@Test public void testAssignRoleToUser() throws Throwable { PrincipalRoleAssignment roleAssignment = new PrincipalRoleAssignment(); roleAssignment.add = new ArrayList<>(); roleAssignment.add.add(AuthRole.CLOUD_ADMIN.name()); doRoleAssignment(roleAssignment, USER_EMAIL_BASIC_USER); UserState state = getDocument(UserState.class, buildUserServicePath(USER_EMAIL_BASIC_USER)); assertNotNull(state); assertTrue(state.userGroupLinks.contains(CLOUD_ADMINS_USER_GROUP_LINK)); }
doRoleAssignment(roleAssignment, USER_GROUP_DEVELOPERS); RoleState roleState = getDocument(RoleState.class, UriUtils.buildUriPath(RoleService.FACTORY_LINK, AuthRole.CLOUD_ADMIN .buildRoleWithSuffix(encode(USER_GROUP_DEVELOPERS)))); roleAssignment.remove.add(AuthRole.CLOUD_ADMIN.name()); doRoleAssignment(roleAssignment, USER_GROUP_DEVELOPERS); TestContext ctx2 = testCreate(1); Operation getSuperusersRole = Operation.createGet(host, developersRoleLink) .setReferer(host.getUri())
@Test public void testAssignRoleToUserGroup() throws Throwable { PrincipalRoleAssignment roleAssignment = new PrincipalRoleAssignment(); roleAssignment.add = new ArrayList<>(); roleAssignment.add.add(AuthRole.CLOUD_ADMIN.name()); doRoleAssignment(roleAssignment, USER_GROUP_DEVELOPERS); RoleState roleState = getDocument(RoleState.class, UriUtils.buildUriPath(RoleService.FACTORY_LINK, AuthRole.CLOUD_ADMIN .buildRoleWithSuffix(encode(USER_GROUP_DEVELOPERS)))); assertNotNull(roleState); assertEquals(UriUtils.buildUriPath(UserGroupService.FACTORY_LINK, encode(USER_GROUP_DEVELOPERS)), roleState.userGroupLink); }
@Before public void setup() throws GeneralSecurityException { host.assumeIdentity(buildUserServicePath(USER_EMAIL_ADMIN)); }
private void doRoleAssignment(PrincipalRoleAssignment roleAssignment, String principalId) { TestContext ctx = testCreate(1); PrincipalRolesHandler.create() .setService(privilegedTestService) .setPrincipalId(principalId) .setRoleAssignment(roleAssignment) .update() .whenComplete((ignore, ex) -> { if (ex != null) { ctx.failIteration(ex); return; } ctx.completeIteration(); }); ctx.await(); } }
doRoleAssignment(roleAssignment, USER_GROUP_DEVELOPERS); RoleState roleState = getDocument(RoleState.class, UriUtils.buildUriPath(RoleService.FACTORY_LINK, AuthRole.CLOUD_ADMIN .buildRoleWithSuffix(encode(USER_GROUP_DEVELOPERS)))); roleAssignment.remove.add(AuthRole.CLOUD_ADMIN.name()); doRoleAssignment(roleAssignment, USER_GROUP_DEVELOPERS); TestContext ctx2 = testCreate(1); Operation getSuperusersRole = Operation.createGet(host, developersRoleLink) .setReferer(host.getUri()) roleAssignment.add.add(AuthRole.CLOUD_ADMIN.name()); doRoleAssignment(roleAssignment, USER_GROUP_DEVELOPERS); roleState = getDocument(RoleState.class, UriUtils.buildUriPath(RoleService.FACTORY_LINK, AuthRole.CLOUD_ADMIN .buildRoleWithSuffix(encode(USER_GROUP_DEVELOPERS))));
@Test public void testUnAssignRoleToUser() throws Throwable { PrincipalRoleAssignment roleAssignment = new PrincipalRoleAssignment(); roleAssignment.add = new ArrayList<>(); roleAssignment.add.add(AuthRole.CLOUD_ADMIN.name()); // Assign. doRoleAssignment(roleAssignment, USER_EMAIL_BASIC_USER); UserState state = getDocument(UserState.class, buildUserServicePath(USER_EMAIL_BASIC_USER)); assertNotNull(state); assertTrue(state.userGroupLinks.contains(CLOUD_ADMINS_USER_GROUP_LINK)); // Unassign. roleAssignment = new PrincipalRoleAssignment(); roleAssignment.remove = new ArrayList<>(); roleAssignment.remove.add(AuthRole.CLOUD_ADMIN.name()); doRoleAssignment(roleAssignment, USER_EMAIL_BASIC_USER); // Verify. state = getDocument(UserState.class, buildUserServicePath(USER_EMAIL_BASIC_USER)); assertNotNull(state); assertTrue(!state.userGroupLinks.contains(CLOUD_ADMINS_USER_GROUP_LINK)); }
@Test public void testAssignRoleToUserTwice() throws Throwable { PrincipalRoleAssignment roleAssignment = new PrincipalRoleAssignment(); roleAssignment.add = new ArrayList<>(); roleAssignment.add.add(AuthRole.CLOUD_ADMIN.name()); // Assign. doRoleAssignment(roleAssignment, USER_EMAIL_BASIC_USER); UserState state = getDocument(UserState.class, buildUserServicePath(USER_EMAIL_BASIC_USER)); assertNotNull(state); assertTrue(state.userGroupLinks.contains(CLOUD_ADMINS_USER_GROUP_LINK)); // Unassign. roleAssignment = new PrincipalRoleAssignment(); roleAssignment.remove = new ArrayList<>(); roleAssignment.remove.add(AuthRole.CLOUD_ADMIN.name()); doRoleAssignment(roleAssignment, USER_EMAIL_BASIC_USER); state = getDocument(UserState.class, buildUserServicePath(USER_EMAIL_BASIC_USER)); assertNotNull(state); assertTrue(!state.userGroupLinks.contains(CLOUD_ADMINS_USER_GROUP_LINK)); // Assign again. roleAssignment = new PrincipalRoleAssignment(); roleAssignment.add = new ArrayList<>(); roleAssignment.add.add(AuthRole.CLOUD_ADMIN.name()); doRoleAssignment(roleAssignment, USER_EMAIL_BASIC_USER); state = getDocument(UserState.class, buildUserServicePath(USER_EMAIL_BASIC_USER)); assertNotNull(state); assertTrue(state.userGroupLinks.contains(CLOUD_ADMINS_USER_GROUP_LINK)); }