From e6205527fea017dabcba6bd0d2c0ebbba98417bf Mon Sep 17 00:00:00 2001 From: Henry Avetisyan Date: Thu, 2 Nov 2023 12:31:41 -0700 Subject: [PATCH] for notification emails expand groups and delegated role membership (#2388) Signed-off-by: Henry Avetisyan Co-authored-by: Henry Avetisyan --- .gitignore | 1 + .../common/server/db/RolesProvider.java | 23 +++- .../DomainRoleMembersFetcher.java | 33 +++++- .../DomainRoleMembersFetcherCommon.java | 20 ++-- .../DomainRoleMembersFetcherCommonTest.java | 110 ++++++++++++++++++ .../notification/NotificationManagerTest.java | 2 +- .../DomainRoleMembersFetcherTest.java | 2 + ...GroupMemberExpiryNotificationTaskTest.java | 18 ++- ...utGroupMembershipNotificationTaskTest.java | 16 +++ ...PutRoleMembershipNotificationTaskTest.java | 16 +++ .../RoleMemberExpiryNotificationTaskTest.java | 2 + .../RoleMemberNotificationCommonTest.java | 23 +++- .../RoleMemberReviewNotificationTaskTest.java | 2 + .../ZMSNotificationManagerTest.java | 2 + .../AWSZTSHealthNotificationTaskTest.java | 5 +- ...CertFailedRefreshNotificationTaskTest.java | 7 ++ .../notification/NotificationTestsCommon.java | 2 + 17 files changed, 262 insertions(+), 22 deletions(-) diff --git a/.gitignore b/.gitignore index 4da2f7a2fa3..2dcf4f18ebf 100644 --- a/.gitignore +++ b/.gitignore @@ -132,6 +132,7 @@ libs/nodejs/auth_core/package-lock.json .envrc .clover/ athenz-docker-build.log +syncers/auth_history_syncer/dynamodb-local-metadata.json # Logs logs diff --git a/libs/java/server_common/src/main/java/com/yahoo/athenz/common/server/db/RolesProvider.java b/libs/java/server_common/src/main/java/com/yahoo/athenz/common/server/db/RolesProvider.java index c1511461f44..43123c960af 100644 --- a/libs/java/server_common/src/main/java/com/yahoo/athenz/common/server/db/RolesProvider.java +++ b/libs/java/server_common/src/main/java/com/yahoo/athenz/common/server/db/RolesProvider.java @@ -17,17 +17,32 @@ package com.yahoo.athenz.common.server.db; import com.yahoo.athenz.zms.Role; - import java.util.List; /** * A common interface used by ZMS and ZTS for providing roles by domain */ public interface RolesProvider { + /** - * - * @param domain name of the domain + * Return the full list of roles from the given domain + * @param domainName name of the domain * @return List of roles from the domain */ - List getRolesByDomain(String domain); + List getRolesByDomain(String domainName); + + /** + * Return the requested role from the given domain. If the + * expand flag is set to true, the provider will automatically + * expand the role members and return the full list of members + * @param domainName name of the domain + * @param roleName name of the role + * @param auditLog flag to indicate to return audit log entries + * @param expand flag to indicate to expand group and delegated role membership + * @param pending flag to indicate to return pending members + * @return the role object from the given domain + */ + default Role getRole(String domainName, String roleName, Boolean auditLog, Boolean expand, Boolean pending) { + throw new UnsupportedOperationException(); + } } diff --git a/libs/java/server_common/src/main/java/com/yahoo/athenz/common/server/notification/DomainRoleMembersFetcher.java b/libs/java/server_common/src/main/java/com/yahoo/athenz/common/server/notification/DomainRoleMembersFetcher.java index d9bb5968fa7..fd3cec0ca9d 100644 --- a/libs/java/server_common/src/main/java/com/yahoo/athenz/common/server/notification/DomainRoleMembersFetcher.java +++ b/libs/java/server_common/src/main/java/com/yahoo/athenz/common/server/notification/DomainRoleMembersFetcher.java @@ -16,14 +16,20 @@ package com.yahoo.athenz.common.server.notification; +import com.yahoo.athenz.auth.AuthorityConsts; import com.yahoo.athenz.common.server.db.RolesProvider; + import com.yahoo.athenz.zms.Role; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import java.util.HashSet; -import java.util.List; import java.util.Set; public class DomainRoleMembersFetcher { + + private static final Logger LOGGER = LoggerFactory.getLogger(DomainRoleMembersFetcher.class); + private final RolesProvider rolesProvider; private final DomainRoleMembersFetcherCommon domainRoleMembersFetcherCommon; @@ -33,15 +39,32 @@ public DomainRoleMembersFetcher(RolesProvider rolesProvider, String userDomainPr } public Set getDomainRoleMembers(String domainName, String roleName) { + if (rolesProvider == null) { return