/** * Inject user identity into operation context. * * @param userServicePath user document link */ public AuthorizationContext assumeIdentity(String userServicePath) throws GeneralSecurityException { return assumeIdentity(userServicePath, null); }
/** * Inject user identity into operation context. * * @param userServicePath user document link */ public AuthorizationContext assumeIdentity(String userServicePath) throws GeneralSecurityException { return assumeIdentity(userServicePath, null); }
protected void switchToAuthUser() throws Throwable { String userServicePath = UriUtils .buildUriPath(ServiceUriPaths.CORE_AUTHZ_USERS, this.adminEmail); this.host.assumeIdentity(userServicePath); }
protected void switchToAuthUser() throws Throwable { String userServicePath = UriUtils .buildUriPath(ServiceUriPaths.CORE_AUTHZ_USERS, this.adminEmail); this.host.assumeIdentity(userServicePath); }
@Before public void setup() throws GeneralSecurityException, IOException { host.assumeIdentity(buildUserServicePath(USER_EMAIL_ADMIN)); projectOnlyContent = IOUtils.toString( getClass().getClassLoader().getResourceAsStream(FILE_AUTH_CONTENT_PROJECTS_ONLY)); authContent = IOUtils.toString( getClass().getClassLoader().getResourceAsStream(FILE_AUTH_CONTENT_DEFAULT)); }
private RegistryState createRegistryAsCloudAdmin(String name, String address, String projectLink) throws Throwable { host.assumeIdentity(buildUserServicePath(USER_EMAIL_CLOUD_ADMIN)); return createRegistry(name, address, projectLink); }
@Before public void setup() throws Throwable { host.assumeIdentity(buildUserServicePath(USER_EMAIL_ADMIN)); waitForServiceAvailability(LocalPrincipalFactoryService.SELF_LINK); }
@Test public void testGetSecurityForCurrentUserAsCloudAdmin() throws GeneralSecurityException { host.assumeIdentity(buildUserServicePath(USER_EMAIL_ADMIN)); SecurityContext context = getSecurityContext(); assertTrue(context.roles.contains(AuthRole.CLOUD_ADMIN)); assertTrue(context.roles.contains(AuthRole.BASIC_USER)); }
@Before public void injectHost() throws Throwable { host.assumeIdentity(buildUserServicePath(USER_EMAIL_ADMIN)); provider.init(privilegedTestService); }
@Before public void setup() throws Throwable { host.assumeIdentity(buildUserServicePath(USER_EMAIL_ADMIN2)); loadAuthContent(AUTH_CONTENT_FILE_NAME); }
@Before public void setup() throws Throwable { host.assumeIdentity(buildUserServicePath(USER_EMAIL_CLOUD_ADMIN)); loadAuthContent(AUTH_CONTENT_FILE_NAME); }
@Test public void testGetSecurityForCurrentUserAsBasicUser() throws GeneralSecurityException { host.assumeIdentity(buildUserServicePath(USER_EMAIL_BASIC_USER)); SecurityContext context = getSecurityContext(); assertTrue(!context.roles.contains(AuthRole.CLOUD_ADMIN)); assertTrue(context.roles.contains(AuthRole.BASIC_USER)); }
@Before public void injectHost() throws Throwable { host.assumeIdentity(buildUserServicePath(USER_EMAIL_ADMIN)); provider.init(host.startServiceAndWait(SessionService.class, SessionService.SELF_LINK + "-test")); }
private AuthorizationContext assumeIdentityAndGetContext(String userLink, Service privilegedService, boolean populateCache) throws Throwable { AuthorizationContext authContext = this.host.assumeIdentity(userLink); if (populateCache) { this.host.sendAndWaitExpectSuccess( Operation.createGet(UriUtils.buildUri(this.host, ExampleService.FACTORY_LINK))); } return this.host.getAuthorizationContext(privilegedService, authContext.getToken()); }
private AuthorizationContext assumeIdentityAndGetContext(String userLink, Service privilegedService, boolean populateCache) throws Throwable { AuthorizationContext authContext = this.host.assumeIdentity(userLink); if (populateCache) { this.host.sendAndWaitExpectSuccess( Operation.createGet(UriUtils.buildUri(this.host, ExampleService.FACTORY_LINK))); } return this.host.getAuthorizationContext(privilegedService, authContext.getToken()); }
@Test public void testProjectAdminCanModifyProject() throws Throwable { host.assumeIdentity(buildUserServicePath(USER_EMAIL_FRITZ)); String projectLink = getProjectLinkByName(PROJECT_NAME_TEST_PROJECT_1); ProjectState project = new ProjectState(); project.name = "test-name"; doPatch(project, projectLink); }
@Test public void testGetSecurityContextShouldPass() throws GeneralSecurityException { // Assume the identity of admin, because basic user should not be able to use // PrincipalService and get data for other users. host.assumeIdentity(buildUserServicePath(USER_EMAIL_ADMIN)); SecurityContext securityContext = testRequest(Operation::createGet, UriUtils.buildUriPath(PrincipalService.SELF_LINK, USER_EMAIL_ADMIN, PrincipalService.SECURITY_CONTEXT_SUFFIX), false, null, SecurityContext.class); assertEquals(USER_EMAIL_ADMIN, securityContext.id); }
@Before public void setUp() throws Throwable { waitForServiceAvailability(ProjectFactoryService.SELF_LINK); waitForServiceAvailability(GroupResourcePlacementService.FACTORY_LINK); host.assumeIdentity(buildUserServicePath(USER_EMAIL_ADMIN)); Map<String, String> customProperties = createCustomPropertiesMap(CUSTOM_PROP_KEY_A, CUSTOM_PROP_VAL_A, CUSTOM_PROP_KEY_B, CUSTOM_PROP_VAL_B); project = createProject(PROJECT_NAME, PROJECT_DESCRIPTION, PROJECT_IS_PUBLIC, customProperties); }
@Before public void setUp() throws Throwable { waitForServiceAvailability(ProjectFactoryService.SELF_LINK); waitForServiceAvailability(UserGroupService.FACTORY_LINK); testOperationByAdmin = createAuthorizedOperation( host.assumeIdentity(buildUserServicePath(USER_EMAIL_ADMIN))); project = createProject(PROJECT_NAME, PROJECT_DESCRIPTION, PROJECT_IS_PUBLIC); rolesHandler = new ProjectRolesHandler(privilegedTestService, project.documentSelfLink); }
@Test public void testCloudAdminCanAssignCloudAdminRole() throws Throwable { host.assumeIdentity(buildUserServicePath(USER_EMAIL_CLOUD_ADMIN)); assignCloudAdminRoleTo(USER_EMAIL_BASIC_USER); PrincipalRoles roles = getUserRolesFor(USER_EMAIL_BASIC_USER); assertNotNull("could not retrieve roles for user " + USER_EMAIL_BASIC_USER, roles); assertNotNull("roles set is empty or null for user " + USER_EMAIL_BASIC_USER, roles.roles); assertThat( "Expected user " + USER_EMAIL_BASIC_USER + " to have role " + AuthRole.CLOUD_ADMIN.toString(), roles.roles, hasItem(AuthRole.CLOUD_ADMIN)); }