEntity.class); // The criteria root is the EMR cluster definition. Root<EmrClusterDefinitionEntity> emrClusterDefinitionEntityRoot = criteria.from(EmrClusterDefinitionEntity.class); // Create the standard restrictions (i.e. the standard where clauses). List<Predicate> predicates = new ArrayList<>(); predicates.add(builder.equal(emrClusterDefinitionEntityRoot.get(EmrClusterDefinitionEntity_.namespace), namespaceEntity)); predicates .add(builder.equal(builder.upper(emrClusterDefinitionEntityRoot.get(EmrClusterDefinitionEntity_.name)), emrClusterDefinitionName.toUpperCase())); // Add all clauses for the query. criteria.select(emrClusterDefinitionEntityRoot).where(builder.and(predicates.toArray(new Predicate[predicates.size()]))); // Execute query and return result. return executeSingleResultQuery(criteria, String .format("Found more than one EMR cluster definition with parameters {namespace=\"%s\", emrClusterDefinitionName=\"%s\"}.", namespaceEntity.getCode(), emrClusterDefinitionName)); }
/** * Creates and persists a new namespace entity. * * @param namespaceCd the namespace code * * @return the newly created namespace entity. */ public NamespaceEntity createNamespaceEntity(String namespaceCd) { NamespaceEntity namespaceEntity = new NamespaceEntity(); namespaceEntity.setCode(namespaceCd); return namespaceDao.saveAndRefresh(namespaceEntity); }
@Test public void createNamespaceIamRoleAuthorizationAssertErrorWhenAuthorizationAlreadyExist() { IamRole expectedIamRole1 = new IamRole("iamRoleName1", "iamRoleDescription1"); IamRole expectedIamRole2 = new IamRole("iamRoleName2", "iamRoleDescription2"); List<IamRole> expectedIamRoles = Arrays.asList(expectedIamRole1, expectedIamRole2); NamespaceIamRoleAuthorizationCreateRequest expectedRequest = new NamespaceIamRoleAuthorizationCreateRequest("namespace", expectedIamRoles); NamespaceEntity expectedNamespaceEntity = new NamespaceEntity(); expectedNamespaceEntity.setCode("NAMESPACE"); when(namespaceDaoHelper.getNamespaceEntity(any())).thenReturn(expectedNamespaceEntity); when(namespaceIamRoleAuthorizationDao.getNamespaceIamRoleAuthorizations(any())).thenReturn(Arrays.asList(new NamespaceIamRoleAuthorizationEntity())); try { namespaceIamRoleAuthorizationServiceImpl.createNamespaceIamRoleAuthorization(expectedRequest); fail(); } catch (Exception e) { assertEquals(AlreadyExistsException.class, e.getClass()); assertEquals(String.format("Namespace IAM role authorizations with namespace \"%s\" already exist", expectedNamespaceEntity.getCode()), e.getMessage()); } verify(namespaceDaoHelper).getNamespaceEntity(expectedRequest.getNamespace()); verify(namespaceIamRoleAuthorizationDao).getNamespaceIamRoleAuthorizations(expectedNamespaceEntity); verifyNoMoreInteractions(namespaceDaoHelper, namespaceIamRoleAuthorizationDao); }
@Test public void checkPermissionsWithArrayAssertNoErrorWhenNamespaceAuthorizedToAllRoles() { NamespaceEntity expectedNamespaceEntity = new NamespaceEntity(); String iamRoleName1 = "iamRoleName1"; String iamRoleName2 = "iamRoleName2"; List<NamespaceIamRoleAuthorizationEntity> namespaceIamRoleAuthorizationEntities = new ArrayList<>(); NamespaceIamRoleAuthorizationEntity namespaceIamRoleAuthorizationEntity1 = new NamespaceIamRoleAuthorizationEntity(); namespaceIamRoleAuthorizationEntity1.setIamRoleName(iamRoleName1); namespaceIamRoleAuthorizationEntities.add(namespaceIamRoleAuthorizationEntity1); NamespaceIamRoleAuthorizationEntity namespaceIamRoleAuthorizationEntity2 = new NamespaceIamRoleAuthorizationEntity(); namespaceIamRoleAuthorizationEntity2.setIamRoleName(iamRoleName2); namespaceIamRoleAuthorizationEntities.add(namespaceIamRoleAuthorizationEntity2); when(configurationHelper.getBooleanProperty(any())).thenReturn(true); when(namespaceIamRoleAuthorizationDao.getNamespaceIamRoleAuthorizations(any())).thenReturn(namespaceIamRoleAuthorizationEntities); namespaceIamRoleAuthorizationHelper.checkPermissions(expectedNamespaceEntity, iamRoleName1, iamRoleName2); verify(configurationHelper).getBooleanProperty(ConfigurationValue.NAMESPACE_IAM_ROLE_AUTHORIZATION_ENABLED); verify(namespaceIamRoleAuthorizationDao).getNamespaceIamRoleAuthorizations(expectedNamespaceEntity); verifyNoMoreInteractions(configurationHelper, namespaceIamRoleAuthorizationDao); }