new HashSet<>(); } - List roles = rolesProvider.getRolesByDomain(domainName); - if (roles == null) { + // we're going to use our new getRole interface api to get the + // role fully expanded with all its members. However, if the + // provider does not support this interface then we're going + // fall back to the old method of getting the role members + + try { + // our given role name is the full arn, so first we need to + // extract the local role component from the role name + + int idx = roleName.indexOf(AuthorityConsts.ROLE_SEP); + Role role = rolesProvider.getRole(domainName, roleName.substring(idx + AuthorityConsts.ROLE_SEP.length()), + Boolean.FALSE, Boolean.TRUE, Boolean.FALSE); + return domainRoleMembersFetcherCommon.getDomainRoleMembers(role); + } catch (Exception ex) { + if (ex instanceof UnsupportedOperationException) { + return domainRoleMembersFetcherCommon.getDomainRoleMembers(roleName, + rolesProvider.getRolesByDomain(domainName)); + } + LOGGER.error("unable to fetch members for role: {} in domain: {} error: {}", + roleName, domainName, ex.getMessage()); return new HashSet<>(); } - - return domainRoleMembersFetcherCommon.getDomainRoleMembers(roleName, roles); } } diff --git a/libs/java/server_common/src/main/java/com/yahoo/athenz/common/server/notification/DomainRoleMembersFetcherCommon.java b/libs/java/server_common/src/main/java/com/yahoo/athenz/common/server/notification/DomainRoleMembersFetcherCommon.java index a8b37721ed6..52d8890ceb2 100644 --- a/libs/java/server_common/src/main/java/com/yahoo/athenz/common/server/notification/DomainRoleMembersFetcherCommon.java +++ b/libs/java/server_common/src/main/java/com/yahoo/athenz/common/server/notification/DomainRoleMembersFetcherCommon.java @@ -31,7 +31,19 @@ public DomainRoleMembersFetcherCommon(String userDomainPrefix) { this.userDomainPrefix = userDomainPrefix; } + public Set getDomainRoleMembers(Role role) { + + if (role.getRoleMembers() == null) { + return new HashSet<>(); + } + + return role.getRoleMembers().stream() + .filter(this::isUnexpiredUser) + .map(RoleMember::getMemberName).collect(Collectors.toSet()); + } + public Set getDomainRoleMembers(String roleName, List roles) { + if (roles == null) { return new HashSet<>(); } @@ -42,13 +54,7 @@ public Set getDomainRoleMembers(String roleName, List roles) { } if (role.getName().equals(roleName)) { - if (role.getRoleMembers() == null) { - return new HashSet<>(); - } - - return role.getRoleMembers().stream() - .filter(this::isUnexpiredUser) - .map(RoleMember::getMemberName).collect(Collectors.toSet()); + return getDomainRoleMembers(role); } } diff --git a/libs/java/server_common/src/test/java/com/yahoo/athenz/common/server/notification/DomainRoleMembersFetcherCommonTest.java b/libs/java/server_common/src/test/java/com/yahoo/athenz/common/server/notification/DomainRoleMembersFetcherCommonTest.java index c5a4b6d2ab7..700438ca9ba 100644 --- a/libs/java/server_common/src/test/java/com/yahoo/athenz/common/server/notification/DomainRoleMembersFetcherCommonTest.java +++ b/libs/java/server_common/src/test/java/com/yahoo/athenz/common/server/notification/DomainRoleMembersFetcherCommonTest.java @@ -16,6 +16,8 @@ package com.yahoo.athenz.common.server.notification; +import com.yahoo.athenz.common.server.db.RolesProvider; +import com.yahoo.athenz.common.server.rest.ResourceException; import com.yahoo.athenz.zms.Role; import com.yahoo.athenz.zms.RoleMember; import com.yahoo.rdl.Timestamp; @@ -28,6 +30,7 @@ import static org.testng.AssertJUnit.assertTrue; public class DomainRoleMembersFetcherCommonTest { + @Test public void testGetDomainRoleMembers() { DomainRoleMembersFetcherCommon fetcherCommon = new DomainRoleMembersFetcherCommon(USER_DOMAIN_PREFIX); @@ -65,6 +68,113 @@ public void testGetDomainRoleMembers() { receivedMembers = fetcherCommon.getDomainRoleMembers("roleDoesntExist", rolesList); assertEquals(new HashSet<>(), receivedMembers); + + // if the role list is empty we get an empty set + + assertEquals(new HashSet<>(), fetcherCommon.getDomainRoleMembers("role1", null)); + } + + @Test + public void testGetDomainRoleMembersFromRole() { + DomainRoleMembersFetcherCommon fetcherCommon = new DomainRoleMembersFetcherCommon(USER_DOMAIN_PREFIX); + + long currentTimeInMillis = System.currentTimeMillis(); + Timestamp futureTimeStamp = Timestamp.fromMillis(currentTimeInMillis + 100000); + Timestamp pastTimeStamp = Timestamp.fromMillis(currentTimeInMillis - 100000); + + Role role1 = new Role(); + role1.setName("role1"); + RoleMember roleMember1 = new RoleMember().setMemberName("user.unexpiredUser").setExpiration(futureTimeStamp); + RoleMember roleMember2 = new RoleMember().setMemberName("user.expiredUser").setExpiration(pastTimeStamp); + RoleMember roleMember3 = new RoleMember().setMemberName("user.noExpiration"); + RoleMember roleMember4 = new RoleMember().setMemberName("notProperUsername"); + List role1MemberList = new ArrayList<>(Arrays.asList(roleMember1, roleMember2, roleMember3, roleMember4)); + role1.setRoleMembers(role1MemberList); + + Set receivedMembers = fetcherCommon.getDomainRoleMembers(role1); + assertEquals(2, receivedMembers.size()); + assertTrue(receivedMembers.contains("user.unexpiredUser")); + assertTrue(receivedMembers.contains("user.noExpiration")); + } + + @Test + public void testDomainRoleMembersFetcherNullProvider() { + DomainRoleMembersFetcher fetcher = new DomainRoleMembersFetcher(null, USER_DOMAIN_PREFIX); + assertEquals(new HashSet<>(), fetcher.getDomainRoleMembers("domain", "role")); } + @Test + public void testDomainRoleMembersFetcherRole() { + + Role role1 = new Role(); + role1.setName("role1"); + List role1MemberList = Collections.singletonList(new RoleMember().setMemberName("user.user1")); + role1.setRoleMembers(role1MemberList); + + RolesProvider provider = new RolesProvider() { + @Override + public List getRolesByDomain(String domainName) { + return null; + } + @Override + public Role getRole(String domainName, String roleName, Boolean auditLog, Boolean expand, Boolean pending) { + return role1; + } + }; + + DomainRoleMembersFetcher fetcher = new DomainRoleMembersFetcher(provider, USER_DOMAIN_PREFIX); + Set users = fetcher.getDomainRoleMembers("domain1", "role1"); + assertEquals(1, users.size()); + assertTrue(users.contains("user.user1")); + } + + @Test + public void testDomainRoleMembersFetcherNotImpl() { + + Role role1 = new Role(); + role1.setName("role1"); + List role1MemberList = Collections.singletonList(new RoleMember().setMemberName("user.user1")); + role1.setRoleMembers(role1MemberList); + + List rolesList = new ArrayList<>(); + rolesList.add(role1); + + RolesProvider provider = new RolesProvider() { + @Override + public List getRolesByDomain(String domainName) { + return rolesList; + } + }; + + DomainRoleMembersFetcher fetcher = new DomainRoleMembersFetcher(provider, USER_DOMAIN_PREFIX); + Set users = fetcher.getDomainRoleMembers("domain1", "role1"); + assertEquals(1, users.size()); + assertTrue(users.contains("user.user1")); + } + + @Test + public void testDomainRoleMembersFetcherExc() { + + Role role1 = new Role(); + role1.setName("role1"); + List role1MemberList = Collections.singletonList(new RoleMember().setMemberName("user.user1")); + role1.setRoleMembers(role1MemberList); + + List rolesList = new ArrayList<>(); + rolesList.add(role1); + + RolesProvider provider = new RolesProvider() { + @Override + public List getRolesByDomain(String domainName) { + return rolesList; + } + @Override + public Role getRole(String domainName, String roleName, Boolean auditLog, Boolean expand, Boolean pending) { + throw new ResourceException(400, "Invalid request"); + } + }; + + DomainRoleMembersFetcher fetcher = new DomainRoleMembersFetcher(provider, USER_DOMAIN_PREFIX); + assertEquals(new HashSet<>(), fetcher.getDomainRoleMembers("domain1", "role1")); + } } diff --git a/libs/java/server_common/src/test/java/com/yahoo/athenz/common/server/notification/NotificationManagerTest.java b/libs/java/server_common/src/test/java/com/yahoo/athenz/common/server/notification/NotificationManagerTest.java index 40c0e1170f9..946d25d176e 100644 --- a/libs/java/server_common/src/test/java/com/yahoo/athenz/common/server/notification/NotificationManagerTest.java +++ b/libs/java/server_common/src/test/java/com/yahoo/athenz/common/server/notification/NotificationManagerTest.java @@ -220,7 +220,7 @@ public void testCreateNotificationException() { NotificationToEmailConverter converter = Mockito.mock(NotificationToEmailConverter.class); NotificationToMetricConverter metricConverter = Mockito.mock(NotificationToMetricConverter.class); Notification notification = notificationCommon.createNotification(recipient, details, converter, metricConverter); - Mockito.verify(rolesProvider, Mockito.times(1)).getRolesByDomain(Mockito.any()); + Mockito.verify(rolesProvider, Mockito.times(1)).getRole("test.domain", "admin", false, true, false); assertNull(notification); } diff --git a/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/DomainRoleMembersFetcherTest.java b/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/DomainRoleMembersFetcherTest.java index fe8f1027b67..7ed56d8666e 100644 --- a/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/DomainRoleMembersFetcherTest.java +++ b/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/DomainRoleMembersFetcherTest.java @@ -50,6 +50,8 @@ public void testGetDomainRoleMembers() { adminRole.setRoleMembers(Arrays.asList(roleMember1, roleMember2)); domainData.setRoles(Collections.singletonList(adminRole)); Mockito.when(dbsvc.getRolesByDomain(eq("domain1"))).thenReturn(domainData.getRoles()); + Mockito.when(dbsvc.getRole("domain1", "admin", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(adminRole); DomainRoleMembersFetcher domainRoleMembersFetcher = new DomainRoleMembersFetcher( dbsvc, diff --git a/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/GroupMemberExpiryNotificationTaskTest.java b/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/GroupMemberExpiryNotificationTaskTest.java index 7fb73916feb..ac1c7e0a0e5 100644 --- a/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/GroupMemberExpiryNotificationTaskTest.java +++ b/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/GroupMemberExpiryNotificationTaskTest.java @@ -122,6 +122,8 @@ public void testSendGroupMemberExpiryReminders() { domain.setRoles(roles); Mockito.when(dbsvc.getRolesByDomain("athenz1")).thenReturn(domain.getRoles()); + Mockito.when(dbsvc.getRole("athenz1", "admin", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(adminRole); List notifications = new GroupMemberExpiryNotificationTask(dbsvc, USER_DOMAIN_PREFIX, notificationToEmailConverterCommon, false).getNotifications(); @@ -421,6 +423,8 @@ public void testSendConsolidatedGroupMemberExpiryReminders() { domain.setRoles(roles); Mockito.when(dbsvc.getRolesByDomain("athenz1")).thenReturn(domain.getRoles()); + Mockito.when(dbsvc.getRole("athenz1", "admin", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(adminRole); List notifications = new GroupMemberExpiryNotificationTask(dbsvc, USER_DOMAIN_PREFIX, notificationToEmailConverterCommon, true).getNotifications(); @@ -467,6 +471,8 @@ public void testConsolidateGroupMembers() { Role role = new Role().setName("athenz:role.admin").setRoleMembers(roleMembers); athenzRoles.add(role); Mockito.when(dbsvc.getRolesByDomain("athenz")).thenReturn(athenzRoles); + Mockito.when(dbsvc.getRole("athenz", "admin", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(role); List sportsRoles = new ArrayList<>(); roleMembers = new ArrayList<>(); @@ -475,11 +481,15 @@ public void testConsolidateGroupMembers() { role = new Role().setName("sports:role.admin").setRoleMembers(roleMembers); sportsRoles.add(role); Mockito.when(dbsvc.getRolesByDomain("sports")).thenReturn(sportsRoles); + Mockito.when(dbsvc.getRole("sports", "admin", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(role); List weatherRoles = new ArrayList<>(); role = new Role().setName("weather:role.admin").setRoleMembers(new ArrayList<>()); weatherRoles.add(role); Mockito.when(dbsvc.getRolesByDomain("weather")).thenReturn(weatherRoles); + Mockito.when(dbsvc.getRole("weather", "admin", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(role); GroupMemberExpiryNotificationTask task = new GroupMemberExpiryNotificationTask( dbsvc, USER_DOMAIN_PREFIX, new NotificationToEmailConverterCommon(null), true); @@ -528,6 +538,8 @@ public void testConsolidateDomainMembers() { Role role = new Role().setName("athenz:role.admin").setRoleMembers(roleMembers); athenzRoles.add(role); Mockito.when(dbsvc.getRolesByDomain("athenz")).thenReturn(athenzRoles); + Mockito.when(dbsvc.getRole("athenz", "admin", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(role); List sportsRoles = new ArrayList<>(); roleMembers = new ArrayList<>(); @@ -536,11 +548,15 @@ public void testConsolidateDomainMembers() { role = new Role().setName("sports:role.admin").setRoleMembers(roleMembers); sportsRoles.add(role); Mockito.when(dbsvc.getRolesByDomain("sports")).thenReturn(sportsRoles); + Mockito.when(dbsvc.getRole("sports", "admin", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(role); List weatherRoles = new ArrayList<>(); - role = new Role().setName("sports:role.admin").setRoleMembers(new