public static UserGroupState buildProjectMembersUserGroup(String projectId) { String id = AuthRole.PROJECT_MEMBER.buildRoleWithSuffix(projectId); UserGroupState userGroupState = buildUserGroupState(id); return userGroupState; }
private static DeferredResult<List<Principal>> getGroupPrincipals(Service service, Operation requestorOperation, Set<String> groupLinks, String projectId, AuthRole role) { if (projectId == null || projectId.isEmpty()) { return DeferredResult.failed(new LocalizableValidationException( String.format(PROPERTY_CANNOT_BE_EMPTY_MESSAGE_FORMAT, "projectId"), "common.assertion.property.not.empty", "projectId")); } if (groupLinks == null || groupLinks.isEmpty()) { return DeferredResult.completed(new ArrayList<>()); } if (!EnumSet.of(AuthRole.PROJECT_ADMIN, AuthRole.PROJECT_MEMBER, AuthRole.PROJECT_VIEWER) .contains(role)) { return DeferredResult.failed(new IllegalArgumentException(role.name() + "is not " + "project role.")); } String defaultProjectGroupLink = UriUtils.buildUriPath(UserGroupService.FACTORY_LINK, role.buildRoleWithSuffix(projectId)); List<DeferredResult<Principal>> results = new ArrayList<>(); for (String groupLink : groupLinks) { if (!defaultProjectGroupLink.equals(groupLink)) { results.add(PrincipalUtil.getPrincipal(service, requestorOperation, Service.getId(groupLink))); } } return DeferredResult.allOf(results); }
private DeferredResult<Void> handleUserGroupRoleUnassignment(AuthRole role) { if (role == AuthRole.CLOUD_ADMIN) { return handleCloudAdminGroupUnassignment(); } return DeferredResult.failed(new LocalizableValidationException( ROLE_NOT_SUPPORTED_MESSAGE, ROLE_NOT_SUPPORTED_MESSAGE_CODE, role.name())); }
private void assignCloudAdminRoleTo(String principalId) { String rolesLink = buildRolesLinkFor(principalId); PrincipalRoleAssignment body = new PrincipalRoleAssignment(); body.add = Collections.singletonList(AuthRole.CLOUD_ADMIN.toString()); doPatch(body, rolesLink); }
private DeferredResult<Void> handleUser() { List<DeferredResult<Void>> results = new ArrayList<>(); if (roleAssignment.add != null && !roleAssignment.add.isEmpty()) { for (String role : roleAssignment.add) { AuthRole authRole = AuthRole.valueOf(role); results.add(handleUserRoleAssignment(authRole)); } } if (roleAssignment.remove != null && !roleAssignment.remove.isEmpty()) { for (String role : roleAssignment.remove) { AuthRole authRole = AuthRole.valueOf(role); results.add(handleUserRoleUnassignment(authRole)); } } return DeferredResult.allOf(results).thenAccept(ignore -> { }); }
public static AuthRole fromSuffix(String suffix) { assertNotNullOrEmpty(suffix, "suffix"); for (AuthRole r : AuthRole.values()) { if (r.suffix.equals(suffix)) { return r; } } throw new IllegalArgumentException("No matching type for:" + suffix); }
private static DeferredResult<ProjectEntry> extractProjectEntryFromRoleState(ServiceHost host, RoleState roleState) { ProjectEntry entry = new ProjectEntry(); String roleStateId = Service.getId(roleState.documentSelfLink); String[] roleStateIdData = extractDataFromRoleStateId(roleStateId); if (roleStateIdData.length != 3) { return DeferredResult.failed(new RuntimeException("Cannot extract project entry from " + "role state with invalid id: " + roleState.documentSelfLink)); } String projectId = roleStateIdData[0]; AuthRole projectRole = AuthRole.fromSuffix(roleStateIdData[2]); entry.roles = Collections.singleton(projectRole); return getProjectState(host, projectId) .thenApply(projectState -> { entry.documentSelfLink = projectState.documentSelfLink; entry.name = projectState.name; entry.customProperties = projectState.customProperties; return entry; }); }
private DeferredResult<Void> handleUserGroupRoleAssignment(AuthRole role) { if (role == AuthRole.CLOUD_ADMIN) { return handleCloudAdminGroupAssignment(principalId); } return DeferredResult.failed(new LocalizableValidationException( ROLE_NOT_SUPPORTED_MESSAGE, ROLE_NOT_SUPPORTED_MESSAGE_CODE, role.name())); }
private static AuthRole extractSystemRoleFromRoleState(RoleState roleState) { if (roleState.documentSelfLink.contains(AuthRole.CLOUD_ADMIN.getSuffix())) { return AuthRole.CLOUD_ADMIN; } else if (roleState.documentSelfLink.contains(AuthRole.BASIC_USER.getSuffix()) && !roleState.documentSelfLink.contains(AuthRole.BASIC_USER_EXTENDED.getSuffix())) { return AuthRole.BASIC_USER; } else if (roleState.documentSelfLink.contains(AuthRole.BASIC_USER_EXTENDED.getSuffix())) { return AuthRole.BASIC_USER_EXTENDED; } throw new RuntimeException("Cannot extract system role from role state with id: " + roleState.documentSelfLink); }