@Override public EmrClusterDefinitionEntity getEmrClusterDefinitionByNamespaceAndName(NamespaceEntity namespaceEntity, String emrClusterDefinitionName) { // Create criteria builder and a top-level query. CriteriaBuilder builder = entityManager.getCriteriaBuilder(); CriteriaQuery<EmrClusterDefinitionEntity> criteria = builder.createQuery(EmrClusterDefinitionEntity.class); // The criteria root is the EMR cluster definition. Root<EmrClusterDefinitionEntity> emrClusterDefinitionEntityRoot = criteria.from(EmrClusterDefinitionEntity.class); // Create the standard restrictions (i.e. the standard where clauses). List<Predicate> predicates = new ArrayList<>(); predicates.add(builder.equal(emrClusterDefinitionEntityRoot.get(EmrClusterDefinitionEntity_.namespace), namespaceEntity)); predicates .add(builder.equal(builder.upper(emrClusterDefinitionEntityRoot.get(EmrClusterDefinitionEntity_.name)), emrClusterDefinitionName.toUpperCase())); // Add all clauses for the query. criteria.select(emrClusterDefinitionEntityRoot).where(builder.and(predicates.toArray(new Predicate[predicates.size()]))); // Execute query and return result. return executeSingleResultQuery(criteria, String .format("Found more than one EMR cluster definition with parameters {namespace=\"%s\", emrClusterDefinitionName=\"%s\"}.", namespaceEntity.getCode(), emrClusterDefinitionName)); }
@Test public void testGetJobsWhenNamespaceSpecifiedButNotAuthorizedAssertNoQuery() throws Exception { String namespace = "namespace"; String jobName = "jobName"; JobStatusEnum jobStatus = JobStatusEnum.COMPLETED; Set<String> authorizedNamespaces = new HashSet<>(Arrays.asList("a", "b")); when(namespaceSecurityHelper.getAuthorizedNamespaces(any())).thenReturn(authorizedNamespaces); NamespaceEntity namespaceEntity = new NamespaceEntity(); namespaceEntity.setCode(namespace); when(namespaceDao.getNamespaceByCd(any())).thenReturn(namespaceEntity); jobServiceImpl.getJobs(namespace, jobName, jobStatus, NO_START_TIME, NO_END_TIME); verify(jobDefinitionDao, times(0)).getJobDefinitionsByFilter(eq(authorizedNamespaces), eq(jobName)); }
@Test public void testBuildNamespaceAuthorizationsAssertAuthLookupByUserId() { ApplicationUser applicationUser = new ApplicationUser(getClass()); String userId = "userId"; applicationUser.setUserId(userId); when(configurationHelper.getBooleanProperty(any())).thenReturn(true); List<UserNamespaceAuthorizationEntity> userNamespaceAuthorizationEntities = new ArrayList<>(); UserNamespaceAuthorizationEntity userNamespaceAuthorizationEntity = new UserNamespaceAuthorizationEntity(); userNamespaceAuthorizationEntity.setUserId("userNamespaceAuthorizationEntityUserId"); NamespaceEntity namespaceEntity = new NamespaceEntity(); namespaceEntity.setCode("namespace"); userNamespaceAuthorizationEntity.setNamespace(namespaceEntity); userNamespaceAuthorizationEntities.add(userNamespaceAuthorizationEntity); when(userNamespaceAuthorizationDao.getUserNamespaceAuthorizationsByUserId(any())).thenReturn(userNamespaceAuthorizationEntities); userNamespaceAuthorizationHelper.buildNamespaceAuthorizations(applicationUser); assertEquals(1, applicationUser.getNamespaceAuthorizations().size()); NamespaceAuthorization namespaceAuthorization = IterableUtils.get(applicationUser.getNamespaceAuthorizations(), 0); assertEquals(namespaceEntity.getCode(), namespaceAuthorization.getNamespace()); verify(userNamespaceAuthorizationDao).getUserNamespaceAuthorizationsByUserId(eq(userId)); verify(userNamespaceAuthorizationDao).getUserNamespaceAuthorizationsByUserIdStartsWith(eq(WildcardHelper.WILDCARD_TOKEN)); verifyNoMoreInteractions(userNamespaceAuthorizationDao, wildcardHelper); }