ArrayList<>()); + role = new Role().setName("weather:role.admin").setRoleMembers(new ArrayList<>()); weatherRoles.add(role); Mockito.when(dbsvc.getRolesByDomain("weather")).thenReturn(weatherRoles); + Mockito.when(dbsvc.getRole("weather", "admin", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(role); GroupMemberExpiryNotificationTask task = new GroupMemberExpiryNotificationTask( dbsvc, USER_DOMAIN_PREFIX, new NotificationToEmailConverterCommon(null), true); diff --git a/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/PutGroupMembershipNotificationTaskTest.java b/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/PutGroupMembershipNotificationTaskTest.java index 555eba6cff9..9d6914aae01 100644 --- a/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/PutGroupMembershipNotificationTaskTest.java +++ b/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/PutGroupMembershipNotificationTaskTest.java @@ -85,7 +85,12 @@ public void testGenerateAndSendPostPutGroupMembershipNotification() { athenzDomain2.setRoles(roles2); Mockito.when(dbsvc.getRolesByDomain("sys.auth.audit.org")).thenReturn(athenzDomain1.getRoles()); + Mockito.when(dbsvc.getRole("sys.auth.audit.org", "neworg", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(orgRole); + Mockito.when(dbsvc.getRolesByDomain("sys.auth.audit.domain")).thenReturn(athenzDomain2.getRoles()); + Mockito.when(dbsvc.getRole("sys.auth.audit.domain", "testdomain1", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(domainRole); ArgumentCaptor captor = ArgumentCaptor.forClass(Notification.class); @@ -145,6 +150,8 @@ public void testGenerateAndSendPostPutGroupMembershipNotificationNullDomainGroup athenzDomain.setRoles(roles); Mockito.when(dbsvc.getRolesByDomain("sys.auth.audit.org")).thenReturn(athenzDomain.getRoles()); + Mockito.when(dbsvc.getRole("sys.auth.audit.org", "neworg", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(orgRole); ArgumentCaptor captor = ArgumentCaptor.forClass(Notification.class); @@ -203,6 +210,8 @@ public void testGenerateAndSendPostPutGroupMembershipNotificationNullOrgGroup() athenzDomain.setRoles(roles); Mockito.when(dbsvc.getRolesByDomain("sys.auth.audit.domain")).thenReturn(athenzDomain.getRoles()); + Mockito.when(dbsvc.getRole("sys.auth.audit.domain", "testdomain1", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(domainRole); ArgumentCaptor captor = ArgumentCaptor.forClass(Notification.class); @@ -261,6 +270,8 @@ public void testGenerateAndSendPostPutGroupMembershipNotificationSelfserve() { athenzDomain.setRoles(roles); Mockito.when(dbsvc.getRolesByDomain("testdomain1")).thenReturn(athenzDomain.getRoles()); + Mockito.when(dbsvc.getRole("testdomain1", "admin", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(adminRole); ArgumentCaptor captor = ArgumentCaptor.forClass(Notification.class); @@ -337,7 +348,12 @@ public void testGenerateAndSendPostPutGroupMembershipNotificationNotifyGroups() athenzDomain2.setRoles(roles2); Mockito.when(dbsvc.getRolesByDomain("testdomain1")).thenReturn(athenzDomain1.getRoles()); + Mockito.when(dbsvc.getRole("testdomain1", "notify", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(localRole); + Mockito.when(dbsvc.getRolesByDomain("athenz")).thenReturn(athenzDomain2.getRoles()); + Mockito.when(dbsvc.getRole("athenz", "approvers", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(domainRole); ArgumentCaptor captor = ArgumentCaptor.forClass(Notification.class); diff --git a/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/PutRoleMembershipNotificationTaskTest.java b/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/PutRoleMembershipNotificationTaskTest.java index c5424edc568..812f06a7630 100644 --- a/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/PutRoleMembershipNotificationTaskTest.java +++ b/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/PutRoleMembershipNotificationTaskTest.java @@ -89,7 +89,12 @@ public void testGenerateAndSendPostPutMembershipNotification() { athenzDomain2.setRoles(roles2); Mockito.when(dbsvc.getRolesByDomain("sys.auth.audit.org")).thenReturn(athenzDomain1.getRoles()); + Mockito.when(dbsvc.getRole("sys.auth.audit.org", "neworg", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(orgRole); + Mockito.when(dbsvc.getRolesByDomain("sys.auth.audit.domain")).thenReturn(athenzDomain2.getRoles()); + Mockito.when(dbsvc.getRole("sys.auth.audit.domain", "testdomain1", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(domainRole); ArgumentCaptor