@Test public void testCloudAdminCanAssignCloudAdminRole() throws Throwable { host.assumeIdentity(buildUserServicePath(USER_EMAIL_CLOUD_ADMIN)); assignCloudAdminRoleTo(USER_EMAIL_BASIC_USER); PrincipalRoles roles = getUserRolesFor(USER_EMAIL_BASIC_USER); assertNotNull("could not retrieve roles for user " + USER_EMAIL_BASIC_USER, roles); assertNotNull("roles set is empty or null for user " + USER_EMAIL_BASIC_USER, roles.roles); assertThat( "Expected user " + USER_EMAIL_BASIC_USER + " to have role " + AuthRole.CLOUD_ADMIN.toString(), roles.roles, hasItem(AuthRole.CLOUD_ADMIN)); }
private DeferredResult<Void> handleUserGroup() { List<DeferredResult<Void>> results = new ArrayList<>(); if (roleAssignment.add != null && !roleAssignment.add.isEmpty()) { for (String role : roleAssignment.add) { AuthRole authRole = AuthRole.valueOf(role); results.add(handleUserGroupRoleAssignment(authRole)); } } if (roleAssignment.remove != null && !roleAssignment.remove.isEmpty()) { for (String role : roleAssignment.remove) { AuthRole authRole = AuthRole.valueOf(role); results.add(handleUserGroupRoleUnassignment(authRole)); } } return DeferredResult.allOf(results).thenAccept(ignore -> { }); }
public static UserGroupState buildProjectViewersUserGroup(String projectId) { String id = AuthRole.PROJECT_VIEWER.buildRoleWithSuffix(projectId); UserGroupState userGroupState = buildUserGroupState(id); return userGroupState; }
@Test public void testAssignRoleToUserGroup() throws Throwable { PrincipalRoleAssignment roleAssignment = new PrincipalRoleAssignment(); roleAssignment.add = new ArrayList<>(); roleAssignment.add.add(AuthRole.CLOUD_ADMIN.name()); doRoleAssignment(roleAssignment, USER_GROUP_DEVELOPERS); RoleState roleState = getDocument(RoleState.class, UriUtils.buildUriPath(RoleService.FACTORY_LINK, AuthRole.CLOUD_ADMIN .buildRoleWithSuffix(encode(USER_GROUP_DEVELOPERS)))); assertNotNull(roleState); assertEquals(UriUtils.buildUriPath(UserGroupService.FACTORY_LINK, encode(USER_GROUP_DEVELOPERS)), roleState.userGroupLink); }
private DeferredResult<Void> handleUserRoleUnassignment(AuthRole role) { if (role == AuthRole.CLOUD_ADMIN) { return UserGroupsUpdater.create() .setService(service) .setGroupLink(CLOUD_ADMINS_USER_GROUP_LINK) .setUsersToRemove(Collections.singletonList(principalId)) .update(); } return DeferredResult.failed(new LocalizableValidationException( ROLE_NOT_SUPPORTED_MESSAGE, ROLE_NOT_SUPPORTED_MESSAGE_CODE, role.name())); }
public String buildRoleWithSuffix(String... identifiers) { return String.join(SUFFIX_SEPARATOR, identifiers) + SUFFIX_SEPARATOR + getSuffix(); } }
public static UserGroupState buildProjectAdminsUserGroup(String projectId) { String id = AuthRole.PROJECT_ADMIN.buildRoleWithSuffix(projectId); UserGroupState userGroupState = buildUserGroupState(id); return userGroupState; }
PrincipalRoleAssignment roleAssignment = new PrincipalRoleAssignment(); roleAssignment.add = new ArrayList<>(); roleAssignment.add.add(AuthRole.CLOUD_ADMIN.name()); .buildRoleWithSuffix(encode(USER_GROUP_DEVELOPERS)))); assertNotNull(roleState); assertEquals(UriUtils.buildUriPath(UserGroupService.FACTORY_LINK, roleAssignment.remove.add(AuthRole.CLOUD_ADMIN.name()); AuthRole.CLOUD_ADMIN.buildRoleWithSuffix(encode(USER_GROUP_DEVELOPERS))); TestContext ctx2 = testCreate(1); Operation getSuperusersRole = Operation.createGet(host, developersRoleLink)
private DeferredResult<ResourceGroupState> createProjectResourceGroup(ProjectState projectState, AuthRole role) { String projectId = Service.getId(projectState.documentSelfLink); ResourceGroupState resourceGroupState; switch (role) { case PROJECT_ADMIN: resourceGroupState = AuthUtil.buildProjectAdminResourceGroup(projectId); break; case PROJECT_VIEWER: resourceGroupState = AuthUtil.buildProjectViewerResourceGroup(projectId); break; case PROJECT_MEMBER: resourceGroupState = AuthUtil.buildProjectMemberResourceGroup(projectId); break; case PROJECT_MEMBER_EXTENDED: resourceGroupState = AuthUtil.buildProjectExtendedMemberResourceGroup(projectId); break; default: String message = String.format("%s is not project role.", role.name()); throw new IllegalStateException(message); } return getHost().sendWithDeferredResult( buildCreateResourceGroupOperation(resourceGroupState), ResourceGroupState.class); }