@Test public void checkPermissionsAssertNoErrorWhenNamespaceAuthorizedToAllRoles() { NamespaceEntity expectedNamespaceEntity = new NamespaceEntity(); String iamRoleName1 = "iamRoleName1"; String iamRoleName2 = "iamRoleName2"; Collection<String> requestedIamRoleNames = Arrays.asList(iamRoleName1, iamRoleName2); List<NamespaceIamRoleAuthorizationEntity> namespaceIamRoleAuthorizationEntities = new ArrayList<>(); NamespaceIamRoleAuthorizationEntity namespaceIamRoleAuthorizationEntity1 = new NamespaceIamRoleAuthorizationEntity(); namespaceIamRoleAuthorizationEntity1.setIamRoleName(iamRoleName1); namespaceIamRoleAuthorizationEntities.add(namespaceIamRoleAuthorizationEntity1); NamespaceIamRoleAuthorizationEntity namespaceIamRoleAuthorizationEntity2 = new NamespaceIamRoleAuthorizationEntity(); namespaceIamRoleAuthorizationEntity2.setIamRoleName(iamRoleName2); namespaceIamRoleAuthorizationEntities.add(namespaceIamRoleAuthorizationEntity2); when(configurationHelper.getBooleanProperty(any())).thenReturn(true); when(namespaceIamRoleAuthorizationDao.getNamespaceIamRoleAuthorizations(any())).thenReturn(namespaceIamRoleAuthorizationEntities); namespaceIamRoleAuthorizationHelper.checkPermissions(expectedNamespaceEntity, requestedIamRoleNames); verify(configurationHelper).getBooleanProperty(ConfigurationValue.NAMESPACE_IAM_ROLE_AUTHORIZATION_ENABLED); verify(namespaceIamRoleAuthorizationDao).getNamespaceIamRoleAuthorizations(expectedNamespaceEntity); verifyNoMoreInteractions(configurationHelper, namespaceIamRoleAuthorizationDao); }
/** * Gets a list of NamespaceIamRoleAuthorizationEntities for the given namespace. Throws a ObjectNotFoundException if the result is empty. * * @param namespaceEntity The namespace entity * * @return List of NamespaceIamRoleAuthorizationEntity */ private List<NamespaceIamRoleAuthorizationEntity> getNamespaeIamRoleAuthorizationEntities(NamespaceEntity namespaceEntity) { List<NamespaceIamRoleAuthorizationEntity> namespaceIamRoleAuthorizationEntities = namespaceIamRoleAuthorizationDao.getNamespaceIamRoleAuthorizations(namespaceEntity); if (CollectionUtils.isEmpty(namespaceIamRoleAuthorizationEntities)) { throw new ObjectNotFoundException(String.format("Namespace IAM role authorizations for namespace \"%s\" do not exist", namespaceEntity.getCode())); } return namespaceIamRoleAuthorizationEntities; } }
@SuppressWarnings("unchecked") @Test public void testGetJobsWhenNamespaceNotSpecifiedAssertQueryByAllAuthorizedNamespaces() throws Exception { String namespace = null; String jobName = "jobName"; JobStatusEnum jobStatus = JobStatusEnum.COMPLETED; Set<String> authorizedNamespaces = new HashSet<>(Arrays.asList("a", "b")); when(namespaceSecurityHelper.getAuthorizedNamespaces(any())).thenReturn(authorizedNamespaces); NamespaceEntity namespaceEntity = new NamespaceEntity(); namespaceEntity.setCode(namespace); when(namespaceDao.getNamespaceByCd(any())).thenReturn(namespaceEntity); when(jobDefinitionDao.getJobDefinitionsByFilter(any(Collection.class), any())).thenReturn(new ArrayList<>()); jobServiceImpl.getJobs(namespace, jobName, jobStatus, NO_START_TIME, NO_END_TIME); verify(jobDefinitionDao).getJobDefinitionsByFilter(eq(authorizedNamespaces), eq(jobName)); }