captor = ArgumentCaptor.forClass(Notification.class); @@ -146,6 +151,8 @@ public void testGenerateAndSendPostPutMembershipNotificationNullDomainRole() { athenzDomain.setRoles(roles); Mockito.when(dbsvc.getRolesByDomain("sys.auth.audit.org")).thenReturn(athenzDomain.getRoles()); + Mockito.when(dbsvc.getRole("sys.auth.audit.org", "neworg", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(orgRole); ArgumentCaptor captor = ArgumentCaptor.forClass(Notification.class); @@ -201,6 +208,8 @@ public void testGenerateAndSendPostPutMembershipNotificationNullOrgRole() { athenzDomain.setRoles(roles); Mockito.when(dbsvc.getRolesByDomain("sys.auth.audit.domain")).thenReturn(athenzDomain.getRoles()); + Mockito.when(dbsvc.getRole("sys.auth.audit.domain", "testdomain1", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(domainRole); ArgumentCaptor captor = ArgumentCaptor.forClass(Notification.class); @@ -256,6 +265,8 @@ public void testGenerateAndSendPostPutMembershipNotificationSelfserve() { athenzDomain.setRoles(roles); Mockito.when(dbsvc.getRolesByDomain("testdomain1")).thenReturn(athenzDomain.getRoles()); + Mockito.when(dbsvc.getRole("testdomain1", "admin", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(adminRole); ArgumentCaptor captor = ArgumentCaptor.forClass(Notification.class); @@ -329,7 +340,12 @@ public void testGenerateAndSendPostPutMembershipNotificationNotifyRoles() { athenzDomain2.setRoles(roles2); Mockito.when(dbsvc.getRolesByDomain("testdomain1")).thenReturn(athenzDomain1.getRoles()); + Mockito.when(dbsvc.getRole("testdomain1", "notify", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(localRole); + Mockito.when(dbsvc.getRolesByDomain("athenz")).thenReturn(athenzDomain2.getRoles()); + Mockito.when(dbsvc.getRole("athenz", "approvers", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(domainRole); ArgumentCaptor captor = ArgumentCaptor.forClass(Notification.class); diff --git a/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/RoleMemberExpiryNotificationTaskTest.java b/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/RoleMemberExpiryNotificationTaskTest.java index d1fa601a40e..157ec4f3185 100644 --- a/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/RoleMemberExpiryNotificationTaskTest.java +++ b/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/RoleMemberExpiryNotificationTaskTest.java @@ -125,6 +125,8 @@ public void testSendRoleMemberExpiryReminders() { domain.setRoles(roles); Mockito.when(dbsvc.getRolesByDomain("athenz1")).thenReturn(domain.getRoles()); + Mockito.when(dbsvc.getRole("athenz1", "admin", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenThrow(new UnsupportedOperationException()); List notifications = new RoleMemberExpiryNotificationTask(dbsvc, USER_DOMAIN_PREFIX, new NotificationToEmailConverterCommon(null), false).getNotifications(); diff --git a/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/RoleMemberNotificationCommonTest.java b/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/RoleMemberNotificationCommonTest.java index 162413c05f6..eae4a522842 100644 --- a/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/RoleMemberNotificationCommonTest.java +++ b/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/RoleMemberNotificationCommonTest.java @@ -46,6 +46,8 @@ public void testExpiryPrincipalGetNotificationDetails() { admin.setName("groupdomain1:role.admin"); adminMembers.add(admin); Mockito.when(dbsvc.getRolesByDomain(eq("groupdomain1"))).thenReturn(adminMembers); + Mockito.when(dbsvc.getRole("groupdomain1", "admin", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(admin); RoleMemberNotificationCommon roleMemberNotificationCommon = new RoleMemberNotificationCommon(dbsvc, USER_DOMAIN_PREFIX, false); NotificationToEmailConverterCommon notificationToEmailConverterCommon = new NotificationToEmailConverterCommon(null); @@ -149,6 +151,8 @@ public void testReviewPrincipalGetNotificationDetails() { Role adminRole = new Role().setName("athenz1:role.admin").setRoleMembers(Arrays.asList( new RoleMember().setMemberName("user.testadmin"))); Mockito.when(dbsvc.getRolesByDomain(eq("athenz1"))).thenReturn(Arrays.asList(adminRole)); + Mockito.when(dbsvc.getRole("athenz1", "admin", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(adminRole); RoleMemberNotificationCommon roleMemberNotificationCommon = new RoleMemberNotificationCommon( dbsvc, USER_DOMAIN_PREFIX, false); NotificationToEmailConverterCommon notificationToEmailConverterCommon = new NotificationToEmailConverterCommon(null); @@ -248,6 +252,8 @@ public void testReviewGetNotificationDetailsFilterTag() { Role adminRole = new Role().setName("athenz1:role.admin").setRoleMembers(Arrays.asList( new RoleMember().setMemberName("user.testadmin"))); Mockito.when(dbsvc.getRolesByDomain(eq("athenz1"))).thenReturn(Arrays.asList(adminRole)); + Mockito.when(dbsvc.getRole("athenz1", "admin", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(adminRole); RoleMemberNotificationCommon roleMemberNotificationCommon = new RoleMemberNotificationCommon( dbsvc, USER_DOMAIN_PREFIX, false); NotificationToEmailConverterCommon notificationToEmailConverterCommon = new NotificationToEmailConverterCommon(null); @@ -325,7 +331,8 @@ public void testConsolidatedExpiryPrincipalGetNotificationDetails() { admin.setName("groupdomain1:role.admin"); adminMembers.add(admin); Mockito.when(dbsvc.getRolesByDomain(eq("groupdomain1"))).thenReturn(adminMembers); - + Mockito.when(dbsvc.getRole("groupdomain1", "admin", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(admin); RoleMemberNotificationCommon roleMemberNotificationCommon = new RoleMemberNotificationCommon(dbsvc, USER_DOMAIN_PREFIX, true); NotificationToEmailConverterCommon notificationToEmailConverterCommon = new NotificationToEmailConverterCommon(null); @@ -435,6 +442,8 @@ public void testConsolidateRoleMembers() { Role role = new Role().setName("athenz:role.admin").setRoleMembers(roleMembers); athenzRoles.add(role); Mockito.when(dbsvc.getRolesByDomain("athenz")).thenReturn(athenzRoles); + Mockito.when(dbsvc.getRole("athenz", "admin", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(role); List sportsRoles = new ArrayList<>(); roleMembers = new ArrayList<>(); @@ -443,11 +452,15 @@ public void testConsolidateRoleMembers() { role = new Role().setName("sports:role.admin").setRoleMembers(roleMembers); sportsRoles.add(role); Mockito.when(dbsvc.getRolesByDomain("sports")).thenReturn(sportsRoles); + Mockito.when(dbsvc.getRole("sports", "admin", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(role); List weatherRoles = new ArrayList<>(); role = new Role().setName("weather:role.admin").setRoleMembers(new ArrayList<>()); weatherRoles.add(role); Mockito.when(dbsvc.getRolesByDomain("weather")).thenReturn(weatherRoles); + Mockito.when(dbsvc.getRole("weather", "admin", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(role); RoleMemberNotificationCommon task = new RoleMemberNotificationCommon( dbsvc, USER_DOMAIN_PREFIX, true); @@ -496,6 +509,8 @@ public void testConsolidateDomainMembers() { Role role = new Role().setName("athenz:role.admin").setRoleMembers(roleMembers); athenzRoles.add(role); Mockito.when(dbsvc.getRolesByDomain("athenz")).thenReturn(athenzRoles); + Mockito.when(dbsvc.getRole("athenz", "admin", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(role); List sportsRoles = new ArrayList<>(); roleMembers = new ArrayList<>(); @@ -504,11 +519,15 @@ public void testConsolidateDomainMembers() { role = new Role().setName("sports:role.admin").setRoleMembers(roleMembers); sportsRoles.add(role); Mockito.when(dbsvc.getRolesByDomain("sports")).thenReturn(sportsRoles); + Mockito.when(dbsvc.getRole("sports", "admin", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(role); List weatherRoles = new ArrayList<>(); - role = new Role().setName("sports:role.admin").setRoleMembers(new ArrayList<>()); + role = new Role().setName("weather:role.admin").setRoleMembers(new ArrayList<>()); weatherRoles.add(role); Mockito.when(dbsvc.getRolesByDomain("weather")).thenReturn(weatherRoles); + Mockito.when(dbsvc.getRole("weather", "admin", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(role); RoleMemberNotificationCommon task = new RoleMemberNotificationCommon( dbsvc, USER_DOMAIN_PREFIX, true); diff --git a/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/RoleMemberReviewNotificationTaskTest.java b/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/RoleMemberReviewNotificationTaskTest.java index ce96c6acc5a..09bb70bd60d 100644 --- a/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/RoleMemberReviewNotificationTaskTest.java +++ b/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/RoleMemberReviewNotificationTaskTest.java @@ -126,6 +126,8 @@ public void testSendRoleMemberReviewReminders() { domain.setRoles(roles); Mockito.when(dbsvc.getRolesByDomain("athenz1")).thenReturn(domain.getRoles()); + Mockito.when(dbsvc.getRole("athenz1", "admin", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(adminRole); List notifications = new RoleMemberReviewNotificationTask(dbsvc, USER_DOMAIN_PREFIX, notificationToEmailConverterCommon, false).getNotifications(); diff --git a/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/ZMSNotificationManagerTest.java b/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/ZMSNotificationManagerTest.java index 786cc08b002..46107b440c5 100644 --- a/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/ZMSNotificationManagerTest.java +++ b/servers/zms/src/test/java/com/yahoo/athenz/zms/notification/ZMSNotificationManagerTest.java @@ -140,6 +140,8 @@ public void testCreateNotification() { Mockito.when(mockAthenzDomain.getRoles()).thenReturn(roles); Mockito.when(dbsvc.getRolesByDomain("testdom")).thenReturn(roles); + Mockito.when(dbsvc.getRole("testdom", "role1", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenReturn(r); Set recipients = new HashSet<>(); recipients.add("testdom:role.role1"); diff --git a/servers/zts/src/test/java/com/yahoo/athenz/zts/notification/AWSZTSHealthNotificationTaskTest.java b/servers/zts/src/test/java/com/yahoo/athenz/zts/notification/AWSZTSHealthNotificationTaskTest.java index af64b5bf0b7..91eece9fc01 100644 --- a/servers/zts/src/test/java/com/yahoo/athenz/zts/notification/AWSZTSHealthNotificationTaskTest.java +++ b/servers/zts/src/test/java/com/yahoo/athenz/zts/notification/AWSZTSHealthNotificationTaskTest.java @@ -36,7 +36,6 @@ import static com.yahoo.athenz.common.server.notification.NotificationServiceConstants.*; import static com.yahoo.athenz.common.server.notification.impl.MetricNotificationService.*; -import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.when; import static org.testng.Assert.*; import static org.testng.Assert.assertTrue; @@ -96,7 +95,9 @@ public void testGetNotifications() { List roles = new ArrayList<>(); roles.add(adminRole); - when(dataStore.getRolesByDomain(eq("testDomain"))).thenReturn(roles); + when(dataStore.getRolesByDomain("testDomain")).thenReturn(roles); + when(dataStore.getRole("testDomain", "admin", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenThrow(new UnsupportedOperationException()); AWSZTSHealthNotificationTask awsztsHealthNotificationTask = new AWSZTSHealthNotificationTask( clientNotification, dataStore, diff --git a/servers/zts/src/test/java/com/yahoo/athenz/zts/notification/CertFailedRefreshNotificationTaskTest.java b/servers/zts/src/test/java/com/yahoo/athenz/zts/notification/CertFailedRefreshNotificationTaskTest.java index 6047bb74e46..2bf5a2bd00c 100644 --- a/servers/zts/src/test/java/com/yahoo/athenz/zts/notification/CertFailedRefreshNotificationTaskTest.java +++ b/servers/zts/src/test/java/com/yahoo/athenz/zts/notification/CertFailedRefreshNotificationTaskTest.java @@ -31,6 +31,7 @@ import org.mockito.Mockito; import org.testng.Assert; import org.testng.annotations.BeforeClass; +import org.testng.annotations.BeforeMethod; import org.testng.annotations.Test; import java.util.*; @@ -156,6 +157,12 @@ public void setup() { notificationToEmailConverterCommon = new NotificationToEmailConverterCommon(null); } + @BeforeMethod + public void resetDatastore() { + Mockito.reset(dataStore); + Mockito.reset(hostnameResolver); + } + @Test public void testNoProviders() { Date currentDate = new Date(); diff --git a/servers/zts/src/test/java/com/yahoo/athenz/zts/notification/NotificationTestsCommon.java b/servers/zts/src/test/java/com/yahoo/athenz/zts/notification/NotificationTestsCommon.java index bba4a823e8f..33dcbdaf9ff 100644 --- a/servers/zts/src/test/java/com/yahoo/athenz/zts/notification/NotificationTestsCommon.java +++ b/servers/zts/src/test/java/com/yahoo/athenz/zts/notification/NotificationTestsCommon.java @@ -37,5 +37,7 @@ public static void mockDomainData(int i, DataStore dataStore) { roleMember2.setMemberName("user.domain" + i + "rolemember2"); adminRole.setRoleMembers(Arrays.asList(roleMember1, roleMember2)); Mockito.when(dataStore.getRolesByDomain(eq(domainName))).thenReturn(Collections.singletonList(adminRole)); + Mockito.when(dataStore.getRole(domainName, "admin", Boolean.FALSE, Boolean.TRUE, Boolean.FALSE)) + .thenThrow(new UnsupportedOperationException()); } }